Does it still have the Admin role?
If yes, can you please check the trusted host IPs on the configuration page.
Ensure that you have both the IPv4 & IPv6 addresses of your HEAT Servers:

If you have added one, please do an iisreset (or recycle the application pool) afterwards.
Did you recently Switch IP addresses or are you by chance using DHCP?
I can reproduce this issue if I try to manually do a SOAP request from a non-trusted host:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope
" xmlns:con="http://www.frontrange.com/ConfigServiceAPI
">
<soap:Header/>
<soap:Body>
<con:AuthenticateAPI>
<!--Optional:-->
<con:userName>InternalServices</con:userName>
<!--Optional:-->
<con:tenantId>{yourtenant
}</con:tenantId>
</con:AuthenticateAPI>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope
" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
" xmlns:xsd="http://www.w3.org/2001/XMLSchema
">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">Access denied.</
soap:Text>
</soap:Reason>
<soap:Detail/>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Working fine from a trusted host:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope
" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
" xmlns:xsd="http://www.w3.org/2001/XMLSchema
">
<soap:Body>
<AuthenticateAPIResponse xmlns="http://www.frontrange.com/ConfigServiceAPI
">
<AuthenticateAPIResult>
<TenantId>{yourtenant
}</TenantId>
<LoginId>InternalServices</LoginId>
<SessionId>12345</SessionId>
[...]
<AuthenticationStatus>Success
</AuthenticationStatus>
</AuthenticateAPIResult>
</AuthenticateAPIResponse>
</soap:Body>
</soap:Envelope>