Data sync workflows that import data with a connection based on the Generic SCIM Connector can import all three types of SCIM 2.0-based data entries:
-
Simple attributes, that is, data entries with a single simple value. For example, a user ID specified in a single string is a simple attribute.
-
Complex single-value attributes, that is, data entries specified with several sub-attributes. For example, the following name attribute is a complex single-value attribute, specifying the name of an employee with three simple sub-attributes:
"name": { "givenName": "Sam", "familyName": "Smith", "formatted": "Sam Smith" },
The value of complex single-value attributes is the sum of the sub-attribute values.
-
Complex multi-value attributes, that is, data entries with multiple complex values, each of them specified with several simple sub-attributes. For example, the following addresses attribute is a complex multi-value attribute, specifying several addresses, each of them being a complex value containing several simple sub-attributes:
"addresses": [ { "type": "work", "streetAddress": "22 Example Street", "region": "Springfield", "postalCode": "51487", "country": "United States", "primary": true }, { "type": "home", "streetAddress": "12 Rue Exemple", "region": "Montreal", "postalCode": "46179", "country": "Canada" } ],
However, even though sync workflows using connections set with the Generic SCIM Connector can import all three of these value types, Active Roles Synchronization Service does not recognize complex single-value attributes and complex multi-value attributes, as they contain more values than what Active Roles Synchronization Service can identify for a single data entry by default.
To import complex single-value and multi-value attributes successfully, you can use the following methods:
-
For complex single-value attributes, you can map each individual sub-attribute of the complex single-value attribute to separate attributes in the target system. For example, in case of the name complex single-value attribute, you can map the givenName, familyName and formatted sub-attributes to separate name.givenName, name.familyName, and name.formatted attributes in the target system, respectively.
-
For complex multi-value attributes, you can use two methods:
-
When importing complex multi-value attributes, Active Roles Synchronization Service can take a single value (and its sub-attributes), map the sub-attributes to a set of target values (similarly to complex single-value attributes), then discard the rest of the complex values of the attribute.
By default, Active Roles Synchronization Service takes the primary value of the complex multi-value attribute (marked with a specific primary sub-attribute). If no primary value is specified within the complex multi-value attribute, Active Roles Synchronization Service imports the first value (and its sub-attributes) only.
NOTE: This method imports only the primary value (or the first value, if no primary value is specified). Active Roles Synchronization Service will discard all other values (and their sub-attributes).
-
If you map a complex multi-value attribute (such as the addresses attribute shown in the above example) when configuring a mapping rule for a workflow, you can configure an Active Roles Synchronization Service workflow to process and extract every value (and their sub-attributes) of the complex multi-value attribute with script-based attribute mapping.
The following procedure will provide an example on how to apply such a PowerShell script to properly process the addresses complex multi-value attribute shown in this chapter.
-
To configure a custom PowerShell script for a workflow to import complex multi-value attributes
-
In the Active Roles Synchronization Service, click Sync Workflow, then click the sync workflow that imports data from a SCIM-based source system (for example, the SuccessFactors HR to SQL Server workflow used in Creating a sync workflow for synchronizing data from a SCIM-based Starling Connect connector).
-
Click the first step of the workflow (in the example SuccessFactors HR to SQL Server workflow, this is named Step 1 (Creation from SCIM Connection to SuccessFactors HR to SQL Connection).
-
Under Creation Rules, to open the initial population rules, click Forward Sync Rule.
-
In the Forward Sync Rule window, at the Source item setting, open the Attribute drop-down, and click PowerShell Script.
-
In the PowerShell Script Editor, paste the following script example, and click OK:
$addressesJsonArray = $srcObj["addresses"] | ConvertFrom-Json if ($addressesJsonArray) { for ($i = 0; $i -lt $addressesJsonArray.Length; $i++) { if ($addressesJsonArray[$i].type -eq "work") { return $addressesJsonArray[$i].streetAddress + ", " + $addressesJsonArray[$i].region + ", " + $addressesJsonArray[$i].locality } } }
The example script contains the following key parts:
-
$srcObj refers to the source object that the script will act on.
-
$srcObj["addresses"] extracts the raw value of the addresses attribute. In this example, this attribute is a complex multi-value SCIM attribute, so the attribute value will be a JSON array.
-
$addressesJsonArray is a .NET array object containing the values of the complex multi-value attribute.
The rest of the script performs the following steps:
-
It checks that the array is valid.
-
It traverses the elements of the array, and looks for the first element with a type sub-attribute with a work value.
-
Once it finds an element with a work value type, it constructs a formatted string from the streetAddress, region and locality sub-attributes.
-
It returns the results.
-
-
Use the output to parse and extract the data into other target values in the target system.