User and Group mapping
The PingOne connector allows you to connect PingOne with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by PingOne.
PingOne is a hybrid Identity-as-a-Service (IDaaS) based product that allows users to use single sign-on across different applications.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 283: Supported operations for Users
| Create User |
POST |
| Get User |
GET |
| Get Users |
GET |
| Update User |
PUT |
| Delete User |
DELETE |
Groups
Table 284: Supported operations for Groups
| Create Group |
POST |
| Get Group |
GET |
| Get Groups |
GET |
| Update Group |
PUT |
| Delete Group |
DELETE |
Mandatory fields
Users
Groups
displayName
The user and group mappings are listed in the tables below.
Table 285: User mapping
| id |
id |
| userName |
userName |
| externalId |
externalId |
| name.givenName |
name.givenName |
| name.familyName |
name.familyName |
| name.middleName |
name.middleName |
| name.formatted |
name.formatted |
| name.honorificPrefix |
name.honorificPrefix |
| name.honorificSuffix |
name.honorificSuffix |
| displayName |
displayName |
| nickName |
nickName |
|
email.value |
email.value |
|
email.type |
email.type |
|
email.primary |
email.primary |
|
addresses.formatted |
addresses.formatted |
|
addresses.streetAddress |
addresses.streetAddress |
|
addresses.locality |
addresses.locality |
|
addresses.region |
addresses.region |
|
addresses.postalCode |
addresses.postalCode |
|
addresses.country |
addresses.country |
|
addresses.type |
addresses.type |
|
phoneNumbers.value |
phoneNumbers.value |
|
phoneNumbers.type |
phoneNumbers.type |
|
password |
password |
|
profileUrl |
profileUrl |
|
title |
title |
|
userType |
userType |
|
preferredLanguage |
preferredLanguage |
|
locale |
locale |
|
timeZone |
timeZone |
|
active |
active |
|
entitlements.value |
entitlements.value |
|
roles.value |
roles.value |
|
ims.value |
ims.value |
|
ims.type |
ims.type |
|
groups.value |
groups.value |
|
groups.display |
groups.display |
|
x509Certificates.value |
x509Certificates.value |
|
extension.accountId |
extension.accountId |
|
extension.directoryId |
extension.directoryId |
|
extension.state |
extension.state |
|
extension.passwordExpired |
extension.passwordExpired |
|
meta.created |
meta.created |
|
meta.lastModified |
meta.lastModified |
Groups
Table 286: Group mapping
| id |
id |
| displayName |
displayName |
|
members.value |
members.value |
|
members.display |
members.display |
|
members.type |
members.type |
|
extension.accountId |
extension.accountId |
|
extension.directoryId |
extension.directoryId |
|
meta.created |
meta.created |
|
meta.lastModified |
meta.lastModified |
Connector limitations
-
PingOne supports addresses of type home, work, and other. Similarly, it supports phone numbers of types work, mobile, home, fax, pager, and other. However the connector supports only one type of address and phone number.
The connector first looks for type work. If type work is not found, the connector looks for type home.
Else, it looks for the address and phone number of any type. If type value is not present, then the connector assigns the value of work to type.
Connector limitations
The PingOne connector allows you to connect PingOne with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by PingOne.
PingOne is a hybrid Identity-as-a-Service (IDaaS) based product that allows users to use single sign-on across different applications.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 283: Supported operations for Users
| Create User |
POST |
| Get User |
GET |
| Get Users |
GET |
| Update User |
PUT |
| Delete User |
DELETE |
Groups
Table 284: Supported operations for Groups
| Create Group |
POST |
| Get Group |
GET |
| Get Groups |
GET |
| Update Group |
PUT |
| Delete Group |
DELETE |
Mandatory fields
Users
Groups
displayName
User and Group mapping
The user and group mappings are listed in the tables below.
Table 285: User mapping
| id |
id |
| userName |
userName |
| externalId |
externalId |
| name.givenName |
name.givenName |
| name.familyName |
name.familyName |
| name.middleName |
name.middleName |
| name.formatted |
name.formatted |
| name.honorificPrefix |
name.honorificPrefix |
| name.honorificSuffix |
name.honorificSuffix |
| displayName |
displayName |
| nickName |
nickName |
|
email.value |
email.value |
|
email.type |
email.type |
|
email.primary |
email.primary |
|
addresses.formatted |
addresses.formatted |
|
addresses.streetAddress |
addresses.streetAddress |
|
addresses.locality |
addresses.locality |
|
addresses.region |
addresses.region |
|
addresses.postalCode |
addresses.postalCode |
|
addresses.country |
addresses.country |
|
addresses.type |
addresses.type |
|
phoneNumbers.value |
phoneNumbers.value |
|
phoneNumbers.type |
phoneNumbers.type |
|
password |
password |
|
profileUrl |
profileUrl |
|
title |
title |
|
userType |
userType |
|
preferredLanguage |
preferredLanguage |
|
locale |
locale |
|
timeZone |
timeZone |
|
active |
active |
|
entitlements.value |
entitlements.value |
|
roles.value |
roles.value |
|
ims.value |
ims.value |
|
ims.type |
ims.type |
|
groups.value |
groups.value |
|
groups.display |
groups.display |
|
x509Certificates.value |
x509Certificates.value |
|
extension.accountId |
extension.accountId |
|
extension.directoryId |
extension.directoryId |
|
extension.state |
extension.state |
|
extension.passwordExpired |
extension.passwordExpired |
|
meta.created |
meta.created |
|
meta.lastModified |
meta.lastModified |
Groups
Table 286: Group mapping
| id |
id |
| displayName |
displayName |
|
members.value |
members.value |
|
members.display |
members.display |
|
members.type |
members.type |
|
extension.accountId |
extension.accountId |
|
extension.directoryId |
extension.directoryId |
|
meta.created |
meta.created |
|
meta.lastModified |
meta.lastModified |
-
PingOne supports addresses of type home, work, and other. Similarly, it supports phone numbers of types work, mobile, home, fax, pager, and other. However the connector supports only one type of address and phone number.
The connector first looks for type work. If type work is not found, the connector looks for type home.
Else, it looks for the address and phone number of any type. If type value is not present, then the connector assigns the value of work to type.
Aha!
The Aha! connector allows you to connect Aha! with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by Aha!
Aha! is a product management software that enables software companies to collaborate across cross functional teams.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 287: Supported operations for Users
|
Create User |
POST |
| Update User |
PUT |
| Delete User (soft delete) |
DELETE |
| Get User |
GET |
| Get All users |
GET |
|
Get All Users with Pagination |
GET |
Roles
Table 288: Supported operations for Roles
|
Get Role by Id |
GET |
| Get all Roles |
GET |
Products
Table 289: Supported operations for Products
| Get Product by Id |
GET |
| Get all Products |
GET |
|
GET All Products with Pagination |
GET |
Mandatory fields
Users
-
Name.GivenName
-
Name.FamilyName
-
EmailAddress
-
role
-
product_id
Groups
Not Applicable
Mappings
Table 290: User mapping
| Id |
id |
| UserName |
email |
| DisplayName |
name |
| emails[].value |
email |
| Active |
enabled |
| name.givenName |
first_name (not returned, only writable) |
| name.familyName |
last_name (not returned, only writable) |
| Extension.productRoles[].role |
product_roles[].role |
| Extension.productRoles[].productId |
product_roles[].product_id |
| Extension.productRoles[].productName |
product_roles[].product_name |
| Meta.Created |
created_at |
|
Meta.LastModified |
updated_at |
Roles
Table 291: Roles mapping
| id |
id |
| name |
name |
Products
Table 292: Products mapping
| id |
id |
| name |
name |
| referencePrefix |
reference_prefix |
|
productLine |
product_line |
|
productLineType |
product_line_type |
|
url |
url |
|
resource |
resource |
|
children[].id |
children[].id |
|
children[].referencePrefix |
children[].reference_prefix |
|
children[].name |
children[].name |
|
children[].productLine |
children[].product_line |
|
capacityPlanningEnabled |
capacity_planning_enabled |
|
defaultCapacityUnits |
default_capacity_units |
|
Meta.Created |
created_at |
|
Meta.LastModified |
updated_at |
Connector limitations
-
Aha accepts Role and Product assignment of Users in a combined form and they cannot be assigned separately.
- Aha accepts an invalid target URL and returns the results when the API key provided is valid. Due to this behavior, the Test Connection on Starling Connect UI will be successful even without a valid target URI.
-
Teams and Groups are not supported because Aha does not provide APIs to create or manage them.
-
Connector supports cursor pagination for the object types Users and Products. It does not support cursor pagination for the Roles object type. However, the records returned are in multiples of 100. For example, if 255 records are requested, connector returns 300 records (next nearest multiple of 100s of the count).
-
Aha supports only soft delete of Users. Users are set to inactive when the Delete operation is performed. The same User can be reactivated by passing active flag set to True. However, the deleted User can be retrieved in the list of Users as well as individually, irrespective of the status.
-
No error is returned when a nonexistent Role is specified in the Create and Update request. However, the operation would be completed with a default Role assigned to the User.
-
Invalid Product ID specified in User Create and User Update request would return Error 404 with message ‘Not Found’.
Synchronization and integration of Roles object type with One Identity Manager
For more information, see Synchronization and integration of Roles object type with One Identity Manager.
Synchronization and integration of Products object type with One Identity Manager
For more information, see Synchronization and integration of Products object type with One Identity Manager.
Add Roles ID and Product ID to create and update users for Aha connector
To create a user successfully using Aha connector, you must provide valid values for mandatory properties such as Roles and Products ID in the request. Roles and Products ID are the sub-attributes of the main attribute ProductRoles, which is a complex multi-valued string attribute defined under User extensions in the connector schema.
One Identity Manager must have fields where you can enter complex multi-value array values but it does not display such fields by default. However, it is possible to create custom multi-value array fields. For more information, see Creating multi-valued custom fields in One Identity Manager.
NOTE: The above example of creating multi-valued custom fields is one of the various ways to achieve the configuration required for adding Roles and Products ID to create and update Users. There may be other ways to achieve this integration based on the customization options that One Identity Manager provides.
Supervisor configuration parameters
The Aha! connector allows you to connect Aha! with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by Aha!
Aha! is a product management software that enables software companies to collaborate across cross functional teams.
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 287: Supported operations for Users
|
Create User |
POST |
| Update User |
PUT |
| Delete User (soft delete) |
DELETE |
| Get User |
GET |
| Get All users |
GET |
|
Get All Users with Pagination |
GET |
Roles
Table 288: Supported operations for Roles
|
Get Role by Id |
GET |
| Get all Roles |
GET |
Products
Table 289: Supported operations for Products
| Get Product by Id |
GET |
| Get all Products |
GET |
|
GET All Products with Pagination |
GET |
Mandatory fields
Users
-
Name.GivenName
-
Name.FamilyName
-
EmailAddress
-
role
-
product_id
Groups
Not Applicable
Mappings
Table 290: User mapping
| Id |
id |
| UserName |
email |
| DisplayName |
name |
| emails[].value |
email |
| Active |
enabled |
| name.givenName |
first_name (not returned, only writable) |
| name.familyName |
last_name (not returned, only writable) |
| Extension.productRoles[].role |
product_roles[].role |
| Extension.productRoles[].productId |
product_roles[].product_id |
| Extension.productRoles[].productName |
product_roles[].product_name |
| Meta.Created |
created_at |
|
Meta.LastModified |
updated_at |
Roles
Table 291: Roles mapping
| id |
id |
| name |
name |
Products
Table 292: Products mapping
| id |
id |
| name |
name |
| referencePrefix |
reference_prefix |
|
productLine |
product_line |
|
productLineType |
product_line_type |
|
url |
url |
|
resource |
resource |
|
children[].id |
children[].id |
|
children[].referencePrefix |
children[].reference_prefix |
|
children[].name |
children[].name |
|
children[].productLine |
children[].product_line |
|
capacityPlanningEnabled |
capacity_planning_enabled |
|
defaultCapacityUnits |
default_capacity_units |
|
Meta.Created |
created_at |
|
Meta.LastModified |
updated_at |
Connector limitations
-
Aha accepts Role and Product assignment of Users in a combined form and they cannot be assigned separately.
- Aha accepts an invalid target URL and returns the results when the API key provided is valid. Due to this behavior, the Test Connection on Starling Connect UI will be successful even without a valid target URI.
-
Teams and Groups are not supported because Aha does not provide APIs to create or manage them.
-
Connector supports cursor pagination for the object types Users and Products. It does not support cursor pagination for the Roles object type. However, the records returned are in multiples of 100. For example, if 255 records are requested, connector returns 300 records (next nearest multiple of 100s of the count).
-
Aha supports only soft delete of Users. Users are set to inactive when the Delete operation is performed. The same User can be reactivated by passing active flag set to True. However, the deleted User can be retrieved in the list of Users as well as individually, irrespective of the status.
-
No error is returned when a nonexistent Role is specified in the Create and Update request. However, the operation would be completed with a default Role assigned to the User.
-
Invalid Product ID specified in User Create and User Update request would return Error 404 with message ‘Not Found’.
Synchronization and integration of Roles object type with One Identity Manager
For more information, see Synchronization and integration of Roles object type with One Identity Manager.
Synchronization and integration of Products object type with One Identity Manager
For more information, see Synchronization and integration of Products object type with One Identity Manager.
Add Roles ID and Product ID to create and update users for Aha connector
To create a user successfully using Aha connector, you must provide valid values for mandatory properties such as Roles and Products ID in the request. Roles and Products ID are the sub-attributes of the main attribute ProductRoles, which is a complex multi-valued string attribute defined under User extensions in the connector schema.
One Identity Manager must have fields where you can enter complex multi-value array values but it does not display such fields by default. However, it is possible to create custom multi-value array fields. For more information, see Creating multi-valued custom fields in One Identity Manager.
NOTE: The above example of creating multi-valued custom fields is one of the various ways to achieve the configuration required for adding Roles and Products ID to create and update Users. There may be other ways to achieve this integration based on the customization options that One Identity Manager provides.
