Starling Connect Identity Manager Integrated

About this guide One Identity Starling Connect overview One Identity Starling

Supported browsers Additional hardware and software requirements Creating a new organization Signing in to Starling

Supported cloud applications Configuring connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors Amazon S3 AWS ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD GSuite Concur Tableau GoToMeeting Coupa AWS Cognito Okta Creating a service account in GSuite Setting a trial account on Salesforce Working with Azure AD Generating a private key for service account in GoToMeeting OneIM limitations Configuring Amazon S3 AWS connector to support entitlements for User and Group

Configuring Amazon S3 AWS connector to support entitlements for User

Viewing the default custom process for User Configuring Amazon S3 AWS connector to support entitlements for User using the Synchronization Editor

Configuring Amazon S3 AWS connector to support entitlements for Group

Creating a custom process for Amazon S3 AWS connector to support entitlements for Group using the Designer tool Configuring Amazon S3 AWS connector to support entitlements for Group using the Synchronization Editor

Outbound IP addresses

Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors Amazon S3 AWS ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD GSuite Concur Tableau GoToMeeting Coupa AWS Cognito Okta

Creating a service account in GSuite

You must obtain a JSON file with Private Key to authorize the APIs to access data on

G Suite domain. Create and enable the service account to obtain the private key (JSON file).

To create a project and enable the API

Login to Google Cloud Platform.
Click on the drop-down list next to the Google Cloud Platform label and select an organization.

The Select a Project window is displayed.
Click New Project.
The New Project page is displayed.
Enter the specific details in the relevant text field.
Click Create.
Click on the drop-down list next to the Google Cloud Platform label and select the project you created.
Click APIs & Services tab.
Click Library tab.
Search for the phrase Admin SDK in the search bar and select Admin SDK from the results.

The API Library page is displayed.
Click Enable to enable the API.

To create a service account

Click APIs & Services tab.
Click Credentials.
On the Credentials tab, click Manage Service Accounts available at the bottom right corner.

The Service Accounts window is displayed.
Click + CREATE SERVICE ACCOUNT.

Create service account window is displayed.
Enter the name of the service account in Service account name text field.
Select Owner as the Role from the drop-down menu.
Select the service JSON as an account Key type.

IMPORTANT: A JSON file is required to generate an access token and it is downloaded automatically after selecting the above option.
Click Create.

To select and authorize the API scopes

Login to the G Suite admin console with your domain.
On the Admin console home page, click Security.
Click Advanced settings.
Click Managed API client access.
Enter the client name and the description in the Name and Description text field respectively.
Enter the email in the Email text field.
Add the preferred API scopes that you want to use.

For example, API scopes can be https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group, or https://www.googleapis.com/auth/admin.directory.group.member.

For more information on API scopes, see https://developers.google.com/identity/protocols/googlescopes
After adding the API scoes, click Authorize.
The unique Id and the scopes added is displayed.

Setting a trial account on Salesforce

To login to the Saleforce application, you must create a trail account. The sections below briefs about the process to create a trial account .

To setup a trial account

Login to the Salesforce developer edition link: https://developer.salesforce.com/signup?d=70130000000td6N.
Provide the relevant details and click Sign me up.
A trail account is created and an instance is assigned.
Switch the view to Saleforce classic view by clicking Switch to Salesforce Classic.
Click the Setup tab.
Click Build | Create | Apps.
In the Connected Apps section, click New.
In the Basic Information section, enter the relevant details.
In the API (Enable OAuth Settings) section, select Enable OAuth Settings checkbox.
Provide the https://app.getpostman.com/oauth2/callback URL in the Callback URL text field.
From the Selected OAuth Scopes drop-down menu, select Full Access (full).
Click Save.
From the API (Enabel OAuth Settings) section, retrieve the Consumer Key and Consumer Secret.

To generate a security token

A security token is sent to the registered email address. If not received, follow the below steps to generate a token.

On the home page, click My Settings.
Click Personal | Reset My Security Token.
Review the information displayed on the screen and click Reset Security Token.
Provide the relevant information such as:
- Client Id: Consumer key
- Client Secret: Consumer secret
- Username
- Password and security token
- Token URL (https://login.salesforce.com/services/oauth2/token)

IMPORTANT:

To enable API in Salesforce, see https://ebstalimited.zendesk.com/hc/en-us/articles/229295368-How-do-I-enable-API-access-in-Salesforce and https://developer.salesforce.com/forums/?id=906F0000000BaW7IAK.
By default, REST API permission is enable in Developer Edition, Enterprise Edition, Unlimited Edition, Performance Edition.
The API package is not available for purchase on the Contact Edition and Group Edition.
The API feature can be requested for Professional Edition through purchase. To enable the REST API, contact the Salesforce support team.

Working with Azure AD

The following procedure briefs about the steps to register application, provide appropriate permissions, retrieve client ID, and client secret.

Working with Azure AD

Login to the Microsoft Azure portal and select Azure Active Directory from FAVORITES.
From Manage section, select App Registrations (Preview).
Click New registration and provide the necessary details.
Select the created application and click View API Permissions.
Add the required permissions for Microsoft Graph API (delegated and application permissions).
The registered application must have User.ReadBasic.All, User.Read, User.ReadWrite, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All, Group.Read.All, and Group.ReadWrite.All permissions.
Click Grant admin consent for Default Directory checkbox to grant necessary permissions.
From the created application, click App Registrations (Preview) and note the Application (client) ID and Directory (tenant) ID.
Select Certificates & secrets and click New client secret to generate the secret.
Paste the following URL in the browser, https://login.microsoftonline.com/common/adminconsent?client_id={Client ID}&state=12345&redirect_uri=http://localhost/myapp/permissions.
Click Accept.

Providing permission to update or delete users password

Install the Azure AD PowerShell v1 module (MSOnline).
Connect to your Azure AD B2C tenant.
Use the Application(client) ID in the PowerShell script to assign the application the user account administrator role.

For more details on Azure AD, refer the following links:

To register an application: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.
To configure an application to access web APIs: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis.
To Configure an application to expose web APIs: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis.
To modify the accounts supported by an application: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-modify-supported-accounts
To configure permissions to update or delete permission for the application: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet#configure-delete-or-update-password-permissions-for-your-application.

Generating a private key for service account in GoToMeeting

A private key has to be generated to access the GoToMeeting service account.

Generating a private key

Create an account in GoToMeeting.
Login to the GoTo Developer Center. For more information use the link here: https://goto-developer.logmeininc.com/.
Click MyApp and create an application. Note the Consumer key and Consumer secret.
Login to the GoToMeeting administrator portal to find the admin key in the URL.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

Seleccione su producto:

Con el fin de ofrecerle un mejor servicio, complete el campo Motivo del chat:

Soluciones recomendadas para su problema

Starling Connect Identity Manager Integrated - Administration Guide

Creating a service account in GSuite

Setting a trial account on Salesforce

Working with Azure AD

Generating a private key for service account in GoToMeeting