Starling Connect Identity Manager Integrated - Administration Guide

Azure Active Directory

Azure Active Directory is a connector that gives users a cloud-based platform for their on-premises resources. Using single sign-on, companies have access to any number of network or web-based applications along with hosting access and identity management resources.

NOTE: Update the synchronization shell or create a new synchronization shell in One Identity Manager as changes are introduced in the schema.

For more information on registering the application, providing permissions, retrieving client ID or client secret, see Working with Azure Active Directory.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector name

  • Client Id for the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - For example, https://graph.microsoft.com/v1.0).

Supported Objects and Operations

Users
Table 117: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PATCH

Delete User

DELETE

Get User

GET

Get All Users

GET

Groups
Table 118: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PATCH

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Mandatory Fields

Users
  • email.value
  • nickName

  • displayName

  • password

  • active
Groups
  • displayName
  • mailEnabled (value needs to be 'false')

  • mailNickname

  • securityEnabled (value needs to be 'true')

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 119: User Mapping
SCIM Parameter Azure AD Parameter
Id id
userName userPrincipalName
name.familyName surname
name.givenName givenName
displayName displayName
nickName mailNickname
emails[0].value userPrincipalName
addresses[0].streetAddress streetAddress
addresses[0].locality city
addresses[0].region state
addresses[0].postalCode postalcode

addresses[0].country

couontry

phoneNumbers[0].value

businessPhones[0]

title

jobTitle

active

accountEnabled

preferredLanguage

preferredLanguage

userType

userType

groups[].value

memberOf[].id

groups[].display

memberOf[].displayName

userExtension.organization

companyName

userExtension.department

department

userExtension.employeeNumber

employeeId

userExtension.manager.value

manager.id

userExtension.manager.displayName

manager.displayName

meta.created

createdDateTime

Groups
Table 120: User Mapping
SCIM Parameter Azure AD Parameter
Id id
displayName displayName
members[].value members[].id
members[].display members[].displayName

enterpriseExtension.description

description

enterpriseExtension.mailNickname

mailNickname

meta.created

createdDateTime

Connector Limitations

  • lastModified is not provided along with the Users and Groups.

  • Groups are of two types: Security groups and Office 365 groups. Azure AD supports users and groups as the members of groups. Security groups can have users and other Security groups as members. However, only users can be added as members for Office 365 groups.

  • With the trial Azure AD account, it is possible to create only Security groups through APIs. For information on mapping the appropriate properties, see User and Group section.

  • Azure AD resource Id's follow GUID formats. When trying to edit, retrieve, or delete a group by Id with an invalid GUID format, the connector displays 400 as the response code. However with invalid id and a proper GUID format, connector displays 404 as the response code.

  • Email value for the user should have only those domains which are verified in the selected Active Directory. To find out the verified domain, go to the Azure Active Directory in the Azure portal and in the Overview page above the directory name, the verified domain names are displayed.

  • You can create multiple groups with the same name.
  • For more information on password policy settings applied to user accounts that are created and managed in Azure AD, see, Password policies that only apply to cloud user accounts.

G Suite

G Suite is a cloud computing, productivity, and collaboration tool. It includes the Google web applications Gmail, Drive, Hangouts, Calendar, and Docs. It also includes an interactive whiteboard. The enterprise version offers custom-domain email addresses, additional storage, and 24/7 phone and email support.

You must create a service account to access the G Suite services. For information on creating a service account, see Creating a service account in G Suite.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector name

  • UserName

  • Private_Key (Whole JSON content of private key file created for service account)

  • Target URL (Cloud application's instance URL used as targetURI in payload)

Supported Objects and Operations

Users
Table 121: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups
Table 122: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Get All Groups with Pagination

GET

Update Membership

PUT

Mandatory Fields

Users
  • FirstName

  • LastName

  • Password

Groups

Email

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 123: User Mapping
SCIM Parameter G Suite Parameter
Id id
userName primaryEmail
Name.GivenName name.givenName
Name.FamilyName name.familyName
Name.Formatted name.fullName
DisplayName name.fullName
Emails[0].value primaryEmail
Addresses[0].StreetAddress streetAddress
Addresses[0].Locality locality
Addresses[0].Region region
Addresses[0].PostalCode postalcode
PhoneNumbers[0].Value

phones[0].value

PhoneNumbers[0].Type phones[0].type
Active suspended
ExternalId externalIds.value
Extension.Organization organizations.name
Extension.Department organizations.department
Extension.Division organizations.location
Created creationTime
Groups
Table 124: User Mapping
SCIM Parameter G Suite Parameter
Id id
displayName name
members.value groupMembers.id
members.type groupMembers.type
groupExtension.Email

email

groupExtension.Description

description

Connector Limitations

  • Connector supports cursor based pagination even with any change at count in subsequent requests.

  • Created date is displayed for Users. Created date and Modified date are not displayed for Groups.

  • Group information of user is not displayed in user details.

  • The Email ID of Users and Groups to be created should be provided along with the domain name of target instance.

 

Concur

Concur offers two on-demand Software as a Service (SaaS) products to help manage travel. Concur Travel & Expense gives you web and mobile solutions for travel and expense management, and TripIt is a mobile travel organizer for individuals.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector name

  • Client Id

  • Client Secret

  • Username

  • Password
  • Geolocation

  • Target URL (Cloud application's instance URL used as targetURI in payload)

Supported Objects and Operations

Users
Table 125: Supported operations for Users

Operation

VERB

Create User

POST

Update User

POST

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups

NA

Mandatory Fields

Users
  • userName

  • name.givenName

  • name.familyName

  • enterpriseUserExtension.empId

  • emails.value

  • password

  • scimUser.locale

  • enterpriseUserExtension.ctryCode

  • enterpriseUserExtension.crnKey

  • enterpriseUserExtension.ledgerKey

  • enterpriseUserExtension.custom21

Groups

NA

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 126: User Mapping
SCIM Parameter Concur Parameter
Id LoginId
userName LoginId
Name.GivenName FirstName
name.MiddleName Mi
Name.FamilyName LastName
DisplayName FirstName+LastName
Emails[0].value EmailAddress
Active Active
Locale LocaleName
Extension.EmpId EmpId
Extension.LedgerKe LedgerName
Extension.CtryCode CtryCode
Extension.CrnKey CrnKey
Extension.ExpenseApprover ExpenseApprover
Extension.Custom21 Custom21
Groups

NA

Connector Limitations

  • Only user end-points are supported in Concur connector.

  • Inactive user's information is not displayed when Get All Users operation is performed.

  • The search result status for inactive user is NotFound .

  • While Get Users by Pagination with StartIndex and count specified, next nearest multiple of 100 records to the count value are fetched.

  • Invalid Geolocation url returns BadRequest status.

  • Created and LastModified dates are not supported.

  • API does not return the details of groups to which a user is associated.

  • POST user with the details similar to that of existing user's id, email and EmpId will update existing user's information. In such case, status code 201 is returned.

  • Inactive user cannot be created or edited.

  • GivenName and FamilyName are not updated in PUT user operation.

  • Custom21 value accepts only the Expense list code. For example, a valid Custom21 value are IN - 890, IN - 562, AU - 510, NL - 842, NO - 432, and so on.

  • Currently, an authentication related issue is observed while Get User by Id for a user "cteadmin@quest.com". This issue causes integration failure. To fix this, two keys are introduced in AppSettings of function host named ShouldExcludeUsers and ExcludeUserIds.

  • ShouldExcludeUsers key accepts either true or false as value, and ExcludeUserIds takes comma separated user's ids.

  • If value for ShouldExcludeUsers is true, the user ids mentioned in ExcludeUserIds will not appear in GetAll Users response.

 

Tableau

Tableau offers data visualization software to let users upload files to a server or the cloud. You can create custom dashboards to analyze business intelligence and data.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • Site name (Example: https://online.tableau.com/#/site/MarketingTeam/users)

  • Target URL (Cloud application's instance URL used as target URI in payload - Example: https://{instance-name}.online.tableau.com/api/{api-version})

Supported Objects and Operations

Users
Table 127: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get Users

GET

Get All Users with Pagination

GET

Groups
Table 128: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Get Group

GET

Get Groups

GET

Get All Groups with Pagination

GET

Update Membership

PUT

Mandatory Fields

Users

Email

Groups

displayName

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 129: User Mapping
SCIM Parameter Tableau Parameter
Id LoginId
userName name
name.formatted fullName
displayName fullName
emails[0].value name
roles[0].value siteRole
Groups
Table 130: Group Mapping
SCIM Parameter Tableau Parameter
Id LoginId
displayName name
members[].value members[].id

Connector Limitations

  • User update is supported for User role only.

  • Created and last modified dates are not available.

  • Group deletion is not supported.

  • Adding or removing a member from a renamed group is possible only after a full synchronization .

 

Documentos relacionados