Chat now with support
Chat con el soporte

Starling Connect Identity Manager Integrated - Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Configuring connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors Amazon S3 AWS ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD GSuite Concur Tableau GoToMeeting Coupa AWS Cognito Okta Creating a service account in GSuite Setting a trial account on Salesforce Working with Azure AD Generating a private key for service account in GoToMeeting OneIM limitations Configuring Amazon S3 AWS connector to support entitlements for User and Group Outbound IP addresses

GoToMeeting

GoToMeeting is an online tool for meeting planning. The connector integrates with multiple other products and plug-ins, allowing users to easily connect to create, organize, and host meetings across a common platform.

For more information on generating a private key for a service account, see Generating a private key in GoToMeeting.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • Client Id

  • Client Secret

  • Account key
  • Target URL (Cloud application's instance URL used as target URI in payload - Example: https://api.getgo.com/admin/rest/v1/)

Supported objects and operations

Users
Table 152: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get Users

GET

Get All Users with Pagination

GET

Groups
Table 153: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get Groups

GET

Get All Groups with Pagination

GET

Mandatory fields

Users
  • Email

  • givenName

  • familyName

Groups

displayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 154: User mapping
SCIM parameter GoToMeeting parameter
Id key
UserName email
Name.givenName firstName
Name.familyName lastName
Name.formatted firstName+""+lastName
DisplayName firstName+""+lastName

emails[0].value

email

locale

locale

Timezone

timeZone

Groups[].Value

groupKey

Groups[].display

groupName

Groups
Table 155: Group mapping
SCIM parameter GoToMeeting parameter
Id key
DisplayName name
members[].value userKeys[]

Connector limitations

  • For Users and Groups objects, the Created and Last Modified date are not displayed.

  • When trying to create a duplicate entry of the user who already exists, the connector returns status code 201.

  • Group membership operation is not supported.

  • When trying to retrieve a user by their ID using invalid alphanumeric IDs, the connector returns status code 502 instead of 404.
  • When trying to create a new user with the same email ID of a deleted user, the connector activates the deleted user instead of creating a new user.

 

Coupa

A Coupa connector allows users to move data in and out of Coupa. It lets you manage spend more efficiently by being able to integrate and access spend management and data for expenses, and integrate with other cloud applications.

Supervisor configuration parameters

To configure the connector, the following parameters are required:

  • Connector name

  • API key
  • Custom Properties (List of custom properties, if any, to be mapped).
    For more information, see Configuring custom attributes in Starling.

  • Target URL (Cloud application's instance URL used as target URI in payload)

Supported objects and operations

Users
Table 156: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Get User by id

GET

Get All Users

GET

Get All Users with Pagination

GET

Update Role Membership

PUT

Update Group Membership

PUT

Update UserGroups Membership

PUT

Update AccountGroups Membership

PUT

NOTE: The membership operations are user based operations according to target system behavior from Coupa.

Groups
Table 157: Supported operations for Groups

Operation

VERB

Get Group by id

GET

Get All Groups

GET

Get All Groups with Pagination

GET

Roles
Table 158: Supported operations for Roles

Operation

VERB

Get Roles by id

GET

Get All Roles

GET

Get All Roles with Pagination

GET

UserGroups
Table 159:  

Operation

VERB
Get UserGroups by id GET
Get All UserGroups GET
Get All UserGroups with pagination GET
AccountGroups
Table 160:  

Operation

VERB
Get AccountGroups by id GET
Get All AccountGroups GET
Get All AccountGroups with pagination GET

Mandatory fields

Users
  • Username

  • Email
  • FirstName

  • LastName

Groups

NA

User and Group mapping

The user and group mappings are listed in the tables below.

Table 161: User mapping
SCIM parameter Coupa parameter
Id id
UserName login
Name.GivenName firstname
Name.FamilyName lastame
Name.Formatted fullname
DisplayName fullname
Emails[0].value email
Photos avatar-thumb-url
Addresses.StreetAddress default-address[0].street1
Addresses.Locality default-address[0].city
Addresses.Region default-address[0].state

Addresses.PostalCode

default-address[0].postal-code

Addresses.Country

default-address[0].country[0].name

Groups.value

user-groups[X].id

Groups.display

user-groups[X].name

Roles.value

roles.id

Roles.display

roles.name

Active

active

Locale

default-locale

PreferredLanguage

default-locale

Extension.Manager.value

manager.id

Extension.EmployeeNumber

employee-number

Extension.CostCenter

custom-fields.default-user-cost-center

Extension.AuthenticationMethod

authentication-method

Extension.SsoIdentifier

sso-identifier

Extension.PurchasingUser

purchasing-user

Extension.ExpenseUser

expense-user

Extension.SourcingUser

sourcing-user

Extension.InventotyUser

inventoty-user

Extension.ContractsUser

contracts-user

Extension.AnalyticsUser

analytics-user

Extension.UserGroups

User-groups

Extension.ApprovalGroups

Approval-groups

Extension.invoiceApprovalLimit

invoice-approval-limit

Extension.invoiceSelfApprovalLimit

invoice-self-approval-limit

Extension.requisitionApprovalLimit

Requisition-approval-limit

Extension.requisitionSelfApprovalLimit

Requisition-self-approval-limit

Extension.contractApprovalLimit

Contract-approval-limit

Extension.contractSelfApprovalLimit

Contract-self-approval-limit

Extension.workConfirmationApprovalLimit

work-confirmation-approval-

limit

Extension.defaultChartOfAccountsName

default-account.name

Extension.defaultAccountCode

default-account.code

Extension.defaultAccountCodeSegment1

default-account.segment1

Extension.defaultAccountCodeSegment2

default-account.segment2

Extension.defaultCurrency

default-currency

Extension.defaultAddressLocationCode

default-address.location-code

Extension.accountSecurityType

account-security-type

Extension.businessGroupSecurityType

business-group-security-type

Extension.mentionName

mention-name

Created

created-at

LastModified

updated-at

Groups
Table 162: Group mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Roles
Table 163: Roles mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

UserGroups
Table 164: UserGroups (or ApprovalGroups) mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

AccountGroups
Table 165: AccountGroups mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Configuring custom attributes in Starling

NOTE: Only String and Boolean data types are supported currently by Coupa connector.

To configure custom attributes:

  1. Enter the custom properties in the mentioned format in the Starling Platform.

  2. In the One Identity Manager, map the created custom attributes that were specified in the Starling Platform.

  3. Perform a synchronization and verify if the custom attributes are available in the One Identity Manager.

    NOTE:

    • The Starling UI has default mapped attributes.

    • Apart from the default mapped attributes, the Starling UI used for registering a Coupa connector has an input field where you can provide the custom attributes that have to be mapped in the connector's User resource type.

      The format of the custom attributes in the User resource type must be as follows:

      {field_name}|{data_type}

      Example: custom_attribute_name1|string;custom_attribute_name2|string;

      custom_attribute_name1 = name of the custom attribute

      data_type = string (or) boolean

    • All custom attributes are mapped in the enterprise user extensions.

    • All custom user attributes have mutability: readWrite, returned: default, caseExact: false, required: false, 'multiValued: false, uniqueness: none.

    • Only the data types Stringand Boolean are supported currently by Coupa conncetor.

Connector limitations

  • Total results are not supported due to cloud application limitations.

  • The target application supports soft delete of users. The deleted users are returned in GET and GET All. The users can also be deleted repeatedly.

  • Account-Groups will not work as of now. It will work when the Coupa team shares the source of information.

  • Approval-Groups will not work as of now. It will work when the new endpoint is implemented.

  • User-Groups will not work as of now. It will work when the new endpoint is implemented.

  • Coupa supports specific attribute updates in PUT operation. So we cannot empty the value of any attribute by removing attributes from json body.

  • Connector does two update operations to set the account-security-type (operation-1), default-account-type.name(operation-1), default-account.segment-1(operation-2) & default-account.segment-2(operation-2).

  • Connector sets account-security-type =1 when account-security-type =2, default-account-type.name is already set and account-groups array list is empty.

  • When the value of the custom attribute new_user (boolean type) is set to false, the connector returns an empty value for this attribute due to the limitation of Coupa.

AWS Cognito

AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • AccessKey Id

  • Access Secret

  • Region

  • User Pool Id

  • Target URL (Cloud application's instance URL used as target URI in payload)

Supported objects and operations

Users
Table 166: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups
Table 167: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Get All Users with Pagination

GET

Update Membership

PUT

Mandatory fields

Users
  • Username

  • Email
Groups

DisplayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 168: User mapping
SCIM parameter AWS Cognito parameter
Id Username
userName Username
Name.Formatted Username
DisplayName Username
Emails[0].value UserAttributes.email
Active UserStatus.CONFIRMED
PhoneNumbers[0].Value phone_number
Password Password
Extension.IsPasswordPermanent Permanent
Extension.DesiredDeliveryMediums DesiredDeliveryMediums
Extension.email_verified UserAttributes.email_verified
Extension.phone_number_verified UserAttributes.phone_number_verified
Created_at UserCreateDate
lastModified_at UserLastModifiedDate
Groups
Table 169: Group mapping
SCIM parameter AWS Cognito parameter
Id GroupName
displayName GroupName
members[].value Users[].Username

members[].display

Users[].Username

Extension.Precedence

Precedence

Extension.RoleArn

RoleArn

Created_at

CreationDate

lastModified_at

LastModifiedDate

Connector limitations

  • Creating or updating the User or a Group executes in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.

  • Noncompliance to password policy returns an error. However, an User is created.

  • DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.

  • A User can be a member of a maximum of 25 groups.

Okta

Okta provides cloud software that helps companies manage and secure user authentication into modern applications, and for developers to build identity controls into applications, website web services and into devices.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Token

  • Target URL (Cloud application's instance URL used as targetURI in payload)

Supported objects and operations

Users
Table 170: Supported operations for Users

Operation

VERB

Create User POST
Update User PUT
Delete User DELETE
Get User GET
Get All Users GET
Get All Users with pagination GET
Groups
Table 171: Supported operations for Groups

Operation

VERB

Create Group POST
Update Group PUT
Delete Group DELETE
Get Group GET
Get All Groups GET
Get All Groups with pagination GET
Create Membership POST

Add Membership

POST

Delete Membership

DELETE

Mandatory fields

Users
  • GivenName

  • FamilyName
  • Username
  • Email
  • Password
Groups
  • DisplayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 172: User mapping
SCIM parameter Okta parameter
Id id
UserName login
DisplayName displayName
NickName nickName
Name.GivenName firstName
Name.FamilyName lastName
Name.MiddleName middleName
Name.HonorificPrefix honorificPrefix

Name.HonorificSuffix

honorificSuffix

Addresses.StreetAddress streetAddress
Addresses.Locality city
Addresses.Region state
Addresses.PostalCode zipCode
Addresses.Country countryCode
Emails.value email

PhoneNumbers.value

primaryPhone

UserType

userType

Title

title

PreferredLanguage

preferredLanguage

Locale

locale

Timezone

timezone

Groups[].value (On Demand)

Id (groupsForUserResponse)

Groups[].display (On Demand)

Profile.name (groupsForUserResponse)

Active

tatus == "ACTIVE"

Extension.EmployeeNumber

employeeNumber

Extension.Division

division

Extension.Department

department

Extension.CostCenter

costCenter

Extension.Organization

organization

Extension.Manager.value

managerId

Extension.Manager.DisplayName

manager

Meta.Created

created

Meta.LastModified

lastUpdated

Groups
Table 173: Group mapping
SCIM parameter Okta parameter
Id id
displayName profile.name
Extension.Description profile.description
Members[].value id (GetGroupMembersResponse[])
Members[].display profile.displayName (GetGroupMembersResponse[])
Meta.Created created
Meta.LastModified lastUpdated

Connector limitations

  • Get Users and Groups by pagination will return resources in multiples of 100. The resource count will be same as the next nearest multiple of 100. For example, if the count is specified as 325, the resource count will be 400.
  • Disabled User can be still be fetched.
  • Password update is not possible through the connector since it expects old and new passwords as parameter. Old password can never be fetched for any user.

  • UserName should be in the format of email id.

  • When you delete a user for the first time, the user will be deactivated. When you delete the user for the second time, the user will be deleted permanently from target system.

  • When you modify the email value, both the username and email values get updated. But when you modify the username alone, only the username gets updated with the username value.

Documentos relacionados