Starling Connect Identity Manager Integrated - Administration Guide

JIRA Server

JIRA Server is an issue-tracking product used for project management, generating project reports, and bug tracking.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • SCIM URL

Supported Objects and Operations

Users
Table 18: Supported operations for Users

Operation

VERB

Remove/Provision

POST

Update (Id)

PUT

Delete (Id)

DELETE

Get (Id)

GET

Get All Users

GET

Pagination

GET

Groups
Table 19: Supported operations for Groups

Operation

VERB

Create POST
Update (Id)

PUT

Delete (Id) DELETE
Get (Id) GET
Get All Groups GET

Get Groups (Id)

GET

Roles
Table 20: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Mandatory Fields

Users
  • User name
  • Display name
  • Email ID
Groups
  • Group Name

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 21: User Mapping
SCIM Parameter JIRA Server Parameter
Id name
UserName name

password

password

Name.Formatted displayName
DisplayName displayName
Emails.Value emailAddress
Locale locale
Timezone timeZone
Active active

Groups.value

group.name

Groups.display

group.name

 

Table 22: Group Mapping
SCIM Parameter JIRA Server Parameter
Id name
DisplayName name
Members.value user.name
Members.display user.displayName

Connector Limitations

  • The following dates are not available in User and Group resources.
    • created
    • lastModified
  • Pagination is not supported for Groups.

  • Update Group can only be used for membership management.

  • Since the application does not support id, the URL encoded user name or group name is assigned as id for the resource.

  • Leading slash (/) in clientRequest, in the RequestWrapper is restricted in REST Client (Eg: Postman) testing.

  • Invalid host name in target URL returns error 500.

RSA Archer

RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector Name - <RSA Archer>

  • Username

  • Password

  • Instance Name - <Tenant ID ex: 324022>

  • Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>

  • Profile ID - <User Profile ID ex: 239109>

  • Environment(ISMS) - <Cloud application's environment ex: Test, Prod>

  • Field ID - <Filed Id to get specific attribute ex: 18746>

  • SCIM URL - <Cloud application's instance URL used as targetURI in payload>

Supported Objects and Operations

Users
Table 23: Supported operations for Users

Operation

VERB

Create POST
Update PUT
Delete (Id) DELETE
Get (Id) GET
Get GET
Pagination GET
Groups
Table 24: Supported operations for Groups

Operation

VERB

Create

POST

Update (Id) PUT
Delete (Id) DELETE
Get (Id) GET
Get GET

Mandatory Fields

Users
  • First Name
  • Last Name
Groups
  • Group Name

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 25: User Mapping
SCIM Parameter RSA Archer Parameter
Id system.userId
UserName system.userName
Name.GivenName name.first
Name.FamilyName name.last
Name.MiddleName name.middle
Title system.title

Locale

system.locale

Timezone

timeZone.id

Active

system.status

Emails

contactItems.value if <contactItems.type = Email>

Address.formatted

address

Address.streetAddress

--

Address.locality

--

Address.region

--

Address.postalCode

--

Address.country

--

PhoneNumbers

contactItems.value if <contactItems.type = phone>

Groups.Id

groups.id

Groups.Name

groups.name

Roles.Id

roles.id

Roles.Name

roles.Name

 

Table 26: Group Mapping
SCIM Parameter RSA Archer Parameter
id id/id@ISMSGroup
displayName Name/ISMSGroupName
Members.value Members.Users.User.Id
Members.display Members.Users.User.Name

Lead

leads (id,name;id1,name1)

Lead Backup

leadBackup (id,name;id1,name1)

Coaches

coaches (id,name;id1,name1)

Connector Limitations

  • The Created date and last modified date is not retrieved for users / groups.
  • Cursor based pagination for Users is supported but pagination is not supported for groups.

  • User's contact information cannot be created or updated.

  • The following fields are read-only:

    • Phone number
    • Email
  • Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.

  • If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.

  • RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.

NOTE:

  • Test Connection validates the target system credentials and endpoints but not the configuration parameters.

SuccessFactors

SuccessFactors is an integrated human-resources platform. It offers users tools for onboarding, social business, and collaboration along with tools for learning management, performance management, recruiting, applicant tracking, succession planning, talent management, and HR analytics. It is also cloud-based.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

NOTE: SuccessFactors Web Services API are based on OData protocol which is intended to enable access to data in the SuccessFactors system for create, read, update, or delete (CRUD) operations. For more information on SuccessFactors API, see https://apps.support.sap.com/sap/support/knowledge/public/en/2613670. For more information on SuccessFactors URLs and Data Centers, see https://apps.support.sap.com/sap/support/knowledge/public/en/2089448.

Supported Objects and Operations

Users
Table 27: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete

PUT

Get User (Id)

GET

Get All Users

GET

Get All Users with pagination

GET

Groups
Table 28: Supported operations for Groups

Operation

VERB

Update Group PUT
Get All Groups GET

Get Groups (Id)

GET

Get All Groups with pagination GET

Mandatory Fields

Users
  • User Name
  • Employee Number
  • Status
Groups
  • Group Name

  • Group Type
  • Group Members

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 29: User Mapping
SCIM Parameter SuccessFactors Parameter
Id userId
UserName username
Name.GivenName firstName
Name.FamilyName lastName

Name.MiddleName

mi

Name.HonorificSuffix

suffix

Name.Formatted

defaultFullName

DisplayName defaultFullName
Emails.Value email
Addresses.StreetAddress addressLine1
Addresses.Locality state
Addresses.Region city

Addresses.PostalCode

zipCode

Addresses.Country

country

PhoneNumbers.Value

businessPhone

Groups.value

groupId

Groups.display

groupName

Roles.value

user.role.id

Roles.display

user.role.name

UserType

jobTitle

Title

title

Active

status

Locale

location

Timezone

timeZone

userExtension.EmployeeNumber

empId

userExtension.Division

division

userExtension.Department

department

userExtension.Gender

gender

userExtension.HireDate

hireDate

userExtension.DateOfBirth

dateOfBirth

Meta.Created

hireDate

Meta.LastModified

lastModified

 

Table 30: Group Mapping
SCIM Parameter SuccessFactors Parameter
Id groupID
displayName groupName
groupType groupType
groupExtension.value userId
groupExtension.display userName
Meta.LastModified lastModifiedDate

Connector Limitations

  • Create and Delete group operations are not supported due to cloud application limitations.
  • When the active status is updated to false while performing the PUT operation for a user, the following error appears: user not found. This error occurs because a user is considered as a deleted user when the active status is false.

  • User update does not support addition and removal of Groups or Roles for a particular user. We need to get it done via group update. This is not applicable for role update.

  • User employee number cannot be updated because the cloud application considers employee number as a user Id.

Amazon (S3 and AWS)

Amazon (S3 and AWS) offers a suite of cloud-computing services that make up an on-demand computing platform. The most central and best-known of these are Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). AWS offers more than 70 services, including computing, storage, networking, database, analytics, application services, deployment, management, mobile, developer tools, and tools for the Internet of Things.

Supervisor Configuration Parameters

To configure the connector, following parameters are required:

  • Connector Name

  • Client Id of the cloud account
  • Client Secret of the cloud account

  • Region of the cloud account

  • SCIM URL (Cloud application's REST API's base URL)

Supported Objects and Operations

Users
Table 31: Supported operations and objects for Users

Operation

VERB

Create

POST

Update

PUT

Delete DELETE
Get all users GET
Get (Id) GET
Pagination GET
Groups
Table 32: Supported operations and objects for Groups

Operation

VERB

Create POST
Update PUT
Delete DELETE
Get all groups GET
Get (Id) GET

NOTE: Currently, addition or removal of entitlements for Groups is not supported by One Identity Manager.

Profiles
Table 33: Supported operations for Profiles

Operation

VERB

Get All Profiles

GET

Get Profile

GET

Mandatory Fields

Users
  • User Name
  • Password - This is applicable only for the Create operation.
Groups
  • Group Name

User and Group Mapping

The user and group mappings are listed in the tables below.

Table 34: User Mapping
SCIM Parameter Amazon Web Services (AWS) Parameter
Id UserName
UserName UserName
Password password
DisplayName Arn

Active

(true)

Groups

(ListGroupsForUserResult)Group

Entitlements

(ListAttachedUserPoliciesResult)AttachedPolicies

Created CreateDate
LastModified PasswordLastUsed

 

Table 35: Group Mapping
SCIM Parameter Amazon Web Services (AWS) Parameter
Id GroupName
displayName UserName
Entitlements (ListAttachedGroupPoliciesResult)AttachedPolicies
Members (GetGroupResult)Users
Created CreateDate
LastModified PasswordLastUsed

Connector Limitations

  • Signature generation is embedded within a data process. Hence, the application performance is affected.

  • The Last Modified date is not available. Hence, the field contains the value of recently used Password.

  • While performing Delete User or Delete Group operation, users or groups that are part of the deleted users or groups get detached from the below mentioned services. However, some services must be detached manually.

    • AccessKey
    • Roles
    • Groups
  • The task of assigning entitlements to groups is available with the connector. For successful working, certain changes must be made in One Identity Manager.

Documentos relacionados