Chat now with support
Chat con el soporte

Starling Connect Identity Manager Integrated - Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Configuring connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors Amazon S3 AWS ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD GSuite Concur Tableau GoToMeeting Coupa AWS Cognito Okta Creating a service account in GSuite Setting a trial account on Salesforce Working with Azure AD Generating a private key for service account in GoToMeeting OneIM limitations Configuring Amazon S3 AWS connector to support entitlements for User and Group Outbound IP addresses

SAP Cloud Platform

SAP Cloud Platform is an open Platform as a Service (PaaS) that offers users in-memory capabilities, core platform services, and business services for cloud applications.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password

  • SCIM URL

Supported objects and operations

Users
Table 18: Supported operations for Users

Operation

VERB

Create

POST

Update (Id)

PUT

Delete (Id)

DELETE

Get (Id)

GET

Get

GET

Pagination GET
Groups
Table 19: Supported operations for Groups

Operation

VERB

Create

POST

Update (Id)

PUT

Delete  (Id)

DELETE

Get (Id)

GET

Get

GET

Mandatory fields

Users
  • Email
  • Username
Groups
  • Group Name
  • Display Name

User and Group mapping

The user and group mappings are listed in the tables below.

Table 20: User mapping
SCIM parameter SAP Cloud Platform parameter
Id id
UserName userName
Name.GivenName givenName
Name.FamilyName familyName

Name.HonorificPrefix

name.honorificPrefix

DisplayName displayName
Emails.Value email.value
Addresses.StreetAddress addresses.streetAddress
Addresses.Locality addresses.locality
Addresses.Region addresses.region

Addresses.PostalCode

addresses.postalCode

Addresses.Country

addresses.country

Addresses.Type

addresses.type

PhoneNumbers.value

phoneNumbers.value

UserType

userType

Locale

locale

Timezone

timeZone

Active

active

Groups.value

group.$ref

Groups.display

group.display

Extension.Organization

extension.organization

Extension.Division

extension.division

Extension.Department

extension.department

Extension.Manager.Value

extension.manager.value

Extension.Manager.DisplayName

extension.manager.displayName

Extension.ContactPreferenceTelephone

contactPreferenceTelephone

Extension.IndustryCrm

industryCrm

Extension.PasswordStatus

passwordStatus

Extension.MailVerified

mailVerified

Extension.CompanyRelationship

companyRelationship

Extension.ContactPreferenceEmail

contactPreferenceEmail

Extension.SourceSystem

sourceSystem

Extension.CostCenter

extension.costCenter

Extension.EmployeeNumber

extension.employeeNumber

Extension.CorporateGroups

corporateGroups.value

Extension.customAttributes.name

attributes.name

Extension.customAttributes.value

attributes.value

Meta.Created

meta.created

Meta.LastModified

meta.lastModified

 

Table 21: Group mapping
SCIM parameter SAP Cloud Platform parameter
id name
DisplayName displayName
Members.value members.value
Members.display members.display
Extension.GroupName extension.name
Extension.Description extension.description

Connector limitations

  • A performance impact is expected, with a list response of Groups because each record is retrieved and counted, since SCP Groups APIs do not provide totalResults.

  • ServiceProviderAuthority contains only Id field with the same value as the tenant id of the SCP instance, as there are no APIs that can fetch the tenant details in SCP.

  • Get All Groups and Get particular group with ID operations do not retrieve Created and Last Modified fields for Groups object types.

JIRA Server

JIRA Server is an issue-tracking product used for project management, generating project reports, and bug tracking.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • SCIM URL

Supported objects and operations

Users
Table 22: Supported operations for Users

Operation

VERB

Remove/Provision

POST

Update (Id)

PUT

Delete (Id)

DELETE

Get (Id)

GET

Get All Users

GET

Pagination

GET

Groups
Table 23: Supported operations for Groups

Operation

VERB

Create POST
Update (Id)

PUT

Delete (Id) DELETE
Get (Id) GET
Get All Groups GET

Get Groups (Id)

GET

Roles
Table 24: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Mandatory fields

Users
  • User name
  • Display name
  • Email ID
Groups
  • Group Name

User and Group mapping

The user and group mappings are listed in the tables below.

Table 25: User mapping
SCIM parameter JIRA Server parameter
Id name
UserName name

password

password

Name.Formatted displayName
DisplayName displayName
Emails.Value emailAddress
Locale locale
Timezone timeZone
Active active

Groups.value

group.name

Groups.display

group.name

 

Table 26: Group mapping
SCIM parameter JIRA Server parameter
Id name
DisplayName name
Members.value user.name
Members.display user.displayName

Connector limitations

  • The following dates are not available in User and Group resources.
    • created
    • lastModified
  • Pagination is not supported for Groups.

  • Update Group can only be used for membership management.

  • Since the application does not support id, the URL encoded user name or group name is assigned as id for the resource.

  • Leading slash (/) in clientRequest, in the RequestWrapper is restricted in REST Client (Eg: Postman) testing.

  • Invalid host name in target URL returns error 500.

RSA Archer

RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector Name - <RSA Archer>

  • Username

  • Password

  • Instance Name - <Tenant ID ex: 324022>

  • Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>

  • Profile ID - <User Profile ID ex: 239109>

  • Environment(ISMS) - <Cloud application's environment ex: Test, Prod>

  • Field ID - <Filed Id to get specific attribute ex: 18746>

  • SCIM URL - <Cloud application's instance URL used as targetURI in payload>

Supported objects and operations

Users
Table 27: Supported operations for Users

Operation

VERB

Create POST
Update PUT
Delete (Id) DELETE
Get (Id) GET
Get GET
Pagination GET
Groups
Table 28: Supported operations for Groups

Operation

VERB

Create

POST

Update (Id) PUT
Delete (Id) DELETE
Get (Id) GET
Get GET

Mandatory fields

Users
  • First Name
  • Last Name
Groups
  • Group Name

User and Group mapping

The user and group mappings are listed in the tables below.

Table 29: User mapping
SCIM parameter RSA Archer parameter
Id system.userId
UserName system.userName
Name.GivenName name.first
Name.FamilyName name.last
Name.MiddleName name.middle
Title system.title

Locale

system.locale

Timezone

timeZone.id

Active

system.status

Emails

contactItems.value if <contactItems.type = Email>

Address.formatted

address

Address.streetAddress

--

Address.locality

--

Address.region

--

Address.postalCode

--

Address.country

--

PhoneNumbers

contactItems.value if <contactItems.type = phone>

Groups.Id

groups.id

Groups.Name

groups.name

Roles.Id

roles.id

Roles.Name

roles.Name

 

Table 30: Group mapping
SCIM parameter RSA Archer parameter
id id/id@ISMSGroup
displayName Name/ISMSGroupName
Members.value Members.Users.User.Id
Members.display Members.Users.User.Name

Lead

leads (id,name;id1,name1)

Lead Backup

leadBackup (id,name;id1,name1)

Coaches

coaches (id,name;id1,name1)

Connector limitations

  • The Created date and last modified date is not retrieved for users / groups.
  • Cursor based pagination for Users is supported but pagination is not supported for groups.

  • User's contact information cannot be created or updated.

  • The following fields are read-only:

    • Phone number
    • Email
  • Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.

  • If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.

  • RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.

    NOTE:Test Connection validates the target system credentials and endpoints but not the configuration parameters.

SuccessFactors

SuccessFactors is an integrated human-resources platform. It offers users tools for onboarding, social business, and collaboration along with tools for learning management, performance management, recruiting, applicant tracking, succession planning, talent management, and HR analytics. It is also cloud-based.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users
Table 31: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete

PUT

Get User (Id)

GET

Get All Users

GET

Get All Users with pagination

GET

Groups
Table 32: Supported operations for Groups

Operation

VERB

Update Group PUT
Get All Groups GET

Get Groups (Id)

GET

Get All Groups with pagination GET

Mandatory fields

Users
  • User Name
  • Employee Number
  • Status
Groups
  • Group Name

  • Group Type
  • Group Members

User and Group mapping

The user and group mappings are listed in the tables below.

Table 33: User mapping
SCIM parameter SuccessFactors parameter
Id userId
UserName username
Name.GivenName firstName
Name.FamilyName lastName

Name.MiddleName

mi

Name.HonorificSuffix

suffix

Name.Formatted

defaultFullName

DisplayName defaultFullName
Emails.Value email
Addresses.StreetAddress addressLine1
Addresses.Locality state
Addresses.Region city

Addresses.PostalCode

zipCode

Addresses.Country

country

PhoneNumbers.Value

businessPhone

Groups.value

groupId

Groups.display

groupName

Roles.value

user.role.id

Roles.display

user.role.name

UserType

jobTitle

Title

title

Active

status

Locale

location

Timezone

timeZone

userExtension.EmployeeNumber

empId

userExtension.Division

division

userExtension.Department

department

userExtension.Gender

gender

userExtension.HireDate

hireDate

userExtension.DateOfBirth

dateOfBirth

Meta.Created

hireDate

Meta.LastModified

lastModified

 

Table 34: Group mapping
SCIM parameter SuccessFactors parameter
Id groupID
displayName groupName
groupType groupType
groupExtension.value userId
groupExtension.display userName
Meta.LastModified lastModifiedDate

Connector limitations

  • Create and Delete group operations are not supported due to cloud application limitations.
  • When the active status is updated to false while performing the PUT operation for a user, the following error appears: user not found. This error occurs because a user is considered as a deleted user when the active status is false.

  • User update does not support addition and removal of Groups or Roles for a particular user. We need to get it done via group update. This is not applicable for role update.

  • User employee number cannot be updated because the cloud application considers employee number as a user Id.

Documentos relacionados