Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Microsoft Entra ID Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Microsoft Entra ID tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Azure DevOps

Azure DevOps is methodology that supports cohesiveness between development and operations into a smooth sailing event allowing organizations to create and improve products at a faster pace than they can with traditional software development approaches.

Supervisor configuration parameters

To configure the connector, following parameters are required.

Required Azure DevOps Organization Permissions

The account used by the connector must have one of the following:

  • An Organization Owner role

    or

  • A Project Collection Administrator role

Supported objects and operations

Users

Table 428: Supported operations for Users (for v1.0 & v2.0)

Operation

VERB

Create User

POST

Get User by Id

GET

List Users

GET

Update User

PUT

Delete User

DELETE

Groups

Table 429: Supported operations for Groups (for v1.0 & v2.0)

Operation

VERB

Create Group

POST

Get Group by Id

GET

List Groups

GET

Update Group

PUT

Delete Group

DELETE

Projects

Table 430: Supported operations for Projects (for v1.0 & v2.0)

Operation

VERB

Create Project

POST

Get Project by Id

GET

List Projects

GET

Update Project

PUT

Delete Project

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE a user.

Users (for v1.0 & v2.0)

  • userName

Groups (for v1.0 & v2.0)

  • displayName

  • enterpriseExtension.licenseRule.accountLicenseType

  • enterpriseExtension.licenseRule.licensingSource

  • enterpriseExtension.licenseRule.msdnLicenseType

Projects (for v1.0 & v2.0)

  • displayName

  • capabilities.processTemplateTypeId

  • capabilities.versionSourceControlType

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 431: User mapping (for v1.0)
SCIM User Azure DevOps Parameter
id id
userName user.principalName
displayName user.displayName
emails[].value user.mailAddress
enterpriseExtension.accessLevel.licensingSource accessLevel.licensingSource
enterpriseExtension.accessLevel.accountLicenseType accessLevel.accountLicenseType
enterpriseExtension.accessLevel.msdnLicenseType accessLevel.msdnLicenseType
enterpriseExtension.accessLevel.licenseDisplayName accessLevel.licenseDisplayName
enterpriseExtension.accessLevel.status accessLevel.status
enterpriseExtension.accessLevel.statusMessage accessLevel.statusMessage
enterpriseExtension.accessLevel.assignmentSource accessLevel.assignmentSource
enterpriseExtension.originId user.originId
enterpriseExtension.origin user.origin
enterpriseExtension.descriptor user.descriptor
enterpriseExtension.subjectKind user.subjectKind
enterpriseExtension.metaType user.metaType
enterpriseExtension.domain user.domain
enterpriseExtension.directoryAlias user.directoryAlias
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
enterpriseExtension.groupAssignments[].groupId groupAssignments[].id
enterpriseExtension.groupAssignments[].groupDescription groupAssignments[].group.description
enterpriseExtension.groupAssignments[].groupDescriptor groupAssignments[].group.descriptor
enterpriseExtension.groupAssignments[].groupDisplayName groupAssignments[].group.displayName
enterpriseExtension.groupAssignments[].groupDomain groupAssignments[].group.domain
enterpriseExtension.groupAssignments[].groupMailAddress groupAssignments[].group.mailAddress
enterpriseExtension.groupAssignments[].groupOrigin groupAssignments[].group.origin
enterpriseExtension.groupAssignments[].groupOriginId groupAssignments[].group.originId
enterpriseExtension.groupAssignments[].groupPrincipalName groupAssignments[].group.principalName
enterpriseExtension.groupAssignments[].groupSubjectkind groupAssignments[].group.subjectKind
enterpriseExtension.groupAssignments[].status groupAssignments[].status
enterpriseExtension.groupAssignments[].groupLicensingSource groupAssignments[].licenseRule.licensingSource
enterpriseExtension.groupAssignments[].groupAccountLicenseType groupAssignments[].licenseRule.accountLicenseType
enterpriseExtension.groupAssignments[].groupMsdnLicenseType groupAssignments[].licenseRule.msdnLicenseType
enterpriseExtension.groupAssignments[].groupLicenseDisplayName groupAssignments[].licenseRule.licenseDisplayName
enterpriseExtension.groupAssignments[].groupLicensingRuleStatus groupAssignments[].licenseRule.status
enterpriseExtension.groupAssignments[].groupLicensingRuleStatusMessage groupAssignments[].licenseRule.statusMessage
enterpriseExtension.groupAssignments[].groupLicensingRuleAssignmentSource groupAssignments[].licenseRuleAssignmentSource
meta.created dateCreated
Table 432: User mapping (for v2.0)
SCIM User Azure DevOps Parameter
id user.descriptor
userName user.principalName
displayName user.displayName
emails[].value user.mailAddress
enterpriseExtension.originId user.originId
enterpriseExtension.origin user.origin
enterpriseExtension.subjectKind user.subjectKind
enterpriseExtension.metaType user.metaType
enterpriseExtension.domain user.domain
enterpriseExtension.directoryAlias user.directoryAlias
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
enterpriseExtension.accessLevel.licensingSource accessLevel.licensingSource
enterpriseExtension.accessLevel.accountLicenseType accessLevel.accountLicenseType
enterpriseExtension.accessLevel.msdnLicenseType accessLevel.msdnLicenseType
enterpriseExtension.accessLevel.licenseDisplayName accessLevel.licenseDisplayName
enterpriseExtension.accessLevel.status accessLevel.status
enterpriseExtension.accessLevel.statusMessage accessLevel.statusMessage
enterpriseExtension.accessLevel.assignmentSource accessLevel.assignmentSource
Table 433: Group mapping (for v1.0)
SCIM Group Azure DevOps Parameter
id id
displayName group.displayName
members[].value members[].id
enterpriseExtension.licenseRule.licensingSource licenseRule.licensingSource
enterpriseExtension.licenseRule.accountLicenseType licenseRule.accountLicenseType
enterpriseExtension.licenseRule.msdnLicenseType licenseRule.msdnLicenseType
enterpriseExtension.licenseRule.licenseDisplayName licenseRule.licenseDisplayName
enterpriseExtension.licenseRule.status licenseRule.status
enterpriseExtension.licenseRule.statusMessage licenseRule.statusMessage
enterpriseExtension.licenseRule.assignmentSource licenseRule.assignmentSource
enterpriseExtension.originId group.originId
enterpriseExtension.origin group.origin
enterpriseExtension.descriptor group.descriptor
enterpriseExtension.subjectKind group.subjectKind
enterpriseExtension.description group.description
enterpriseExtension.domain group.domain
enterpriseExtension.status group.status
enterpriseExtension.principalName group.principalName
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
Table 434: Group mapping (for v2.0)
SCIM Group Azure DevOps Parameter
id group.descriptor
displayName group.displayName
members[].value members[].id
enterpriseExtension.licenseRule.licensingSource licenseRule.licensingSource
enterpriseExtension.licenseRule.accountLicenseType licenseRule.accountLicenseType
enterpriseExtension.licenseRule.msdnLicenseType licenseRule.msdnLicenseType
enterpriseExtension.licenseRule.licenseDisplayName licenseRule.licenseDisplayName
enterpriseExtension.licenseRule.status licenseRule.status
enterpriseExtension.licenseRule.statusMessage licenseRule.statusMessage
enterpriseExtension.licenseRule.assignmentSource licenseRule.assignmentSource
enterpriseExtension.originId group.originId
enterpriseExtension.origin group.origin
enterpriseExtension.subjectKind group.subjectKind
enterpriseExtension.description group.description
enterpriseExtension.domain group.domain
enterpriseExtension.status group.status
enterpriseExtension.principalName group.principalName
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
Table 435: Projects mapping (for v1.0 & v2.0)
SCIM Projects Azure DevOps Parameter
id id
displayName name
description description
state state
visibility visibility
revision revision
capabilities.processTemplateName capabilities.processTemplate.templateName
capabilities.processTemplateTypeId capabilities.processTemplate.templateTypeId
capabilities.versionSourceControlType capabilities.versioncontrol.sourceControlType
capabilities.versionControlGitEnabled capabilities.versioncontrol.gitEnabled
capabilities.versionControlTfvcEnabled capabilities.versioncontrol.tfvcEnabled
defaultTeam.id defaultTeam.id
defaultTeam.name defaultTeam.name
meta.lastModified lastUpdatedTime

Connector limitations

  • The userName should be in the format of the email address (The email address of the user which has to be added to the organization).

  • If we use the username that is already existing, the system will not throw a conflict error; instead, it will update that user or return the existing data.

  • Extensions[] are not mapped because the data is not returning from the target in response.

  • If we add a user that already exists in the organisation but is deleted, that user will have the same user ID as it had previously.

  • Only one email per user is supported by target system.

  • Azure DevOps Target System does not return important meta information lastModified for users, lastModified & created for groups and created for projects.

  • At least one writable attribute should be provided while updating a user, group and project.

  • Projects and access levels added indirectly when groups are associated for users are not updatable.

  • Providing an already used display name to a group will return error even though the old group is deleted in target instance.

  • The create or update of a group will be successful even though the target API fails with errors during the membership management operations on the group. This is because the create or update of a group in connector internally handles create/update and membership management.

  • Adding a project with different group types is not supported currently.

  • Pagination in users and projects returns records in multiples of 100.

  • Pagination is not supported in groups.

UKG PRO

UKG PRO is a comprehensive HRMS that allows the organizations to efficiently manage the personnel data, handle robust payroll tasks, boost scheduling efficiency, and attract, nurture, and grow talent.

Supervisor configuration parameters

To configure the connector, following parameters are required.

  • Connector name

  • Login Username

  • Login Password

  • User API Key for web services

  • Customer API Key for web services

  • Target URL (https://{service_name}.ultipro.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details)

    NOTE:

    Retrieving credentials to generate token:

    1. Login to Pro portal
    2. Access Web Services under System Configuration > Security
    3. Note the “User API Key”, “Customer API Key” and base URL of the web services listed

Supported objects and operations

Employees

Table 436: Supported operations for Employee

Operation

VERB

Get Employee by Id

GET

List Employees

GET

EmpJobs

Table 437: Supported operations for EmpJobs

Operation

VERB

Get EmpJob by Id

GET

List EmpJobs            

GET

EmpEmployments

Table 438: Supported operations for EmpEmployments

Operation

VERB

Get EmpEmployment by Id

GET

List Employments

GET

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 439: Employee mapping
SCIM Properties SCIM UKG Pro Employee Properties
id Person/EmployeeIdentifier/EmployeeNumber/text(), Person/EmployeeIdentifier/CompanyCode/text()
userName Person/EmployeeIdentifier/EmployeeNumber/text()
name.familyName Person/LastName/Text()
name.givenName Person/FirstName/Text()
name.middleName Person/MiddleName/Text()
name.honorificPrefix Person/Prefix/Text()
name.honorificSuffix Person/Suffix/Text()
name.preferredFirstName Person/PreferredFirstName/Text()
name.formerLastName Person/FormerLastName/Text()
emails.email Person/EmailAddress/Text()
emails.alternateEmail Person/AlternateEmailAddress/Text()
companyCode Person/EmployeeIdentifier/CompanyCode/text()
ssn Person/SSN/Text()
supressSsn Person/SuppressSSN/Text()
Table 440: EmpJob mappings
SCIM Properties SCIM UKG Pro EmpJob Properties
id Job/EmployeeIdentifier/EmployeeNumber/text(),Job/EmployeeIdentifier/CompanyCode/text()
agricultural Job/Agricultural/text()
alternateTitle Job/AlternateTitle/text()
dateInJob Job/DateInJob/text()
directLabor Job/DirectLabor/text()
effectiveDate Job/EffectiveDate/text()
companyCode Job/EmployeeIdentifier/CompanyCode/text()
employeeNumber Job/EmployeeIdentifier/EmployeeNumber/text()
employeeType Job/EmployeeType/text()
fullOrPartTime Job/FullOrPartTime/text()
hourlyOrSalaried Job/HourlyOrSalaried/text()
jobCode Job/JobCode/text()
jobGroup Job/JobGroup/text()
localUnion Job/LocalUnion/text()
nationalUnion Job/NationalUnion/text()
orgLevel1 Job/OrgLevel1/text()
orgLevel2 Job/OrgLevel2/text()
orgLevel3 Job/OrgLevel3/text()
orgLevel4 Job/OrgLevel4/text()
payFrequency Job/PayFrequency/text()
payGroup Job/PayGroup/text()
payScaleCode Job/PayScaleCode/text()
project Job/Project/text()
promotion Job/Promotion/text()
reasonCode Job/ReasonCode/text()
scheduledHours Job/ScheduledHours/text()
seasonal Job/Seasonal/text()
shiftCode Job/ShiftCode/text()
shiftGroup Job/ShiftGroup/text()
stepNo Job/StepNo/text()
supervisorCompanyCode Job/Supervisor/CompanyCode/text()
supervisorEmployeeNumber Job/Supervisor/EmployeeNumber/text()
timeClock Job/TimeClock/text()
transfer Job/Transfer/text()
youthTraining Job/YouthTraining/text()
Table 441: EmpEmployment mappings
SCIM Properties SCIM UKG Pro EmpEmployment Properties
id EmploymentInformation/EmployeeIdentifier/EmployeeNumber/text(),EmploymentInformation/EmployeeIdentifier/CompanyCode/text()
arrearsSuspendedFrom EmploymentInformation/ArrearsSuspendedFrom/text()
arrearsSuspendedTo EmploymentInformation/ArrearsSuspendedTo/text()
beneSeniority EmploymentInformation/BeneSeniority/text()
deceased EmploymentInformation/Deceased/text()
deceasedDate EmploymentInformation/DeceasedDate/text()
earlyRetirement EmploymentInformation/EarlyRetirement/text()
companyCode EmploymentInformation/EmployeeIdentifier/CompanyCode/text()
employeeNumber EmploymentInformation/EmployeeIdentifier/EmployeeNumber/text()
employmentStatus EmploymentInformation/EmploymentStatus/text()
fmlaCode EmploymentInformation/FMLA_Code/text()
hcsoEndDate EmploymentInformation/HCSOEndDate/text()
hcsoNotCovered EmploymentInformation/HCSONotCovered/text()
hcsoStartDate EmploymentInformation/HCSOStartDate/text()
job EmploymentInformation/Job/text()
jobStart EmploymentInformation/JobStart/text()
lastHire EmploymentInformation/LastHire/text()
lastPerfReview EmploymentInformation/LastPerfReview/text()
lastSalaryReview EmploymentInformation/LastSalaryReview/text()
leaveReason EmploymentInformation/LeaveReason/text()
nextPerfReview EmploymentInformation/NextPerfReview/text()
nextSalaryReview EmploymentInformation/NextSalaryReview/text()
originalHire EmploymentInformation/OriginalHire/text()
ptoSuspendedFrom EmploymentInformation/PTOSuspendedFrom/text()
ptoSuspendedTo EmploymentInformation/PTOSuspendedTo/text()
payAutomatically EmploymentInformation/PayAutomatically/text()
paySuspendedFrom EmploymentInformation/PaySuspendedFrom/text()
paySuspendedTo EmploymentInformation/PaySuspendedTo/text()
roeIssueReason EmploymentInformation/ROEIssueReason/text()
regularRetirement EmploymentInformation/RegularRetirement/text()
seniority EmploymentInformation/Seniority/text()
statusAnticipatedEnd EmploymentInformation/StatusAnticipatedEnd/text()
statusStartDate EmploymentInformation/StatusStartDate/text()
weeks EmploymentInformation/Weeks/text()

Connector SCIM configurations

While UKG Pro system does not support disabling attributes feature, the Starling Connector for UKG Pro does supports disabling attributes by removing the SCIM mapping in the object GET response.

Connector limitations

  • Target APIs do not support created date and last modified date for employees.

  • The target API does not exactly validate the Id, the results are returned even when some additional characters are added to the end of a valid resource Id.

Atlassian Cloud

Atlassian cloud lets you automate user provisioning from your identity provider to Atlassian Cloud thus ensuring a smooth provisioning/de-provisioning users and groups from an identity provider to Confluence and Jira Cloud. With this, you can write your own integration with an external identity provider using the SCIM 2.0 protocol to manage your Atlassian Cloud users and groups.

Supervisor configuration parameters

To configure the connector, the following parameters are required:

Custom Objects Implementation in connector

  • The connector has been enhanced to support the custom object types dynamically. Customer can input the names of the custom objects to be supported in the connector in the configuration parameter "Custom Object Types" separating each type of name by semi colon (;) in the format SchemaName$$ObjectTypeName. E.g. CMDB$$User. Schema name or object type name with space will be treated as $. E.g. CMDB$$Service$Desk.

NOTE: All schema attributes are considered to be not case-exact and not unique. Mutability and required attributes are set on the basis of target.

  • The names of the custom object types to be configured in the Starling Connector are case-specific.

  • The connector currently supports only READ, CREATE and UPDATE operations on the custom objects.

  • As the custom object types are dynamic in nature and totally depends on customer's configuration, the resource types, mappings and schemas for the custom types are to be constructed dynamically.

  • Only single valued attributes are supported in custom object.

NOTE:

  • One Identity is not technically aware about the custom object through the instance since all the information/credentials related to the custom object types are known only to the customer.

  • There is no check put for the required attributes in connector for create and update custom type object. The user can check the schemas and provide the required+editable attribute in a request after getting an error from target.

Supported objects and operations

Users

Table 442: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Get User by id

GET

List User

GET

Delete User

DELETE

Groups

Table 443: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Get Group by Id

GET

List Groups

GET

Delete Group

DELETE

Custom Objects

Table 444: Supported operations for Custom Objects

Operation

VERB

Get Custom Object by Id

GET

LIST Custom Objects

GET

Create Custom Objects

POST

Update Custom Objects

PUT

Mandatory fields

Users

  • userName

  • emails[].value

  • emails[].primary = true

Groups

  • displayName

User mapping

The user and group mappings are listed in the tables below.

Table 445: User mapping
SCIM parameter Atlassian Cloud parameter
id id
userName userName
name.formatted name.formatted
name.givenName name.givenName
name.familyName name.familyName
name.middleName name.middleName
name.honorificSuffix name.honorificSuffix
name.honorificPrefix name.honorificPrefix
emails[].value emails[].value
emails[].type emails[].type
emails[].primary emails[].primary
phoneNumbers[].value phoneNumbers[].value
phoneNumbers[].type phoneNumbers[].type
phoneNumbers[].primary phoneNumbers[].primary
active active
externalId externalId
timezone timezone
title title
preferredLanguage preferredLanguage
nickname nickName
displayName displayName
enterpriseExtension.organization enterpriseExtension.organization
enterpriseExtension.department enterpriseExtension.department
atlassianExtension.atlassianAccountId enterpriseExtension.atlassianAccountId
meta.created meta.created
meta.lastModified meta.lastModified

Groups

Table 446: Group mapping
SCIM parameter Atlassian Cloud parameter
id id
displayName displayName
externalId externalId
members[].value members[].value
members[].type members[].type
members[].display members[].display
meta.created meta.created
meta.lastModified meta.lastModified

Custom Objects

Table 447: Custom Object type mapping
SCIM parameter Atlassian Cloud parameter
id id

meta.lastModified

Updated

meta.created

Created

All other attributes will have same names on both sides.

Connector limitations

  • While the displayName in Groups, is immutable, it is set as a readWrite attribute since it is a mandatory attribute during update.

  • As there are multiple request calls to verify the schema and the object type name provided in custom object type names the performance will impact.

Appendix: Creating a service account in Google Workspace

You must obtain a JSON file with Private Key to authorize the APIs to access data on Google Workspace domain. Create and enable the service account to obtain the private key (JSON file).

To create a project and enable the API

  1. Login to Google Cloud Platform.

  2. Click on the drop-down list next to the Google Cloud Platform label and select an organization.

    The Select a Project window is displayed.

  3. Click New Project.

    The New Project page is displayed.

  4. Enter the specific details in the relevant text field.

  5. Click Create.

  6. Click on the drop-down list next to the Google Cloud Platform label and select the project you created.

  7. Click APIs & Services tab.

  8. Click Library tab.

  9. Search for the phrase Admin SDK in the search bar and select Admin SDK from the results.

    The API Library page is displayed.

  10. Click Enable to enable the API.

To create a service account

  1. Click APIs & Services tab.

  2. Click Credentials.

  3. On the Credentials tab, click Manage Service Accounts available at the bottom right corner.

    The Service Accounts window is displayed.

  4. Click + CREATE SERVICE ACCOUNT.

    Create service account window is displayed.

  5. Enter the name of the service account in Service account name text field.

  6. Select Owner as the Role from the drop-down menu.

  7. Select the service JSON as an account Key type.

    IMPORTANT: A JSON file is required to generate an access token and it is downloaded automatically after selecting the above option.

  8. Click Create.

To select and authorize the API scopes

  1. Login to the Google workspace admin console with your domain.

  2. On the Admin console home page, click Security.

  3. Click Advanced settings.

  4. Click Managed API client access.

  5. Enter the client name and the description in the Name and Description text field respectively.

  6. Enter the email in the Email text field.

  7. Add the preferred API scopes that you want to use.

    For example, API scopes can be

    • https://www.googleapis.com/auth/admin.directory.user

    • https://www.googleapis.com/auth/admin.directory.group

    • https://www.googleapis.com/auth/admin.directory.group.member

    • https://www.googleapis.com/auth/admin.directory.domain

    • https://www.googleapis.com/auth/admin.directory.domain.readonly

    • https://www.googleapis.com/auth/admin.directory.rolemanagement

    For more information on API scopes, see https://developers.google.com/identity/protocols/googlescopes

  8. After adding the API scoes, click Authorize.

    The unique Id and the scopes added is displayed.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation