SuccessFactors
SuccessFactors is an integrated human-resources platform. It offers users tools for onboarding, social business, and collaboration along with tools for learning management, performance management, recruiting, applicant tracking, succession planning, talent management, and HR analytics. It is also cloud-based.
Supervisor Configuration Parameters
To configure the connector, following parameters are required:
Supported Objects and Operations
Users
Table 12: Supported operations for Users
|
Create User |
POST |
|
Update User |
PUT |
|
Delete |
PUT |
| Deprovision |
PUT |
| Undo Deprovision |
PUT |
Mandatory Fields
Users
- User Name
- Employee Number
- Status
Groups
-
Group Name
- Group Type
- Group Members
User and Group Mapping
The user and group mappings are listed in the tables below.
Table 13: User Mapping
| Id |
userId |
| UserName |
username |
| Name.GivenName |
firstName |
| Name.FamilyName |
lastName |
|
Name.MiddleName |
mi |
|
Name.HonorificSuffix |
suffix |
|
Name.Formatted |
defaultFullName |
| DisplayName |
defaultFullName |
| Emails.Value |
email |
| Addresses.StreetAddress |
addressLine1 |
| Addresses.Locality |
state |
| Addresses.Region |
city |
|
Addresses.PostalCode |
zipCode |
|
Addresses.Country |
country |
|
PhoneNumbers.Value |
businessPhone |
|
Groups.value |
groupId |
|
Groups.display |
groupName |
|
Roles.value |
user.role.id |
|
Roles.display |
user.role.name |
|
UserType |
jobTitle |
|
Title |
title |
|
Active |
status |
|
Locale |
location |
|
Timezone |
timeZone |
|
userExtension.EmployeeNumber |
empId |
|
userExtension.Division |
division |
|
userExtension.Department |
department |
|
userExtension.Gender |
gender |
| userExtension.HireDate |
hireDate |
|
userExtension.DateOfBirth |
dateOfBirth |
|
Meta.Created |
hireDate |
|
Meta.LastModified |
lastModified |
Table 14: Group Mapping
| Id |
groupID |
| displayName |
groupName |
| groupType |
groupType |
| groupExtension.value |
userId |
| groupExtension.display |
userName |
| Meta.LastModified |
lastModifiedDate |
Connector Limitations
- Create and Delete group operations are not supported due to cloud application limitations.
-
When the active status is updated to false while performing the PUT operation for a user, the following error appears: user not found. This error occurs because a user is considered as a deleted user when the active status is false.
-
User update does not support addition and removal of Groups or Roles for a particular user. We need to get it done via group update. This is not applicable for role update.
-
User employee number cannot be updated because the cloud application considers employee number as a user Id.
Amazon (S3 and AWS)
Amazon (S3 and AWS) offers a suite of cloud-computing services that make up an on-demand computing platform. The most central and best-known of these are Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). AWS offers more than 70 services, including computing, storage, networking, database, analytics, application services, deployment, management, mobile, developer tools, and tools for the Internet of Things.
Supervisor Configuration Parameters
To configure the connector, following parameters are required:
-
Connector Name
- Client Id of the cloud account
-
Client Secret of the cloud account
-
Region of the cloud account
-
SCIM URL (Cloud application's REST API's base URL)
Supported Objects and Operations
Users
Table 15: Supported operations and objects for Users
|
Create |
POST |
|
Update |
PUT |
| Delete |
DELETE |
| Deprovision |
PUT |
| Undo Deprovision |
PUT |
Groups
Table 16: Supported operations and objects for Groups
| Create |
POST |
| Update |
PUT |
| Delete |
DELETE |
| Deprovision |
PUT |
| Undo Deprovision |
PUT |
|
Group Membership |
PUT |
Mandatory Fields
Users
- User Name
- Password - This is applicable only for the Create operation.
Groups
User and Group Mapping
The user and group mappings are listed in the tables below.
Table 17: User Mapping
| Id |
UserName |
| UserName |
UserName |
| Password |
password |
| DisplayName |
Arn |
|
Active |
(true) |
|
Groups |
(ListGroupsForUserResult)Group |
|
Entitlements |
(ListAttachedUserPoliciesResult)AttachedPolicies |
| Created |
CreateDate |
| LastModified |
PasswordLastUsed |
Table 18: Group Mapping
| Id |
GroupName |
| displayName |
UserName |
| Entitlements |
(ListAttachedGroupPoliciesResult)AttachedPolicies |
| Members |
(GetGroupResult)Users |
| Created |
CreateDate |
| LastModified |
PasswordLastUsed |
Connector Limitations
-
Signature generation is embedded within a data process. Hence, the application performance is affected.
-
The Last Modified date is not available. Hence, the field contains the value of recently used Password.
-
While performing Delete User or Delete Group operation, users or groups that are part of the deleted users or groups get detached from the below mentioned services. However, some services must be detached manually.
-
The task of assigning entitlements to groups is available with the connector. For successful working, certain changes must be made in Active Roles.
ServiceNow
ServiceNow is a service management platform that can be used for many different business units, including IT, human resources, facilities, and field services.
Supervisor Configuration Parameters
To configure the connector, following parameters are required:
-
Connector Name
-
Username
-
Password
- SCIM URL (cloud application's REST API's base URL)
Supported Objects and Operations
Users
Table 19: Supported operations for Users
|
Create |
POST |
|
Update |
PUT |
|
Delete |
DELETE |
| Deprovision |
PUT |
| Undo Deprovision |
PUT |
Groups
Table 20: Supported operations for Groups
|
Create |
POST |
|
Update |
PUT |
|
Delete |
DELETE |
| Deprovision |
PUT |
| Undo Deprovision |
PUT |
|
Group Membership |
PUT |
Mandatory Fields
Users
Groups
Configuring custom attributes in ServiceNow
This feature allows you to configure custom attributes in Starling Connector during connector subscription. You can provide the list of custom attributes in a defined format with the name, type and allowed values of the attributes. The custom mappings in Active Roles provides the values for these custom attributes.
To configure custom attributes in ServiceNow:
-
Create a Custom Attribute in ServiceNow.
NOTE: The Starling Platform currently supports only the string types dateTime, True/False and Choice.
-
To configure the custom attributes in Starling UI, enter the Custom Properties in the specified format in the Starling Platform.
-
Map the created custom attributes that were specified in the Starling Platform.
-
Perform a synchronization and verify if the custom attributes are available.
NOTE:
-
The Starling UI for registering a ServiceNow connector has an input field to provide the custom attributes to be mapped in the connector's User resource type apart from the default mapped attributes.
-
The custom attributes in the User resource type must be in the following format:
{field_name}|{data_type}|{choice_value1,choice_value2,etc};{field_name}|{data_type}|{choice_value1,choice_value2,etc};etc.
Example:
u_employee_status|string;u_date_of_termination_of_employments|DateTime;u_test_field_with_canonical_values|string|Choice 1,Choice 2,Choice 3
-
All custom attributes are mapped in the enterprise user extensions.
-
The supported data types are string, boolean and dateTime.
Choice type in the ServiceNow will become string type in OneIM with Canonical Values.
-
Only simple attributes are supported.
-
All custom user attributes have 'mutability': 'readWrite', 'returned': 'default', 'caseExact': 'false', 'required': 'false', 'multiValued': 'false','uniqueness': 'none'.
- The Starling Platform currently supports only the string types dateTime, True/False and Choice.
User and Group Mapping
The user and group mapping is listed in the table below.
Table 21: User Mapping
| userName |
user_name |
| name.familyName |
last_name |
| name.givenName |
first_name |
| name.middleName |
middle_name |
| displayName |
name |
| emails[0].value |
email |
| addresses[0].streetAddress |
street |
| addresses[0].locality |
city |
| addresses[0].region |
state |
| addresses[0].postalCode |
zip |
| addresses[0].country |
country |
| phoneNumbers[0].value |
phone |
| title |
title |
| preferredLanguage |
preferred_language |
| timeZone |
time_zone |
| active |
active |
| password |
user_password |
| roles.value |
{resource}.role.value |
| extension.organization |
company |
| extension.department |
department |
| extension.manager.value |
manager.value |
| extension.employeeNumber |
employee_number |
| id |
sys_id |
| groups.value |
{resource}.group.value |
|
extension.lastLogon |
last_login_time |
Table 22: Group Mapping
| id |
sys_id |
| displayName |
name |
| members.value |
{resource}.user.value |
| extension.description |
description |
| extension.email |
email |
|
extension.groupType |
type |
|
extension.manager.value |
manager.value |
Connector Limitations
-
ServiceProviderAuthority contains only the Id field with the value being same as the instance id of the ServiceNow instance, as there are no APIs to fetch the tenant details in ServiceNow.
-
If the department name and organization name is provided during user create or update operations, the user gets assigned to the department and organization if the department and organization with the same name exists in ServiceNow cloud application.
-
If the invalid manager id is used for user's manager fields while performing user create or update operations, ServiceNow does not display any error. Instead, it invalid id is returned as the manager id.
- In the request, if there are invalid values for timezone, language, and so on, ServiceNow does not display any error. Instead, the fields with invalid values would be blank.
-
GET Roles operation might not fetch all the roles. Some roles must be retrieved based on ServiceNow Access Control List (ACL).
- If an invalid role id is used for user create or update operation, no error is displayed. Instead, the same invalid id in the role list is returned.
-
If an invalid member id is used for group create or update, no error is displayed. Instead, the same invalid id as the member id is returned.
-
Create User operation with existing user details shows the status code as 403 instead 409. The status code and the status message cannot be interpreted.
Azure Active Directory
Azure Active Directory is a connector that gives users a cloud-based platform for their on-premises resources. Using single sign-on, companies have access to any number of network or web-based applications along with hosting access and identity management resources.
For more information on registering the application, providing permissions, retrieving client ID or client secret, see Working with Azure Active Directory.
Supervisor Configuration Parameters
To configure the connector, following parameters are required:
-
Connector name
-
Client Id for the app
-
Client Secret of the app
-
Directory Id of the Active Directory
-
Target URL (Cloud application's instance URL used as target URI in payload - For example, https://graph.microsoft.com/v1.0).
Supported Objects and Operations
Users
Table 23: Supported operations for Users
|
Create User |
POST |
|
Update User |
PATCH |
| Deprovision |
PUT |
| Undo Deprovision |
PUT |
Mandatory Fields
Users
- email.value
-
nickName
-
displayName
-
password
- active
Groups
User and Group Mapping
The user and group mappings are listed in the tables below.
Table 24: User Mapping
| Id |
id |
| userName |
userPrincipalName |
| name.familyName |
surname |
| name.givenName |
givenName |
| displayName |
displayName |
| nickName |
mailNickname |
| emails[0].value |
userPrincipalName |
| addresses[0].streetAddress |
streetAddress |
| addresses[0].locality |
city |
| addresses[0].region |
state |
| addresses[0].postalCode |
postalcode |
|
addresses[0].country |
couontry |
|
phoneNumbers[0].value |
businessPhones[0] |
|
title |
jobTitle |
|
active |
accountEnabled |
|
preferredLanguage |
preferredLanguage |
|
userType |
userType |
|
groups[].value |
memberOf[].id |
|
groups[].display |
memberOf[].displayName |
|
userExtension.organization |
companyName |
|
userExtension.department |
department |
|
userExtension.employeeNumber |
employeeId |
|
userExtension.manager.value |
manager.id |
|
userExtension.manager.displayName |
manager.displayName |
|
meta.created |
createdDateTime |
Groups
Table 25: User Mapping
| Id |
id |
| displayName |
displayName |
| members[].value |
members[].id |
| members[].display |
members[].displayName |
|
enterpriseExtension.description |
description |
|
enterpriseExtension.mailNickname |
mailNickname |
|
meta.created |
createdDateTime |
Connector Limitations
-
lastModified is not provided along with the Users and Groups.
-
Groups are of two types: Security groups and Office 365 groups. Azure AD supports users and groups as the members of groups. Security groups can have users and other Security groups as members. However, only users can be added as members for Office 365 groups.
-
With the trial Azure AD account, it is possible to create only Security groups through APIs. For information on mapping the appropriate properties, see User and Group section.
-
Azure AD resource Id's follow GUID formats. When trying to edit, retrieve, or delete a group by Id with an invalid GUID format, the connector displays 400 as the response code. However with invalid id and a proper GUID format, connector displays 404 as the response code.
-
Email value for the user should have only those domains which are verified in the selected Active Directory. To find out the verified domain, go to the Azure Active Directory in the Azure portal and in the Overview page above the directory name, the verified domain names are displayed.
- You can create multiple groups with the same name.
-
For more information on password policy settings applied to user accounts that are created and managed in Azure AD, see, Password policies that only apply to cloud user accounts.
