지금 지원 담당자와 채팅
지원 담당자와 채팅

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Viewing the default custom process for User

To view the default custom process for User:

  1. Open the Designer tool.

  2. In the Navigation pane, select Process Orchestration| Process| UCIUserHasItem| UCI_UCIUserHasItem_Update.

  3. In the Tasks pane, under the Edit Process option, click Edit process| UCI_UCIUserHasItem_Update.
    The Process properties window is displayed.

    NOTE: Refer to the values in the Process properties window for User when you create a custom process for Group. For more information about how to create a custom process for Group, see Creating a custom process for AWS IAM connector to support entitlements for Group using the Designer tool

Configuring AWS IAM connector to support entitlements for User using the Synchronization Editor

The Synchronization Editor tool is used to configure the AWS IAM connector to support entitlements for User.

To configure AWS IAM connector to support entitlements for User:

  1. Open the Synchronization Editor.

  2. Open the specific synchronization project.

  3. Navigate to the Mappings tab and select User.

  4. Remove vrtEntitlements from the One Identity Manager side in the Mapping window.

  5. In the Property mapping rules section, add the new mapping rule Value Comparison Rule, with the value vrtProfiles <--> Entitlements~value.

  6. Run the synchronization.

    The users and entitlements that exist on the target system instance are synchronized with One Identity Manager.

Configuring AWS IAM connector to support entitlements for Group

To configure the AWS IAM connector to support entitlements for Group, create a custom process using the Designer tool and then configure the connector using the Synchronization Editor.

To configure the AWS IAM Connector to support entitlements for Group, do the following:

Creating a custom process for AWS IAM connector to support entitlements for Group using the Designer tool

The Designer tool is used to create a custom process for Group.

NOTE:Refer to the default custom process for User. For more information, see Viewing the default custom process for User.

To create a custom process for AWS IAM connector to support entitlements for Group:

  1. Open the Designer tool.
  2. In the Navigation pane, select Process Orchestration |Custom process| Navigation| Process Editor| Create a new process.
    The Process properties window is displayed.
  3. In the General tab, enter the following values:
    Table 444: Values for creating custom process for Group

    Process properties

    Value

    Name

    UCI_UCIGroupHasItem_Update

    Table

    UCIGroupHasItem

    Pre-script for generating

    If Not CBool(Connection.Variables("FULLSYNC")) AndAlso _

    Not CBool(Connection.Variables("PendingChangeReady")) AndAlso _

    Not $FK(UID_UCIGroup).FK(UID_UCIRoot).IsManualProvisioning:Bool$

    Then

    Imports System.Collections.Generic

    Dim data As IDictionary(Of String,string) = Nothing

    values("AdHocDataFound") = False

    values("NeedExecute") = true

    ' try to get UCI data

    Try

    Dim myUCIGroup As ISingleDbObject = Connection.CreateSingle("UCIGroup",$UID_UCIGroup$)

    data = DPR_GetAdHocData($FK(UID_UCIGroup).FK(UID_UCIRoot).XObjectKey$,"SCIM","","Update",myUCIGroup.GetEntity())

    Catch ex As AdHocDataException

    End Try

    If Not data is Nothing

    values("AdHocDataFound") = True

    values("ObjectKey") = New DbObjectKey("UCIGroup",$UID_UCIGroup$).ToXmlString()

    values("UID_DPRSystemVariableSet") = data("VariableSetUID")

    values("UID_DPRProjectionConfiguration") = data("ProjectionConfigUID")

    values("UID_QBMServer") = data("ExecutionServerUID")

    End if

    End If

    Generating condition

    Value = Not CBool(Connection.Variables("FULLSYNC")) AndAlso _

    Not CBool(Connection.Variables("PendingChangeReady")) AndAlso _

    Not $FK(UID_UCIGroup).FK(UID_UCIRoot).IsManualProvisioning:Bool$ AndAlso _

    CBool(values("AdHocDataFound")) Andalso _

    UCI_TargetUsesProfiles($FK(UID_UCIGroup).UID_UCIRoot$)

  4. In the Events tab, at the bottom of the page, click +.
    The Edit event window is displayed.
  5. In the Edit event window, click + next to the Object Event field.

    The Edit object event window is displayed.

  6. In the Edit object event, select Delete and then Insert from the list. Click OK.
    The Process step properties window is displayed.
  7.  In the Process step properties window, select the values as follows:
    1. In the General tab, in the Name field, enter the value PUT/PATCH Group.
    2. Select ProjectorComponent – AdHocProjectionSingle from the Process Task drop down list.
    3. In the Generation tab, enter the script for server selection: Value = values("UID_QBMServer").ToString().
    4. In the Error Handling tab, select Stop on Error.
  8. In the Parameters tab at the bottom, add the values for ForceSyncOf.
  9. Set the parameter CausingEntityPatch to the following value:
    Dim myUCIGroup As ISingleDbObject =

    Connection.CreateSingle("UCIGroup",$UID_UCIGroup$)

    Value = DPR_WrapObjectForProjection(myUCIGroup.GetEntity())

    The custom process UCI_UCIGroupHasItem_Update is created for Group.
  10. Click Commit to Database.
  11. Select Database| Compile Database in the Designer tool.

  12. Use the Synchronization Editor Tool to create a new mapping for Group. For more information, see Configuring AWS IAM connector to support entitlements for Group using the Synchronization Editor

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택