지금 지원 담당자와 채팅
지원 담당자와 채팅

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors Amazon S3 AWS ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring Amazon S3 AWS connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating Service Principal to authenticate the Azure resource management REST APIs for Azure Infrastructure connector

Creating a Process Chain using Designer

This section describes the procedure to create a Process Chain using Designer.

To create a Process Chain using Designer

  1. Open the Designer tool.
  2. In the Navigation pane, select Process Orchestration |Custom process| Navigation| Process Editor| Create a new process.
    The Process properties window is displayed.
  3. In the General tab of the Process properties window, enter the following values:
    Table 402: Values for creating custom process for PermssionSets

    Process properties

    Value

    Name

    UCI_UCIPermissionSethasItem_Update

    Table

    UCIUserHasItem

    Pre-script for generating

    If Not CBool(Connection.Variables("FULLSYNC")) AndAlso _

    Not CBool(Connection.Variables("PendingChangeReady")) AndAlso _

    Not $FK(UID_UCIItem).FK(UID_UCIRoot).IsManualProvisioning:Bool$ Then

     

    Imports System.Collections.Generic

    Dim data As IDictionary(Of String,string) = Nothing

    values("AdHocDataFound") = False

    values("NeedExecute") = true

    ' try to get UCI data

    Try

    Dim myUCIItem As ISingleDbObject = Connection.CreateSingle("UCIItem",$UID_UCIItem$)

    data = DPR_GetAdHocData($FK(UID_UCIItem).FK(UID_UCIRoot).XObjectKey$,"SCIM","","Update",myUCIItem.GetEntity())

    Catch ex As AdHocDataException

    End Try

    If Not data is Nothing

    values("AdHocDataFound") = True

    values("ObjectKey") = New DbObjectKey("UCIItem",$UID_UCIItem$).ToXmlString()

    values("UID_DPRSystemVariableSet") = data("VariableSetUID")

    values("UID_DPRProjectionConfiguration") = data("ProjectionConfigUID")

    values("UID_QBMServer") = UCI_GetProvisioningServer(data("ExecutionServerUID"), Entity, data("ExecutionServerTag"))

    End if

    Generating condition

    Value = Not CBool(Connection.Variables("FULLSYNC")) AndAlso _

    Not CBool(Connection.Variables("PendingChangeReady")) AndAlso _

    Not $FK(UID_UCIItem).FK(UID_UCIRoot).IsManualProvisioning:Bool$ AndAlso _

    CBool(values("AdHocDataFound")) Andalso _

    UCI_TargetUsesProfiles($FK(UID_UCIItem).UID_UCIRoot$)

  4. In the Events tab, at the bottom of the page, click +.
    The Edit event window is displayed.
  5. In the Edit event window, click + next to the Object Event field.

    The Edit object event window is displayed.

  6. In the Edit object event, select Delete and then Insert from the list. Click OK.
    The Process step properties window is displayed.
  7.  In the Process step properties window, select the values as follows:
    1. In the General tab, in the Name field, enter the value PUT/PATCH Group.
    2. Select ProjectorComponent – AdHocProjectionSingle from the Process Task drop down list.
    3. In the Generation tab, enter the script for server selection: Value = values("UID_QBMServer").ToString().
    4. In the Error Handling tab, select Stop on Error.
  8. In the Parameters tab at the bottom, add the values for ForceSyncOf: Value = "UID_UCIUser,vrtProfilesArr,vrtUser".
  9. Set the parameter CausingEntityPatch to the following value:
    Dim myUCIItem As ISingleDbObject =
    Connection.CreateSingle("UCIItem",$UID_UCIItem$)
    Value = DPR_WrapObjectForProjection(myUCIItem.GetEntity())

    The custom process UCI_UCIPermissionSethasItem_Update is created for PermissionSets.

  10. Click Commit to Database.
  11. Select Database| Compile Database in the Designer tool.

Connectors that support password attribute in User object

The password attribute of User object is a writeOnly field for all the connectors.

Connectors that support the password attribute in the User object

  • Amazon S3 AWS
  • AppDynamics
  • Atlassian JIRA
  • AWS Cognito
  • Citrix ShareFile
  • Crowd
  • JIRA
  • Oracle IDCS
  • PingOne
  • Salesforce
  • SAP Litmos
  • ServiceNow

Connectors that do not support special characters in the object ID

Starling Connect does not support special characters with the exceptions of a few such as @, +, _, - and so on in the object ID, for example, User ID and Group ID.

According to SCIM standards (RFC https://tools.ietf.org/html/rfc7643#section-3.1), the object ID must be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests.

However, there are some exceptions with some applications and hence, the corresponding connectors do not have an ID assigned. In these connectors, the username is considered to be object ID. There is a possibility that special characters are contained in the username, which would eventually become a part of the ID of the object. This causes an issue while returning the object details through the connector.

The current design of connectors does not have the capability to process the ID passed at the URI of the endpoints. Hence, Starling Connect returns error 404 with the message The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

Connectors that do not support special characters in the object ID

The connectors that have this issue are

  • AmazonS3AWS
  • Crowd
  • JiraServer
  • Apigee

Creating an app for using SCIM on Slack Enterprise Grid Organization

On the Enterprise Grid, SCIM operations work across the entire organization and not an individual workspaces. A SCIM app can provision, de-provision, and update team members in just one place rather than having to do so across every workspace in an organization.

To achieve this, the OAuth token used for calling SCIM API methods must be obtained by installing the app on the organization and not just a workspace within the organization.

To get a SCIM app working on a grid organization

  1. Ensure that the web service that is powering your application is able to handle a standard OAuth 2 flow.
  2. Create a new Slack app.

  3. In the application settings, select OAuth & Permissions from the left navigation.

  4. In the Redirect URLs section, save the URL https://connect-supervisor.cloud.oneidentity.com/v1/consent.
  5. In the Scopes section, add the admin scope and click Save Changes.

  6. In the application settings, select Manage Distribution from the left navigation.

  7. In the Share Your App with Other Workspaces section, make sure all four sections have the green check.
  8. Click Activate Public Distribution.

  9. Collect the Client Id and Client Secret of the app.
  10. While configuring this application for consent flow in Starling UI, provide the Client Id and Client Secret.

  11. When the consent flow is initiated, the OAuth handshake will install the application on your organization.
    You must be logged in as an owner of your Enterprise Grid organization to install the application

  12. Check the dropdown in the upper right corner of the installation screen to make sure you are installing the application on the Enterprise Grid organization, but not on an individual workspace within the organization.
  13. Once the app completes the OAuth flow, it will grant an OAuth token that can be used for accessing all of the SCIM API methods for the Slack enterprise organization.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택