Mandatory fields
AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 200: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Groups
Table 201: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Delete Group |
DELETE |
Get Group |
GET |
Get All Groups |
GET |
Get All Users with Pagination |
GET |
Update Membership |
PUT |
Users
Groups
DisplayName
User and Group mapping
The user and group mappings are listed in the tables below.
Table 202: User mapping
Id |
Username |
userName |
Username |
Name.Formatted |
Username |
DisplayName |
Username |
Emails[0].value |
UserAttributes.email |
Active |
UserStatus.CONFIRMED |
PhoneNumbers[0].Value |
phone_number |
Password |
Password |
Extension.IsPasswordPermanent |
Permanent |
Extension.DesiredDeliveryMediums |
DesiredDeliveryMediums |
Extension.email_verified |
UserAttributes.email_verified |
Extension.phone_number_verified |
UserAttributes.phone_number_verified |
Created_at |
UserCreateDate |
lastModified_at |
UserLastModifiedDate |
Groups
Table 203: Group mapping
Id |
GroupName |
displayName |
GroupName |
members[].value |
Users[].Username |
members[].display |
Users[].Username |
Extension.Precedence |
Precedence |
Extension.RoleArn |
RoleArn |
Created_at |
CreationDate |
lastModified_at |
LastModifiedDate |
Connector limitations
-
Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.
-
Noncompliance to password policy returns an error. However, an User is created.
-
DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.
- A User can be a member of a maximum of 25 groups.
User and Group mapping
AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 200: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Groups
Table 201: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Delete Group |
DELETE |
Get Group |
GET |
Get All Groups |
GET |
Get All Users with Pagination |
GET |
Update Membership |
PUT |
Mandatory fields
Users
Groups
DisplayName
The user and group mappings are listed in the tables below.
Table 202: User mapping
Id |
Username |
userName |
Username |
Name.Formatted |
Username |
DisplayName |
Username |
Emails[0].value |
UserAttributes.email |
Active |
UserStatus.CONFIRMED |
PhoneNumbers[0].Value |
phone_number |
Password |
Password |
Extension.IsPasswordPermanent |
Permanent |
Extension.DesiredDeliveryMediums |
DesiredDeliveryMediums |
Extension.email_verified |
UserAttributes.email_verified |
Extension.phone_number_verified |
UserAttributes.phone_number_verified |
Created_at |
UserCreateDate |
lastModified_at |
UserLastModifiedDate |
Groups
Table 203: Group mapping
Id |
GroupName |
displayName |
GroupName |
members[].value |
Users[].Username |
members[].display |
Users[].Username |
Extension.Precedence |
Precedence |
Extension.RoleArn |
RoleArn |
Created_at |
CreationDate |
lastModified_at |
LastModifiedDate |
Connector limitations
-
Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.
-
Noncompliance to password policy returns an error. However, an User is created.
-
DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.
- A User can be a member of a maximum of 25 groups.
Connector limitations
AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 200: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Groups
Table 201: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Delete Group |
DELETE |
Get Group |
GET |
Get All Groups |
GET |
Get All Users with Pagination |
GET |
Update Membership |
PUT |
Mandatory fields
Users
Groups
DisplayName
User and Group mapping
The user and group mappings are listed in the tables below.
Table 202: User mapping
Id |
Username |
userName |
Username |
Name.Formatted |
Username |
DisplayName |
Username |
Emails[0].value |
UserAttributes.email |
Active |
UserStatus.CONFIRMED |
PhoneNumbers[0].Value |
phone_number |
Password |
Password |
Extension.IsPasswordPermanent |
Permanent |
Extension.DesiredDeliveryMediums |
DesiredDeliveryMediums |
Extension.email_verified |
UserAttributes.email_verified |
Extension.phone_number_verified |
UserAttributes.phone_number_verified |
Created_at |
UserCreateDate |
lastModified_at |
UserLastModifiedDate |
Groups
Table 203: Group mapping
Id |
GroupName |
displayName |
GroupName |
members[].value |
Users[].Username |
members[].display |
Users[].Username |
Extension.Precedence |
Precedence |
Extension.RoleArn |
RoleArn |
Created_at |
CreationDate |
lastModified_at |
LastModifiedDate |
-
Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.
-
Noncompliance to password policy returns an error. However, an User is created.
-
DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.
- A User can be a member of a maximum of 25 groups.
Okta
The Okta connector allows you to connect Okta with One Identity Starling Connect enabling you to take advantage of the features and products available in Starling Connect that complement and enhance the services provided by Okta.
Okta provides single sign-on, multi-factor authentication and Platform Services, which is a set of modular components that can be used to address requirements that are specific to an organization.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Configuring custom attributes for Okta
You can configure custom attributes for the Okta connector in Starling Connect for Users and Groups in the Custom Attributes section in Schema Configuration.
Support for MultiValued Custom attributes
-
In connector schema, only String datatype corresponds to the multivalued custom attribute.
-
Connector output format for multivalued custom attributes will be as shown below:
-
As per the connector output format, the values will be double semicolon separated(;;) and will be enclosed inside opening and closing square brackets.
-
Opening and closing square brackets help to ensure that the attribute is of multivalued type.
Supported objects and operations
Users
Table 204: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with pagination |
GET |
Groups
Table 205: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Delete Group |
DELETE |
Get Group |
GET |
Get All Groups |
GET |
Get All Groups with pagination |
GET |
Create Membership |
POST |
Add Membership |
POST |
Delete Membership |
DELETE |
Mandatory fields
Users
-
GivenName
- FamilyName
- Username
- Email
- Password
Groups
User and Group mapping
The user and group mappings are listed in the tables below.
Table 206: User mapping
Id |
id |
UserName |
login |
DisplayName |
displayName |
NickName |
nickName |
Name.GivenName |
firstName |
Name.FamilyName |
lastName |
Name.MiddleName |
middleName |
Name.HonorificPrefix |
honorificPrefix |
Name.HonorificSuffix |
honorificSuffix |
Addresses.StreetAddress |
streetAddress |
Addresses.Locality |
city |
Addresses.Region |
state |
Addresses.PostalCode |
zipCode |
Addresses.Country |
countryCode |
Emails.value |
email |
PhoneNumbers.value |
primaryPhone |
UserType |
userType |
Title |
title |
PreferredLanguage |
preferredLanguage |
Locale |
locale |
Timezone |
timezone |
Groups[].value (On Demand) |
Id (groupsForUserResponse) |
Groups[].display (On Demand) |
Profile.name (groupsForUserResponse) |
Active |
tatus == "ACTIVE" |
Extension.EmployeeNumber |
employeeNumber |
Extension.Division |
division |
Extension.Department |
department |
Extension.CostCenter |
costCenter |
Extension.Organization |
organization |
Extension.Manager.value |
managerId |
Extension.Manager.DisplayName |
manager |
Meta.Created |
created |
Meta.LastModified |
lastUpdated |
Groups
Table 207: Group mapping
Id |
id |
displayName |
profile.name |
Extension.Description |
profile.description |
Extension.GroupType |
type |
Members[].value |
id (GetGroupMembersResponse[]) |
Members[].display |
profile.displayName (GetGroupMembersResponse[]) |
Meta.Created |
created |
Meta.LastModified |
lastUpdated |
Connector limitations
- Get Users and Groups by pagination will return resources in multiples of 100. The resource count will be same as the next nearest multiple of 100. For example, if the count is specified as 325, the resource count will be 400.
- Inactivated User can be still be fetched.
-
Password update is not possible through the connector since it expects old and new passwords as parameter. Old password can never be fetched for any user.
-
UserName should be in the format of email id.
- The connector deletes a user permanently from the target system irrespective of its status. When you perform a DELETE operation on:
- a deprovisioned user, the user is deleted permanently.
- an active user, the user is, first, deprovisioned and then deleted permanently. This process is taken care internally.
-
When you modify the email value, both the username and email values get updated. But when you modify the username alone, only the username gets updated with the username value. user who hav not been deactivated, the user gets deactivated.