지금 지원 담당자와 채팅
지원 담당자와 채팅

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors Amazon S3 AWS ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring Amazon S3 AWS connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating Service Principal to authenticate the Azure resource management REST APIs for Azure Infrastructure connector

Mandatory fields

SAP Cloud for Customer (C4C) is a cloud solution to manage customer sales, customer service and marketing activities efficiently and is one of the key SAP solution to manage customer relationship.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 338: Supported operations for Users

Operation

VERB

Create User POST

Get a User

GET

List Users

GET

Update a User

PUT

Delete User

DELETE

Roles

Table 339: Supported operations for Roles

Operation

VERB

Get a Role

GET

List Roles

GET

Users

  • name.givenName

  • name.familyName

Mappings

Table 340: SAPC4CEmployee,BusinessUser to SCIM User mapping
SCIM properties SAPC4C properties
active EmployeeValidityEndDate
addresses[].country CountryCode
addresses[].postalCode PostalCode
addresses[].region RegionCode
addresses[].streetAddress Street
displayName FirstName + " " + LastName
emails[].value Email

extension.businessUserLanguageCode

LogonLanguageCode

extension.businessUserLanguage

LogonLanguageCodeText

extension.companyName CompanyName
extension.dateFormat DateFormat
extension.dateFormatCode DateFormatCode
extension.decimalFormatCode DecimalFormatCode
extension.department Department
extension.employeeId EmployeeID
extension.gender GenderCodeText
extension.genderCode GenderCode
extension.employeeLanguage LanguageCodeText
extension.employeeLanguageCode LanguageCode
extension.managerName ManagerName
extension.maritalStatus MaritalStatusCodeText
extension.maritalStatusCode MaritalStatusCode
extension.passwordPolicyCode PasswordPolicyCode
extension.timeFormat TimeFormat
extension.timeFormatCode TimeFormatCode
extension.titleCode TitleCode
extension.titleCodeText TitleCodeText
extension.userId UserID
extension.userLockedIndicator UserLockedIndicator

extension.validityEndDate

UserValidityEndDate

extension.validityStartDate

UserValidityStartDate

id ObjectID
meta.created CreatedOn
meta.lastModified EntityLastChangedOn
name.familyName LastName
name.givenName FirstName
name.middleName MiddleName
nickName NickName
phoneNumbers[].value MobilePhoneNumber
roles.value EmployeeUserBusinessRoleAssignment.BusinessRoleID
timezone TimeZoneCode
userName UserID
Table 341: SAPC4CIdentityBusinessRoles to SCIM Role mapping
SCIM properties SAPC4C properties
id ObjectID
name Name
meta.created CreationDateTime
meta.lastModified EntityLastChangedOn

 

Connector limitations

  • Update is not supported for attributes like ManagerName, CompanyName and Department, as they come under Organization endpoints.

  • Deleting a User, will inactivate it. But the user will still be present in the list of users.

  • Due to the target API behavior, any text value can be used as the value for phoneNumbers.

  • For most of the error scenarios, the status code returned is 500.

  • While user creation, the user will still be created if there is an error while user role assignments.

  • Due to One IM limitation on DateTime attributes, value having 'YEAR' less than 1753 could not be shown in One IM user interface.

Mappings

SAP Cloud for Customer (C4C) is a cloud solution to manage customer sales, customer service and marketing activities efficiently and is one of the key SAP solution to manage customer relationship.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 338: Supported operations for Users

Operation

VERB

Create User POST

Get a User

GET

List Users

GET

Update a User

PUT

Delete User

DELETE

Roles

Table 339: Supported operations for Roles

Operation

VERB

Get a Role

GET

List Roles

GET

Mandatory fields

Users

  • name.givenName

  • name.familyName

Table 340: SAPC4CEmployee,BusinessUser to SCIM User mapping
SCIM properties SAPC4C properties
active EmployeeValidityEndDate
addresses[].country CountryCode
addresses[].postalCode PostalCode
addresses[].region RegionCode
addresses[].streetAddress Street
displayName FirstName + " " + LastName
emails[].value Email

extension.businessUserLanguageCode

LogonLanguageCode

extension.businessUserLanguage

LogonLanguageCodeText

extension.companyName CompanyName
extension.dateFormat DateFormat
extension.dateFormatCode DateFormatCode
extension.decimalFormatCode DecimalFormatCode
extension.department Department
extension.employeeId EmployeeID
extension.gender GenderCodeText
extension.genderCode GenderCode
extension.employeeLanguage LanguageCodeText
extension.employeeLanguageCode LanguageCode
extension.managerName ManagerName
extension.maritalStatus MaritalStatusCodeText
extension.maritalStatusCode MaritalStatusCode
extension.passwordPolicyCode PasswordPolicyCode
extension.timeFormat TimeFormat
extension.timeFormatCode TimeFormatCode
extension.titleCode TitleCode
extension.titleCodeText TitleCodeText
extension.userId UserID
extension.userLockedIndicator UserLockedIndicator

extension.validityEndDate

UserValidityEndDate

extension.validityStartDate

UserValidityStartDate

id ObjectID
meta.created CreatedOn
meta.lastModified EntityLastChangedOn
name.familyName LastName
name.givenName FirstName
name.middleName MiddleName
nickName NickName
phoneNumbers[].value MobilePhoneNumber
roles.value EmployeeUserBusinessRoleAssignment.BusinessRoleID
timezone TimeZoneCode
userName UserID
Table 341: SAPC4CIdentityBusinessRoles to SCIM Role mapping
SCIM properties SAPC4C properties
id ObjectID
name Name
meta.created CreationDateTime
meta.lastModified EntityLastChangedOn

 

Connector limitations

  • Update is not supported for attributes like ManagerName, CompanyName and Department, as they come under Organization endpoints.

  • Deleting a User, will inactivate it. But the user will still be present in the list of users.

  • Due to the target API behavior, any text value can be used as the value for phoneNumbers.

  • For most of the error scenarios, the status code returned is 500.

  • While user creation, the user will still be created if there is an error while user role assignments.

  • Due to One IM limitation on DateTime attributes, value having 'YEAR' less than 1753 could not be shown in One IM user interface.

Connector limitations

SAP Cloud for Customer (C4C) is a cloud solution to manage customer sales, customer service and marketing activities efficiently and is one of the key SAP solution to manage customer relationship.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 338: Supported operations for Users

Operation

VERB

Create User POST

Get a User

GET

List Users

GET

Update a User

PUT

Delete User

DELETE

Roles

Table 339: Supported operations for Roles

Operation

VERB

Get a Role

GET

List Roles

GET

Mandatory fields

Users

  • name.givenName

  • name.familyName

Mappings

Table 340: SAPC4CEmployee,BusinessUser to SCIM User mapping
SCIM properties SAPC4C properties
active EmployeeValidityEndDate
addresses[].country CountryCode
addresses[].postalCode PostalCode
addresses[].region RegionCode
addresses[].streetAddress Street
displayName FirstName + " " + LastName
emails[].value Email

extension.businessUserLanguageCode

LogonLanguageCode

extension.businessUserLanguage

LogonLanguageCodeText

extension.companyName CompanyName
extension.dateFormat DateFormat
extension.dateFormatCode DateFormatCode
extension.decimalFormatCode DecimalFormatCode
extension.department Department
extension.employeeId EmployeeID
extension.gender GenderCodeText
extension.genderCode GenderCode
extension.employeeLanguage LanguageCodeText
extension.employeeLanguageCode LanguageCode
extension.managerName ManagerName
extension.maritalStatus MaritalStatusCodeText
extension.maritalStatusCode MaritalStatusCode
extension.passwordPolicyCode PasswordPolicyCode
extension.timeFormat TimeFormat
extension.timeFormatCode TimeFormatCode
extension.titleCode TitleCode
extension.titleCodeText TitleCodeText
extension.userId UserID
extension.userLockedIndicator UserLockedIndicator

extension.validityEndDate

UserValidityEndDate

extension.validityStartDate

UserValidityStartDate

id ObjectID
meta.created CreatedOn
meta.lastModified EntityLastChangedOn
name.familyName LastName
name.givenName FirstName
name.middleName MiddleName
nickName NickName
phoneNumbers[].value MobilePhoneNumber
roles.value EmployeeUserBusinessRoleAssignment.BusinessRoleID
timezone TimeZoneCode
userName UserID
Table 341: SAPC4CIdentityBusinessRoles to SCIM Role mapping
SCIM properties SAPC4C properties
id ObjectID
name Name
meta.created CreationDateTime
meta.lastModified EntityLastChangedOn

 

  • Update is not supported for attributes like ManagerName, CompanyName and Department, as they come under Organization endpoints.

  • Deleting a User, will inactivate it. But the user will still be present in the list of users.

  • Due to the target API behavior, any text value can be used as the value for phoneNumbers.

  • For most of the error scenarios, the status code returned is 500.

  • While user creation, the user will still be created if there is an error while user role assignments.

  • Due to One IM limitation on DateTime attributes, value having 'YEAR' less than 1753 could not be shown in One IM user interface.

Azure Infrastructure

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

ManagementGroups

Table 342: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 343: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 344: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 345: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 346: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 347: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 348: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 349: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Mandatory Fields

Since this connector does not support writing back, so no mandatory attributes are needed.

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 350: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 351: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 352: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 353: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 354: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 355: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 356: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 357: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

Connector limitations

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택