SCIM attribute mapping with Active Directory for users and groups
Active Roles provides support to connect to Starling Connect to manage the user provisioning and deprovisioning activities for the registered connectors. This is achieved through the internal attribute mapping mechanism. The AD attributes are mapped to SCIM attributes to perform each operation.
SCIM attribute mapping with Active Directory for Users
SCIM |
Active Directory |
displayName |
displayName |
givenName |
givenName |
familyName |
sn |
middleName |
middleName |
title |
title |
password |
edsaPassword |
streetAddress |
streetAddress |
locality |
city |
postalCode |
postalCode |
region |
state |
country |
c |
active |
edsaAccountIsDisabled |
userName |
edsvauserName |
honorificPrefix |
initials |
formattedName |
cn |
emails |
proxyAddresses,mail |
preferredLanguage |
preferredLanguage |
description |
description |
emailEncoding |
edsvaemailEncoding |
alias |
edsvaalias |
division |
division |
company |
company |
department |
department |
homePage |
wWWHomePage |
lastLogon |
lastLogon |
accountExpires |
accountExpires |
timezone |
edsvatimezone |
entitlements |
edsvaentitlements |
employeeNumber |
employeeNumber |
cn |
cn |
userPermissionsMarketingUser |
edsvauserPermissionsMarketingUser |
userPermissionsOfflineUser |
edsvauserPermissionsOfflineUser |
userPermissionsAvantgoUser |
edsvauserPermissionsAvantgoUser |
userPermissionsCallCenterAutoLogin |
edsvauserPermissionsCallCenterAutoLogin |
userPermissionsMobileUser |
edsvauserPermissionsMobileUser |
userPermissionsSFContentUser |
edsvauserPermissionsSFContentUser |
userPermissionsKnowledgeUser |
edsvauserPermissionsKnowledgeUser |
userPermissionsInteractionUser |
edsvauserPermissionsInteractionUser |
userPermissionsSupportUser |
edsvauserPermissionsSupportUser |
userPermissionsLiveAgentUser |
edsvauserPermissionsLiveAgentUser |
locale |
localeID |
phoneNumbers |
telephoneNumber,mobile,homePhone |
manager |
manager |
nickname |
edsvanickname |
desiredDeliveryMediums |
edsvadesiredDeliveryMediums |
SCIM attribute mapping with Active Directory for Groups
SCIM |
Active Directory |
displayName |
cn |
members |
member |
email |
mail |
manager |
managedBy |
Disconnecting One Identity Starling from Active Roles
After you configure Active Roles to join Starling, in case you want to disconnect from Starling, on Starling tab in Starling page, click Unjoin One Identity Starling. Unjoin Starling operation will disconnect Active Roles from your subscription. You are prompted to confirm if you want to continue. Click Yes to disconnect Active Roles from your subscription and complete the Unjoin One Identity Starling operation.
Salesforce
Salesforce offers a cloud-based customer relationship management (CRM) platform that lets users track sales, service, and marketing. It includes a social networking plug-in and analytical tools including email alerts, Google search functionality, and access to contracts.
To login to the Saleforce application, you must create a trail account. For more infomation, see Setting a trial account on Salesforce
Supervisor Configuration Parameters
To configure the connector, following parameters are required:
-
Connector Name
- Client ID - Consumer key of the connected app under API. Enable OAuth Settings (Left Menu | Build | Create | Apps).
-
Client Secret - Consumer Secret of the connected app under API. Enable OAuth Settings (Left Menu | Build | Create | Apps).
-
Username
-
Password
-
Token URL - Salesforce's token URL (https://<saleforce_instance_url>/services/oauth2/token)
-
Grant Type : password
Supported Objects and Operations in Active Roles
Users
Table 4: Supported operations for Users
Create |
POST |
Update (id) |
PUT |
Delete (id) |
DELETE |
Deprovision |
PUT |
Undo Deprovision |
PUT |
Groups
Table 5: Supported operations for Groups
Create |
POST |
Update (id) |
PUT |
Delete (id) |
DELETE |
Deprovision |
PUT |
Undo Deprovision |
PUT |
Group Membership |
PUT |
Mandatory Fields
Users
- Last Name
- Email
- Alias (Auto populated with the combination of First and/or Last name)
- Username (Auto populated from email)
- Nickname (Auto populated from email; takes the name before “@”)
- Email Encoding
- Locale Settings (Time Zone, Locale & Language)
-
Entitlements - ProfileId
Groups
User and Group Mapping
The user and group mapping is listed in the table below.
Table 6: User Mapping
Id |
id |
UserName |
Username |
ExternalId |
FederationIdentifier |
Name.GivenName |
FirstName |
Name.FamilyName |
LastName |
Name.Formatted |
Name |
DisplayName |
Name |
NickName |
CommunityNickname |
Emails.Value |
Email |
Photos.Value |
FullPhotoUrl |
Addresses.StreetAddress |
Street |
Addresses.Locality |
City |
Addresses.Region |
State |
Addresses.PostalCode |
PostalCode |
Addresses.Country |
Country |
PhoneNumbers.Values |
Phone |
UserType |
UserType |
Title |
Title |
PreferredLanguage |
LanguageLocaleKey |
Locale |
LocaleSidKey |
Timezone |
TimeZoneSidKey |
Active |
IsActive |
Groups.value |
GroupId |
Entitlements.Value |
Profile.Id |
Entitlements.Display |
Profile.Name |
Roles.Value |
UserRole.Id |
Roles.Display |
UserRole.Name |
Extension.PasswordLastSet |
LastPasswordChangeDate |
Extension.EmailEncoding |
EmailEncodingKey |
Extension.Organization |
CompanyName |
Extension.Division |
Division |
Extension.Department |
Department |
Extension.Description |
AboutMe |
Extension.Manager.Value |
Manager.Id |
Extension.Manager.DisplayName |
Manager.Name |
Extension.LastLogon |
LastLoginDate |
Extension.EmployeeNumber |
EmployeeNumber |
Extension.Alias |
Alias |
Extension.UserPermissionsMobileUser |
UserPermissionsMobileUser |
Extension.UserPermissionsSFContentUser |
UserPermissionsSFContentUser |
Extension.UserPermissionsKnowledgeUser |
UserPermissionsKnowledgeUser |
Extension.UserPermissionsOfflineUser |
UserPermissionsOfflineUser |
Extension.UserPermissionsMarketingUser |
UserPermissionsMarketingUser |
Extension.UserPermissionsCallCenterAutoLogin |
UserPermissionsCallCenterAutoLogin |
Extension.UserPermissionsInteractionUser |
UserPermissionsInteractionUser |
Extension.UserPermissionsSupportUser |
UserPermissionsSupportUser |
Extension.FullPhotoUrl |
FullPhotoUrl |
Meta.Created |
CreatedDate |
Meta.LastModified |
LastModifiedDate |
Table 7: Group Mapping
Id |
Id |
DisplayName |
Name |
Members.value |
UserOrGroupId |
Meta.Created |
CreatedDate |
Meta.LastModified |
LastModifiedDate |
Connector Limitations
Facebook Workplace
Workplace is a collaborative business platform run by Facebook to help users communicate through groups, chat, and social networking in a corporate environment.
Supervisor Configuration Parameters
To configure the connector, following parameters are required:
Supported Objects and Operations
Users
Table 8: Supported operations and objects for Users
Create |
POST |
Update (Id) |
PUT |
Delete (Id) |
DELETE |
Deprovision |
PUT |
Undo Deprovision |
PUT |
Groups
Table 9: Supported operations and objects for Groups
Create |
POST |
Update (Id) |
PUT |
Delete (Id) |
DELETE |
Group Membership |
PUT |
Mandatory Fields
Users
- User Name
- Name (Formatted)
- Active
Groups
User and Group Mapping
The user and group mappings are listed in the tables below.
Table 10: User Mapping
Id |
Id |
UserName |
userName |
Name.Formatted |
name.formatted |
Name.GivenName |
name.givenName |
Name.FamilyName |
name.familyName |
Name.MiddleName |
name.middleName |
Name.HonorificPrefix |
name.honorificPrefix |
Name.HonorificSuffix |
name.honorificSuffix |
DisplayName |
displayName |
NickName |
nickName |
UserType |
userType |
Title |
title |
PreferredLanguage |
preferredLanguage |
Locale |
locale |
Timezone |
timezone |
Active |
active |
Emails |
emails |
Addresses |
addresses |
PhoneNumbers |
phoneNumbers |
Groups.value |
Group.id |
Groups.display |
Group.name |
Roles.Value |
Role.Id |
Extension.Organization |
organization |
Extension.Division |
division |
Extension.Department |
department |
Extension.Manager.Value |
manager.managerId |
Extension.EmployeeNumber |
employeeNumber |
Extension.CostCenter |
costCenter |
Table 11: Group Mapping
Id |
Id |
DisplayName |
Name |
Members.value |
UserOrGroupId |
Meta.Created |
CreatedDate |
Meta.LastModified |
LastModifiedDate |
Connector Limitations
- Removal of the last member of a group deletes the group automatically.
- At least one user must be a member of a group to use it.