Converse agora com nosso suporte
Chat com o suporte

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Testrail

TestRail is a web-based test case management tool. It is used by QA engineers, developers, and team leads to manage, track, and organize software testing efforts. TestRail allows team members to design test cases, organize test suites, execute test runs, and track their results, all from a modern and easy-to-use web interface. This article will give you an overview of the core features and workflows in TestRail that you can use to streamline your testing and deliver high-quality releases.

Supervisor Configuration Parameters

  • Connector name

  • User Name

  • Password

  • Target URL (https://instance_name.testrail.io)

Supported objects and operations

Users

Table 410: Supported operations for Users

Operation

VERB

Create User

POST

Get User by Id GET
List Users GET

Update user

PUT

Groups

Table 411: Supported operations for Groups

Operation

VERB
Create a group POST

Delete a group

DELETE

Get Group by Id

GET

List groups

GET

Update Group

PUT

Mandatory Fields

This section lists the mandatory fields required to create a User or Group:

Users

  • userName

  • emails[].value

Groups

  • displayName

Mappings

The mappings are listed in the tables below.

Table 412: TestRail User to SCIM user mapping
TestRail properties SCIM properties
id id
name UserName
group_ids groups
is_admin extension.admin
is_active active
email emails[].value
Table 413: TestRail Group to SCIM group mapping
TestRail properties SCIM Properties
id id
name displayName
user_ids members[].value

Connector limitations

  • Deleting of User is not supported.

ChipSoft

ChipSoft contributes to greater patient safety and more efficiency by develops cutting-edge software for healthcare professionals.

Offering fully integrated EMR/EHR solution for both individual organisations as well as organisations operating within the entire chain of care, ChipSoft is the market leader in Netherlands and in expansion across Europe.

Supervisor Configuration Parameters

  • Connector name

  • Target URL

Supported objects and operations

Users

Table 414: Supported operations for Users

Operation

VERB

Create User

POST

Get User by Id GET
List Users GET

Update user

PUT

Login Groups

Table 415: Supported operations for Login Groups

Operation

VERB

Get Login Group by Id

GET

List users

GET

User Groups

Table 416: Supported operations for User Groups

Operation

VERB

Get User Group by Id

GET

List User Groups

GET

Mandatory Fields

This section lists the mandatory fields required to create a User or Group:

Users

  • ldap
  • userName
  • displayName
  • active
  • startDate
  • endDate

Mappings

The mappings are listed in the tables below.

Table 417: ChipSoft to SCIM user mapping
ChipSoft properties (Dutch and English) SCIM properties
Ldap ldap
Ldapdomain ldapDomain
Gebruikersnaam id or userName
Gebruikersomschrijving displayName
Geblokkeerd active
Startdate startDate
Enddate endDate
Afdeling department
Functie position
Soort kind
Uzinr uzinNo
Rolecode roles { value = RoleCode display = RoleCode type = blankValue }
Bedrijf company
Email emails { value = emailValue, primary = 'true, type = 'work' }
Laatsteinlogdatum lastLoginDate
Laatsteinlogtijdstip lastLoginTime
Login Groups
Inloggroepcode value
Inloggroepzoekcode searchCode
User Group
Groepcode value
Zoekcode searchCode
Table 418: ChipSoft to SCIM user group mapping
ChipSoft properties (Dutch and English) SCIM Properties
groepcode id
zoekcode searchCode
groepomschrijving displayName
soortcode typeCode
soortomschrijving speciesDescription
Table 419: ChipSoft to SCIM login group mapping
ChipSoft properties (Dutch and English) SCIM Properties
inloggroepcode id
inloggroepzoekcode searchCode
inloggroepomschrijving displayName
inloggroepactief active

Connector limitations

Due to target behavior, following has been observed:

  • User Groups and Login Groups result don’t support pagination.

  • Memberships are not managed under Groups. Instead Groups are managed under Users.

  • For any junk value in cursor, it fetches records from target. It returns last login date as "0001-01-01T00:00:00Z" and time "12:00:00" for some of the records.

  • Email is not available for any user, target also does not accept new user with email.

  • Delete is not available for any user.

  • Some of the fields are not created during create user request.

  • System throws an error when it is trying to create an existing user. It displays the value of “ldap“ in error description instead of “userName“.

  • userName (Gebruikersnaam) fields only accept 8 characters. Any string more than 8 characters will be truncated and only first 8 characters are saved.

PingOne Platform

PingOne is a cloud-based identity as a service (IDaaS) framework for secure identity access management that uses an organization based model to define tenant accounts and their related entities within the PingOne platform.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 420: Supported operations for Users
Operation VERB
Create User POST
Get User by Id GET
List Users GET
Update User PUT
Delete User DELETE

Groups

Table 421: Supported operations for Groups
Create Group POST
Get Group GET
Get Groups GET
Update Group PUT

Populations

Table 422: Supported operations for Populations
Get Populations by Id GET
List Populations GET

Mandatory fields

Users

  • userName
  • population

Groups

displayName

User mapping

The user and population mappings are listed in the tables below.

Table 423: User mapping
SCIM Parameter PingOne Parameter
id id
userName username
name.givenName name.given
name.middleName name.middle
name.formatted name.formatted
name.honorificSuffix name.honorificSuffix
name.honorificPrefix name.honorificPrefix
title title
displayName name.given name.family
emails[].value email
active enabled
locale locale
preferredLanguage preferredLanguage
timezone timezone
groups[].value memberOfGroupIDs
externalId externalId
userType type
nickName nickname
photos[].value photo.href
addresses[].streetAddress address.streetAddress
addresses[].region address.region
addresses[].locality address.locality
addresses[].countryCode address.country
addresses[].postalCode address.postalCode
phoneNumbers[].value primaryPhone
phoneNumbers[].Value mobilePhone
enterpriseExtension.accountId accountId
enterpriseExtension.population population.id
enterpriseExtension.environment environment.id
enterpriseExtension.identityProvider identityProvider.type
enterpriseExtension.mfaEnabled mfaEnabled
createdAt meta.created
updatedAt meta.lastModified

Groups

Table 424: Group mapping
SCIM parameter PingOne parameter
id id
displayName name
members[].value members[].id
externalId externalId
enterpriseExtension.population population.id
enterpriseExtension.description description
enterpriseExtension.environment environment.id
enterpriseExtension.checkSum checkSum
enterpriseExtension.customData.securityGroup customData.securityGroup
enterpriseExtension.customData.groupOwner customData.groupOwner
meta.lastModified updatedAt
meta.created createdAt

Population mapping

Table 425: Population mapping
SCIM Parameter PingOne Parameter
id id
displayName name

userCount

userCount

description

description

environment

environment.id

passwordPolicy

passwordPolicy.id

isDefault

default

updatedAt

meta.lastModified

createdAt

meta.created

Connector SCIM configuration

The PingOne Platform connector is enhanced to support the configuration of SCIM connector with custom attributes and disabling of attributes. 'Users' resources in PingOne Platform connector have the support for configuring custom attributes and disabling of attributes.

NOTE:

  • In connector schema, datatype corresponding to multivalued custom attribute is of type string and JSON only.
  • Connector output format for multivalued custom attributes will be as shown below:

    "MultivaluedAttributeName" : "[abcd;; efgh;; xyzw;; uvty]"

  • As per the connector output format, the values will be double semicolon separated(;;) and will be enclosed inside opening and closing square brackets.
  • Opening and closing square brackets helps to ensure that the attribute is of multivalued type.

Connector limitations

  • In pagination, records are returned in multiples of 100 only due to target behaviour.
  • Custom attributes and disabling attributes are only supported in users due to target behaviour.
  • Custom attributes are supported for string and JSON attributes due to target behaviour.

  • While updating a group that was created at the population level, it should contain the same population id in the update body that was given while creating the group, while groups created at the environment level should not contain the population attribute in the update body due to target behaviour, else the target will throw the error message.

Azure DevOps

Azure DevOps is methodology that supports cohesiveness between development and operations into a smooth sailing event allowing organizations to create and improve products at a faster pace than they can with traditional software development approaches.

Supervisor configuration parameters

To configure the connector, following parameters are required.

Supported objects and operations

Users

Table 426: Supported operations for Users (for v1.0 & v2.0)

Operation

VERB

Create User

POST

Get User by Id

GET

List Users

GET

Update User

PUT

Delete User

DELETE

Groups

Table 427: Supported operations for Groups (for v1.0 & v2.0)

Operation

VERB

Create Group

POST

Get Group by Id

GET

List Groups

GET

Update Group

PUT

Delete Group

DELETE

Projects

Table 428: Supported operations for Projects (for v1.0 & v2.0)

Operation

VERB

Create Project

POST

Get Project by Id

GET

List Projects

GET

Update Project

PUT

Delete Project

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE a user.

Users (for v1.0 & v2.0)

  • userName

Groups (for v1.0 & v2.0)

  • displayName

  • enterpriseExtension.licenseRule.accountLicenseType

  • enterpriseExtension.licenseRule.licensingSource

  • enterpriseExtension.licenseRule.msdnLicenseType

Projects (for v1.0 & v2.0)

  • displayName

  • capabilities.processTemplateTypeId

  • capabilities.versionSourceControlType

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 429: User mapping (for v1.0)
SCIM User Azure DevOps Parameter
id id
userName user.principalName
displayName user.displayName
emails[].value user.mailAddress
enterpriseExtension.accessLevel.licensingSource accessLevel.licensingSource
enterpriseExtension.accessLevel.accountLicenseType accessLevel.accountLicenseType
enterpriseExtension.accessLevel.msdnLicenseType accessLevel.msdnLicenseType
enterpriseExtension.accessLevel.licenseDisplayName accessLevel.licenseDisplayName
enterpriseExtension.accessLevel.status accessLevel.status
enterpriseExtension.accessLevel.statusMessage accessLevel.statusMessage
enterpriseExtension.accessLevel.assignmentSource accessLevel.assignmentSource
enterpriseExtension.originId user.originId
enterpriseExtension.origin user.origin
enterpriseExtension.descriptor user.descriptor
enterpriseExtension.subjectKind user.subjectKind
enterpriseExtension.metaType user.metaType
enterpriseExtension.domain user.domain
enterpriseExtension.directoryAlias user.directoryAlias
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
enterpriseExtension.groupAssignments[].groupId groupAssignments[].id
enterpriseExtension.groupAssignments[].groupDescription groupAssignments[].group.description
enterpriseExtension.groupAssignments[].groupDescriptor groupAssignments[].group.descriptor
enterpriseExtension.groupAssignments[].groupDisplayName groupAssignments[].group.displayName
enterpriseExtension.groupAssignments[].groupDomain groupAssignments[].group.domain
enterpriseExtension.groupAssignments[].groupMailAddress groupAssignments[].group.mailAddress
enterpriseExtension.groupAssignments[].groupOrigin groupAssignments[].group.origin
enterpriseExtension.groupAssignments[].groupOriginId groupAssignments[].group.originId
enterpriseExtension.groupAssignments[].groupPrincipalName groupAssignments[].group.principalName
enterpriseExtension.groupAssignments[].groupSubjectkind groupAssignments[].group.subjectKind
enterpriseExtension.groupAssignments[].status groupAssignments[].status
enterpriseExtension.groupAssignments[].groupLicensingSource groupAssignments[].licenseRule.licensingSource
enterpriseExtension.groupAssignments[].groupAccountLicenseType groupAssignments[].licenseRule.accountLicenseType
enterpriseExtension.groupAssignments[].groupMsdnLicenseType groupAssignments[].licenseRule.msdnLicenseType
enterpriseExtension.groupAssignments[].groupLicenseDisplayName groupAssignments[].licenseRule.licenseDisplayName
enterpriseExtension.groupAssignments[].groupLicensingRuleStatus groupAssignments[].licenseRule.status
enterpriseExtension.groupAssignments[].groupLicensingRuleStatusMessage groupAssignments[].licenseRule.statusMessage
enterpriseExtension.groupAssignments[].groupLicensingRuleAssignmentSource groupAssignments[].licenseRuleAssignmentSource
meta.created dateCreated
Table 430: User mapping (for v2.0)
SCIM User Azure DevOps Parameter
id user.descriptor
userName user.principalName
displayName user.displayName
emails[].value user.mailAddress
enterpriseExtension.originId user.originId
enterpriseExtension.origin user.origin
enterpriseExtension.subjectKind user.subjectKind
enterpriseExtension.metaType user.metaType
enterpriseExtension.domain user.domain
enterpriseExtension.directoryAlias user.directoryAlias
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
enterpriseExtension.accessLevel.licensingSource accessLevel.licensingSource
enterpriseExtension.accessLevel.accountLicenseType accessLevel.accountLicenseType
enterpriseExtension.accessLevel.msdnLicenseType accessLevel.msdnLicenseType
enterpriseExtension.accessLevel.licenseDisplayName accessLevel.licenseDisplayName
enterpriseExtension.accessLevel.status accessLevel.status
enterpriseExtension.accessLevel.statusMessage accessLevel.statusMessage
enterpriseExtension.accessLevel.assignmentSource accessLevel.assignmentSource
Table 431: Group mapping (for v1.0)
SCIM Group Azure DevOps Parameter
id id
displayName group.displayName
members[].value members[].id
enterpriseExtension.licenseRule.licensingSource licenseRule.licensingSource
enterpriseExtension.licenseRule.accountLicenseType licenseRule.accountLicenseType
enterpriseExtension.licenseRule.msdnLicenseType licenseRule.msdnLicenseType
enterpriseExtension.licenseRule.licenseDisplayName licenseRule.licenseDisplayName
enterpriseExtension.licenseRule.status licenseRule.status
enterpriseExtension.licenseRule.statusMessage licenseRule.statusMessage
enterpriseExtension.licenseRule.assignmentSource licenseRule.assignmentSource
enterpriseExtension.originId group.originId
enterpriseExtension.origin group.origin
enterpriseExtension.descriptor group.descriptor
enterpriseExtension.subjectKind group.subjectKind
enterpriseExtension.description group.description
enterpriseExtension.domain group.domain
enterpriseExtension.status group.status
enterpriseExtension.principalName group.principalName
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
Table 432: Group mapping (for v2.0)
SCIM Group Azure DevOps Parameter
id group.descriptor
displayName group.displayName
members[].value members[].id
enterpriseExtension.licenseRule.licensingSource licenseRule.licensingSource
enterpriseExtension.licenseRule.accountLicenseType licenseRule.accountLicenseType
enterpriseExtension.licenseRule.msdnLicenseType licenseRule.msdnLicenseType
enterpriseExtension.licenseRule.licenseDisplayName licenseRule.licenseDisplayName
enterpriseExtension.licenseRule.status licenseRule.status
enterpriseExtension.licenseRule.statusMessage licenseRule.statusMessage
enterpriseExtension.licenseRule.assignmentSource licenseRule.assignmentSource
enterpriseExtension.originId group.originId
enterpriseExtension.origin group.origin
enterpriseExtension.subjectKind group.subjectKind
enterpriseExtension.description group.description
enterpriseExtension.domain group.domain
enterpriseExtension.status group.status
enterpriseExtension.principalName group.principalName
enterpriseExtension.projectEntitlements[].assignmentSource projectEntitlements[].assignmentSource
enterpriseExtension.projectEntitlements[].isProjectPermissionInherited projectEntitlements[].projectPermissionInherited
enterpriseExtension.projectEntitlements[].projectRefId projectEntitlements[].projectRef.id
enterpriseExtension.projectEntitlements[].projectRefName projectEntitlements[].projectRef.name
enterpriseExtension.projectEntitlements[].projectGroupType projectEntitlements[].group.groupType
enterpriseExtension.projectEntitlements[].projectGroupDisplayName projectEntitlements[].group.displayName
Table 433: Projects mapping (for v1.0 & v2.0)
SCIM Projects Azure DevOps Parameter
id id
displayName name
description description
state state
visibility visibility
revision revision
capabilities.processTemplateName capabilities.processTemplate.templateName
capabilities.processTemplateTypeId capabilities.processTemplate.templateTypeId
capabilities.versionSourceControlType capabilities.versioncontrol.sourceControlType
capabilities.versionControlGitEnabled capabilities.versioncontrol.gitEnabled
capabilities.versionControlTfvcEnabled capabilities.versioncontrol.tfvcEnabled
defaultTeam.id defaultTeam.id
defaultTeam.name defaultTeam.name
meta.lastModified lastUpdatedTime

Connector limitations

  • The userName should be in the format of the email address (The email address of the user which has to be added to the organization).

  • If we use the username that is already existing, the system will not throw a conflict error; instead, it will update that user or return the existing data.

  • Extensions[] are not mapped because the data is not returning from the target in response.

  • If we add a user that already exists in the organisation but is deleted, that user will have the same user ID as it had previously.

  • Only one email per user is supported by target system.

  • Azure DevOps Target System does not return important meta information lastModified for users, lastModified & created for groups and created for projects.

  • At least one writable attribute should be provided while updating a user, group and project.

  • Projects and access levels added indirectly when groups are associated for users are not updatable.

  • Providing an already used display name to a group will return error even though the old group is deleted in target instance.

  • The create or update of a group will be successful even though the target API fails with errors during the membership management operations on the group. This is because the create or update of a group in connector internally handles create/update and membership management.

  • Adding a project with different group types is not supported currently.

  • Pagination in users and projects returns records in multiples of 100.

  • Pagination is not supported in groups.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação