Connectors that do not support special characters in the object ID
Connectors that do not support special characters in the object ID
Starling Connect does not support special characters with the exceptions of a few such as @, +, _, - and so on in the object ID, for example, User ID and Group ID.
According to SCIM standards (RFC https://tools.ietf.org/html/rfc7643#section-3.1), the object ID must be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests.
However, there are some exceptions with some applications and hence, the corresponding connectors do not have an ID assigned. In these connectors, the username is considered to be object ID. There is a possibility that special characters are contained in the username, which would eventually become a part of the ID of the object. This causes an issue while returning the object details through the connector.
The current design of connectors does not have the capability to process the ID passed at the URI of the endpoints. Hence, Starling Connect returns error 404 with the message The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Connectors that do not support special characters in the object ID
The connectors that have this issue are
- AmazonS3AWS
- Crowd
- JiraServer
- Apigee
Creating an app for using SCIM on Slack Enterprise Grid Organization
Creating an app for using SCIM on Slack Enterprise Grid Organization
On the Enterprise Grid, SCIM operations work across the entire organization and not an individual workspaces. A SCIM app can provision, de-provision, and update team members in just one place rather than having to do so across every workspace in an organization.
To achieve this, the OAuth token used for calling SCIM API methods must be obtained by installing the app on the organization and not just a workspace within the organization.
To get a SCIM app working on a grid organization
- Ensure that the web service that is powering your application is able to handle a standard OAuth 2 flow.
-
Create a new Slack app.
-
In the application settings, select OAuth & Permissions from the left navigation.
- In the Redirect URLs section, save the URL https://connect-supervisor.cloud.oneidentity.com/v1/consent.
-
In the Scopes section, add the admin scope and click Save Changes.
-
In the application settings, select Manage Distribution from the left navigation.
- In the Share Your App with Other Workspaces section, make sure all four sections have the green check.
-
Click Activate Public Distribution.
- Collect the Client Id and Client Secret of the app.
-
While configuring this application for consent flow in Starling UI, provide the Client Id and Client Secret.
-
When the consent flow is initiated, the OAuth handshake will install the application on your organization.
You must be logged in as an owner of your Enterprise Grid organization to install the application
- Check the dropdown in the upper right corner of the installation screen to make sure you are installing the application on the Enterprise Grid organization, but not on an individual workspace within the organization.
-
Once the app completes the OAuth flow, it will grant an OAuth token that can be used for accessing all of the SCIM API methods for the Slack enterprise organization.
Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret
Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret
This section describes the procedure to create an integration application, provide necessary scopes, retrieve Client Id and Client Secret
To creating an integration application, providing necessary scopes, retrieving Client Id and Client Secret
- Create a new application of type Integration in https://developer.webex.com/my-apps.
- Provide the redirect URL https://connect-supervisor.cloud.oneidentity.com/v1/consent for US data center and https://connect-supervisor.cloud.oneidentity.eu/v1/consent for EU data center of the Starling Connect.
-
Provide the below scopes
- spark:team_memberships_read
- spark:team_memberships_write
- spark:teams_read
- spark:teams_write
- spark-admin:licenses_read
- spark-admin:organizations_read
- spark-admin:people_read
- spark-admin:people_write
- spark-admin:roles_read
- Collect the client ID and client Secret of the integration application.
Retrieving the API key from Facebook Workplace
Retrieving the API key from Facebook Workplace
This section describes the procedure to retrieve the API key from Facebook Workplace that you must use when you configure the connector in Starling Connect.
To retrieve the API key from Facebook Workplace
-
In the admin account, go to "Admin Panel", select "Integrations".
-
Create a Custom Integration.
-
Go to the custom integration created and under "Details" menu, select the "Create Access Token" and copy the access token created.
- This Access Token is to be used as the value for API Key in the Connector Configuration.
-
Under "Permissions" menu of the custom integration, select the permissions:
- Read group membership
- Manage accounts
- Manage groups
- Manage work profiles
- Provision user accounts
- Read group content
- Read user email
- Read work profile
-
Under the "Give integration access to groups" section of "Permissions" page, select the "Group permissions" to "All groups".