Supervisor configuration parameters
RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.
To configure the connector, following parameters are required:
-
Connector Name - <RSA Archer>
-
Username
-
Password
-
Instance Name - <Tenant ID ex: 324022>
-
User Record Creation - <Is record creation needed> [only in v3.0]
-
Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>
-
Profile ID - <User Profile ID ex: 239109>
-
Environment(ISMS) - <Cloud application's environment ex: Test, Prod> [only in v1.0 and v2.0]
-
Field ID - <Filed Id to get specific attribute ex: 18746>
-
Reporting Filter Field Id - <Reporting Filter Field Id> [only in v3.0]
-
ISMS Group Functionality - <Is ISMS Group Functionality Required> [only in v3.0]
-
ISMS Id - <ISMS Id> [only in v3.0]
-
ISMS Module Id - <ISMS Module Id> [only in v3.0]
-
ISMS Name - <ISMS Name> [only in v3.0]
-
ISMS Coach - <ISMS Coach> [only in v3.0]
-
ISMS Lead - <ISMS Lead> [only in v3.0]
-
ISMS Lead Backup - <ISMS Lead Backup> [only in v3.0]
-
Profiles Resource - <Is Profiles Resource Required> [only in v3.0]
-
Delete User - <Is permanent User Delete Required> [only in v3.0]
-
SCIM URL - <Cloud application's instance URL used as targetURI in payload>
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).
Supported objects and operations
Users
Table 28: Supported operations for Users
Create |
POST |
Update |
PUT |
Get (Id) |
GET |
Get |
GET |
Pagination |
GET |
Delete |
DELETE |
NOTE:The Delete User operation is supported only in v3.0
Groups
Table 29: Supported operations for Groups
Update (Id) |
PUT |
Get (Id) |
GET |
Get |
GET |
NOTE:The Archer API supports the CREATE Group, DELETE Group and DELETE User operations, but they are currently unavailable in the connector. If you need the connector to support these operations, please contact support.
Roles
Table 30: Supported operations for Roles
Get (Id) |
GET |
Get |
GET |
Update |
PUT |
Profiles
Table 31: Supported operations for Profiles
Get (Id) |
GET |
Get |
GET |
Mandatory fields
Users
-
userName
-
name.givenName
-
name.familyName
-
active
Groups
Mappings for RSA Archer versions
The user and group mappings for RSA Archer version are listed in the tables below.
Table 32: User mapping for RSA Archer version
Active |
system.status |
Address.country |
-- |
Address.formatted |
address |
Address.locality |
-- |
Address.postalCode |
-- |
Address.region |
-- |
Address.streetAddress |
-- |
Emails |
contactItems.value if <contactItems.type = Email> |
Extension.Company (only in v3.0) |
system.company |
Extension.Notes (only in v3.0) |
notes |
Extension.SecurityParameter (only in v3.0) |
system.securityParameter |
Extension.UserDomain (only in v3.0) |
system.userDomain |
Groups.Id |
groups.id |
Groups.Name |
groups.name |
Id |
system.userId |
Locale |
system.locale |
Name.FamilyName |
name.last |
Name.GivenName |
name.first |
Name.MiddleName |
name.middle |
PhoneNumbers |
contactItems.value if <contactItems.type = phone> |
Roles.Id |
roles.id |
Roles.Name |
roles.Name |
Timezone |
timeZone.id |
Title |
system.title |
UserName |
system.userName |
Table 33: Roles mapping for RSA Archer version
id |
id |
Name |
name |
Members.value |
RoleMemberships[].RequestedObject.UserIds[] |
Table 34: Profiles mapping for RSA Archer version
id |
Profile Id from the Starling UI Config |
Connector limitations
- The Created date and last modified date is not retrieved for users / groups.
-
Cursor based pagination for Users is supported but pagination is not supported for groups.
-
User's contact information cannot be created or updated.
-
The following fields are read-only:
-
Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.
-
If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.
-
RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.
NOTE:Test Connection validates the target system credentials and endpoints but not the configuration parameters.
- For the feature Update User's default Email, RSA Archer provides an option to update contact information. However, the API document does not have any information about how to pass ContactRecordId into update contact info. The operation fails with a BadRequest error. As a workaround, the existing default email ID is deleted and the required email ID is created.
-
While doing role memberships update, it is not possible to remove those users that only have this role assigned to it (no other role assigned).
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in RSA Archer v.2.0
Following are the features that are available exclusively in RSA Archer v.2.0:
In version 2.0 of the connector, the following fields have been removed from User Mapping and schema:
- StreetAddress
- Locality
- Country
- PostalCode
NOTE: To avoid any breakage in the existing system, these changes have been implemented only in the version 2.0 of the connector.
Features available exclusively in RSA Archer v.3.0
-
v3.0 of the Archer connector, supports generic User, Groups, Roles and Profiles endpoints.
-
The ids for each resource is modified as id@ResourceName - > where ResourceName can be User, Group, Role & Profile.
-
Supports update role to manage the role memberships.
Supported objects and operations
RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.
Supervisor configuration parameters
To configure the connector, following parameters are required:
-
Connector Name - <RSA Archer>
-
Username
-
Password
-
Instance Name - <Tenant ID ex: 324022>
-
User Record Creation - <Is record creation needed> [only in v3.0]
-
Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>
-
Profile ID - <User Profile ID ex: 239109>
-
Environment(ISMS) - <Cloud application's environment ex: Test, Prod> [only in v1.0 and v2.0]
-
Field ID - <Filed Id to get specific attribute ex: 18746>
-
Reporting Filter Field Id - <Reporting Filter Field Id> [only in v3.0]
-
ISMS Group Functionality - <Is ISMS Group Functionality Required> [only in v3.0]
-
ISMS Id - <ISMS Id> [only in v3.0]
-
ISMS Module Id - <ISMS Module Id> [only in v3.0]
-
ISMS Name - <ISMS Name> [only in v3.0]
-
ISMS Coach - <ISMS Coach> [only in v3.0]
-
ISMS Lead - <ISMS Lead> [only in v3.0]
-
ISMS Lead Backup - <ISMS Lead Backup> [only in v3.0]
-
Profiles Resource - <Is Profiles Resource Required> [only in v3.0]
-
Delete User - <Is permanent User Delete Required> [only in v3.0]
-
SCIM URL - <Cloud application's instance URL used as targetURI in payload>
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).
Users
Table 28: Supported operations for Users
Create |
POST |
Update |
PUT |
Get (Id) |
GET |
Get |
GET |
Pagination |
GET |
Delete |
DELETE |
NOTE:The Delete User operation is supported only in v3.0
Groups
Table 29: Supported operations for Groups
Update (Id) |
PUT |
Get (Id) |
GET |
Get |
GET |
NOTE:The Archer API supports the CREATE Group, DELETE Group and DELETE User operations, but they are currently unavailable in the connector. If you need the connector to support these operations, please contact support.
Roles
Table 30: Supported operations for Roles
Get (Id) |
GET |
Get |
GET |
Update |
PUT |
Profiles
Table 31: Supported operations for Profiles
Get (Id) |
GET |
Get |
GET |
Mandatory fields
Users
-
userName
-
name.givenName
-
name.familyName
-
active
Groups
Mappings for RSA Archer versions
The user and group mappings for RSA Archer version are listed in the tables below.
Table 32: User mapping for RSA Archer version
Active |
system.status |
Address.country |
-- |
Address.formatted |
address |
Address.locality |
-- |
Address.postalCode |
-- |
Address.region |
-- |
Address.streetAddress |
-- |
Emails |
contactItems.value if <contactItems.type = Email> |
Extension.Company (only in v3.0) |
system.company |
Extension.Notes (only in v3.0) |
notes |
Extension.SecurityParameter (only in v3.0) |
system.securityParameter |
Extension.UserDomain (only in v3.0) |
system.userDomain |
Groups.Id |
groups.id |
Groups.Name |
groups.name |
Id |
system.userId |
Locale |
system.locale |
Name.FamilyName |
name.last |
Name.GivenName |
name.first |
Name.MiddleName |
name.middle |
PhoneNumbers |
contactItems.value if <contactItems.type = phone> |
Roles.Id |
roles.id |
Roles.Name |
roles.Name |
Timezone |
timeZone.id |
Title |
system.title |
UserName |
system.userName |
Table 33: Roles mapping for RSA Archer version
id |
id |
Name |
name |
Members.value |
RoleMemberships[].RequestedObject.UserIds[] |
Table 34: Profiles mapping for RSA Archer version
id |
Profile Id from the Starling UI Config |
Connector limitations
- The Created date and last modified date is not retrieved for users / groups.
-
Cursor based pagination for Users is supported but pagination is not supported for groups.
-
User's contact information cannot be created or updated.
-
The following fields are read-only:
-
Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.
-
If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.
-
RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.
NOTE:Test Connection validates the target system credentials and endpoints but not the configuration parameters.
- For the feature Update User's default Email, RSA Archer provides an option to update contact information. However, the API document does not have any information about how to pass ContactRecordId into update contact info. The operation fails with a BadRequest error. As a workaround, the existing default email ID is deleted and the required email ID is created.
-
While doing role memberships update, it is not possible to remove those users that only have this role assigned to it (no other role assigned).
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in RSA Archer v.2.0
Following are the features that are available exclusively in RSA Archer v.2.0:
In version 2.0 of the connector, the following fields have been removed from User Mapping and schema:
- StreetAddress
- Locality
- Country
- PostalCode
NOTE: To avoid any breakage in the existing system, these changes have been implemented only in the version 2.0 of the connector.
Features available exclusively in RSA Archer v.3.0
-
v3.0 of the Archer connector, supports generic User, Groups, Roles and Profiles endpoints.
-
The ids for each resource is modified as id@ResourceName - > where ResourceName can be User, Group, Role & Profile.
-
Supports update role to manage the role memberships.
Mandatory fields
RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.
Supervisor configuration parameters
To configure the connector, following parameters are required:
-
Connector Name - <RSA Archer>
-
Username
-
Password
-
Instance Name - <Tenant ID ex: 324022>
-
User Record Creation - <Is record creation needed> [only in v3.0]
-
Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>
-
Profile ID - <User Profile ID ex: 239109>
-
Environment(ISMS) - <Cloud application's environment ex: Test, Prod> [only in v1.0 and v2.0]
-
Field ID - <Filed Id to get specific attribute ex: 18746>
-
Reporting Filter Field Id - <Reporting Filter Field Id> [only in v3.0]
-
ISMS Group Functionality - <Is ISMS Group Functionality Required> [only in v3.0]
-
ISMS Id - <ISMS Id> [only in v3.0]
-
ISMS Module Id - <ISMS Module Id> [only in v3.0]
-
ISMS Name - <ISMS Name> [only in v3.0]
-
ISMS Coach - <ISMS Coach> [only in v3.0]
-
ISMS Lead - <ISMS Lead> [only in v3.0]
-
ISMS Lead Backup - <ISMS Lead Backup> [only in v3.0]
-
Profiles Resource - <Is Profiles Resource Required> [only in v3.0]
-
Delete User - <Is permanent User Delete Required> [only in v3.0]
-
SCIM URL - <Cloud application's instance URL used as targetURI in payload>
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).
Supported objects and operations
Users
Table 28: Supported operations for Users
Create |
POST |
Update |
PUT |
Get (Id) |
GET |
Get |
GET |
Pagination |
GET |
Delete |
DELETE |
NOTE:The Delete User operation is supported only in v3.0
Groups
Table 29: Supported operations for Groups
Update (Id) |
PUT |
Get (Id) |
GET |
Get |
GET |
NOTE:The Archer API supports the CREATE Group, DELETE Group and DELETE User operations, but they are currently unavailable in the connector. If you need the connector to support these operations, please contact support.
Roles
Table 30: Supported operations for Roles
Get (Id) |
GET |
Get |
GET |
Update |
PUT |
Profiles
Table 31: Supported operations for Profiles
Get (Id) |
GET |
Get |
GET |
Users
-
userName
-
name.givenName
-
name.familyName
-
active
Groups
Mappings for RSA Archer versions
The user and group mappings for RSA Archer version are listed in the tables below.
Table 32: User mapping for RSA Archer version
Active |
system.status |
Address.country |
-- |
Address.formatted |
address |
Address.locality |
-- |
Address.postalCode |
-- |
Address.region |
-- |
Address.streetAddress |
-- |
Emails |
contactItems.value if <contactItems.type = Email> |
Extension.Company (only in v3.0) |
system.company |
Extension.Notes (only in v3.0) |
notes |
Extension.SecurityParameter (only in v3.0) |
system.securityParameter |
Extension.UserDomain (only in v3.0) |
system.userDomain |
Groups.Id |
groups.id |
Groups.Name |
groups.name |
Id |
system.userId |
Locale |
system.locale |
Name.FamilyName |
name.last |
Name.GivenName |
name.first |
Name.MiddleName |
name.middle |
PhoneNumbers |
contactItems.value if <contactItems.type = phone> |
Roles.Id |
roles.id |
Roles.Name |
roles.Name |
Timezone |
timeZone.id |
Title |
system.title |
UserName |
system.userName |
Table 33: Roles mapping for RSA Archer version
id |
id |
Name |
name |
Members.value |
RoleMemberships[].RequestedObject.UserIds[] |
Table 34: Profiles mapping for RSA Archer version
id |
Profile Id from the Starling UI Config |
Connector limitations
- The Created date and last modified date is not retrieved for users / groups.
-
Cursor based pagination for Users is supported but pagination is not supported for groups.
-
User's contact information cannot be created or updated.
-
The following fields are read-only:
-
Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.
-
If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.
-
RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.
NOTE:Test Connection validates the target system credentials and endpoints but not the configuration parameters.
- For the feature Update User's default Email, RSA Archer provides an option to update contact information. However, the API document does not have any information about how to pass ContactRecordId into update contact info. The operation fails with a BadRequest error. As a workaround, the existing default email ID is deleted and the required email ID is created.
-
While doing role memberships update, it is not possible to remove those users that only have this role assigned to it (no other role assigned).
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in RSA Archer v.2.0
Following are the features that are available exclusively in RSA Archer v.2.0:
In version 2.0 of the connector, the following fields have been removed from User Mapping and schema:
- StreetAddress
- Locality
- Country
- PostalCode
NOTE: To avoid any breakage in the existing system, these changes have been implemented only in the version 2.0 of the connector.
Features available exclusively in RSA Archer v.3.0
-
v3.0 of the Archer connector, supports generic User, Groups, Roles and Profiles endpoints.
-
The ids for each resource is modified as id@ResourceName - > where ResourceName can be User, Group, Role & Profile.
-
Supports update role to manage the role memberships.
Mappings for RSA Archer versions
RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.
Supervisor configuration parameters
To configure the connector, following parameters are required:
-
Connector Name - <RSA Archer>
-
Username
-
Password
-
Instance Name - <Tenant ID ex: 324022>
-
User Record Creation - <Is record creation needed> [only in v3.0]
-
Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>
-
Profile ID - <User Profile ID ex: 239109>
-
Environment(ISMS) - <Cloud application's environment ex: Test, Prod> [only in v1.0 and v2.0]
-
Field ID - <Filed Id to get specific attribute ex: 18746>
-
Reporting Filter Field Id - <Reporting Filter Field Id> [only in v3.0]
-
ISMS Group Functionality - <Is ISMS Group Functionality Required> [only in v3.0]
-
ISMS Id - <ISMS Id> [only in v3.0]
-
ISMS Module Id - <ISMS Module Id> [only in v3.0]
-
ISMS Name - <ISMS Name> [only in v3.0]
-
ISMS Coach - <ISMS Coach> [only in v3.0]
-
ISMS Lead - <ISMS Lead> [only in v3.0]
-
ISMS Lead Backup - <ISMS Lead Backup> [only in v3.0]
-
Profiles Resource - <Is Profiles Resource Required> [only in v3.0]
-
Delete User - <Is permanent User Delete Required> [only in v3.0]
-
SCIM URL - <Cloud application's instance URL used as targetURI in payload>
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).
Supported objects and operations
Users
Table 28: Supported operations for Users
Create |
POST |
Update |
PUT |
Get (Id) |
GET |
Get |
GET |
Pagination |
GET |
Delete |
DELETE |
NOTE:The Delete User operation is supported only in v3.0
Groups
Table 29: Supported operations for Groups
Update (Id) |
PUT |
Get (Id) |
GET |
Get |
GET |
NOTE:The Archer API supports the CREATE Group, DELETE Group and DELETE User operations, but they are currently unavailable in the connector. If you need the connector to support these operations, please contact support.
Roles
Table 30: Supported operations for Roles
Get (Id) |
GET |
Get |
GET |
Update |
PUT |
Profiles
Table 31: Supported operations for Profiles
Get (Id) |
GET |
Get |
GET |
Mandatory fields
Users
-
userName
-
name.givenName
-
name.familyName
-
active
Groups
The user and group mappings for RSA Archer version are listed in the tables below.
Table 32: User mapping for RSA Archer version
Active |
system.status |
Address.country |
-- |
Address.formatted |
address |
Address.locality |
-- |
Address.postalCode |
-- |
Address.region |
-- |
Address.streetAddress |
-- |
Emails |
contactItems.value if <contactItems.type = Email> |
Extension.Company (only in v3.0) |
system.company |
Extension.Notes (only in v3.0) |
notes |
Extension.SecurityParameter (only in v3.0) |
system.securityParameter |
Extension.UserDomain (only in v3.0) |
system.userDomain |
Groups.Id |
groups.id |
Groups.Name |
groups.name |
Id |
system.userId |
Locale |
system.locale |
Name.FamilyName |
name.last |
Name.GivenName |
name.first |
Name.MiddleName |
name.middle |
PhoneNumbers |
contactItems.value if <contactItems.type = phone> |
Roles.Id |
roles.id |
Roles.Name |
roles.Name |
Timezone |
timeZone.id |
Title |
system.title |
UserName |
system.userName |
Table 33: Roles mapping for RSA Archer version
id |
id |
Name |
name |
Members.value |
RoleMemberships[].RequestedObject.UserIds[] |
Table 34: Profiles mapping for RSA Archer version
id |
Profile Id from the Starling UI Config |
Connector limitations
- The Created date and last modified date is not retrieved for users / groups.
-
Cursor based pagination for Users is supported but pagination is not supported for groups.
-
User's contact information cannot be created or updated.
-
The following fields are read-only:
-
Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.
-
If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.
-
RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.
NOTE:Test Connection validates the target system credentials and endpoints but not the configuration parameters.
- For the feature Update User's default Email, RSA Archer provides an option to update contact information. However, the API document does not have any information about how to pass ContactRecordId into update contact info. The operation fails with a BadRequest error. As a workaround, the existing default email ID is deleted and the required email ID is created.
-
While doing role memberships update, it is not possible to remove those users that only have this role assigned to it (no other role assigned).
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in RSA Archer v.2.0
Following are the features that are available exclusively in RSA Archer v.2.0:
In version 2.0 of the connector, the following fields have been removed from User Mapping and schema:
- StreetAddress
- Locality
- Country
- PostalCode
NOTE: To avoid any breakage in the existing system, these changes have been implemented only in the version 2.0 of the connector.
Features available exclusively in RSA Archer v.3.0
-
v3.0 of the Archer connector, supports generic User, Groups, Roles and Profiles endpoints.
-
The ids for each resource is modified as id@ResourceName - > where ResourceName can be User, Group, Role & Profile.
-
Supports update role to manage the role memberships.