Converse agora com nosso suporte
Chat com o suporte

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM S3 ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring Amazon S3 AWS connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT)

Custom Foundation Objects in Successfactors HR connector

With Employee Central, there are a pre-defined set of Foundation Objects that are delivered such as Legal Entity, Business Unit, Cost Center, etc. There may be a business requirement to use more Foundation Objects in the Organization, Pay or Jobs Structure in the system. Using the Metadata Framework, you can create Custom Foundation Objects, which can be used in Employee Central > Job Information, to accommodate specific requirements which the pre-delivered set of Foundation objects may not cover.

Example Custom FO Configuration

  1. Log into the Test/Sandbox instance as a System Administrator - one that has access to Configure Object Definitions, Manage Business Configuration (BCUI), Manage Data and Test Users

  2. Navigate to Admin Center | Configure Object Definitions | Create New | Object Definition.

  3. Complete all the required fields.

    For example, you will need to provide a unique Code value which you will need later on. Also, provide a value if the Object should use Effective Dating or not, and what Status the object should have.

    1. Code: Typically the Code is entirely up to you, but you should try and use a Code that identifies the object easily (as the Code will be used in other area's of the EC configuration - which we will touch on later in this article).

    2. Effective Dating: It is a good idea to select Basic as Effective Dating (in line with the MDF Foundation Objects configuration). Please do not use the Multiple Changes per Day option.

    3. Status: This should always be set to Active (always)

  4. Once these options have been set, click Save at the bottom of the page.

    The Security, Business Rules and adding new fields can be done later.

  5. Click "Take Action" button in the top right can be used to edit the values if required.

Custom attributes with needed data types can be added.

If Security is set to Yes, then to access this object, it is needed to grant the necessary role-based permissions as this object is an role-based permission secured object.

Implementation in the Starling Connect Connector

New version

Successfactors HR connector has enhanced with a new version v9.0 to support the custom object types dynamically. Customer can input the names of the custom objects to be supported in the connector in the configuration parameter "Custom Object Types" separating each type name by semi colon (;).

NOTE: All schema attributes are considered to be read-only, non-mandatory, not case-exact and not unique.

Mapping

Table 447: Employee mapping
SCIM properties Successfactors properties

id

Base 64 encoded Composite Key or Simple Key of the object

meta.created

createdDateTime

meta.lastModified

lastModifiedDateTime

All other navigational and non-navigational attribute will have same names at both sides

Limitations

  • The connector implementation supports navigation attributes for custom object types with limitations. If any of the related entity type has not provided the needed rights to be accessed via APIs, the GET operation would fail. If any of the related entity type is not accessible via the 'Entity' API of Successfactors, the schemas in the connector will not have details regarding those types. This would lead to get a partial set of schemas for custom object types.

    NOTE:

    While parsing the schemas for a custom object entity, a new entity metadata to be requested to get the custom object's navigation attribute's schemas.

    For example: "cust_ObjectA" has a navigational attribute which is mentioned under "navigationProperties" in the metadata. Under "toRole" of the navigational attribute information there would be a property called "EntitySet" which gives the information to which entity it navigates. However, there would be some entities of which the schemas / metadata could not be retrieved. For example, if the custom object has an association to "Employee Profile User Info", then the entity set as per the "navigationProperties/toRole/EntitySet" value is "EPUserInfoConfig". An error "Entity Entity with the given key is not found." would be returned if the Entity API is triggered to get the schemas of this object type. Even though it is possible to expand the navigation attributes under custom object types using OData API, it is not possible to expand the metadata or schemas for all the navigation attributes using Entity API as well.

    Hence the connector would result in partial schemas and responses for custom object types with respect to the navigational attributes.

  • Even though the Starling Connector for Successfactors HR supports disabling attributes and adding custom attributes across all resource types, these features are not supported in custom object types as the schemas and mappings are always constructed dynamically.

  • The connector currently supports only READ operations on the custom objects.

  • The names of the custom object types to be configured in the Starling Connector are case-specific.

  • Navigation attributes under a navigation object of a custom object is not supported. For example cust_ObjectA has a navigation attribute of type Business Unit. Any complex or navigation attributes under this Business Unit type attribute will not be processed in the connector.

  • Due to multiple requests are being triggered to the target API to read the schemas and data dynamically, the connector functionalities involving custom object types are relatively slow to respond.

  • System generated attributes like "mdfSystemXxx", navigation attributes for created by user, last modified by user and so on are not handled in the connector.

Configuring additional datetime offset in connectors

  • Customer can configure additional datetime offset values for the connectors in order to help in synchronizing the objects in the Identity Manager where the objects found missing due to time zone differences between the target and the Identity Manager.

  • If the target returned data has offset included with datetime values and if a customer configures any valid offset value in the connector, then the target returned offset value will be replaced with the configured offset value.

  • The connector returns the datetimes in UTC format (yyyy-MM-ddTHH:mm:ssZ).

  • The datetime offset takes the format +/- HH:mm and the range offset values are -14:00 to +14:00, both inclusive.

  • The default value for the offset is 'Z' which is the UTC offset of 00:00.

How to Create custom attribute for Users in SuccessFactors portal

To create a custom attribute (Users)

  1. Under Admin center, go to Manage Business Configuration | Employee Profile | User Info | Create New.

  2. Create new attributes and click on Save.

  3. Under Employee Profile | View Template | sysUserDirectorySetting, click Details.

  4. Find Userinfo Element, and add the new field.

    Add the attributes you created.

  5. Go to Configure People Profile under Admin Center and add the new field in Personal Information block of Talent Profile.

  6. Add the newly created attribute in Add field and click Save.

  7. In the Manage Permission Roles under Admin center, select the permission role System Admin | permission...| Employee Data | grant edit permission to newly created attribute under User Information and save.

    The newly created attribute is visible in the response.

To add value to the custom attributes

  1. Under Admin center, search for employee and select any employee whom you want to add the values for custom attributes.

  2. Click on Talent Profile.

  3. Go to Talent Profile | Personal information | click Show More and then click Edit.

  4. Provide the value to the custom attribute field you created and click Save.

    The newly created value for the attribute is visible in the response.

SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes

Steps to add custom fields at One Identity Manager for TimeZone attribute for Users

Synchronization of TimeZone attribute of User object at SAP Cloud for Customer Connector requires additional configuration at One Identity Manager. This will not be included in the default mapped attributes at One Identity Manager as part of the synchronization project creation. In order to attain this requires a custom mapping with a custom string field. TimeZone attribute often holds longer values than the default custom fields which are 64 char in length. Also these are readOnly fields and can not be modified. Hence the option to overcome this situation is creating a custom string field with 256 char in length.

Steps to create a custom field with 256 char length using Schema Extension

  1. Open Schema Extension tool.

  2. Login using database credentials.

  3. In the Select Method select the option Extend Table.

  4. In the Extend table window, select CSMUser table and click Next.

  5. In the Configure columns window, click Create New column (+).

  6. In the Create new column window, enter a name for the column.

  7. In the Configure columns window, select the data type as string from the Data type list, 256 as length and click Next.

  8. In the Access permissions window, add appropriate permissions and click Next.

  9. Click Finish after the compilation is done.

  10. Repeat the steps from 4 to 9 for UCIUser table.

Steps to configure the mapping in Synchronization Editor

  1. Open the Synchronization Editor tool.

  2. Open the specific synchronization project.

  3. Navigate to Configuration | One Identity Manager Connection |Update Schema.

  4. Go to Mapping.

  5. Select Users mapping.

  6. Map the attribute with the newly created custom field.

  7. Commit the database.

  8. Activate the project.

  9. Run full synchronization.

  10. Open Manager tool and verify the values appeared in newly added custom field.

Steps to add custom fields at One Identity Manager for Role attribute for Users

Synchronization of Roles attribute of User object at SAP Cloud for Customer Connector requires additional configuration at One Identity Manager. This will not be included in the default mapped attributes at One Identity Manager as part of the synchronization project creation. In order to attain this requires a custom mapping with a custom multi value field. Roles attribute often holds multi values . Hence the option to overcome this situation is creating a custom field for multi value attribute.

Steps to create a custom field using Schema Extension

  1. Open Schema Extension tool.

  2. Login using database credentials.

  3. In the Select Method select the option Extend Table.

  4. In the Extend table window, select CSMUser table and click Next.

  5. In the Configure columns window, click Create New column (+).

  6. In the Create new column window, enter a name for the column.

  7. In the Configure columns window, select the data type as string from the Data type list, and click Next.

  8. In the Access permissions window, add appropriate permissions and click Next.

  9. Click Finish after the compilation is done.

  10. Repeat the steps from 4 to 9 for UCIUser table.

Steps to making changes in Designer Tool for newly created custom field

  1. Open Designer tool.

  2. Login using database credentials.

  3. Go to One Identity Manger Schema.

  4. Select CSMUser from Table.

  5. In the Task pane select Show Table Definition under Schema Editor.

  6. In the List select newly created field.

  7. Go to More tab under Column Properties.

  8. Select Multi-value column checkbox.

  9. Commit the database.

  10. Repeat the steps from 3 to 9 for UCIUser table.

  11. Go to Database menu and select Compile Database.

  12. Go to Process Orchestration present in left bottom pane.

  13. Select UCI_UCIUser_Update from Processes Table.

  14. In the Task pane select Edit Process 'UCI_UCIUser_Update' under Process Editor.

  15. Select 'PUT/PATCH' user' and navigate to bottom section 'Parameters'.

  16. Double click on ForceSyncOf to edit Parameter.

  17. Provide value template as Value = "Custom Field" (Example: Value = "CCC_Roles").

  18. Commit the database.

  19. Go to Database Menu and select Compile Database.

Steps to configuring the mapping in Synchronization Editor

  1. Open the Synchronization Editor tool.

  2. Open the specific synchronization project.

  3. Navigate to Configuration | One Identity Manager Connection |Update Schema.

  4. Go to Mapping.

  5. Select Users mapping.

  6. Map the attribute with the newly created custom field.

  7. Commit the database.

  8. Activate the project.

  9. Run full synchronization.

  10. Open Manager tool and verify the values appeared in newly added custom field.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação