Converse agora com nosso suporte
Chat com o suporte

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Synchronization and integration of Roles object type with One Identity Manager

The Aha! connector allows you to connect Aha! with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by Aha!

Aha! is a product management software that enables software companies to collaborate across cross functional teams.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 287: Supported operations for Users

Operation

VERB

Create User

POST

Update User PUT
Delete User (soft delete) DELETE
Get User GET
Get All users GET

Get All Users with Pagination

GET

Roles

Table 288: Supported operations for Roles

Operation

VERB

Get Role by Id

GET

Get all Roles GET

Products

Table 289: Supported operations for Products

Operation

VERB

Get Product by Id GET
Get all Products GET

GET All Products with Pagination

GET

Mandatory fields

Users

  • Name.GivenName

  • Name.FamilyName

  • EmailAddress

  • role

  • product_id

Groups

Not Applicable

Mappings

Table 290: User mapping
SCIM Parameter Aha parameter
Id id
UserName email
DisplayName name
emails[].value email
Active enabled
name.givenName first_name (not returned, only writable)
name.familyName last_name (not returned, only writable)
Extension.productRoles[].role product_roles[].role
Extension.productRoles[].productId product_roles[].product_id
Extension.productRoles[].productName product_roles[].product_name
Meta.Created created_at

Meta.LastModified

updated_at

Roles

Table 291: Roles mapping
SCIM parameter Aha parameter
id id
name name

Products

Table 292: Products mapping
SCIM parameter Aha parameter
id id
name name
referencePrefix reference_prefix

productLine

product_line

productLineType

product_line_type

url

url

resource

resource

children[].id

children[].id

children[].referencePrefix

children[].reference_prefix

children[].name

children[].name

children[].productLine

children[].product_line

capacityPlanningEnabled

capacity_planning_enabled

defaultCapacityUnits

default_capacity_units

Meta.Created

created_at

Meta.LastModified

updated_at

Connector limitations

  1. Aha accepts Role and Product assignment of Users in a combined form and they cannot be assigned separately.

  2. Aha accepts an invalid target URL and returns the results when the API key provided is valid. Due to this behavior, the Test Connection on Starling Connect UI will be successful even without a valid target URI.
  3. Teams and Groups are not supported because Aha does not provide APIs to create or manage them.

  4. Connector supports cursor pagination for the object types Users and Products. It does not support cursor pagination for the Roles object type. However, the records returned are in multiples of 100. For example, if 255 records are requested, connector returns 300 records (next nearest multiple of 100s of the count).

  5. Aha supports only soft delete of Users. Users are set to inactive when the Delete operation is performed. The same User can be reactivated by passing active flag set to True. However, the deleted User can be retrieved in the list of Users as well as individually, irrespective of the status.

  6. No error is returned when a nonexistent Role is specified in the Create and Update request. However, the operation would be completed with a default Role assigned to the User.

  7. Invalid Product ID specified in User Create and User Update request would return Error 404 with message ‘Not Found’.

For more information, see Synchronization and integration of Roles object type with One Identity Manager.

Synchronization and integration of Products object type with One Identity Manager

For more information, see Synchronization and integration of Products object type with One Identity Manager.

Add Roles ID and Product ID to create and update users for Aha connector

To create a user successfully using Aha connector, you must provide valid values for mandatory properties such as Roles and Products ID in the request. Roles and Products ID are the sub-attributes of the main attribute ProductRoles, which is a complex multi-valued string attribute defined under User extensions in the connector schema.

One Identity Manager must have fields where you can enter complex multi-value array values but it does not display such fields by default. However, it is possible to create custom multi-value array fields. For more information, see Creating multi-valued custom fields in One Identity Manager.

NOTE: The above example of creating multi-valued custom fields is one of the various ways to achieve the configuration required for adding Roles and Products ID to create and update Users. There may be other ways to achieve this integration based on the customization options that One Identity Manager provides.

Synchronization and integration of Products object type with One Identity Manager

The Aha! connector allows you to connect Aha! with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by Aha!

Aha! is a product management software that enables software companies to collaborate across cross functional teams.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 287: Supported operations for Users

Operation

VERB

Create User

POST

Update User PUT
Delete User (soft delete) DELETE
Get User GET
Get All users GET

Get All Users with Pagination

GET

Roles

Table 288: Supported operations for Roles

Operation

VERB

Get Role by Id

GET

Get all Roles GET

Products

Table 289: Supported operations for Products

Operation

VERB

Get Product by Id GET
Get all Products GET

GET All Products with Pagination

GET

Mandatory fields

Users

  • Name.GivenName

  • Name.FamilyName

  • EmailAddress

  • role

  • product_id

Groups

Not Applicable

Mappings

Table 290: User mapping
SCIM Parameter Aha parameter
Id id
UserName email
DisplayName name
emails[].value email
Active enabled
name.givenName first_name (not returned, only writable)
name.familyName last_name (not returned, only writable)
Extension.productRoles[].role product_roles[].role
Extension.productRoles[].productId product_roles[].product_id
Extension.productRoles[].productName product_roles[].product_name
Meta.Created created_at

Meta.LastModified

updated_at

Roles

Table 291: Roles mapping
SCIM parameter Aha parameter
id id
name name

Products

Table 292: Products mapping
SCIM parameter Aha parameter
id id
name name
referencePrefix reference_prefix

productLine

product_line

productLineType

product_line_type

url

url

resource

resource

children[].id

children[].id

children[].referencePrefix

children[].reference_prefix

children[].name

children[].name

children[].productLine

children[].product_line

capacityPlanningEnabled

capacity_planning_enabled

defaultCapacityUnits

default_capacity_units

Meta.Created

created_at

Meta.LastModified

updated_at

Connector limitations

  1. Aha accepts Role and Product assignment of Users in a combined form and they cannot be assigned separately.

  2. Aha accepts an invalid target URL and returns the results when the API key provided is valid. Due to this behavior, the Test Connection on Starling Connect UI will be successful even without a valid target URI.
  3. Teams and Groups are not supported because Aha does not provide APIs to create or manage them.

  4. Connector supports cursor pagination for the object types Users and Products. It does not support cursor pagination for the Roles object type. However, the records returned are in multiples of 100. For example, if 255 records are requested, connector returns 300 records (next nearest multiple of 100s of the count).

  5. Aha supports only soft delete of Users. Users are set to inactive when the Delete operation is performed. The same User can be reactivated by passing active flag set to True. However, the deleted User can be retrieved in the list of Users as well as individually, irrespective of the status.

  6. No error is returned when a nonexistent Role is specified in the Create and Update request. However, the operation would be completed with a default Role assigned to the User.

  7. Invalid Product ID specified in User Create and User Update request would return Error 404 with message ‘Not Found’.

Synchronization and integration of Roles object type with One Identity Manager

For more information, see Synchronization and integration of Roles object type with One Identity Manager.

For more information, see Synchronization and integration of Products object type with One Identity Manager.

Add Roles ID and Product ID to create and update users for Aha connector

To create a user successfully using Aha connector, you must provide valid values for mandatory properties such as Roles and Products ID in the request. Roles and Products ID are the sub-attributes of the main attribute ProductRoles, which is a complex multi-valued string attribute defined under User extensions in the connector schema.

One Identity Manager must have fields where you can enter complex multi-value array values but it does not display such fields by default. However, it is possible to create custom multi-value array fields. For more information, see Creating multi-valued custom fields in One Identity Manager.

NOTE: The above example of creating multi-valued custom fields is one of the various ways to achieve the configuration required for adding Roles and Products ID to create and update Users. There may be other ways to achieve this integration based on the customization options that One Identity Manager provides.

Add Roles ID and Product ID to create and update users for Aha connector

The Aha! connector allows you to connect Aha! with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by Aha!

Aha! is a product management software that enables software companies to collaborate across cross functional teams.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 287: Supported operations for Users

Operation

VERB

Create User

POST

Update User PUT
Delete User (soft delete) DELETE
Get User GET
Get All users GET

Get All Users with Pagination

GET

Roles

Table 288: Supported operations for Roles

Operation

VERB

Get Role by Id

GET

Get all Roles GET

Products

Table 289: Supported operations for Products

Operation

VERB

Get Product by Id GET
Get all Products GET

GET All Products with Pagination

GET

Mandatory fields

Users

  • Name.GivenName

  • Name.FamilyName

  • EmailAddress

  • role

  • product_id

Groups

Not Applicable

Mappings

Table 290: User mapping
SCIM Parameter Aha parameter
Id id
UserName email
DisplayName name
emails[].value email
Active enabled
name.givenName first_name (not returned, only writable)
name.familyName last_name (not returned, only writable)
Extension.productRoles[].role product_roles[].role
Extension.productRoles[].productId product_roles[].product_id
Extension.productRoles[].productName product_roles[].product_name
Meta.Created created_at

Meta.LastModified

updated_at

Roles

Table 291: Roles mapping
SCIM parameter Aha parameter
id id
name name

Products

Table 292: Products mapping
SCIM parameter Aha parameter
id id
name name
referencePrefix reference_prefix

productLine

product_line

productLineType

product_line_type

url

url

resource

resource

children[].id

children[].id

children[].referencePrefix

children[].reference_prefix

children[].name

children[].name

children[].productLine

children[].product_line

capacityPlanningEnabled

capacity_planning_enabled

defaultCapacityUnits

default_capacity_units

Meta.Created

created_at

Meta.LastModified

updated_at

Connector limitations

  1. Aha accepts Role and Product assignment of Users in a combined form and they cannot be assigned separately.

  2. Aha accepts an invalid target URL and returns the results when the API key provided is valid. Due to this behavior, the Test Connection on Starling Connect UI will be successful even without a valid target URI.
  3. Teams and Groups are not supported because Aha does not provide APIs to create or manage them.

  4. Connector supports cursor pagination for the object types Users and Products. It does not support cursor pagination for the Roles object type. However, the records returned are in multiples of 100. For example, if 255 records are requested, connector returns 300 records (next nearest multiple of 100s of the count).

  5. Aha supports only soft delete of Users. Users are set to inactive when the Delete operation is performed. The same User can be reactivated by passing active flag set to True. However, the deleted User can be retrieved in the list of Users as well as individually, irrespective of the status.

  6. No error is returned when a nonexistent Role is specified in the Create and Update request. However, the operation would be completed with a default Role assigned to the User.

  7. Invalid Product ID specified in User Create and User Update request would return Error 404 with message ‘Not Found’.

Synchronization and integration of Roles object type with One Identity Manager

For more information, see Synchronization and integration of Roles object type with One Identity Manager.

Synchronization and integration of Products object type with One Identity Manager

For more information, see Synchronization and integration of Products object type with One Identity Manager.

To create a user successfully using Aha connector, you must provide valid values for mandatory properties such as Roles and Products ID in the request. Roles and Products ID are the sub-attributes of the main attribute ProductRoles, which is a complex multi-valued string attribute defined under User extensions in the connector schema.

One Identity Manager must have fields where you can enter complex multi-value array values but it does not display such fields by default. However, it is possible to create custom multi-value array fields. For more information, see Creating multi-valued custom fields in One Identity Manager.

NOTE: The above example of creating multi-valued custom fields is one of the various ways to achieve the configuration required for adding Roles and Products ID to create and update Users. There may be other ways to achieve this integration based on the customization options that One Identity Manager provides.

SAP Litmos

The SAP Litmos connector allows you to connect SAP Litmos with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by SAP Litmos.

SAP Litmos is an online learning platform that caters to the training requirements of an organization, capable of providing continuous and targeted training for all business segments.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 293: Supported operations for Users

Operation

VERB

Create User POST
Update User PUT
Get User by Id GET
Get All users with pagination GET

Delete User

DELETE

Groups

Table 294: Supported operations for Groups

Operation

VERB

Create Group POST

Update Group

PUT

Get Group by Id GET

Get All Groups with pagination

GET

Delete Group DELETE

Mandatory fields

Users

  • Name.GivenName

  • Name.FamilyName

  • UserName

Groups

DisplayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 295: User mapping
SCIM Parameter SAP Litmos parameter
Id id
UserName UserName
DisplayName FirstName + LastName
Name.GivenName FirstName
Name.FamilyName LastName
Name.Formatted FullName
Emails.Value Email
Active Active
Groups[].value (UserGroupsResponse) Id
Groups[].display (UserGroupsResponse) Name
Addresses[].streetAddress Street1

Addresses[].region

City

Addresses[].locality

State

Addresses[].postalCode

PostalCode

Addresses[].country

Country

PhoneNumbers[].value (work)

PhoneWork

PhoneNumbers[].value (mobile)

PhoneMobile

Timezone

Timezone

Title

JobTitle

Locale

Culture

userExtension.AccessLevel

AccessLevel

userExtension.OriginalId

OriginalId

userExtension.CompanyName

CompanyName

userExtension.Manager.value

ManagerId

userExtension.Manager.displayName

ManagerName

Meta.Created

CreatedDate

Password

Password

Groups

Table 296: Groups mapping
SCIM parameter SAP Litmos parameter
Id Id
displayName Name
members[].value (groupMembersResponse) Id
members[].display (groupMembersResponse) UserName

groupExtension.Description

Description

groupExtension.ParentTeamId

ParentTeamId

Connector limitations

  • There is a difference in the way the legacy and non legacy custom attributes of the User object are supported in the connector.

    • Legacy custom attributes are supported as part of core custom user schema attributes

      (urn:starling:custom:urn:ietf:params:scim:schemas:core:2.0:User)

    • Non legacy custom attributes are supported as part of custom user extension schema attributes

      (urn:starling:custom:urn:ietf:params:scim:schemas:extension:enterprise:2.0:User)

  • The user name provided while performing the Create User operation will be considered for both the username and email at the target system side .

  • AddGroupMembers with an invalid userid does not display any exception.

  • Multiple groups with the same display name can be created.

  • While configuring custom attributes of a core user in Starling Connect, all the custom attributes must be of type string. However, user extension custom attributes can be of one among the supported data types - integer, string, decimal and DateTime.

  • Parent Group id cannot be un-assigned from a group.

  • A group can be created with or without a parent group.
  • Created date and last modified date are not returned by the cloud application for both Users and Groups.

  • When a user is created or updated with a password through the connector, the user is prompted to change the password in next login to the target application.

  • An attempt to update a User that has been deleted, the target application will return error 500: The server encountered an error processing the request. Please see the server logs for more details.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação