Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant

This section provides the details about registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant, for both single tenant and multi-tenant connector configuration.

NOTE: Safeguard for Privileged Passwords only allows for a single tenant connector configuration..

To register application, provide appropriate permissions, retrieve client ID, and client secret from the Azure AD tenant

  1. Login to Azure portal and select Azure Active Directory.

  2. Select App registrations.

    NOTE: For Safeguard for Privileged Passwords, the Azure AD application registration must be public.

  3. Click New registration and provide the necessary details.

    Provide the following details:

    • Application name
    • Redirect URL: https://connect-supervisor.cloud.oneidentity.com/v1/consent.
  4. Select the created application and click View API Permissions.
  5. From API permission, add the required permissions for Microsoft Graph API (delegated and application permissions).

    The registered application must have the following permissions:

    • Directory.ReadWrite.All
    • Group.ReadWrite.All
    • User.ManageIdentities. All
    • User.ReadWrite.All
  6. Create a user under Azure Active Directory and assign Privileged role administrator role under the user's Assigned roles.

    NOTE: A Global administrator would also be able to provide consent.

  7. For the Azure Active Directory, assign User administrator role for the application created.

    NOTE: For Safeguard for Privileged Passwords, you must assign at least the Helpdesk Administrator role for the application created, but should assign a higher role if you want to manage special accounts (for example, Billing Administrator or Global Administrator).

    To assign User administrator role for the application created:

    1. Select Roles and administrators.
    2. Click + Add Assignments, and search the name of the application created.

  8. Gather the following details from the corresponding pages of the application given in the table below.

    Table 444: Application details
    Details Page

    Application (client) ID

    Azure Active Directory's Directory (tenant) ID

    Overview
    Client Secret Certificates & secrets

More details on Azure AD

For more details on Azure AD, refer the following links:

Table 445: More details on Azure AD

More details on Azure AD

Link

To register an application
  • https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
  • To configure an application to access web APIs
  • https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis
  • To configure an application to expose web APIs
  • https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis
  • To modify the accounts supported by an application
  • https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-modify-supported-accounts
  • Generating a private key for service account in GoToMeeting

    A private key has to be generated to access the GoToMeeting service account.

    Generating a private key

    1. Create an account in GoToMeeting.

    2. Login to the GoTo Developer Center. For more information use the link here: https://goto-developer.logmeininc.com/.
    3. Click MyApp and create an application. Note the Consumer key and Consumer secret.
    4. Login to the GoToMeeting administrator portal to find the admin key in the URL.

    Configuring AWS IAM connector to support entitlements for User and Group

    This section gives the details of the configuration changes to be made to the Amazon (S3 and AWS) connector to support entitlements for User and Group. The Designer tool and the Synchronization Editor tool are used to configure the AWS IAM connector to support entitlements for User and Group.

    For more information, see:

    Configuring AWS IAM connector to support entitlements for User

    To configure the AWS IAM connector to support entitlements for User, use the Synchronization Editor.

    For more information, see:

    Related Documents

    The document was helpful.

    Select Rating

    I easily found the information I needed.

    Select Rating