Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Mandatory fields

JIRA Server is an issue-tracking product used for project management, generating project reports, and bug tracking.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • SCIM URL

Supported objects and operations

Users

Table 23: Supported operations for Users

Operation

VERB

Remove/Provision

POST

Update (Id)

PUT

Delete (Id)

DELETE

Get (Id)

GET

Get All Users

GET

Pagination

GET

Groups

Table 24: Supported operations for Groups

Operation

VERB

Create POST
Update (Id)

PUT

Delete (Id) DELETE
Get (Id) GET
Get All Groups GET

Get Groups (Id)

GET

Roles

Table 25: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Users

  • User name
  • Display name
  • Email ID

Groups

  • Group Name

User and Group mapping

The user and group mappings are listed in the tables below.

Table 26: User mapping
SCIM parameter JIRA Server parameter
Id name
UserName name

password

password

Name.Formatted displayName
DisplayName displayName
Emails.Value emailAddress
Locale locale
Timezone timeZone
Active active

Groups.value

group.name

Groups.display

group.name

 

Table 27: Group mapping
SCIM parameter JIRA Server parameter
Id name
DisplayName name
Members.value user.name
Members.display user.displayName

Connector limitations

  • The following dates are not available in User and Group resources.
    • created
    • lastModified
  • Pagination is not supported for Groups.

  • Update Group can only be used for membership management.

  • Since the application does not support id, the URL encoded user name or group name is assigned as id for the resource.

  • Leading slash (/) in clientRequest, in the RequestWrapper is restricted in REST Client (Eg: Postman) testing.

  • Invalid host name in target URL returns error 500.

  • The connector does not support special characters in the object ID. For more information, see Connectors that do not support special characters in the object ID

User and Group mapping

JIRA Server is an issue-tracking product used for project management, generating project reports, and bug tracking.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • SCIM URL

Supported objects and operations

Users

Table 23: Supported operations for Users

Operation

VERB

Remove/Provision

POST

Update (Id)

PUT

Delete (Id)

DELETE

Get (Id)

GET

Get All Users

GET

Pagination

GET

Groups

Table 24: Supported operations for Groups

Operation

VERB

Create POST
Update (Id)

PUT

Delete (Id) DELETE
Get (Id) GET
Get All Groups GET

Get Groups (Id)

GET

Roles

Table 25: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Mandatory fields

Users

  • User name
  • Display name
  • Email ID

Groups

  • Group Name

The user and group mappings are listed in the tables below.

Table 26: User mapping
SCIM parameter JIRA Server parameter
Id name
UserName name

password

password

Name.Formatted displayName
DisplayName displayName
Emails.Value emailAddress
Locale locale
Timezone timeZone
Active active

Groups.value

group.name

Groups.display

group.name

 

Table 27: Group mapping
SCIM parameter JIRA Server parameter
Id name
DisplayName name
Members.value user.name
Members.display user.displayName

Connector limitations

  • The following dates are not available in User and Group resources.
    • created
    • lastModified
  • Pagination is not supported for Groups.

  • Update Group can only be used for membership management.

  • Since the application does not support id, the URL encoded user name or group name is assigned as id for the resource.

  • Leading slash (/) in clientRequest, in the RequestWrapper is restricted in REST Client (Eg: Postman) testing.

  • Invalid host name in target URL returns error 500.

  • The connector does not support special characters in the object ID. For more information, see Connectors that do not support special characters in the object ID

Connector limitations

JIRA Server is an issue-tracking product used for project management, generating project reports, and bug tracking.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • SCIM URL

Supported objects and operations

Users

Table 23: Supported operations for Users

Operation

VERB

Remove/Provision

POST

Update (Id)

PUT

Delete (Id)

DELETE

Get (Id)

GET

Get All Users

GET

Pagination

GET

Groups

Table 24: Supported operations for Groups

Operation

VERB

Create POST
Update (Id)

PUT

Delete (Id) DELETE
Get (Id) GET
Get All Groups GET

Get Groups (Id)

GET

Roles

Table 25: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Mandatory fields

Users

  • User name
  • Display name
  • Email ID

Groups

  • Group Name

User and Group mapping

The user and group mappings are listed in the tables below.

Table 26: User mapping
SCIM parameter JIRA Server parameter
Id name
UserName name

password

password

Name.Formatted displayName
DisplayName displayName
Emails.Value emailAddress
Locale locale
Timezone timeZone
Active active

Groups.value

group.name

Groups.display

group.name

 

Table 27: Group mapping
SCIM parameter JIRA Server parameter
Id name
DisplayName name
Members.value user.name
Members.display user.displayName
  • The following dates are not available in User and Group resources.
    • created
    • lastModified
  • Pagination is not supported for Groups.

  • Update Group can only be used for membership management.

  • Since the application does not support id, the URL encoded user name or group name is assigned as id for the resource.

  • Leading slash (/) in clientRequest, in the RequestWrapper is restricted in REST Client (Eg: Postman) testing.

  • Invalid host name in target URL returns error 500.

  • The connector does not support special characters in the object ID. For more information, see Connectors that do not support special characters in the object ID

RSA Archer

RSA Archer GRC Platform supports business-level management of governance, risk management, and compliance (GRC). It lets users adapt solutions to their own requirements, build new applications, and integrate with external systems without interacting with code.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector Name - <RSA Archer>

  • Username

  • Password

  • Instance Name - <Tenant ID ex: 324022>

  • User Record Creation - <Is record creation needed> [only in v3.0]

  • Profile Module ID - <Internal ID of an application as specified in the Application Builder Application Detail Report ex: 486>

  • Profile ID - <User Profile ID ex: 239109>

  • Environment(ISMS) - <Cloud application's environment ex: Test, Prod> [only in v1.0 and v2.0]

  • Field ID - <Filed Id to get specific attribute ex: 18746>

  • Reporting Filter Field Id - <Reporting Filter Field Id> [only in v3.0]

  • ISMS Group Functionality - <Is ISMS Group Functionality Required> [only in v3.0]

  • ISMS Id - <ISMS Id> [only in v3.0]

  • ISMS Module Id - <ISMS Module Id> [only in v3.0]

  • ISMS Name - <ISMS Name> [only in v3.0]

  • ISMS Coach - <ISMS Coach> [only in v3.0]

  • ISMS Lead - <ISMS Lead> [only in v3.0]

  • ISMS Lead Backup - <ISMS Lead Backup> [only in v3.0]

  • Profiles Resource - <Is Profiles Resource Required> [only in v3.0]

  • Delete User - <Is permanent User Delete Required> [only in v3.0]

  • SCIM URL - <Cloud application's instance URL used as targetURI in payload>

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

Users

Table 28: Supported operations for Users

Operation

VERB

Create POST
Update PUT
Get (Id) GET
Get GET
Pagination GET

Delete

DELETE

NOTE:The Delete User operation is supported only in v3.0

Groups

Table 29: Supported operations for Groups

Operation

VERB

Update (Id) PUT
Get (Id) GET
Get GET

NOTE:The Archer API supports the CREATE Group, DELETE Group and DELETE User operations, but they are currently unavailable in the connector. If you need the connector to support these operations, please contact support.

Roles

Table 30: Supported operations for Roles

Operation

VERB

Get (Id) GET
Get GET

Update

PUT

Profiles

Table 31: Supported operations for Profiles

Operation

VERB

Get (Id) GET
Get GET

Mandatory fields

Users

  • userName

  • name.givenName

  • name.familyName

  • active

Groups

  • displayName

Mappings for RSA Archer versions

The user and group mappings for RSA Archer version are listed in the tables below.

Table 32: User mapping for RSA Archer version
SCIM parameter RSA Archer parameter

Active

system.status

Address.country

--

Address.formatted

address

Address.locality

--

Address.postalCode

--

Address.region

--

Address.streetAddress

--

Emails

contactItems.value if <contactItems.type = Email>

Extension.Company (only in v3.0)

system.company

Extension.Notes (only in v3.0)

notes

Extension.SecurityParameter (only in v3.0)

system.securityParameter

Extension.UserDomain (only in v3.0)

system.userDomain

Groups.Id

groups.id

Groups.Name

groups.name

Id system.userId

Locale

system.locale

Name.FamilyName name.last
Name.GivenName name.first
Name.MiddleName name.middle

PhoneNumbers

contactItems.value if <contactItems.type = phone>

Roles.Id

roles.id

Roles.Name

roles.Name

Timezone

timeZone.id

Title

system.title

UserName system.userName
Table 33: Roles mapping for RSA Archer version
SCIM parameter RSA Archer parameter
id id

Name

name

Members.value

RoleMemberships[].RequestedObject.UserIds[]

Table 34: Profiles mapping for RSA Archer version
SCIM parameter RSA Archer parameter
id Profile Id from the Starling UI Config

Connector limitations

  • The Created date and last modified date is not retrieved for users / groups.
  • Cursor based pagination for Users is supported but pagination is not supported for groups.

  • User's contact information cannot be created or updated.

  • The following fields are read-only:

    • Phone number
  • Except the 401 error for Unauthorized and 400 error for Bad Requests, the application returns HTTP status code 500 for all other errors.

  • If members are provided in group create/update request, the member type is mandatory to differentiate between a user or a group member.

  • RSA Archer ISMS Groups that are retrieved in the Standard GROUPS object type are read-only.

    NOTE:Test Connection validates the target system credentials and endpoints but not the configuration parameters.

  • For the feature Update User's default Email, RSA Archer provides an option to update contact information. However, the API document does not have any information about how to pass ContactRecordId into update contact info. The operation fails with a BadRequest error. As a workaround, the existing default email ID is deleted and the required email ID is created.
  • While doing role memberships update, it is not possible to remove those users that only have this role assigned to it (no other role assigned).

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Features available exclusively in RSA Archer v.2.0

Following are the features that are available exclusively in RSA Archer v.2.0:

In version 2.0 of the connector, the following fields have been removed from User Mapping and schema:

  • StreetAddress
  • Locality
  • Country
  • PostalCode

    NOTE: To avoid any breakage in the existing system, these changes have been implemented only in the version 2.0 of the connector.

Features available exclusively in RSA Archer v.3.0

  • v3.0 of the Archer connector, supports generic User, Groups, Roles and Profiles endpoints.

  • The ids for each resource is modified as id@ResourceName - > where ResourceName can be User, Group, Role & Profile.

  • Supports update role to manage the role memberships.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating