Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Configuring User centric membership for Groups, UserGroups and AccountGroups using Synchronization Editor

This section describes the procedures to configure User centric memberships for Groups, UserGroups and AccountGroups.

For more information see:

Configuring User centric membership for Groups

This section describes the procedure to configure User centric membership for Groups in Synchronization Editor.

To configure User centric membership for Groups

  1. Create the new schema class UCIGroup(Group), with UCIGroup Schema type, using the details provided in the table:
    Table 449: New schema class UCIGroup(Group)Group for Group
    Field Value
    Schema Type UCIGroup
    Display Name UCIGroup(Group)
    Class Name UCIGroup_Group
    Description UCIGroup_Group
    System Objects --> Condition ResourceType = Group

    NOTE: Synchronization Editor is used to create a new schema class. For more information, see Creating a new schema class using Synchronization Editor.

  2. Create the new schema class UCIUserInGroup(Group), with Schema typeUCIUserInGroup, using the details provided in the table:
    Table 450: New schema class UCIUserInGroup(Group) for Group
    Field Value
    Schema Type UCIUserInGroup
    Display Name UCIUserInGroup(Group)
    Class Name UCIUserInGroup_Group
    Description UCIUserInGroup_Group
    System Objects --> Condition UID_UCIGroup <> 'leave it as empty'

    System filter

    UID_UCIGroup in (select UID_UCIGroup from UCIGroup where ResourceType = 'Group')

  3. Click Commit to database in the Synchronization Editor.

    The new schema classes are created and the changes are saved.

  4. Navigate to Target system and click Update schema to perform a schema update.
  5. Edit default mapping for Group.

    To edit default mapping for Group:

    1. In the Navigation pane, select Mappings| Group.
    2. In the Mappings section, click Edit Map.
    3. In the Edit map... window, in the Relation section, click Edit.
    4. Select the values from the lists as shown in the following table and click Ok:
      Table 451: Edit default mapping for Group
      List Value
      One Identity Manager schema class UCIGroup(Group)
      Target system schema class Group (all)

      NOTE: Add the group members mapping under User object in Synchronization Editor.

  6. Create <vrtMembers> property for Groups

    Add vrtMembersGroup parameter with M:N type schema type with the below configuration.

    To add the virtual parameters:

    1. Select Mappings| User.
    2. Select + in the User pane to create a property.
    3. In the Create property window, from the Property type list, select Members of M:N schema types .
    4. Enter the following values in the fields mentioned in the table, and select the options listed below:
      Table 452: Virtual parameters
      Field/ Option Value
      Name vrtMembersGroup
      Display name GroupMembers

      Select the following options:

      • Ignore case
      • Try to mark the objects for deletion (outstanding)
    5. In the M:N schema types section at the bottom of the window, select UCIUserinGroup(Group), UID_UCIUser, and UID_UCIGroup.
    6. In the Members UCIGroup section, select ObjectGUID .

      NOTE: Select UCIUserInGroup(Group) schema type for vrtMembersGroup parameter.

    7. Click Ok.
  7. Create mapping for groups~value as shown below with mapping direction.

    To create mappings:

    1. Select Mappings| User.
    2. Select vrtMembersGroup in the User pane.
    3. Create mappings for Groups under User object.

      NOTE: You can create a mapping by dragging the property vrtMembersGroup in the UCIUser pane and dropping it to the property groups~value in the SCIMUser pane.

    4. Click Commit to database to save the changes.

Configuring User centric membership for UserGroups

This section describes the procedure to configure User centric membership for UserGroups in the Synchronization Editor.

To configure User centric membership for UserGroups

  1. Create the new schema class UCIGroup(UserGroups) , with UCIGroup Schema type, using the details provided in the table:

    Table 453: UserGroups
    Field Value
    Schema Type UCIGroup
    Display Name UCIGroup(UserGroups)
    Class Name UCIGroup_UserGroups
    Description UCIGroup_UserGroups
    System Objects --> Condition ResourceType = UserGroups

    NOTE: Synchronization Editor is used to create a new schema class. For more information, see Creating a new schema class using Synchronization Editor.

  2. Create the new schema class UCIUserInGroup(UserGroups), with Schema typeUCIUserInGroup, using the details provided in the table:

    Table 454: New schema class UCIUserInGroup(UserGroups) for UserGroups
    Field Value
    Schema Type UCIUserInGroup
    Display Name UCIUserInGroup(UserGroups)
    Class Name UCIUserInGroup_UserGroups
    Description UCIUserInGroup_UserGroups
    System Objects --> Condition UID_UCIGroup <> 'leave it as empty'

    System filter

    UID_UCIGroup in (select UID_UCIGroup from UCIGroup where ResourceType = 'UserGroups')

  3. Click Commit to database in the Synchronization Editor.

    The new schema classes are created and the changes are saved.

  4. Navigate to Target system and click Update schema to perform a schema update (if UserGroups is not exposed).
  5. Create mappings for UserGroups.

    To create mappings for UserGroups:

    1. In the Navigation pane, select Mappings | User.
    2. Click + to create a new mapping.
    3. In the New mapping window:
      1. In the General section, enter the values in fields as shown in the table

        Table 455: Create new mapping for UserGroups - General section
        Field Value
        Mapping name UserGroups
        Mapping direction Both directions

        NOTE: Select the option Maps objects referenced by multiple references.

      2. In the Relation section, enter the values in fields as shown in the table
        Table 456: Create new mapping for UserGroups - Relation section
        Field Value
        One Identity Manager schema class UCIGroup(UserGroups)
        Target system schema class UserGroups (all)
      3. Click Ok and click Next.
    4. In the Mapping Wizard:
      1. In the Select task section, select the template Create rules based on template, click Next and click Finish.
      2. In the Select source mapping section, select Group and click Next.
      3. In the Analysis result section, select a new rule ConanicalName <-> vrtcononicalName from the suggestion list.

        The new mapping rule ConanicalName <-> vrtcononicalName is displayed in the Property mapping rules section in the Schema property in One Identity Manager list.

  6. Create Initial Synchronization workflow for UserGroups.

    To create Initial Synchronization workflow for UserGroups.

    1. In the Navigation pane, select Workflow| Initial Synchronization.
    2. In the Initial Synchronization page, in the Workflow section, click + to add a new step.
    3. In the Create a new Synchronization step window, in the General tab, select the values as shown in the table below:
      Table 457: Create synchronization step
      Field Value
      Name UserGroups
      Mapping UserGroups
      Synchronization direction One Identity Manager
      Revision filtering Use revision filter
      Exception handling Use workflow default
    4. In the Processing tab, select the values in the same way that they are set in the Processing tab for the User workflow and click Ok.
    5. Click Commit to database and click Ok.

      The UserGroups workflow is displayed in the Workflow section.

  7. Create Provisioning workflow for UserGroups.

    To create Provisioning workflows for UserGroups.

    1. In the Navigation pane, select Workflow| Provisioning.
    2. In the Provisioning page, in the Workflow section, click + to add a new step.
    3. In the Create a new Synchronization step window, in the General tab, select the values as shown in the table below:
      Table 458: Create synchronization step
      Field Value
      Name UserGroups
      Mapping UserGroups
      Synchronization direction Target system
      Revision filtering Use workflow default
      Exception handling Use workflow default
    4. In the Processing tab, select the values in the same way that they are set in the Processing tab for the User workflow and click Ok.
    5. Click Commit to database and click Ok.

      The UserGroups workflow is displayed in the Workflow section.

  8. Create <vrtMembers> property for UserGroups.

    Add vrtMembersUserGroups parameter with M:N type schema type with the below configuration.

    To add the virtual parameters:

    1. Select Mappings| User.
    2. Select + in the User pane to create a property.
    3. In the Create property window, from the Property type list, select Members of M:N schema types .
    4. Enter the following values in the fields mentioned in the table, and select the options listed below:
      Table 459: Virtual parameters
      Field/ Option Value
      Name vrtMembersUserGroups
      Display name UserGroupMembers

      Select the following options:

      • Ignore case
      • Try to mark the objects for deletion (outstanding)
    5. In the M:N schema types section at the bottom of the window, select UCIUserInGroup(UserGroups), UID_UCIUser, and UID_UCIGroup.
    6. In the Members UCIGroup section, select ObjectGUID .

      NOTE: Select UCIUserInGroup(UserGroups) schema type for vrtMembersUserGroups parameter.

    7. Click Ok.
  9. Create mappings with vrtMembersUserGroup and SCIM extension ApprovalGroups(~)value.
  10. Create mapping for userGroups~value as shown below with mapping direction.

    To create mappings:

    1. Select Mappings| User.
    2. Select vrtMembersGroup in the User pane.
    3. Create mappings for UserGroups under User object.

      NOTE: You can create a mapping by dragging the property vrtMembersUserGroups in the UCIUser pane and dropping it to the property userGroups~value in the SCIMUser pane.

    4. Click Commit to database to save the changes.

Configuring User centric membership for AccountGroups

This section describes the procedure to configure User centric membership for Groups in Synchronization Editor.

To configure User centric membership for AccountGroups

  1. Create the new schema class UCIGroup(AccountGroups), with UCIGroup Schema type, using the details provided in the table:
    Table 460: New Schema class UCIGroup(AccountGroups) for AccountGroups
    Field Value
    Schema Type UCIGroup
    Display Name UCIGroup(AccountGroups)
    Class Name UCIGroup_AccountGroups
    Description UCIGroup_AccountGroups
    System Objects --> Condition ResourceType = AccountGroups

    NOTE: Synchronization Editor is used to create a new schema class. For more information, see Creating a new schema class using Synchronization Editor.

  2. Create the new schema class UCIUserInGroup(AccountGroups), with Schema typeUCIUserInGroup, using the details provided in the table:
    Table 461: New schema class UCIUserInGroup(AccountGroups) for AccountGroups
    Field Value
    Schema Type UCIUserInGroup
    Display Name UCIUserInGroup(AccountGroups)
    Class Name UCIUserInGroup_AccountGroups
    Description UCIUserInGroup_AccountGroups
    System Objects --> Condition UID_UCIGroup <> 'leave it as empty'

    System filter

    UID_UCIGroup in (select UID_UCIGroup from UCIGroup where ResourceType = 'AccountGroups')
  3. Click Commit to database in the Synchronization Editor.

    The new schema classes are created and the changes are saved.

  4. Navigate to Target system and click Update schema to perform a schema update (if AccountGroups is not exposed).
  5. Create mappings for AccountGroups.

    To create mappings for AccountGroups:

    1. In the Navigation pane, select Mappings | User.
    2. Click + to create a new mapping.
    3. In the New mapping window:
      1. In the General section, enter the values in fields as shown in the table

        Table 462: Create new mapping for AccountGroups - General section
        Field Value
        Mapping name AccountGroups
        Mapping direction Both directions

        NOTE: Select the option Maps objects referenced by multiple references.

      2. In the Relation section, enter the values in fields as shown in the table
        Table 463: Create new mapping for AccountGroups - Relation section
        Field Value
        One Identity Manager schema class UCIGroup(AccountGroups)
        Target system schema class AccountGroups (all)
      3. Click Ok and click Next.
    4. In the Mapping Wizard:
      1. In the Select task section, select the template Create rules based on template, click Next and click Finish.
      2. In the Select source mapping section, select Group and click Next.
      3. In the Analysis result section, select a new rule ConanicalName <-> vrtcononicalName from the suggestion list.

        The new mapping rule ConanicalName <-> vrtcononicalName is displayed in the Property mapping rules section in the Schema property in One Identity Manager list.

  6. Create Initial Synchronization workflow for AccountGroups.

    To create Initial Synchronization workflow for AccountGroup

    1. In the Navigation pane, select Workflow| Initial Synchronization.
    2. In the Initial Synchronization page, in the Workflow section, click + to add a new step.
    3. In the Create Synchronization step window, in the General tab, select the values as shown in the table below:
      Table 464: Create synchronization step
      Field Value
      Name UserGroups
      Mapping UserGroups
      Synchronization direction One Identity Manager
      Revision filtering Use revision filter
      Exception handling Use workflow default
    4. In the Processing tab, select the values in the same way that they are set in the Processing tab for the User workflow and click Ok.
    5. Click Commit to database and click Ok.

      The AccountGroups workflow is displayed in the Workflow section.

  7. Create Provisioning workflow for AccountGroups.

    To create Provisioning workflows for AccountGroups.

    1. In the Navigation pane, select Workflow| Provisioning.
    2. In the Provisioning page, in the Workflow section, click + and click Ok.
    3. In the Create Synchronization step window, in the General tab, select the values as shown in the table below:
      Table 465: Create synchronization step
      Field Value
      Name AccountGroups
      Mapping AccountGroups
      Synchronization direction Target system
      Revision filtering Use workflow default
      Exception handling Use workflow default
    4. In the Processing tab, select the values in the same way that they are set in the Processing tab for the User workflow and clcik Ok.
    5. Click Commit to database and click Ok.

      The AccountGroups workflow is displayed in the Workflow section.

  8. Create <vrtMembers> property for AccountGroups

    Add vrtMembersAccountGroups parameter with M:N type schema type with the below configuration.

    To add the virtual parameters:

    1. Select Mappings| User.
    2. Select + in the User pane to create a property.
    3. In the Create property window, from the Property type list, select Members of M:N schema types .
    4. Enter the following values in the fields mentioned in the table, and select the options listed below:
      Table 466: Virtual parameters
      Field/ Option Value
      Name vrtMembersAccountGroup
      Display name AccountGroupMembers

      Select the following options:

      • Ignore case
      • Try to mark the objects for deletion (outstanding)
    5. In the M:N schema types section at the bottom of the window, select select UCIUserInGroup(AccountGroups), UID_UCIUser, and UID_UCIGroup.
    6. In the Members UCIGroup section, select ObjectGUID .

      NOTE: Select UCIUserInGroup(AccountGroups) schema type for vrtMembersAccountGroups parameter.

    7. Click Ok.
  9. Create mapping for accountGroups~value as shown below with mapping direction.

    To create mappings:

    1. Select Mappings| User.
    2. Select vrtMembersGroup in the User pane.
    3. Create mappings for AccountGroups under User object.

      NOTE: You can create a mapping by dragging the property vrtMembersAccountGroups in the UCIUser pane and dropping it to the property accountGroups~value in the SCIMUser pane.

    4. Click Commit to database to save the changes.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating