Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Creating an app for using SCIM on Slack Enterprise Grid Organization

On the Enterprise Grid, SCIM operations work across the entire organization and not an individual workspaces. A SCIM app can provision, de-provision, and update team members in just one place rather than having to do so across every workspace in an organization.

To achieve this, the OAuth token used for calling SCIM API methods must be obtained by installing the app on the organization and not just a workspace within the organization.

To get a SCIM app working on a grid organization

  1. Ensure that the web service that is powering your application is able to handle a standard OAuth 2 flow.
  2. Create a new Slack app.

  3. In the application settings, select OAuth & Permissions from the left navigation.

  4. In the Redirect URLs section, save the URL https://connect-supervisor.cloud.oneidentity.com/v1/consent.
  5. In the Scopes section, add the admin scope and click Save Changes.

  6. In the application settings, select Manage Distribution from the left navigation.

  7. In the Share Your App with Other Workspaces section, make sure all four sections have the green check.
  8. Click Activate Public Distribution.

  9. Collect the Client Id and Client Secret of the app.
  10. While configuring this application for consent flow in Starling UI, provide the Client Id and Client Secret.

  11. When the consent flow is initiated, the OAuth handshake will install the application on your organization.
    You must be logged in as an owner of your Enterprise Grid organization to install the application

  12. Check the dropdown in the upper right corner of the installation screen to make sure you are installing the application on the Enterprise Grid organization, but not on an individual workspace within the organization.
  13. Once the app completes the OAuth flow, it will grant an OAuth token that can be used for accessing all of the SCIM API methods for the Slack enterprise organization.

Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret

This section describes the procedure to create an integration application, provide necessary scopes, retrieve Client Id and Client Secret

To creating an integration application, providing necessary scopes, retrieving Client Id and Client Secret

  1. Create a new application of type Integration in https://developer.webex.com/my-apps.
  2. Provide the redirect URL https://connect-supervisor.cloud.oneidentity.com/v1/consent for US data center and https://connect-supervisor.cloud.oneidentity.eu/v1/consent for EU data center of the Starling Connect.
  3. Provide the below scopes

    • spark:team_memberships_read
    • spark:team_memberships_write
    • spark:teams_read
    • spark:teams_write
    • spark-admin:licenses_read
    • spark-admin:organizations_read
    • spark-admin:people_read
    • spark-admin:people_write
    • spark-admin:roles_read
  4. Collect the client ID and client Secret of the integration application.

Retrieving the API key from Facebook Workplace

This section describes the procedure to retrieve the API key from Facebook Workplace that you must use when you configure the connector in Starling Connect.

To retrieve the API key from Facebook Workplace

  1. In the admin account, go to "Admin Panel", select "Integrations".

  2. Create a Custom Integration.

  3. Go to the custom integration created and under "Details" menu, select the "Create Access Token" and copy the access token created.

    • This Access Token is to be used as the value for API Key in the Connector Configuration.
  4. Under "Permissions" menu of the custom integration, select the permissions:

    • Read group membership
    • Manage accounts
    • Manage groups
    • Manage work profiles
    • Provision user accounts
    • Read group content
    • Read user email
    • Read work profile
  5. Under the "Give integration access to groups" section of "Permissions" page, select the "Group permissions" to "All groups".

Outbound IP addresses

This section has the list of outbound IP Addresses for all the Starling Connect connectors. The outbound connection from a given Starling Connect connector uses one of the outbound IP addresses as the origin IP address. To white list the connector in firewall environments, administrators are recommended to open its firewall to all the possible outbound IP addresses listed against the each given connector.

NOTE:

  • As Starling Connect connectors are SaaS based deployments, the outbound IP list may get added with new IP addresses. This happens very rarely and only after the given Additional Possible Outbound IP addresses are consumed.
  • We recommend customers to check this list for latest IP addresses in case of failures in the communication.

Click the connector name in the list for the outbound IP addresses of the particular connector:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating