Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Configuring additional datetime offset in connectors

  • Customer can configure additional datetime offset values for the connectors in order to help in synchronizing the objects in the Identity Manager where the objects found missing due to time zone differences between the target and the Identity Manager.

  • If the target returned data has offset included with datetime values and if a customer configures any valid offset value in the connector, then the target returned offset value will be replaced with the configured offset value.

  • The connector returns the datetimes in UTC format (yyyy-MM-ddTHH:mm:ssZ).

  • The datetime offset takes the format +/- HH:mm and the range offset values are -14:00 to +14:00, both inclusive.

  • The default value for the offset is 'Z' which is the UTC offset of 00:00.

How to Create custom attribute for Users in SuccessFactors portal

To create a custom attribute (Users)

  1. Under Admin center, go to Manage Business Configuration | Employee Profile | User Info | Create New.

  2. Create new attributes and click on Save.

  3. Under Employee Profile | View Template | sysUserDirectorySetting, click Details.

  4. Find Userinfo Element, and add the new field.

    Add the attributes you created.

  5. Go to Configure People Profile under Admin Center and add the new field in Personal Information block of Talent Profile.

  6. Add the newly created attribute in Add field and click Save.

  7. In the Manage Permission Roles under Admin center, select the permission role System Admin | permission...| Employee Data | grant edit permission to newly created attribute under User Information and save.

    The newly created attribute is visible in the response.

To add value to the custom attributes

  1. Under Admin center, search for employee and select any employee whom you want to add the values for custom attributes.

  2. Click on Talent Profile.

  3. Go to Talent Profile | Personal information | click Show More and then click Edit.

  4. Provide the value to the custom attribute field you created and click Save.

    The newly created value for the attribute is visible in the response.

SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes

Steps to add custom fields at One Identity Manager for TimeZone attribute for Users

Synchronization of TimeZone attribute of User object at SAP Cloud for Customer Connector requires additional configuration at One Identity Manager. This will not be included in the default mapped attributes at One Identity Manager as part of the synchronization project creation. In order to attain this requires a custom mapping with a custom string field. TimeZone attribute often holds longer values than the default custom fields which are 64 char in length. Also these are readOnly fields and can not be modified. Hence the option to overcome this situation is creating a custom string field with 256 char in length.

Steps to create a custom field with 256 char length using Schema Extension

  1. Open Schema Extension tool.

  2. Login using database credentials.

  3. In the Select Method select the option Extend Table.

  4. In the Extend table window, select CSMUser table and click Next.

  5. In the Configure columns window, click Create New column (+).

  6. In the Create new column window, enter a name for the column.

  7. In the Configure columns window, select the data type as string from the Data type list, 256 as length and click Next.

  8. In the Access permissions window, add appropriate permissions and click Next.

  9. Click Finish after the compilation is done.

  10. Repeat the steps from 4 to 9 for UCIUser table.

Steps to configure the mapping in Synchronization Editor

  1. Open the Synchronization Editor tool.

  2. Open the specific synchronization project.

  3. Navigate to Configuration | One Identity Manager Connection |Update Schema.

  4. Go to Mapping.

  5. Select Users mapping.

  6. Map the attribute with the newly created custom field.

  7. Commit the database.

  8. Activate the project.

  9. Run full synchronization.

  10. Open Manager tool and verify the values appeared in newly added custom field.

Steps to add custom fields at One Identity Manager for Role attribute for Users

Synchronization of Roles attribute of User object at SAP Cloud for Customer Connector requires additional configuration at One Identity Manager. This will not be included in the default mapped attributes at One Identity Manager as part of the synchronization project creation. In order to attain this requires a custom mapping with a custom multi value field. Roles attribute often holds multi values . Hence the option to overcome this situation is creating a custom field for multi value attribute.

Steps to create a custom field using Schema Extension

  1. Open Schema Extension tool.

  2. Login using database credentials.

  3. In the Select Method select the option Extend Table.

  4. In the Extend table window, select CSMUser table and click Next.

  5. In the Configure columns window, click Create New column (+).

  6. In the Create new column window, enter a name for the column.

  7. In the Configure columns window, select the data type as string from the Data type list, and click Next.

  8. In the Access permissions window, add appropriate permissions and click Next.

  9. Click Finish after the compilation is done.

  10. Repeat the steps from 4 to 9 for UCIUser table.

Steps to making changes in Designer Tool for newly created custom field

  1. Open Designer tool.

  2. Login using database credentials.

  3. Go to One Identity Manger Schema.

  4. Select CSMUser from Table.

  5. In the Task pane select Show Table Definition under Schema Editor.

  6. In the List select newly created field.

  7. Go to More tab under Column Properties.

  8. Select Multi-value column checkbox.

  9. Commit the database.

  10. Repeat the steps from 3 to 9 for UCIUser table.

  11. Go to Database menu and select Compile Database.

  12. Go to Process Orchestration present in left bottom pane.

  13. Select UCI_UCIUser_Update from Processes Table.

  14. In the Task pane select Edit Process 'UCI_UCIUser_Update' under Process Editor.

  15. Select 'PUT/PATCH' user' and navigate to bottom section 'Parameters'.

  16. Double click on ForceSyncOf to edit Parameter.

  17. Provide value template as Value = "Custom Field" (Example: Value = "CCC_Roles").

  18. Commit the database.

  19. Go to Database Menu and select Compile Database.

Steps to configuring the mapping in Synchronization Editor

  1. Open the Synchronization Editor tool.

  2. Open the specific synchronization project.

  3. Navigate to Configuration | One Identity Manager Connection |Update Schema.

  4. Go to Mapping.

  5. Select Users mapping.

  6. Map the attribute with the newly created custom field.

  7. Commit the database.

  8. Activate the project.

  9. Run full synchronization.

  10. Open Manager tool and verify the values appeared in newly added custom field.

Creating a Service Principal for the Azure Infrastructure Connector

Use Azure CLI by accessing https://shell.azure.com , select "Bash" console.

Use the command

az ad sp create-for-rbac -n "{sp_name}" --role Reader --scopes /

to create a Service Principal with reader role for Root Scope.

Collect the values for "appId", "password" and "tenant" from the Azure CLI command response for "Client Id", "Client Secret" and "Tenant Id" respectively.

NOTE: To support Write operations, the service principal needs to have 'owner' role.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating