Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM S3 ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring Amazon S3 AWS connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Configuring integration application in DocuSign

Follow the below steps in order to configure an integration application and gather the required information for authentication.

  1. Log in to the DocuSign eSignature Admin Dashboard. If demo instance is used, the admin dashboard can be accessed at eSignature Admin | DocuSign
  2. From main menu “Settings”, under side menu “Integrations”, access “Apps and Keys”.
  3. Under “My Account Information”, collect “User ID”, “API Account ID” and “Account Base URI”.
  4. Click on “Add App and Integration Key” button to create an integration application, provide the App name.
  5. Under “Authentication” section
    1. Select “Yes” for “User Application”

    2. Click “Add Secret Key” under “Authentication Method for your App“ → “Authorization Code Grant“ to add a secret key

  6. Under “Service Integration” section

    1. Click “Generate RSA” to generate a RSA keypair

    2. Copy and save the “Private Key”

  7. Under “Additional settings” section

    1. Click “Add URI” under “Redirect URIs” to add a redirect URI. For example: http://localhost/

  8. “Save” the integration application and collect the “Integration Key” for thus created application under the “Apps and Integration Keys“ list. The integration key acts as the Client Id in the authentication workflow.

  9. Complete the admin (integration account) consent flow:

    1. Construct an URI in the format https://<authentication_server>/oauth/auth?response_type=code&scope=impersonation%20signature&client_id=<integration_app’s_integration_key>&redirect_uri=<integration_app’s_configured_redirect_uri> and access the URI in the browser by authenticating using the admin credentials. Example value for the consent URL would be signature&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=http://localhost/

    2. The authentication server would follow the values:

      1. for developer environments

      2. for production environments

    3. Provide the consent by clicking the “Allow Access" button in the browser page

    4. Based on the redirect URI provided, the browser will redirect to the page with access code. This code can be ignored.

Creating integration Connect Client in Coupa

Follow the below steps in order to configure an integration application and gather the required information for authentication.

  1. Login to Coupa as an integrations enabled administrator to create an OAuth2/OIDC Client with a grant type Client Credentials. After configuration, the values of Client ID and Client Secret are used to gain access to the Coupa API.

  2. To set up your Coupa test instance with a new connection, go to Setup > Oauth2/OpenID Connect Clients.

    NOTE: Type "OAuth" in search box to find the client name quickly.

  3. Click Create.

  4. For Grant Type select: Client credentials.

  5. Specify a name for the Client, Login, Contact info, and Contact Email.

  6. Select the scopes from:


    • core.user_group.write


    • core.user.write



  7. Click Save.

    Saving the client gives you values of the client Identifier and Secret that reqired to gain access to the API scopes you have defined for it.

    NOTE: Coupa instance addresses take the form of

    https://{organization_name} (for customer instances) or

    https://{organization_name} (for partner and demo instances)

Retrieving Azure DevOps Personal Access Token (PAT)

Follow the below steps to generate/retrieve a PAT.

  1. Login to the Azure DevOps portal of your orgainization.

  2. From your home page, open user settings and select Personal access tokens.

  3. Select + New Token.

  4. Name your token, select the organization where you want to use the token, and then set your token to automatically expire after a set number of days.

  5. Select scopes as full access and click on create.

  6. Copy the token and store it in a secure location. For your security, it doesn't display again.

Setup integration system and field override service in Workday

Field Overrides are an alternate way to pull custom attribute information from Workday that replaces the existing custom report facility.


To use Field Overrides, Workday administrators must create a new Field Override Integration System within Workday, add the desired custom attributes to it, and configure Okta to use this Integration System when fetching worker data.

To create a Field Override Integration

  1. Log in to your Workday account as an administrator, search for Integration System in the search bar, and then click Create Integration System.

  2. Enter the following:
    • System Name: Enter a name for your System Integration.

    • Comment: Optionally add a comment.

    • Template: Select worker from the New using template drop-down menu.

  3. Press Enter.
  4. From the list of results, select Core Connector: Worker, then click OK:
  5. You're redirected to a page for your freshly created Integration System.
  6. Scroll down to the Custom Integration Services section and click the + (plus) sign.
  7. Click Create.
  8. Select Create Integration Field Override Service from the list of services.
  9. Enter a Name for the Field Override Service, and select Worker as the Business Object.
  10. Add more fields to your Field Override Service by clicking the + (plus) sign. Property types are based on the property name, so if you want to have properties of different types, refer to Field Override Property Types for more information about the property types and naming conventions. Click OK.
  11. Now you need to configure the field mappings after creating Integration Service. Go to Actions > Integration System > Configure Integration Field Overrides.
  12. Select your Integration Service from the list on the left and configure the mappings for your fields. Type and search for a desired field. Make sure that property types are matching.
  13. After you have mapped all the properties, click OK>Done.
  14. Search for your Integration System in Workday, then go to Actions > Integration IDs > View IDs.
  15. Copy and save the value of Integration_System_ID. You need this value to set up and update your provisioning settings.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating