Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Mandatory fields

ServiceNow is a service management platform that can be used for many different business units, including IT, human resources, facilities, and field services.

ServiceNow connectors are available for use with One Identity Safeguard for Privileged Passwords.

Supervisor configuration parameters for ServiceNow v.1.0

To configure the connector, following parameters are required:

  • Connector name

  • Username for the cloud account

  • Password for the cloud account

  • Custom Properties (List of custom properties, if any, to be mapped)
    For more information, see Configuring custom attributes for ServiceNow v.1.0.

  • SCIM URL (Cloud application's REST API's base URL)

Configuring custom attributes for ServiceNow v.1.0

You can configure custom attributes for the ServiceNow v.1.0 connector when you configure the connector in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in ServiceNow v.1.0 , see Configuring custom attributes for ServiceNow v.1.0.

Supervisor configuration parameters for ServiceNow v.2.0

To configure the connector, following parameters are required:

  • Connector name

  • Username for the cloud account

  • Password for the cloud account

  • SCIM URL (Cloud application's REST API's base URL)

Configuring custom attributes for ServiceNow v.2.0

You can configure custom attributes for the ServiceNow v.2.0 SCIM connector in Starling Connect for Users, Groups and Roles in the Custom Attributes section in Schema Configuration.

NOTE:

  • For more information about how to configure custom attributes in ServiceNowv.2.0, see Configuring custom attributes in connectors.
  • As the ServiceNow target system does not support disabling of attributes, the ServiceNow connector is enhanced only to support the configuration of custom attributes in the SCIM connector.
  • If a custom attribute is a complex attribute, then you must enter it in the following format in Starling Connect:

    <custom_attribute>$$<nested_attribute>.

    For example,

    "parent": {

    "link": "https://dev60043.service-now.com/api/now/table/sys_user_group/b85d44954a3623120004689b2d5dd60a",

    "value": "b85d44954a3623120004689b2d5dd60a"

    }

    you must enter as parent$$value in Starling Connect.

  • The connector supports single level of navigation only.

Supported objects and operations

Users
Table 50: Supported operations for Users

Operation

VERB

Create

POST

Update

PUT

Delete

DELETE

Get all users

GET

Get (Id)

GET

Pagination GET
Groups
Table 51: Supported operations for Groups

Operation

VERB

Create

POST

Update

PUT

Delete 

DELETE

Get all groups

GET

Get (id)

GET

Get

GET

Pagination GET
Roles
Table 52: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Users

  • Username

Groups

  • Group Name

User and Group mapping

The user and group mapping is listed in the table below.

Table 53: User mapping
SCIM parameter ServiceNow parameter
userName user_name
name.familyName last_name
name.givenName first_name
name.middleName middle_name
displayName name
emails[0].value email
addresses[0].streetAddress street
addresses[0].locality city
addresses[0].region state
addresses[0].postalCode zip
addresses[0].country country
phoneNumbers[0].value(type=work) phone
title title
preferredLanguage preferred_language
timeZone time_zone
active active
password user_password
roles.value {resource}.role.value
extension.organization company
extension.department department
extension.manager.value manager.value
extension.employeeNumber employee_number
id sys_id
groups.value {resource}.group.value

extension.lastLogon

last_login_time

PhoneNumbers[0].value(type=mobile)

mobile_phone

Table 54: Group mapping
SCIM parameter ServiceNow parameter
id sys_id
displayName name
members.value {resource}.user.value
extension.description description
extension.email email

extension.groupType

type

extension.manager.value

manager.value

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of ServiceNow connector are:

  • v.1.0
  • v.2.0

NOTE: For more information, see Connector versions.

Connector limitations

  • ServiceProviderAuthority contains only the Id field with the value being same as the instance id of the ServiceNow instance, as there are no APIs to fetch the tenant details in ServiceNow.

  • If the department name and organization name is provided during user create or update operations, the user gets assigned to the department and organization if the department and organization with the same name exists in ServiceNow cloud application.

  • If the invalid manager id is used for user's manager fields while performing user create or update operations, ServiceNow does not display any error. Instead, it invalid id is returned as the manager id.

  • In the request, if there are invalid values for timezone, language, and so on, ServiceNow does not display any error. Instead, the fields with invalid values would be blank.
  • GET Roles operation might not fetch all the roles. Some roles must be retrieved based on ServiceNow Access Control List (ACL).

  • If an invalid role id is used for user create or update operation, no error is displayed. Instead, the same invalid id in the role list is returned.
  • If an invalid member id is used for group create or update, no error is displayed. Instead, the same invalid id as the member id is returned.

  • Create User operation with existing user details shows the status code as 403 instead 409. The status code and the status message cannot be interpreted.

Connector versions and features

ServiceNow is a service management platform that can be used for many different business units, including IT, human resources, facilities, and field services.

ServiceNow connectors are available for use with One Identity Safeguard for Privileged Passwords.

Supervisor configuration parameters for ServiceNow v.1.0

To configure the connector, following parameters are required:

  • Connector name

  • Username for the cloud account

  • Password for the cloud account

  • Custom Properties (List of custom properties, if any, to be mapped)
    For more information, see Configuring custom attributes for ServiceNow v.1.0.

  • SCIM URL (Cloud application's REST API's base URL)

Configuring custom attributes for ServiceNow v.1.0

You can configure custom attributes for the ServiceNow v.1.0 connector when you configure the connector in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in ServiceNow v.1.0 , see Configuring custom attributes for ServiceNow v.1.0.

Supervisor configuration parameters for ServiceNow v.2.0

To configure the connector, following parameters are required:

  • Connector name

  • Username for the cloud account

  • Password for the cloud account

  • SCIM URL (Cloud application's REST API's base URL)

Configuring custom attributes for ServiceNow v.2.0

You can configure custom attributes for the ServiceNow v.2.0 SCIM connector in Starling Connect for Users, Groups and Roles in the Custom Attributes section in Schema Configuration.

NOTE:

  • For more information about how to configure custom attributes in ServiceNowv.2.0, see Configuring custom attributes in connectors.
  • As the ServiceNow target system does not support disabling of attributes, the ServiceNow connector is enhanced only to support the configuration of custom attributes in the SCIM connector.
  • If a custom attribute is a complex attribute, then you must enter it in the following format in Starling Connect:

    <custom_attribute>$$<nested_attribute>.

    For example,

    "parent": {

    "link": "https://dev60043.service-now.com/api/now/table/sys_user_group/b85d44954a3623120004689b2d5dd60a",

    "value": "b85d44954a3623120004689b2d5dd60a"

    }

    you must enter as parent$$value in Starling Connect.

  • The connector supports single level of navigation only.

Supported objects and operations

Users
Table 50: Supported operations for Users

Operation

VERB

Create

POST

Update

PUT

Delete

DELETE

Get all users

GET

Get (Id)

GET

Pagination GET
Groups
Table 51: Supported operations for Groups

Operation

VERB

Create

POST

Update

PUT

Delete 

DELETE

Get all groups

GET

Get (id)

GET

Get

GET

Pagination GET
Roles
Table 52: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Mandatory fields

Users

  • Username

Groups

  • Group Name

User and Group mapping

The user and group mapping is listed in the table below.

Table 53: User mapping
SCIM parameter ServiceNow parameter
userName user_name
name.familyName last_name
name.givenName first_name
name.middleName middle_name
displayName name
emails[0].value email
addresses[0].streetAddress street
addresses[0].locality city
addresses[0].region state
addresses[0].postalCode zip
addresses[0].country country
phoneNumbers[0].value(type=work) phone
title title
preferredLanguage preferred_language
timeZone time_zone
active active
password user_password
roles.value {resource}.role.value
extension.organization company
extension.department department
extension.manager.value manager.value
extension.employeeNumber employee_number
id sys_id
groups.value {resource}.group.value

extension.lastLogon

last_login_time

PhoneNumbers[0].value(type=mobile)

mobile_phone

Table 54: Group mapping
SCIM parameter ServiceNow parameter
id sys_id
displayName name
members.value {resource}.user.value
extension.description description
extension.email email

extension.groupType

type

extension.manager.value

manager.value

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of ServiceNow connector are:

  • v.1.0
  • v.2.0

NOTE: For more information, see Connector versions.

Connector limitations

  • ServiceProviderAuthority contains only the Id field with the value being same as the instance id of the ServiceNow instance, as there are no APIs to fetch the tenant details in ServiceNow.

  • If the department name and organization name is provided during user create or update operations, the user gets assigned to the department and organization if the department and organization with the same name exists in ServiceNow cloud application.

  • If the invalid manager id is used for user's manager fields while performing user create or update operations, ServiceNow does not display any error. Instead, it invalid id is returned as the manager id.

  • In the request, if there are invalid values for timezone, language, and so on, ServiceNow does not display any error. Instead, the fields with invalid values would be blank.
  • GET Roles operation might not fetch all the roles. Some roles must be retrieved based on ServiceNow Access Control List (ACL).

  • If an invalid role id is used for user create or update operation, no error is displayed. Instead, the same invalid id in the role list is returned.
  • If an invalid member id is used for group create or update, no error is displayed. Instead, the same invalid id as the member id is returned.

  • Create User operation with existing user details shows the status code as 403 instead 409. The status code and the status message cannot be interpreted.

Connector limitations

ServiceNow is a service management platform that can be used for many different business units, including IT, human resources, facilities, and field services.

ServiceNow connectors are available for use with One Identity Safeguard for Privileged Passwords.

Supervisor configuration parameters for ServiceNow v.1.0

To configure the connector, following parameters are required:

  • Connector name

  • Username for the cloud account

  • Password for the cloud account

  • Custom Properties (List of custom properties, if any, to be mapped)
    For more information, see Configuring custom attributes for ServiceNow v.1.0.

  • SCIM URL (Cloud application's REST API's base URL)

Configuring custom attributes for ServiceNow v.1.0

You can configure custom attributes for the ServiceNow v.1.0 connector when you configure the connector in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in ServiceNow v.1.0 , see Configuring custom attributes for ServiceNow v.1.0.

Supervisor configuration parameters for ServiceNow v.2.0

To configure the connector, following parameters are required:

  • Connector name

  • Username for the cloud account

  • Password for the cloud account

  • SCIM URL (Cloud application's REST API's base URL)

Configuring custom attributes for ServiceNow v.2.0

You can configure custom attributes for the ServiceNow v.2.0 SCIM connector in Starling Connect for Users, Groups and Roles in the Custom Attributes section in Schema Configuration.

NOTE:

  • For more information about how to configure custom attributes in ServiceNowv.2.0, see Configuring custom attributes in connectors.
  • As the ServiceNow target system does not support disabling of attributes, the ServiceNow connector is enhanced only to support the configuration of custom attributes in the SCIM connector.
  • If a custom attribute is a complex attribute, then you must enter it in the following format in Starling Connect:

    <custom_attribute>$$<nested_attribute>.

    For example,

    "parent": {

    "link": "https://dev60043.service-now.com/api/now/table/sys_user_group/b85d44954a3623120004689b2d5dd60a",

    "value": "b85d44954a3623120004689b2d5dd60a"

    }

    you must enter as parent$$value in Starling Connect.

  • The connector supports single level of navigation only.

Supported objects and operations

Users
Table 50: Supported operations for Users

Operation

VERB

Create

POST

Update

PUT

Delete

DELETE

Get all users

GET

Get (Id)

GET

Pagination GET
Groups
Table 51: Supported operations for Groups

Operation

VERB

Create

POST

Update

PUT

Delete 

DELETE

Get all groups

GET

Get (id)

GET

Get

GET

Pagination GET
Roles
Table 52: Supported operations for Roles

Operation

VERB

Get All Roles

GET

Get Role (Id)

GET

Mandatory fields

Users

  • Username

Groups

  • Group Name

User and Group mapping

The user and group mapping is listed in the table below.

Table 53: User mapping
SCIM parameter ServiceNow parameter
userName user_name
name.familyName last_name
name.givenName first_name
name.middleName middle_name
displayName name
emails[0].value email
addresses[0].streetAddress street
addresses[0].locality city
addresses[0].region state
addresses[0].postalCode zip
addresses[0].country country
phoneNumbers[0].value(type=work) phone
title title
preferredLanguage preferred_language
timeZone time_zone
active active
password user_password
roles.value {resource}.role.value
extension.organization company
extension.department department
extension.manager.value manager.value
extension.employeeNumber employee_number
id sys_id
groups.value {resource}.group.value

extension.lastLogon

last_login_time

PhoneNumbers[0].value(type=mobile)

mobile_phone

Table 54: Group mapping
SCIM parameter ServiceNow parameter
id sys_id
displayName name
members.value {resource}.user.value
extension.description description
extension.email email

extension.groupType

type

extension.manager.value

manager.value

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of ServiceNow connector are:

  • v.1.0
  • v.2.0

NOTE: For more information, see Connector versions.

  • ServiceProviderAuthority contains only the Id field with the value being same as the instance id of the ServiceNow instance, as there are no APIs to fetch the tenant details in ServiceNow.

  • If the department name and organization name is provided during user create or update operations, the user gets assigned to the department and organization if the department and organization with the same name exists in ServiceNow cloud application.

  • If the invalid manager id is used for user's manager fields while performing user create or update operations, ServiceNow does not display any error. Instead, it invalid id is returned as the manager id.

  • In the request, if there are invalid values for timezone, language, and so on, ServiceNow does not display any error. Instead, the fields with invalid values would be blank.
  • GET Roles operation might not fetch all the roles. Some roles must be retrieved based on ServiceNow Access Control List (ACL).

  • If an invalid role id is used for user create or update operation, no error is displayed. Instead, the same invalid id in the role list is returned.
  • If an invalid member id is used for group create or update, no error is displayed. Instead, the same invalid id as the member id is returned.

  • Create User operation with existing user details shows the status code as 403 instead 409. The status code and the status message cannot be interpreted.

Dropbox

Dropbox offers secure file sharing and storage. It helps users manage sharing capabilities with groups and external collaborators through central folders with granular permissions.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 55: Supported operations for Users

Operation

VERB

Create

POST

Update

PUT

Delete

DELETE

Get all users

GET

Get user by Id

GET

Get users with pagination GET

Groups

Table 56: Supported operations for Groups

Operation

VERB

Create

POST

Update

PUT

Delete 

DELETE

Get all groups

GET

Get group by Id

GET

Get groups with pagination

GET

Roles

Table 57: Supported operations for Roles

Operation

VERB

Get all roles

GET

Get role by Id

GET

Mandatory fields

Users

  • emails.value

Groups

  • displayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 58: User mapping
SCIM parameter Dropbox parameter
id profile.team_member_id
externalId profile.external_id
userName profile.email
name.familyName profile.name.surname

name.givenName

profile.name.given_name
name.formatted profile.name.display_name
displayName profile.name.display_name
emails[0].value profile.email
active profile.status[".tag"]
groups profile.groups

roles

role[".tag"]

meta.created

profile.joined_on

 

Table 59: Group mapping
SCIM parameter Dropbox parameter
id group_id
displayName group_name
members[].value members[].profile.team_member_id
members[].display members[].profile.name.display_name
enterpriseExtension.externalId group_external_id
meta.created created

Connector limitations

  • The LastModified date is not applicable for Groups.

  • Both created and lastModified dates are not applicable for Users.
  • Invalid Target URL returns the below mentioned status code and error message.

    • Status code: 500
    • Error message: There was an issue processing this request error.
  • User's role cannot be updated.

  • The user cannot be set as active while performing create or update.

  • The information about groups will not be present in the Create user response.

  • The Dropbox user statuses active and invited are considered as active in the connector.

  • APIs are not available to retrieve roles from Dropbox. Hence, the endpoints of the connector's roles provide predefined set of roles.

  • Deleted members cannot be added to a group. In a request to add multiple members to a group, if any user is deleted (members_not_in_team), then the entire request is not carried out.

  • The userName property for user is read-only. However, this can be updated by updating the emails → value. The emails → value has been mapped against userName.

  • Dropbox returns error 500 without any message being shown, on cursor pagination with cursor length equal to 1. The same is observed when trying to update a deleted group. In this case, the connector returns the following error code and message:

    • Error Code: 400
    • Error message: Error occurred.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating