Connector limitations
Google Workspace (formerly GSuite) is a cloud computing, productivity, and collaboration tool. It includes the Google web applications Gmail, Drive, Hangouts, Calendar, and Docs. It also includes an interactive whiteboard. The enterprise version offers custom-domain email addresses, additional storage, and 24/7 phone and email support.
You must create a service account to access the Google Workspace services. For information on creating a service account, see Creating a service account in Google Workspace.
Supervisor configuration parameters
To configure the connector, following parameters are required:
-
Connector name
-
UserName
-
Private Key (Whole JSON content of private key file created for service account)
-
Target URL (Cloud application's instance URL used as targetURI in payload, for example: https://www.googleapis.com/admin/directory/v1)
- Customer Id
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).
Supported objects and operations
Users
Table 178: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Groups
Table 179: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Delete Group |
DELETE |
Get Group |
GET |
Get All Groups |
GET |
Get All Groups with Pagination |
GET |
Mandatory fields
Users
-
FirstName
-
LastName
-
Password
Groups
Email
User and Group mapping
The user and group mappings are listed in the tables below.
Table 180: User mapping
Id |
id |
userName |
primaryEmail |
Name.GivenName |
name.givenName |
Name.FamilyName |
name.familyName |
Name.Formatted |
name.fullName |
DisplayName |
name.fullName |
Emails[0].value |
primaryEmail |
Addresses[0].StreetAddress |
streetAddress |
Addresses[0].Locality |
locality |
Addresses[0].Region |
region |
Addresses[0].PostalCode |
postalcode |
PhoneNumbers[0].Value |
phones[0].value |
PhoneNumbers[0].Type |
phones[0].type |
Active |
suspended |
ExternalId |
externalIds.value |
Extension.Organization |
organizations.name |
Extension.Department |
organizations.department |
Extension.Division |
organizations.location |
Created |
creationTime |
Groups
Table 181: User mapping
Id |
id |
displayName |
name |
members.value |
groupMembers.id |
members.type |
groupMembers.type |
groupExtension.Email |
email |
groupExtension.Description |
description |
-
Connector supports cursor based pagination even with any change at count in subsequent requests.
-
Created date is displayed for Users. Created date and Modified date are not displayed for Groups.
-
Group information of user is not displayed in user details.
-
The Email ID of Users and Groups to be created should be provided along with the domain name of target instance.
Google Workspace connector for Safeguard for Privileged Passwords
- The following OAuth scopes need to be authorized:
Google Workspace connector for Safeguard for Privileged Passwords
Google Workspace (formerly GSuite) is a cloud computing, productivity, and collaboration tool. It includes the Google web applications Gmail, Drive, Hangouts, Calendar, and Docs. It also includes an interactive whiteboard. The enterprise version offers custom-domain email addresses, additional storage, and 24/7 phone and email support.
You must create a service account to access the Google Workspace services. For information on creating a service account, see Creating a service account in Google Workspace.
Supervisor configuration parameters
To configure the connector, following parameters are required:
-
Connector name
-
UserName
-
Private Key (Whole JSON content of private key file created for service account)
-
Target URL (Cloud application's instance URL used as targetURI in payload, for example: https://www.googleapis.com/admin/directory/v1)
- Customer Id
-
Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).
Supported objects and operations
Users
Table 178: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Groups
Table 179: Supported operations for Groups
Create Group |
POST |
Update Group |
PUT |
Delete Group |
DELETE |
Get Group |
GET |
Get All Groups |
GET |
Get All Groups with Pagination |
GET |
Mandatory fields
Users
-
FirstName
-
LastName
-
Password
Groups
Email
User and Group mapping
The user and group mappings are listed in the tables below.
Table 180: User mapping
Id |
id |
userName |
primaryEmail |
Name.GivenName |
name.givenName |
Name.FamilyName |
name.familyName |
Name.Formatted |
name.fullName |
DisplayName |
name.fullName |
Emails[0].value |
primaryEmail |
Addresses[0].StreetAddress |
streetAddress |
Addresses[0].Locality |
locality |
Addresses[0].Region |
region |
Addresses[0].PostalCode |
postalcode |
PhoneNumbers[0].Value |
phones[0].value |
PhoneNumbers[0].Type |
phones[0].type |
Active |
suspended |
ExternalId |
externalIds.value |
Extension.Organization |
organizations.name |
Extension.Department |
organizations.department |
Extension.Division |
organizations.location |
Created |
creationTime |
Groups
Table 181: User mapping
Id |
id |
displayName |
name |
members.value |
groupMembers.id |
members.type |
groupMembers.type |
groupExtension.Email |
email |
groupExtension.Description |
description |
Connector limitations
-
Connector supports cursor based pagination even with any change at count in subsequent requests.
-
Created date is displayed for Users. Created date and Modified date are not displayed for Groups.
-
Group information of user is not displayed in user details.
-
The Email ID of Users and Groups to be created should be provided along with the domain name of target instance.
- The following OAuth scopes need to be authorized:
Concur
Concur offers two on-demand Software as a Service (SaaS) products to help manage travel. Concur Travel & Expense gives you web and mobile solutions for travel and expense management, and TripIt is a mobile travel organizer for individuals.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 182: Supported operations for Users (for v1.0)
Create User |
POST |
Update User |
POST |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Table 183: Supported operations for Users (for v2.0)
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Create User |
POST |
Update User |
PUT |
Groups
NA
Mandatory fields
Users (v1.0)
-
userName
-
name.givenName
-
name.familyName
-
enterpriseUserExtension.empId
-
emails.value
-
password
-
scimUser.locale
-
enterpriseUserExtension.ctryCode
-
enterpriseUserExtension.crnKey
-
enterpriseUserExtension.ledgerKey
Users (v2.0)
-
userName
-
name.givenName
-
name.familyName
-
emails[].value
-
emails[].type
-
active
-
enterpriseUserExtension.companyId
-
enterpriseUserExtension.startDate
-
entitlements[].value
-
roles[].value
-
enterpriseUserExtension.employeeNumber
Groups
NA
User and Group mapping
The user and group mappings are listed in the tables below.
Table 184: User mapping
Id |
LoginId |
userName |
LoginId |
Name.GivenName |
FirstName |
name.MiddleName |
Mi |
Name.FamilyName |
LastName |
DisplayName |
FirstName+LastName |
Emails[0].value |
EmailAddress |
Active |
Active |
Locale |
LocaleName |
Extension.EmpId |
EmpId |
Extension.LedgerKe |
LedgerName |
Extension.CtryCode |
CtryCode |
Extension.CrnKey |
CrnKey |
Extension.ExpenseApprover |
ExpenseApprover |
Extension.Custom1 |
Custom1 |
Extension.Custom2 |
Custom2 |
Extension.Custom3 |
Custom3 |
Extension.Custom4 |
Custom4 |
Extension.Custom5 |
Custom5 |
Extension.Custom6 |
Custom6 |
Extension.Custom7 |
Custom7 |
Extension.Custom8 |
Custom8 |
Extension.Custom9 |
Custom9 |
Extension.Custom10 |
Custom10 |
Extension.Custom11 |
Custom11 |
Extension.Custom12 |
Custom12 |
Extension.Custom13 |
Custom13 |
Extension.Custom14 |
Custom14 |
Extension.Custom15 |
Custom15 |
Extension.Custom16 |
Custom16 |
Extension.Custom17 |
Custom17 |
Extension.Custom18 |
Custom18 |
Extension.Custom19 |
Custom19 |
Extension.Custom20 |
Custom20 |
Extension.Custom21 |
Custom21 |
Extension.OrgUnit1 |
OrgUnit1 |
Extension.OrgUnit2 |
OrgUnit2 |
Extension.OrgUnit3 |
OrgUnit3 |
Extension.OrgUnit4 |
OrgUnit4 |
Extension.OrgUnit5 |
OrgUnit5 |
Extension.OrgUnit6 |
OrgUnit6 |
Table 185: User v2 mapping
Active |
active |
Addresses |
addresses |
DisplayName |
displayName |
Emails[].value |
emails[].value |
Extension.CompanyId |
extension.companyId |
Extension.CostCenter |
extension.costCenter |
Extension.Department |
extension.department |
Extension.Division |
extension.division |
Extension.EmployeeNumber |
extension.employeeNumber |
Extension.Manager.value |
extension.manager.value |
Extension.Organization |
extension.organization |
Extension.StartDate |
extension.startDate |
Extension.TerminationDate |
extension.terminationDate |
externalId |
externalId |
Id |
id |
Meta.Created |
meta.created |
Meta.LastModified |
meta.lastModified |
Name.FamilyName |
name.familyName |
Name.GivenName |
name.givenName |
name.MiddleName |
name.middleName |
NickName |
nickName |
PhoneNumbers |
phoneNumbers |
PreferredLanguage |
preferredLanguage |
TimeZone |
timezone |
Title |
title |
UserName |
userName |
Roles[].value |
spendExtensionRole.roles[].roleName |
Roles[].display |
spendExtensionRole.roles[].roleName |
Entitlements[].value |
entitlements[] |
Entitlements[].display |
entitlements[] |
Extension.SpendReimbursementCurrency |
spendExtensionUser.reimbursementCurrency |
Extension.SpendLocale |
spendExtensionUser.locale |
Extension.SpendCountry |
spendExtensionUser.country |
Extension.SpendLedgerCode |
spendExtensionUser.ledgerCode |
extension.primaryApprover.id |
SpendApprover.report[].approver.value |
extension.primaryApprover.userName |
UserName |
extension.primaryApprover.employeeNumber |
Extension.EmployeeNumber |
NOTE: Attributes extension.primaryApprover.userName and extension.primaryApprover.employeeNumber are mapped from a different Get API.
Groups
NA
Connector limitations
-
Connector will not return inactive users in the Get All Users response and return 404 Not Found for Get User by Id. (returned in version v.2.0)
-
Meta data information with created and lastModified dates are not supported. (Supported in version v.2.0)
-
Create User with the details of an existing User will return the same User details with ‘201 Created’. (returns 409 conflict in version v.2.0)
-
Update of givenName and familyName are not supported. (Supported in version v.2.0)
-
It is required to pass the values in specific format for the custom fields which depends on the target instance.
-
To perform a successful integration, the enabled mandatory custom attributes need to be configured in One IM and all the values should be passed accordingly.
NOTE:
-
As the connector does not support PATCH, it will accept all the write-able attributes in update request. If attributes are not specified in the request, system default values will be provisioned.
-
Default values for some attributes used in connectors are: Under "urn:ietf:params:scim:schemas:extension:spend:2.0:User" :
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in Concur v.2.0
Following are the features that are available exclusively in Concur v.2.0:
Connector SCIM configuration
-
The Concur connector is enhanced to support the configuration of SCIM connector with custom attributes.
-
Disabling the attributes is not supported as this feature is not available in Concur.
-
The supported custom attributes are custom 1 through 21 and orgUnit 1 through 6, which are string types.
-
Only the "Users" resource type has support for configuring custom attributes via SCIM configuration.
NOTE: Supported only for v.2.0.
Support for filter condition
- The connector supports filter condition on externalId, companyId, employeeNumber and userName.
- The only filter operator supported is eq.
- Supports AND logical operator only with the attribute combination employeeNumber + companyId and externalId + companyId.
- For OR logical operator, and for any other combination of attributes, the target API returns error message.
- The connector supports only the double quotes in the filter value (ex. userName eq "testUser").
NOTE: Filter is supported only for v.2.0.
Supervisor configuration parameters
Concur offers two on-demand Software as a Service (SaaS) products to help manage travel. Concur Travel & Expense gives you web and mobile solutions for travel and expense management, and TripIt is a mobile travel organizer for individuals.
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 182: Supported operations for Users (for v1.0)
Create User |
POST |
Update User |
POST |
Delete User |
DELETE |
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Table 183: Supported operations for Users (for v2.0)
Get User |
GET |
Get All Users |
GET |
Get All Users with Pagination |
GET |
Create User |
POST |
Update User |
PUT |
Groups
NA
Mandatory fields
Users (v1.0)
-
userName
-
name.givenName
-
name.familyName
-
enterpriseUserExtension.empId
-
emails.value
-
password
-
scimUser.locale
-
enterpriseUserExtension.ctryCode
-
enterpriseUserExtension.crnKey
-
enterpriseUserExtension.ledgerKey
Users (v2.0)
-
userName
-
name.givenName
-
name.familyName
-
emails[].value
-
emails[].type
-
active
-
enterpriseUserExtension.companyId
-
enterpriseUserExtension.startDate
-
entitlements[].value
-
roles[].value
-
enterpriseUserExtension.employeeNumber
Groups
NA
User and Group mapping
The user and group mappings are listed in the tables below.
Table 184: User mapping
Id |
LoginId |
userName |
LoginId |
Name.GivenName |
FirstName |
name.MiddleName |
Mi |
Name.FamilyName |
LastName |
DisplayName |
FirstName+LastName |
Emails[0].value |
EmailAddress |
Active |
Active |
Locale |
LocaleName |
Extension.EmpId |
EmpId |
Extension.LedgerKe |
LedgerName |
Extension.CtryCode |
CtryCode |
Extension.CrnKey |
CrnKey |
Extension.ExpenseApprover |
ExpenseApprover |
Extension.Custom1 |
Custom1 |
Extension.Custom2 |
Custom2 |
Extension.Custom3 |
Custom3 |
Extension.Custom4 |
Custom4 |
Extension.Custom5 |
Custom5 |
Extension.Custom6 |
Custom6 |
Extension.Custom7 |
Custom7 |
Extension.Custom8 |
Custom8 |
Extension.Custom9 |
Custom9 |
Extension.Custom10 |
Custom10 |
Extension.Custom11 |
Custom11 |
Extension.Custom12 |
Custom12 |
Extension.Custom13 |
Custom13 |
Extension.Custom14 |
Custom14 |
Extension.Custom15 |
Custom15 |
Extension.Custom16 |
Custom16 |
Extension.Custom17 |
Custom17 |
Extension.Custom18 |
Custom18 |
Extension.Custom19 |
Custom19 |
Extension.Custom20 |
Custom20 |
Extension.Custom21 |
Custom21 |
Extension.OrgUnit1 |
OrgUnit1 |
Extension.OrgUnit2 |
OrgUnit2 |
Extension.OrgUnit3 |
OrgUnit3 |
Extension.OrgUnit4 |
OrgUnit4 |
Extension.OrgUnit5 |
OrgUnit5 |
Extension.OrgUnit6 |
OrgUnit6 |
Table 185: User v2 mapping
Active |
active |
Addresses |
addresses |
DisplayName |
displayName |
Emails[].value |
emails[].value |
Extension.CompanyId |
extension.companyId |
Extension.CostCenter |
extension.costCenter |
Extension.Department |
extension.department |
Extension.Division |
extension.division |
Extension.EmployeeNumber |
extension.employeeNumber |
Extension.Manager.value |
extension.manager.value |
Extension.Organization |
extension.organization |
Extension.StartDate |
extension.startDate |
Extension.TerminationDate |
extension.terminationDate |
externalId |
externalId |
Id |
id |
Meta.Created |
meta.created |
Meta.LastModified |
meta.lastModified |
Name.FamilyName |
name.familyName |
Name.GivenName |
name.givenName |
name.MiddleName |
name.middleName |
NickName |
nickName |
PhoneNumbers |
phoneNumbers |
PreferredLanguage |
preferredLanguage |
TimeZone |
timezone |
Title |
title |
UserName |
userName |
Roles[].value |
spendExtensionRole.roles[].roleName |
Roles[].display |
spendExtensionRole.roles[].roleName |
Entitlements[].value |
entitlements[] |
Entitlements[].display |
entitlements[] |
Extension.SpendReimbursementCurrency |
spendExtensionUser.reimbursementCurrency |
Extension.SpendLocale |
spendExtensionUser.locale |
Extension.SpendCountry |
spendExtensionUser.country |
Extension.SpendLedgerCode |
spendExtensionUser.ledgerCode |
extension.primaryApprover.id |
SpendApprover.report[].approver.value |
extension.primaryApprover.userName |
UserName |
extension.primaryApprover.employeeNumber |
Extension.EmployeeNumber |
NOTE: Attributes extension.primaryApprover.userName and extension.primaryApprover.employeeNumber are mapped from a different Get API.
Groups
NA
Connector limitations
-
Connector will not return inactive users in the Get All Users response and return 404 Not Found for Get User by Id. (returned in version v.2.0)
-
Meta data information with created and lastModified dates are not supported. (Supported in version v.2.0)
-
Create User with the details of an existing User will return the same User details with ‘201 Created’. (returns 409 conflict in version v.2.0)
-
Update of givenName and familyName are not supported. (Supported in version v.2.0)
-
It is required to pass the values in specific format for the custom fields which depends on the target instance.
-
To perform a successful integration, the enabled mandatory custom attributes need to be configured in One IM and all the values should be passed accordingly.
NOTE:
-
As the connector does not support PATCH, it will accept all the write-able attributes in update request. If attributes are not specified in the request, system default values will be provisioned.
-
Default values for some attributes used in connectors are: Under "urn:ietf:params:scim:schemas:extension:spend:2.0:User" :
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in Concur v.2.0
Following are the features that are available exclusively in Concur v.2.0:
Connector SCIM configuration
-
The Concur connector is enhanced to support the configuration of SCIM connector with custom attributes.
-
Disabling the attributes is not supported as this feature is not available in Concur.
-
The supported custom attributes are custom 1 through 21 and orgUnit 1 through 6, which are string types.
-
Only the "Users" resource type has support for configuring custom attributes via SCIM configuration.
NOTE: Supported only for v.2.0.
Support for filter condition
- The connector supports filter condition on externalId, companyId, employeeNumber and userName.
- The only filter operator supported is eq.
- Supports AND logical operator only with the attribute combination employeeNumber + companyId and externalId + companyId.
- For OR logical operator, and for any other combination of attributes, the target API returns error message.
- The connector supports only the double quotes in the filter value (ex. userName eq "testUser").
NOTE: Filter is supported only for v.2.0.