Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Supported objects and operations

AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Users

Table 204: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups

Table 205: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Get All Users with Pagination

GET

Update Membership

PUT

Mandatory fields

Users

  • Username

  • Email

Groups

DisplayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 206: User mapping
SCIM parameter AWS Cognito parameter
Id Username
userName Username
Name.Formatted Username
DisplayName Username
Emails[0].value UserAttributes.email
Active UserStatus.CONFIRMED
PhoneNumbers[0].Value phone_number
Password Password
Extension.IsPasswordPermanent Permanent
Extension.DesiredDeliveryMediums DesiredDeliveryMediums
Extension.email_verified UserAttributes.email_verified
Extension.phone_number_verified UserAttributes.phone_number_verified
Created_at UserCreateDate
lastModified_at UserLastModifiedDate

Groups

Table 207: Group mapping
SCIM parameter AWS Cognito parameter
Id GroupName
displayName GroupName
members[].value Users[].Username

members[].display

Users[].Username

Extension.Precedence

Precedence

Extension.RoleArn

RoleArn

Created_at

CreationDate

lastModified_at

LastModifiedDate

Connector limitations

  • Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.

  • Noncompliance to password policy returns an error. However, an User is created.

  • DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.

  • A User can be a member of a maximum of 25 groups.

Mandatory fields

AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 204: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups

Table 205: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Get All Users with Pagination

GET

Update Membership

PUT

Users

  • Username

  • Email

Groups

DisplayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 206: User mapping
SCIM parameter AWS Cognito parameter
Id Username
userName Username
Name.Formatted Username
DisplayName Username
Emails[0].value UserAttributes.email
Active UserStatus.CONFIRMED
PhoneNumbers[0].Value phone_number
Password Password
Extension.IsPasswordPermanent Permanent
Extension.DesiredDeliveryMediums DesiredDeliveryMediums
Extension.email_verified UserAttributes.email_verified
Extension.phone_number_verified UserAttributes.phone_number_verified
Created_at UserCreateDate
lastModified_at UserLastModifiedDate

Groups

Table 207: Group mapping
SCIM parameter AWS Cognito parameter
Id GroupName
displayName GroupName
members[].value Users[].Username

members[].display

Users[].Username

Extension.Precedence

Precedence

Extension.RoleArn

RoleArn

Created_at

CreationDate

lastModified_at

LastModifiedDate

Connector limitations

  • Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.

  • Noncompliance to password policy returns an error. However, an User is created.

  • DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.

  • A User can be a member of a maximum of 25 groups.

User and Group mapping

AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 204: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups

Table 205: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Get All Users with Pagination

GET

Update Membership

PUT

Mandatory fields

Users

  • Username

  • Email

Groups

DisplayName

The user and group mappings are listed in the tables below.

Table 206: User mapping
SCIM parameter AWS Cognito parameter
Id Username
userName Username
Name.Formatted Username
DisplayName Username
Emails[0].value UserAttributes.email
Active UserStatus.CONFIRMED
PhoneNumbers[0].Value phone_number
Password Password
Extension.IsPasswordPermanent Permanent
Extension.DesiredDeliveryMediums DesiredDeliveryMediums
Extension.email_verified UserAttributes.email_verified
Extension.phone_number_verified UserAttributes.phone_number_verified
Created_at UserCreateDate
lastModified_at UserLastModifiedDate

Groups

Table 207: Group mapping
SCIM parameter AWS Cognito parameter
Id GroupName
displayName GroupName
members[].value Users[].Username

members[].display

Users[].Username

Extension.Precedence

Precedence

Extension.RoleArn

RoleArn

Created_at

CreationDate

lastModified_at

LastModifiedDate

Connector limitations

  • Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.

  • Noncompliance to password policy returns an error. However, an User is created.

  • DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.

  • A User can be a member of a maximum of 25 groups.

Connector limitations

AWS Cognito is a connector from Amazon Web Services that helps developers build web and mobile apps that are more secure. It helps to better authenticate users. It also handles user data, including passwords, token-based authentication, scalability, permissions, and so on.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 204: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get All Users

GET

Get All Users with Pagination

GET

Groups

Table 205: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get All Groups

GET

Get All Users with Pagination

GET

Update Membership

PUT

Mandatory fields

Users

  • Username

  • Email

Groups

DisplayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 206: User mapping
SCIM parameter AWS Cognito parameter
Id Username
userName Username
Name.Formatted Username
DisplayName Username
Emails[0].value UserAttributes.email
Active UserStatus.CONFIRMED
PhoneNumbers[0].Value phone_number
Password Password
Extension.IsPasswordPermanent Permanent
Extension.DesiredDeliveryMediums DesiredDeliveryMediums
Extension.email_verified UserAttributes.email_verified
Extension.phone_number_verified UserAttributes.phone_number_verified
Created_at UserCreateDate
lastModified_at UserLastModifiedDate

Groups

Table 207: Group mapping
SCIM parameter AWS Cognito parameter
Id GroupName
displayName GroupName
members[].value Users[].Username

members[].display

Users[].Username

Extension.Precedence

Precedence

Extension.RoleArn

RoleArn

Created_at

CreationDate

lastModified_at

LastModifiedDate

  • Creating or updating the User or a Group happens in multiple steps. Failure in any step is reported as a complete failure of operation. However, the record is persisted until succeeded steps.

  • Noncompliance to password policy returns an error. However, an User is created.

  • DesiredDeliveredMedium is write only property. By default, SMS is the default option and it is not returned in Get specific user response.

  • A User can be a member of a maximum of 25 groups.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating