Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Mandatory fields

The Webex connector allows you to connect Webex with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Webex's real-time video conferencing and communication services. With features such as file sharing, screen sharing, the Webex application enables teams to collaborate without interruption over any device such as mac, PC, or mobile.

Connector configuration

Webex connector requires customer consent to retrieve resource details using REST APIs. Currently, the Webex connector supports the configuration of a single tenant connector only.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Client Id for the integration app

  • Client Secret of the integration app

  • Target URL (Cloud application's instance URL used as target URI in payload. The value needs to be https://webexapis.com/v1)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

Users

Table 310: Supported operations for Users
Operation VERB
Create User POST
Update User PUT
Delete User DELETE
Get User GET
Get Users GET

Groups

Table 311: Supported operations for Groups
Operation Operation
Create Group POST
Update Group PUT
Delete Group DELETE
Get Group GET

Get Groups

GET

Roles

Table 312: Supported operations for Roles
Operation Operation
Get Role GET
Get Roles GET

Profiles

Table 313: Supported operations for Profiles
Operation Operation
Get Profile GET
Get Profiles GET

This section lists the mandatory fields required to create a User or Group:

Users

  • emails.value

  • displayName

Groups

  • displayName

    User and Group mapping

    The user and group mappings are listed in the tables below.

    Table 314: User mapping
    SCIM Parameter Webex parameter
    id id
    userName emails[0]
    name.familyName lastName
    name.givenName firstName
    name.formatted firstName lastName

    displayName

    displayName

    nickName

    nickName

    emails[0].value

    emails[0]

    timezone

    timezone

    active

    loginEnabled

    userType

    type

    roles[].value

    roles[]

    entitlements[].value

    licenses[]

    photos[].value

    avatar

    userExtension.organization

    orgId

    userExtension.status

    status

    meta.created

    created

    meta.lastModified

    lastModified

    Groups

    Table 315: Groups mapping
    SCIM Parameter Webex parameter
    id id
    displayName name
    members[].value members[].personId
    members[].display members[].personDisplayName
    meta.created created

    Connector limitations

    • If the wrong cursor is passed in the request, the cloud instance does not validate it as an error. Hence the SCIM response will contain only the schema URN and the previous cursor.

    • Sometimes, even though the wrong cursor is passed in the request, the cloud instance returns the resources.

    • Webex User creation requires you to pass either of one of the following attributes as a mandatory attribute
      • displayName
      • givenName
      • familyName

        NOTE: The attribute displayName is considered as a mandatory attribute for user creation in the connector.

    • Multiple groups with the same name can be created due to target system behavior.

    • The last moderator of a group can leave the group or can be unassigned from the group only if there are no members in the group. This happens due to target system behavior.

    • When you update a group, removing the last member of the group removes the entire group due to target system behavior. In this scenario, the WebEx connector returns error 404 as the update operation internally is carried out internally as

      1. update group name
      2. manage members
      3. retrieve updated group details
    • When a group member, who is a moderator of the group and whose credentials are used while providing consent for the Webex integration app, gets removed from the Webex connector group update operations or has been assigned as a normal member but not a moderator through the Webex Teams User Interface, then the Webex connector fails to update the group due to insufficient privileges on that particular the group.

    • Deleting or updating a deleted user results in error 403 due to target system behavior.

  • User and Group mapping

    The Webex connector allows you to connect Webex with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Webex's real-time video conferencing and communication services. With features such as file sharing, screen sharing, the Webex application enables teams to collaborate without interruption over any device such as mac, PC, or mobile.

    Connector configuration

    Webex connector requires customer consent to retrieve resource details using REST APIs. Currently, the Webex connector supports the configuration of a single tenant connector only.

    Supervisor configuration parameters

    To configure the connector, following parameters are required:

    • Connector name

    • Client Id for the integration app

    • Client Secret of the integration app

    • Target URL (Cloud application's instance URL used as target URI in payload. The value needs to be https://webexapis.com/v1)

    • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

    Supported objects and operations

    Users

    Table 310: Supported operations for Users
    Operation VERB
    Create User POST
    Update User PUT
    Delete User DELETE
    Get User GET
    Get Users GET

    Groups

    Table 311: Supported operations for Groups
    Operation Operation
    Create Group POST
    Update Group PUT
    Delete Group DELETE
    Get Group GET

    Get Groups

    GET

    Roles

    Table 312: Supported operations for Roles
    Operation Operation
    Get Role GET
    Get Roles GET

    Profiles

    Table 313: Supported operations for Profiles
    Operation Operation
    Get Profile GET
    Get Profiles GET

    Mandatory fields

    This section lists the mandatory fields required to create a User or Group:

    Users

    • emails.value

    • displayName

    Groups

  • displayName

    The user and group mappings are listed in the tables below.

    Table 314: User mapping
    SCIM Parameter Webex parameter
    id id
    userName emails[0]
    name.familyName lastName
    name.givenName firstName
    name.formatted firstName lastName

    displayName

    displayName

    nickName

    nickName

    emails[0].value

    emails[0]

    timezone

    timezone

    active

    loginEnabled

    userType

    type

    roles[].value

    roles[]

    entitlements[].value

    licenses[]

    photos[].value

    avatar

    userExtension.organization

    orgId

    userExtension.status

    status

    meta.created

    created

    meta.lastModified

    lastModified

    Groups

    Table 315: Groups mapping
    SCIM Parameter Webex parameter
    id id
    displayName name
    members[].value members[].personId
    members[].display members[].personDisplayName
    meta.created created

    Connector limitations

    • If the wrong cursor is passed in the request, the cloud instance does not validate it as an error. Hence the SCIM response will contain only the schema URN and the previous cursor.

    • Sometimes, even though the wrong cursor is passed in the request, the cloud instance returns the resources.

    • Webex User creation requires you to pass either of one of the following attributes as a mandatory attribute
      • displayName
      • givenName
      • familyName

        NOTE: The attribute displayName is considered as a mandatory attribute for user creation in the connector.

    • Multiple groups with the same name can be created due to target system behavior.

    • The last moderator of a group can leave the group or can be unassigned from the group only if there are no members in the group. This happens due to target system behavior.

    • When you update a group, removing the last member of the group removes the entire group due to target system behavior. In this scenario, the WebEx connector returns error 404 as the update operation internally is carried out internally as

      1. update group name
      2. manage members
      3. retrieve updated group details
    • When a group member, who is a moderator of the group and whose credentials are used while providing consent for the Webex integration app, gets removed from the Webex connector group update operations or has been assigned as a normal member but not a moderator through the Webex Teams User Interface, then the Webex connector fails to update the group due to insufficient privileges on that particular the group.

    • Deleting or updating a deleted user results in error 403 due to target system behavior.

  • Connector limitations

    The Webex connector allows you to connect Webex with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Webex's real-time video conferencing and communication services. With features such as file sharing, screen sharing, the Webex application enables teams to collaborate without interruption over any device such as mac, PC, or mobile.

    Connector configuration

    Webex connector requires customer consent to retrieve resource details using REST APIs. Currently, the Webex connector supports the configuration of a single tenant connector only.

    Supervisor configuration parameters

    To configure the connector, following parameters are required:

    • Connector name

    • Client Id for the integration app

    • Client Secret of the integration app

    • Target URL (Cloud application's instance URL used as target URI in payload. The value needs to be https://webexapis.com/v1)

    • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

    Supported objects and operations

    Users

    Table 310: Supported operations for Users
    Operation VERB
    Create User POST
    Update User PUT
    Delete User DELETE
    Get User GET
    Get Users GET

    Groups

    Table 311: Supported operations for Groups
    Operation Operation
    Create Group POST
    Update Group PUT
    Delete Group DELETE
    Get Group GET

    Get Groups

    GET

    Roles

    Table 312: Supported operations for Roles
    Operation Operation
    Get Role GET
    Get Roles GET

    Profiles

    Table 313: Supported operations for Profiles
    Operation Operation
    Get Profile GET
    Get Profiles GET

    Mandatory fields

    This section lists the mandatory fields required to create a User or Group:

    Users

    • emails.value

    • displayName

    Groups

  • displayName

    User and Group mapping

    The user and group mappings are listed in the tables below.

    Table 314: User mapping
    SCIM Parameter Webex parameter
    id id
    userName emails[0]
    name.familyName lastName
    name.givenName firstName
    name.formatted firstName lastName

    displayName

    displayName

    nickName

    nickName

    emails[0].value

    emails[0]

    timezone

    timezone

    active

    loginEnabled

    userType

    type

    roles[].value

    roles[]

    entitlements[].value

    licenses[]

    photos[].value

    avatar

    userExtension.organization

    orgId

    userExtension.status

    status

    meta.created

    created

    meta.lastModified

    lastModified

    Groups

    Table 315: Groups mapping
    SCIM Parameter Webex parameter
    id id
    displayName name
    members[].value members[].personId
    members[].display members[].personDisplayName
    meta.created created
    • If the wrong cursor is passed in the request, the cloud instance does not validate it as an error. Hence the SCIM response will contain only the schema URN and the previous cursor.

    • Sometimes, even though the wrong cursor is passed in the request, the cloud instance returns the resources.

    • Webex User creation requires you to pass either of one of the following attributes as a mandatory attribute
      • displayName
      • givenName
      • familyName

        NOTE: The attribute displayName is considered as a mandatory attribute for user creation in the connector.

    • Multiple groups with the same name can be created due to target system behavior.

    • The last moderator of a group can leave the group or can be unassigned from the group only if there are no members in the group. This happens due to target system behavior.

    • When you update a group, removing the last member of the group removes the entire group due to target system behavior. In this scenario, the WebEx connector returns error 404 as the update operation internally is carried out internally as

      1. update group name
      2. manage members
      3. retrieve updated group details
    • When a group member, who is a moderator of the group and whose credentials are used while providing consent for the Webex integration app, gets removed from the Webex connector group update operations or has been assigned as a normal member but not a moderator through the Webex Teams User Interface, then the Webex connector fails to update the group due to insufficient privileges on that particular the group.

    • Deleting or updating a deleted user results in error 403 due to target system behavior.

  • Apigee

    The Apigee connector allows you to connect Apigee with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Apigee's platform that allows you to design, secure, analyze, scale, publish, monitor, and manage the APIs.

    Supervisor configuration parameters

    To configure the connector, following parameters are required:

    • Connector name

    • UserName

    • Password

    • Organization

    • Target URL (Cloud application's instance URL used as target URI in payload)

    Supported objects and operations

    Users

    Table 316: Supported operations for Users
    Operation VERB
    Create User POST
    Update User PUT
    Delete User DELETE
    Get User by ID GET
    Get All Users GET

    Roles

    Table 317: Supported operations for Roles
    Operation Operation
    Get Role by id GET
    Get All Roles GET

    Mandatory fields

    This section lists the mandatory fields required to create a User or Group:

    Users

    • Name.GivenName

    • Name.FamilyName

    • Emails.Value

    • Password

    User and Group mapping

    The user and group mappings are listed in the tables below.

    Table 318: User mapping
    SCIM Parameter Apigee parameter
    id emailId
    userName emailId
    DisplayName firstName+lastName
    Name.GivenName firstName
    Name.FamilyName lastName
    Emails.Value emailId
    Roles[].value (userRolesResponse)role[].name
    Password Password

    Role

    Table 319: Role mapping
    SCIM Parameter Apigee parameter
    id name
    name name

    Connector limitations

    • At least one role must be assigned to the created user. If the role is not assigned to the user, the particular user is not visible on the User management dashboard of the target instance due to the limitation of the target system.

    • Get All Users does not return the displayName as it is not available in the target system. However, Get User by ID returns the display name with the other available attributes of the User.

    • Create User operation fails intermittently and an Internal Server Error 500 is displayed due to the Target system API behavior.
    • The Get All and Create User operations may occasionally take more time to respond for requests.

    • Apigee Connector does not support pagination for Users and Roles object types due to API limitation in the target system.
    • The connector does not support special characters in the object ID. For more information, see Connectors that do not support special characters in the object ID.

    Synchronization and integration of Roles object type with One Identity Manager

    For more information, see Synchronization and integration of Roles object type with One Identity Manager.

    Related Documents

    The document was helpful.

    Select Rating

    I easily found the information I needed.

    Select Rating