Chat now with support
Chat with Support

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID

Mandatory fields

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Supervisor configuration parameters

To configure the connector, following parameters are required. For more information, refer How to create Service Principal to authenticate the resource management REST APIs:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

ManagementGroups

Table 354: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 355: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 356: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 357: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 358: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 359: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 360: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 361: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Create RoleAssignments

POST

Delete RoleAssignments

DELETE

This section lists the mandatory field required to CREATE.

RoleAssignments

  • roleDefinitionId
  • principalId
  • scope

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 362: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 363: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 364: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 365: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 366: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 367: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 368: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 369: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

properties.assignableScopes

assignableScopes

Connector limitations

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

Attributes Mappings

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Supervisor configuration parameters

To configure the connector, following parameters are required. For more information, refer How to create Service Principal to authenticate the resource management REST APIs:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

ManagementGroups

Table 354: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 355: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 356: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 357: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 358: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 359: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 360: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 361: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Create RoleAssignments

POST

Delete RoleAssignments

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE.

RoleAssignments

  • roleDefinitionId
  • principalId
  • scope

Different mappings associated with this connector are listed in the tables below.

Table 362: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 363: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 364: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 365: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 366: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 367: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 368: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 369: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

properties.assignableScopes

assignableScopes

Connector limitations

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

Connector limitations

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Supervisor configuration parameters

To configure the connector, following parameters are required. For more information, refer How to create Service Principal to authenticate the resource management REST APIs:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

ManagementGroups

Table 354: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 355: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 356: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 357: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 358: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 359: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 360: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 361: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Create RoleAssignments

POST

Delete RoleAssignments

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE.

RoleAssignments

  • roleDefinitionId
  • principalId
  • scope

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 362: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 363: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 364: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 365: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 366: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 367: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 368: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 369: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

properties.assignableScopes

assignableScopes

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

Oracle Fusion Cloud

The Oracle Fusion Cloud is a next-generation service-oriented platform and applications suite that caters to the enterprise technologies, applications, and services, including Oracle Fusion Applications and Oracle Fusion Middleware, to change the dynamics in the applications marketplace and revolutionize business.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 370: Supported operations for users

Operation

VERB

Create User

POST

Get a User

GET

Get all Users

GET

Get all Users with Pagination

GET

Update Users

PUT

Delete User

DELETE

Roles

Table 371: Supported operations for roles

Operation

VERB

Get a Role GET

Get all Roles

GET

Get all Roles with pagination

GET

Update Role

PUT

Employees

Table 372: Supported operations for Employees

Operation

VERB

Create Employee

POST

Get an Employee

GET

Get All Employees

GET

Update Employee

PUT

Data Securitiees

Table 373: Supported operations for Data Securities

Operation

VERB

List Data Securities

GET

Get Data Security

GET

Create Data Security

POST

Update Data Security

PUT

NOTE: Data Securities feature is still in beta.

Future Dated Employees

Table 374: Supported operations for Future Dated Employees

Operation

VERB

Get a Future Dated Employee

GET

Get All Future Dated Employees

GET

Mandatory Fields

This section lists the mandatory fields required to CREATE.

Users

  • userName

Employees

  • names[].LastName

  • names[].LegislationCode

  • workRelationships[].LegalEmployerName

  • workRelationships[].assignments[].ActionCode (in version 1.0)

  • workRelationships[].assignments[].BusinessUnitName (in version 1.0)

  • workRelationships[].assignmentsActionCode (in version 2.0)

  • workRelationships[].assignmentBusinessUnitName (in version 2.0)

NOTE: While creating employee, if emails attribute is present then EmailAddress and EmailType is mandatory. If phones attribute is present then PhoneNumber and PhoneType is mandatory and if addresses attribute is present then AddressType and Country is mandatory.

Data Securities

  • securityContext
  • securityContextValue
  • roleNameCr
  • userName

Mappings

Attributes mapping

Different mappings associated with this connector are listed in the tables below.

Table 375: User mapping
SCIM User OracleFusion User

active

active

displayName displayName

emails[].primary

emails[].primary

emails[].type

emails[].type

emails[].value emails[].value
id id

meta.created

meta.created

meta.lastModified

meta.lastModified

name.familyName name.familyName
name.givenName name.givenName

roles[].display

roles[].displayName

roles[].value

roles[].id

userName userName
Table 376: Role mapping
SCIM Role OracleFusion Role
category category
description description
displayName displayName
id id

Meta.Created

meta.created

meta.lastModified meta.lastModified
name name

members[].value

members[].value

Table 377: Employee mapping
SCIM Employee OracleFusion Employee
id PersonId
personId PersonId
personNumber PersonNumber
userId [GetUserIdByPersonNumber response].id
name.legislationCode names[].LegislationCode
name.firstName names[].FirstName
name.lastName names[].LastName
name.displayName names[].DisplayName
name.fullName names[].FullName
name.honors names[].Honors
name.knownAs names[].KnownAs
name.listName names[].ListName
name.middleNames names[].MiddleNames
name.orderName names[].OrderName
name.suffix names[].Suffix
name.title names[].Title
name.preNameAdjunct names[].PreNameAdjunct
name.previousLastName names[].PreviousLastName
name.localSuffix names[].LocalSuffix
name.localTitle names[].LocalTitle
name.localDisplayName names[].LocalDisplayName
name.localFirstName names[].LocalFirstName
name.localFullName names[].LocalFullName
name.localHonors names[].LocalHonors
name.localKnownAs names[].LocalKnownAs
name.localLastName names[].LocalLastName
name.localListName names[].LocalListName
name.localMiddleNames names[].LocalMiddleNames
name.localOrderName names[].LocalOrderName
name.localPreNameAdjunct names[].LocalPreNameAdjunct
name.localPreviousLastName names[].LocalPreviousLastName
name.nameInformation1 through name.nameInformation30 names[].NameInformation1 through names[].NameInformation30
name.localNameInformation1 through name.localNameInformation30 names[].LocalNameInformation1 through names[].LocalNameInformation30
emails[].emailAddress emails[].EmailAddress
emails[].emailType emails[].EmailType
emails[].primaryFlag emails[].PrimaryFlag
addresses[].addressLine1 through addresses[].addressLine4 addresses[].AddressLine1 through addresses[].AddressLine4
addresses[].addressType addresses[].AddressType
addresses[].building addresses[].Building
addresses[].floorNumber addresses[].FloorNumber
addresses[].country addresses[].Country
addresses[].primaryFlag addresses[].PrimaryFlag
addresses[].postalCode addresses[].PostalCode
addresses[].longPostalCode addresses[].LongPostalCode
addresses[].townOrCity addresses[].TownOrCity
addresses[].region1 through addresses[].region3 addresses[].Region1 through addresses[].Region3
addresses[].addlAddressAttribute1 through addresses[].addlAddressAttribute5 addresses[].AddlAddressAttribute1 through addresses[].AddlAddressAttribute5
phones[].phoneNumber phones[].PhoneNumber
phones[].phoneType phones[].PhoneType
phones[].areaCode phones[].AreaCode
phones[].countryCodeNumber phones[].CountryCodeNumber
phones[].primaryFlag phones[].PrimaryFlag
workRelationships[].legalEntityId (in v1.0) workRelationships[0].LegalEntityId
workRelationships[].legalEmployerName (in v1.0) workRelationships[0].LegalEmployerName
workRelationships[].workerType (in v1.0) workRelationships[0].WorkerType
workRelationships[].legislationCode (in v1.0) workRelationships[0].LegislationCode
workRelationships[].startDate (in v1.0) workRelationships[0].StartDate
workRelationships[].legalEntityId (v2.0 onwards) workRelationships[].LegalEntityId (the workRelationship startDate <= current date and termination date is null or if present should be >= current date)
workRelationships[].legalEmployerName (v2.0 onwards) workRelationships[].LegalEmployerName (the workRelationship startDate <= current date and termination date is null or if present should be >= current date)
workRelationships[].workerType (v2.0 onwards) workRelationships[].WorkerType (the workRelationship startDate <= current date and termination date is null or if present should be >= current date)
workRelationships[].legislationCode (v2.0 onwards) workRelationships[].LegislationCode (the workRelationship startDate <= current date and termination date is null or if present should be >= current date)
workRelationships[].startDate (v2.0 onwards) workRelationships[].StartDate (the workRelationship startDate <= current date and termination date is null or if present should be >= current date)
workRelationships[].assignments[0].actionCode (in v1.0) workRelationships[].assignments[0].ActionCode
workRelationships[].assignments[0].businessUnitName (in v1.0) workRelationships[].assignments[0].BusinessUnitName
workRelationships[].terminationDate (v2.0 onwards) workRelationships[].TerminationDate (the workRelationship startDate <= current date and termination date is null or if present should be >= current date)
workRelationships[].assignmentPeopleGroup (v2.0 onwards) workRelationships[].assignments[].PeopleGroup (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentEffectiveStartDate (v2.0 onwards) workRelationships[].assignments[].EffectiveStartDate (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentEffectiveEndDate (v2.0 onwards) workRelationships[].assignments[].EffectiveEndDate (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentWorkerCategory (v2.0 onwards) workRelationships[].assignments[].WorkerCategory (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentCategory (v2.0 onwards) workRelationships[].assignments[].AssignmentCategory (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentManagerFlag (v2.0 onwards) workRelationships[].assignments[].ManagerFlag (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentPositionId (v2.0 onwards) workRelationships[].assignments[].PositionId (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentPositionCode (v2.0 onwards) workRelationships[].assignments[].AssignmentCode (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentDepartmentId (v2.0 onwards) workRelationships[].assignments[].DepartmentId (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentDepartmentName (v2.0 onwards) workRelationships[].assignments[].DepartmentName (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentStatusTypeCode (v2.0 onwards) workRelationships[].assignments[].AssignmentStatusTypeCode (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentStatusType (v2.0 onwards) workRelationships[].assignments[].AssignmentStatusType (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentActionCode (v2.0 onwards) workRelationships[].assignments[].ActionCode (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentBusinessUnitId (v2.0 onwards) workRelationships[].assignments[].BusinessUnitId (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].assignmentBusinessUnitName (v2.0 onwards) workRelationships[].assignments[].BusinessUnitName (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].managerAssignmentNumber (v2.0 onwards) workRelationships[].assignments[].managers[0].ManagerAssignmentNumber (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
workRelationships[].contractEndDate (v2.0 onwards) workRelationships[].assignments[].assignmentsDFF[0].ContractEndDate (the workRelationship startDate <= current date and termination date is null or if present should be >= current date and the workRelationship's assignment where AssignmentStatusTypeCode = ACTIVE_PROCESS)
dateOfBirth DateOfBirth
townOfBirth TownOfBirth
countryOfBirth CountryOfBirth
gender (v2.0 onwards) legislativeInfo[0].Gender
nationalIdentifierNumber (v2.0 onwards) nationalIdentifiers (where PrimaryFlag = true).NationalIdentifierNumber
nationalIdentifierType (v2.0 onwards) nationalIdentifiers (where PrimaryFlag = true).NationalIdentifierType
meta.created CreationDate
meta.lastModified LastUpdateDate

NOTE:

  • The nameInformation1 is not considered for some of the legislationCode for Create Employee.

  • Supported Updation of first object of Emails, Phones and Addresses.

  • If Phones, Emails, Addresses does not exist for an Employee so for creating a new one we have some mandatory fields

    • For Addresses : AddressType and Country are mandatory.

    • For Phones : PhoneNumber and PhoneType are mandatory.

    • For Emails : EmailAddress and EmailType are mandatory.

Table 378: Data Securities mapping
SCIM Security OracleFusion Data Security
id UserRoleDataAssignmentId
userName UserName
roleNameCr RoleNameCr
securityContext SecurityContext

securityContextValue

SecurityContextValue

active ActiveFlag
meta.Created CreationDate

Meta.LastModified

LastUpdateDate

Table 379: FutureDatedEmployees mappings
SCIM Security FutureDatedEmployees
Mappings are same as in Employee endpoint

Steps to sync the roles in OracleFusionCloud

User and Employee Objects are available and synced by default, but not Roles. To sync Roles, follow the below steps:

  1. Log in to the instance.

  2. Navigate to: My Enterprise > Setup and Maintenance > Initial Users > Run User and Roles Synchronization process.

OneIM E2E Integration Needs

The OracleFusionCloud connector has Employees endpoints along with Users and Roles which is different when compared to the other Starling connectors. None of the existing OneIM Synchronization templates available for SCIM Connector or CHS modules template work with OracleFusionCloud connector.

Here is more explanation on the same:

  • The regular "SCIM Synchronization" and "One Identity Starling Connect Synchronization" template cannot be used while the synchronization project is created since the addition endpoint Employees is there along with Users and Roles.

  • The "One Identity Starling Connect HR" template cannot be used because there are no costcenter and location endpoint available in OracleFusionCloud, is mandatory for the One Identity Starling Connect HR template to be used.

Recommended Approach

  • Use a blank project template and the do the manual mappings.

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of Oracle Fusion Cloud connector are:

  • v1.0

  • v2.0

Features available exclusively in Oracle Fusion Cloud v.2.0

  • New attributes are supported under employees and future dated employees. The attribute 'workRelationships~assignments' which was is a multi-valued complex attribute in version 1.0 of the connector has been removed. Instead of that, some attributes under 'assignment' have been added under 'workRelationships' with 'assignment' as the name prefix.

Support for filter condition

OracleFusionCloud connector supports the filter condition for all the endpoints. We could apply the filter condition and take the filtered records from OracleFusionCloud target system.

  1. The connector supports filter conditions for all the endpoints.
  2. The connector supports only the double quotes in the filter value (ex. userName eq "testUser")
  3. Filter condition should follow the syntax ex: 1.<attribute_name><space><operator><space>'<string_value>
  4. Supports the following operators to filter the values: eq, ne, sw, co, ew, gt, ge, lt, le
  5. Supports only AND, OR logical operators for users, roles, employees, futureDatedEmployees
  6. Supports only OR logical operators for dataSecurities.
  7. For users, roles, employees, futureDatedEmployees and dataSecurities the logical operator supports the combination with all the attributes.

NOTE: In Users OR logical operator combinations are not supported with active to other attributes.

Supported attributes for filter

Below is the list of endpoints with details on attributes that can be used in filter conditions.

Users

  • id
  • userName
  • displayName
  • emails.value
  • name.givenName
  • name.familyName
  • active

Roles

  • id
  • name
  • displayName
  • category
  • description

Employees/FutureDatedEmployees

  • id

  • personId

  • personNumber

  • name.firstName

  • name.lastName

  • displayName

  • emails.emailAddress

  • workRelationships.legislationCode

  • workRelationships.legalEmployerName

  • phones.phoneNumber

  • addresses.country

  • addresses.townOrCity

DataSecurities

  • Id
  • userName
  • roleNameCr
  • securityContextValue
  • securityContext
  • active

Connector Limitations

  • List response of users would be relatively slow as the connector makes additional requests to exclude the system users and reserved users since these users are not retrievable using GET request but are retrievable in LIST request.

  • Update Employee will only done when values for some attributes (LastName , LegislationCode , EmailType, EmailAddress, PhoneType, PhoneNumber, AddressType, Country, CountryOfBirth ) are provided , otherwise it will take the existing value.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating