立即与支持人员聊天
与支持团队交流

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Microsoft Entra ID Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Microsoft Entra ID tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

User centric membership

This section describes the procedure to configure One Identity Manager to achieve User centric membership operation. The following tools are used to configure the configure One Identity Manager to achieve User centric membership: Synchronization Editor, Schema Extension, and Designer.

To to configure One Identity Manager to achieve User centric membership

  1. Using Synchronization Editor.
    1. Creating a new schema class using Synchronization Editor
    2. Configuring User centric membership for Groups, UserGroups and AccountGroups using Synchronization Editor.
  2. Using Schema Extension.
  3. Using Designer.

Creating a new schema class using Synchronization Editor

This section describes the procedure to create a new schema class. Synchronization Editor is used to create a new schema class.

This is an example of how to create a new schema class. In this example, a schema class named UCIGroup(Group) is created for the Group resource type.

To create a new schema class

  1. Launch the Synchronization Editor.
  2. Select Configurations | One Identity Manager connection | Schema classes.
  3. Click + to create a new schema class.
  4. In the New schema class window, select UCIGroup from Schema type list and enter the values of the other fields as shown in the table below
    Table 450: New schema class UCIGroup(Group)Group for Group
    Field Value
    Schema Type UCIGroup
    Display Name UCIGroup(Group)
    Class Name UCIGroup_Group
    Description UCIGroup_Group
    System Objects --> Condition ResourceType = Group

    NOTE: A similar table is available in the corresponding sections to create the other schema classes.

  5. Click Ok.

NOTE: Similarly, you can create the other schema classes by referring to the values in the corresponding tables in the corresponding sections.

Configuring User centric membership for Groups, UserGroups and AccountGroups using Synchronization Editor

This section describes the procedures to configure User centric memberships for Groups, UserGroups and AccountGroups.

For more information see:

Configuring User centric membership for Groups

This section describes the procedure to configure User centric membership for Groups in Synchronization Editor.

To configure User centric membership for Groups

  1. Create the new schema class UCIGroup(Group), with UCIGroup Schema type, using the details provided in the table:
    Table 451: New schema class UCIGroup(Group)Group for Group
    Field Value
    Schema Type UCIGroup
    Display Name UCIGroup(Group)
    Class Name UCIGroup_Group
    Description UCIGroup_Group
    System Objects --> Condition ResourceType = Group

    NOTE: Synchronization Editor is used to create a new schema class. For more information, see Creating a new schema class using Synchronization Editor.

  2. Create the new schema class UCIUserInGroup(Group), with Schema typeUCIUserInGroup, using the details provided in the table:
    Table 452: New schema class UCIUserInGroup(Group) for Group
    Field Value
    Schema Type UCIUserInGroup
    Display Name UCIUserInGroup(Group)
    Class Name UCIUserInGroup_Group
    Description UCIUserInGroup_Group
    System Objects --> Condition UID_UCIGroup <> 'leave it as empty'

    System filter

    UID_UCIGroup in (select UID_UCIGroup from UCIGroup where ResourceType = 'Group')

  3. Click Commit to database in the Synchronization Editor.

    The new schema classes are created and the changes are saved.

  4. Navigate to Target system and click Update schema to perform a schema update.

  5. Edit default mapping for Group.

    To edit default mapping for Group:

    1. In the Navigation pane, select Mappings| Group.
    2. In the Mappings section, click Edit Map.
    3. In the Edit map... window, in the Relation section, click Edit.
    4. Select the values from the lists as shown in the following table and click Ok:
      Table 453: Edit default mapping for Group
      List Value
      One Identity Manager schema class UCIGroup(Group)
      Target system schema class Group (all)

      NOTE: Add the group members mapping under User object in Synchronization Editor.

  6. Create <vrtMembers> property for Groups

    Add vrtMembersGroup parameter with M:N type schema type with the below configuration.

    To add the virtual parameters:

    1. Select Mappings| User.
    2. Select + in the User pane to create a property.
    3. In the Create property window, from the Property type list, select Members of M:N schema types .
    4. Enter the following values in the fields mentioned in the table, and select the options listed below:
      Table 454: Virtual parameters
      Field/ Option Value
      Name vrtMembersGroup
      Display name GroupMembers

      Select the following options:

      • Ignore case
      • Try to mark the objects for deletion (outstanding)
    5. In the M:N schema types section at the bottom of the window, select UCIUserinGroup(Group), UID_UCIUser, and UID_UCIGroup.
    6. In the Members UCIGroup section, select ObjectGUID .

      NOTE: Select UCIUserInGroup(Group) schema type for vrtMembersGroup parameter.

    7. Click Ok.
  7. Create mapping for groups~value as shown below with mapping direction.

    To create mappings:

    1. Select Mappings| User.
    2. Select vrtMembersGroup in the User pane.
    3. Create mappings for Groups under User object.

      NOTE: You can create a mapping by dragging the property vrtMembersGroup in the UCIUser pane and dropping it to the property groups~value in the SCIMUser pane.

    4. Click Commit to database to save the changes.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级