立即与支持人员聊天
与支持团队交流

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Connector limitations

GoToMeeting is an online tool for meeting planning. The connector integrates with multiple other products and plug-ins, allowing users to easily connect to create, organize, and host meetings across a common platform.

For more information on generating a private key for a service account, see Generating a private key in GoToMeeting.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Username

  • Password
  • Client Id

  • Client Secret

  • Account key
  • Target URL (Cloud application's instance URL used as target URI in payload - Example: https://api.getgo.com/admin/rest/v1/)

Supported objects and operations

Users

Table 192: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Delete User

DELETE

Get User

GET

Get Users

GET

Get All Users with Pagination

GET

Groups

Table 193: Supported operations for Groups

Operation

VERB

Create Group

POST

Update Group

PUT

Delete Group

DELETE

Get Group

GET

Get Groups

GET

Get All Groups with Pagination

GET

Mandatory fields

Users

  • Email

  • givenName

  • familyName

Groups

displayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 194: User mapping
SCIM parameter GoToMeeting parameter
Id key
UserName email
Name.givenName firstName
Name.familyName lastName
Name.formatted firstName+""+lastName
DisplayName firstName+""+lastName

emails[0].value

email

locale

locale

Timezone

timeZone

Groups[].Value

groupKey

Groups[].display

groupName

Groups

Table 195: Group mapping
SCIM parameter GoToMeeting parameter
Id key
DisplayName name
members[].value userKeys[]
  • For Users and Groups objects, the Created and Last Modified date are not displayed.

  • When trying to create a duplicate entry of the user who already exists, the connector returns status code 201.

  • Group membership operation is not supported.

  • When trying to retrieve a user by their ID using invalid alphanumeric IDs, the connector returns status code 502 instead of 404.
  • When trying to create a new user with the same email ID of a deleted user, the connector activates the deleted user instead of creating a new user.

 

Coupa

Coupa connector allows users to move data in and out of Coupa. It lets you manage spend more efficiently by being able to integrate and access spend management and data for expenses, and integrate with other cloud applications.

Supervisor configuration parameters for Coupa v.1.0

To configure the connector, the following parameters are required:

Configuring custom attributes for Coupa v.1.0

You can configure custom attributes for the Coupa v.1.0 connector when you configure the connector in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in Coupa v.1.0 , see Configuring custom attributes for Coupa v.1.0.

Supervisor configuration parameters for Coupa v.1.1

For more information, refer Refer Creating integration Connect Client in Coupa.

You can configure custom attributes for the Coupa v.1.1 connector similar to configuring the Coupa v1.0, in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in Coupa v.1.1 , see Configuring custom attributes for Coupa v.1.0.

Supervisor configuration parameters for Coupa v.2.0

To configure the connector, the following parameters are required:

Configuring custom attributes for Coupa v.2.0

You can configure custom attributes for the Coupav.2.0 connector in Starling Connect for the User object in the Custom Attributes section in Schema Configuration.

NOTE:

  • Coupa cloud application allows you to create custom attributes only for User objects.
  • For more information about how to configure custom attributes in Coupa v.2.0 , see Configuring custom attributes in connectors.

Supported objects and operations

Users

Table 196: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Get User by id

GET

Get All Users

GET

Get All Users with Pagination

GET

Update Role Membership

PUT

Update Group Membership

PUT

Update UserGroups Membership

PUT

Update AccountGroups Membership

PUT

NOTE: The membership operations are user based operations according to target system behavior from Coupa.

Groups

Table 197: Supported operations for Groups

Operation

VERB

Get Group by id

GET

Get All Groups

GET

Get All Groups with Pagination

GET

Roles

Table 198: Supported operations for Roles

Operation

VERB

Get Roles by id

GET

Get All Roles

GET

Get All Roles with Pagination

GET

UserGroups

Table 199:  

Operation

VERB
Get UserGroups by id GET
Get All UserGroups GET
Get All UserGroups with pagination GET

AccountGroups

Table 200:  

Operation

VERB
Get AccountGroups by id GET
Get All AccountGroups GET
Get All AccountGroups with pagination GET

Mandatory fields

Users

  • Username

  • Email
  • FirstName

  • LastName

Groups

NA

User and Group mapping

The user and group mappings are listed in the tables below.

Table 201: User mapping
SCIM parameter Coupa parameter
Id id
UserName login
Name.GivenName firstname
Name.FamilyName lastame
Name.Formatted fullname
DisplayName fullname
Emails[0].value email
Photos avatar-thumb-url
Addresses.StreetAddress default-address[0].street1
Addresses.Locality default-address[0].city
Addresses.Region default-address[0].state

Addresses.PostalCode

default-address[0].postal-code

Addresses.Country

default-address[0].country[0].name

Groups.value

content-groups[x].id

Groups.display

content-groups[x].name

Roles.value

roles.id

Roles.display

roles.name

Active

active

Locale

default-locale

PreferredLanguage

default-locale

Extension.Manager.value

manager.id

Extension.EmployeeNumber

employee-number

Extension.CostCenter

custom-fields.default-user-cost-center

Extension.AuthenticationMethod

authentication-method

Extension.SsoIdentifier

sso-identifier

Extension.PurchasingUser

purchasing-user

Extension.ExpenseUser

expense-user

Extension.SourcingUser

sourcing-user

Extension.InventoryUser

inventory-user

Extension.ContractsUser

contracts-user

Extension.AnalyticsUser

analytics-user

Extension.invoiceApprovalLimit

invoice-approval-limit

Extension.invoiceSelfApprovalLimit

invoice-self-approval-limit

Extension.requisitionApprovalLimit

Requisition-approval-limit

Extension.requisitionSelfApprovalLimit

Requisition-self-approval-limit

Extension.contractApprovalLimit

Contract-approval-limit

Extension.contractSelfApprovalLimit

Contract-self-approval-limit

Extension.workConfirmationApprovalLimit

work-confirmation-approval-

limit

Extension.defaultChartOfAccountsName

default-account.name

Extension.defaultAccountCode

default-account.code

Extension.defaultAccountCodeSegment1

default-account.segment1

Extension.defaultAccountCodeSegment2

default-account.segment2

Extension.defaultCurrency

default-currency

Extension.defaultAddressLocationCode

default-address.location-code

Extension.accountSecurityType

account-security-type

Extension.businessGroupSecurityType

business-group-security-type

Extension.mentionName

mention-name

Extension.AccountGroups

account-groups[]

Extension.ApprovalGroups

approval-groups[]

Created

created-at

LastModified

updated-at

Extension.expenseSelfApprovalLimit

expense-self-approval-limit

Extension.expenseApprovalLimit

expense-approval-limit

Groups

Table 202: Group mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Roles

Table 203: Roles mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

UserGroups

Table 204: UserGroups (or ApprovalGroups) mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

AccountGroups

Table 205: AccountGroups mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Coupa Connector has the capability of performing granular data update of Users object type and it is available exclusively with version 3.0. This allows customers to modify the User object by passing only the selected attribute and the value to be modified. This has been implemented by enabling the PATCH operation recommended by SCIM standard. This change can be witnessed on One Identity Manager by using any debug tool to capture the request sent. However, the prior versions of the connector continue to work with PUT without any change.

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of Coupa connector are:

  • v.1.0
  • v.1.1
  • v.2.0

NOTE: For more information, see Connector versions.

Features available exclusively in Coupa v.1.1

  • Support for Oauth Authentication that is based out of v.1.0.

Features available exclusively in Coupa v.2.0

  • Support for OAuth Authentication

  • Support for schema configuration by adding custom attributes

Connector limitations

  • The SCIM Pagination Parameter ( rfc: https://tools.ietf.org/html/rfc7644#section-3.4.2.4 ) Total Results is not returned due to the GetAllUsers API Limitation of COUPA target system, which returns only 50 objects per request. The impact of this is that One Identity Manager SCIM synchronization works on INDEX based logic for the pagination.

  • COUPA target system supports only Soft Delete of the User Object type. Because of this the GET All Users API returns both active and inactive users objects.

  • Starling COUPA connector facilitates two new SCIM endpoints namely Account-Groups and User-Groups. These endpoints support GET and GETALL operations only. This is in line with COUPA target API behavior where the CREATE, UPDATE, and DELETE operations are not allowed.

  • To accommodate modification of COUPA user object attributes default-account.segment-1 and default-account.segment-2, the User object type update operation is carried out in two steps:

    • Step -1: Updates values for all the attributes except default-account.segment-1 and default-account.segment-2.
    • Step -2: Updates values for default-account.segment-1 and default-account.segment-2 attributes.

    NOTE: As per the COUPA documentation, to set the attribute values of default-account.segment-1 and default-account.segment-2, values of account-security-type and default-account-type.name attributes should already be set.

  • While Provisioning or Update USER object, the value of attribute account-security-type of User Object is calculated using the values of default-account-type.name and account-groups attributes. This is inline with the COUPA target system documentation and per the customer requirements.

    For example:

    • account-security-type would be modified to value 2 if default-account-type.name has value and account-groups is not empty.
    • account-security-type would be modified to value 1 if default-account-type.name has value and account-groups is empty.
    • account-security-type would not be modified if default-account-type.name does not have value.

Synchronization and integration of Roles object type with One Identity Manager

For more information, see Synchronization and integration of Roles object type with One Identity Manager

User centric membership configuration for Coupa

For more information, see User centric membershipUser centric membership configuration

Supervisor configuration parameters for Coupa v.1.0

Coupa connector allows users to move data in and out of Coupa. It lets you manage spend more efficiently by being able to integrate and access spend management and data for expenses, and integrate with other cloud applications.

To configure the connector, the following parameters are required:

Configuring custom attributes for Coupa v.1.0

You can configure custom attributes for the Coupa v.1.0 connector when you configure the connector in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in Coupa v.1.0 , see Configuring custom attributes for Coupa v.1.0.

Supervisor configuration parameters for Coupa v.1.1

For more information, refer Refer Creating integration Connect Client in Coupa.

You can configure custom attributes for the Coupa v.1.1 connector similar to configuring the Coupa v1.0, in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in Coupa v.1.1 , see Configuring custom attributes for Coupa v.1.0.

Supervisor configuration parameters for Coupa v.2.0

To configure the connector, the following parameters are required:

Configuring custom attributes for Coupa v.2.0

You can configure custom attributes for the Coupav.2.0 connector in Starling Connect for the User object in the Custom Attributes section in Schema Configuration.

NOTE:

  • Coupa cloud application allows you to create custom attributes only for User objects.
  • For more information about how to configure custom attributes in Coupa v.2.0 , see Configuring custom attributes in connectors.

Supported objects and operations

Users

Table 196: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Get User by id

GET

Get All Users

GET

Get All Users with Pagination

GET

Update Role Membership

PUT

Update Group Membership

PUT

Update UserGroups Membership

PUT

Update AccountGroups Membership

PUT

NOTE: The membership operations are user based operations according to target system behavior from Coupa.

Groups

Table 197: Supported operations for Groups

Operation

VERB

Get Group by id

GET

Get All Groups

GET

Get All Groups with Pagination

GET

Roles

Table 198: Supported operations for Roles

Operation

VERB

Get Roles by id

GET

Get All Roles

GET

Get All Roles with Pagination

GET

UserGroups

Table 199:  

Operation

VERB
Get UserGroups by id GET
Get All UserGroups GET
Get All UserGroups with pagination GET

AccountGroups

Table 200:  

Operation

VERB
Get AccountGroups by id GET
Get All AccountGroups GET
Get All AccountGroups with pagination GET

Mandatory fields

Users

  • Username

  • Email
  • FirstName

  • LastName

Groups

NA

User and Group mapping

The user and group mappings are listed in the tables below.

Table 201: User mapping
SCIM parameter Coupa parameter
Id id
UserName login
Name.GivenName firstname
Name.FamilyName lastame
Name.Formatted fullname
DisplayName fullname
Emails[0].value email
Photos avatar-thumb-url
Addresses.StreetAddress default-address[0].street1
Addresses.Locality default-address[0].city
Addresses.Region default-address[0].state

Addresses.PostalCode

default-address[0].postal-code

Addresses.Country

default-address[0].country[0].name

Groups.value

content-groups[x].id

Groups.display

content-groups[x].name

Roles.value

roles.id

Roles.display

roles.name

Active

active

Locale

default-locale

PreferredLanguage

default-locale

Extension.Manager.value

manager.id

Extension.EmployeeNumber

employee-number

Extension.CostCenter

custom-fields.default-user-cost-center

Extension.AuthenticationMethod

authentication-method

Extension.SsoIdentifier

sso-identifier

Extension.PurchasingUser

purchasing-user

Extension.ExpenseUser

expense-user

Extension.SourcingUser

sourcing-user

Extension.InventoryUser

inventory-user

Extension.ContractsUser

contracts-user

Extension.AnalyticsUser

analytics-user

Extension.invoiceApprovalLimit

invoice-approval-limit

Extension.invoiceSelfApprovalLimit

invoice-self-approval-limit

Extension.requisitionApprovalLimit

Requisition-approval-limit

Extension.requisitionSelfApprovalLimit

Requisition-self-approval-limit

Extension.contractApprovalLimit

Contract-approval-limit

Extension.contractSelfApprovalLimit

Contract-self-approval-limit

Extension.workConfirmationApprovalLimit

work-confirmation-approval-

limit

Extension.defaultChartOfAccountsName

default-account.name

Extension.defaultAccountCode

default-account.code

Extension.defaultAccountCodeSegment1

default-account.segment1

Extension.defaultAccountCodeSegment2

default-account.segment2

Extension.defaultCurrency

default-currency

Extension.defaultAddressLocationCode

default-address.location-code

Extension.accountSecurityType

account-security-type

Extension.businessGroupSecurityType

business-group-security-type

Extension.mentionName

mention-name

Extension.AccountGroups

account-groups[]

Extension.ApprovalGroups

approval-groups[]

Created

created-at

LastModified

updated-at

Extension.expenseSelfApprovalLimit

expense-self-approval-limit

Extension.expenseApprovalLimit

expense-approval-limit

Groups

Table 202: Group mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Roles

Table 203: Roles mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

UserGroups

Table 204: UserGroups (or ApprovalGroups) mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

AccountGroups

Table 205: AccountGroups mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Coupa Connector has the capability of performing granular data update of Users object type and it is available exclusively with version 3.0. This allows customers to modify the User object by passing only the selected attribute and the value to be modified. This has been implemented by enabling the PATCH operation recommended by SCIM standard. This change can be witnessed on One Identity Manager by using any debug tool to capture the request sent. However, the prior versions of the connector continue to work with PUT without any change.

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of Coupa connector are:

  • v.1.0
  • v.1.1
  • v.2.0

NOTE: For more information, see Connector versions.

Features available exclusively in Coupa v.1.1

  • Support for Oauth Authentication that is based out of v.1.0.

Features available exclusively in Coupa v.2.0

  • Support for OAuth Authentication

  • Support for schema configuration by adding custom attributes

Connector limitations

  • The SCIM Pagination Parameter ( rfc: https://tools.ietf.org/html/rfc7644#section-3.4.2.4 ) Total Results is not returned due to the GetAllUsers API Limitation of COUPA target system, which returns only 50 objects per request. The impact of this is that One Identity Manager SCIM synchronization works on INDEX based logic for the pagination.

  • COUPA target system supports only Soft Delete of the User Object type. Because of this the GET All Users API returns both active and inactive users objects.

  • Starling COUPA connector facilitates two new SCIM endpoints namely Account-Groups and User-Groups. These endpoints support GET and GETALL operations only. This is in line with COUPA target API behavior where the CREATE, UPDATE, and DELETE operations are not allowed.

  • To accommodate modification of COUPA user object attributes default-account.segment-1 and default-account.segment-2, the User object type update operation is carried out in two steps:

    • Step -1: Updates values for all the attributes except default-account.segment-1 and default-account.segment-2.
    • Step -2: Updates values for default-account.segment-1 and default-account.segment-2 attributes.

    NOTE: As per the COUPA documentation, to set the attribute values of default-account.segment-1 and default-account.segment-2, values of account-security-type and default-account-type.name attributes should already be set.

  • While Provisioning or Update USER object, the value of attribute account-security-type of User Object is calculated using the values of default-account-type.name and account-groups attributes. This is inline with the COUPA target system documentation and per the customer requirements.

    For example:

    • account-security-type would be modified to value 2 if default-account-type.name has value and account-groups is not empty.
    • account-security-type would be modified to value 1 if default-account-type.name has value and account-groups is empty.
    • account-security-type would not be modified if default-account-type.name does not have value.

Synchronization and integration of Roles object type with One Identity Manager

For more information, see Synchronization and integration of Roles object type with One Identity Manager

User centric membership configuration for Coupa

For more information, see User centric membershipUser centric membership configuration

Supported objects and operations

Coupa connector allows users to move data in and out of Coupa. It lets you manage spend more efficiently by being able to integrate and access spend management and data for expenses, and integrate with other cloud applications.

Supervisor configuration parameters for Coupa v.1.0

To configure the connector, the following parameters are required:

Configuring custom attributes for Coupa v.1.0

You can configure custom attributes for the Coupa v.1.0 connector when you configure the connector in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in Coupa v.1.0 , see Configuring custom attributes for Coupa v.1.0.

Supervisor configuration parameters for Coupa v.1.1

For more information, refer Refer Creating integration Connect Client in Coupa.

You can configure custom attributes for the Coupa v.1.1 connector similar to configuring the Coupa v1.0, in Starling Connect by adding the custom attributes in the Custom Properties field in the defined format.

NOTE:For more information about how to configure custom attributes in Coupa v.1.1 , see Configuring custom attributes for Coupa v.1.0.

Supervisor configuration parameters for Coupa v.2.0

To configure the connector, the following parameters are required:

Configuring custom attributes for Coupa v.2.0

You can configure custom attributes for the Coupav.2.0 connector in Starling Connect for the User object in the Custom Attributes section in Schema Configuration.

NOTE:

  • Coupa cloud application allows you to create custom attributes only for User objects.
  • For more information about how to configure custom attributes in Coupa v.2.0 , see Configuring custom attributes in connectors.

Users

Table 196: Supported operations for Users

Operation

VERB

Create User

POST

Update User

PUT

Get User by id

GET

Get All Users

GET

Get All Users with Pagination

GET

Update Role Membership

PUT

Update Group Membership

PUT

Update UserGroups Membership

PUT

Update AccountGroups Membership

PUT

NOTE: The membership operations are user based operations according to target system behavior from Coupa.

Groups

Table 197: Supported operations for Groups

Operation

VERB

Get Group by id

GET

Get All Groups

GET

Get All Groups with Pagination

GET

Roles

Table 198: Supported operations for Roles

Operation

VERB

Get Roles by id

GET

Get All Roles

GET

Get All Roles with Pagination

GET

UserGroups

Table 199:  

Operation

VERB
Get UserGroups by id GET
Get All UserGroups GET
Get All UserGroups with pagination GET

AccountGroups

Table 200:  

Operation

VERB
Get AccountGroups by id GET
Get All AccountGroups GET
Get All AccountGroups with pagination GET

Mandatory fields

Users

  • Username

  • Email
  • FirstName

  • LastName

Groups

NA

User and Group mapping

The user and group mappings are listed in the tables below.

Table 201: User mapping
SCIM parameter Coupa parameter
Id id
UserName login
Name.GivenName firstname
Name.FamilyName lastame
Name.Formatted fullname
DisplayName fullname
Emails[0].value email
Photos avatar-thumb-url
Addresses.StreetAddress default-address[0].street1
Addresses.Locality default-address[0].city
Addresses.Region default-address[0].state

Addresses.PostalCode

default-address[0].postal-code

Addresses.Country

default-address[0].country[0].name

Groups.value

content-groups[x].id

Groups.display

content-groups[x].name

Roles.value

roles.id

Roles.display

roles.name

Active

active

Locale

default-locale

PreferredLanguage

default-locale

Extension.Manager.value

manager.id

Extension.EmployeeNumber

employee-number

Extension.CostCenter

custom-fields.default-user-cost-center

Extension.AuthenticationMethod

authentication-method

Extension.SsoIdentifier

sso-identifier

Extension.PurchasingUser

purchasing-user

Extension.ExpenseUser

expense-user

Extension.SourcingUser

sourcing-user

Extension.InventoryUser

inventory-user

Extension.ContractsUser

contracts-user

Extension.AnalyticsUser

analytics-user

Extension.invoiceApprovalLimit

invoice-approval-limit

Extension.invoiceSelfApprovalLimit

invoice-self-approval-limit

Extension.requisitionApprovalLimit

Requisition-approval-limit

Extension.requisitionSelfApprovalLimit

Requisition-self-approval-limit

Extension.contractApprovalLimit

Contract-approval-limit

Extension.contractSelfApprovalLimit

Contract-self-approval-limit

Extension.workConfirmationApprovalLimit

work-confirmation-approval-

limit

Extension.defaultChartOfAccountsName

default-account.name

Extension.defaultAccountCode

default-account.code

Extension.defaultAccountCodeSegment1

default-account.segment1

Extension.defaultAccountCodeSegment2

default-account.segment2

Extension.defaultCurrency

default-currency

Extension.defaultAddressLocationCode

default-address.location-code

Extension.accountSecurityType

account-security-type

Extension.businessGroupSecurityType

business-group-security-type

Extension.mentionName

mention-name

Extension.AccountGroups

account-groups[]

Extension.ApprovalGroups

approval-groups[]

Created

created-at

LastModified

updated-at

Extension.expenseSelfApprovalLimit

expense-self-approval-limit

Extension.expenseApprovalLimit

expense-approval-limit

Groups

Table 202: Group mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Roles

Table 203: Roles mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

UserGroups

Table 204: UserGroups (or ApprovalGroups) mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

AccountGroups

Table 205: AccountGroups mapping
SCIM parameter Coupa parameter
Id id
DisplayName name
Created created-at

LastModified

updated-at

Coupa Connector has the capability of performing granular data update of Users object type and it is available exclusively with version 3.0. This allows customers to modify the User object by passing only the selected attribute and the value to be modified. This has been implemented by enabling the PATCH operation recommended by SCIM standard. This change can be witnessed on One Identity Manager by using any debug tool to capture the request sent. However, the prior versions of the connector continue to work with PUT without any change.

Connector versions and features

The following subsections describe the different connector version(s) and features available with them.

Supported Versions

The supported versions of Coupa connector are:

  • v.1.0
  • v.1.1
  • v.2.0

NOTE: For more information, see Connector versions.

Features available exclusively in Coupa v.1.1

  • Support for Oauth Authentication that is based out of v.1.0.

Features available exclusively in Coupa v.2.0

  • Support for OAuth Authentication

  • Support for schema configuration by adding custom attributes

Connector limitations

  • The SCIM Pagination Parameter ( rfc: https://tools.ietf.org/html/rfc7644#section-3.4.2.4 ) Total Results is not returned due to the GetAllUsers API Limitation of COUPA target system, which returns only 50 objects per request. The impact of this is that One Identity Manager SCIM synchronization works on INDEX based logic for the pagination.

  • COUPA target system supports only Soft Delete of the User Object type. Because of this the GET All Users API returns both active and inactive users objects.

  • Starling COUPA connector facilitates two new SCIM endpoints namely Account-Groups and User-Groups. These endpoints support GET and GETALL operations only. This is in line with COUPA target API behavior where the CREATE, UPDATE, and DELETE operations are not allowed.

  • To accommodate modification of COUPA user object attributes default-account.segment-1 and default-account.segment-2, the User object type update operation is carried out in two steps:

    • Step -1: Updates values for all the attributes except default-account.segment-1 and default-account.segment-2.
    • Step -2: Updates values for default-account.segment-1 and default-account.segment-2 attributes.

    NOTE: As per the COUPA documentation, to set the attribute values of default-account.segment-1 and default-account.segment-2, values of account-security-type and default-account-type.name attributes should already be set.

  • While Provisioning or Update USER object, the value of attribute account-security-type of User Object is calculated using the values of default-account-type.name and account-groups attributes. This is inline with the COUPA target system documentation and per the customer requirements.

    For example:

    • account-security-type would be modified to value 2 if default-account-type.name has value and account-groups is not empty.
    • account-security-type would be modified to value 1 if default-account-type.name has value and account-groups is empty.
    • account-security-type would not be modified if default-account-type.name does not have value.

Synchronization and integration of Roles object type with One Identity Manager

For more information, see Synchronization and integration of Roles object type with One Identity Manager

User centric membership configuration for Coupa

For more information, see User centric membershipUser centric membership configuration

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级