立即与支持人员聊天
与支持团队交流

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Mandatory fields

The Databricks connector allows you to connect Databricks with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Databricks' unified platform for data and Artificial Intelligence (AI). Databricks provides services that allow you to migrate complex and expensive on-premises data systems to cloud data platforms.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Access Token

  • Target URL (Format:- https://databricks_instance/api/2.0/preview/scim/v2)

Supported objects and operations

Users

Table 322: Supported operations for Users
Operation VERB
Create User POST
Get User GET
List Users GET
Update User PUT
Delete User DELETE

Groups

Table 323: Supported operations for Groups
Operation Operation
Create Group POST
Get Group GET

List Groups

GET

Update Group

PUT

Delete Group

DELETE

This section lists the mandatory fields required to create a User or Group:

Users

  • userName

Groups

  • displayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 324: User mapping
SCIM Parameter Databricks parameter
id id
userName userName
name.familyName name.familyName
name.givenName name.givenName
displayName displayName
emails[0].value emails[0].value
emails[0].type emails[0].type
emails[0].primary emails[0].primary

active

active

groups[].value

groups[].value

groups[].display

groups[].display

entitlements[].value

entitlements[].value

Group

Table 325: Group mapping
SCIM Parameter Databricks parameter
id id
displayName displayName

members[].value

members[].value

members[].display

members[].display

extension.parentGroups[].value

groups[].value

extension.parentGroups[].display

groups[].display

extension.entitlements[].value

entitlements[].value

Connector limitations

  • If User's displayName attribute is present in the request, then the name attributes are not considered. If displayName is not provided, the values from the name attributes would be considered.

  • The connector doesn't implement roles for Users. Roles endpoints are not supported at target system and the user can not be assigned with random text to the roles.

  • The connector does not implement modifying the entitlements for Users or Groups. Entitlements endpoints are not supported at target system. The User or Group can not be assigned with random text to the entitlements.

  • Create User operation can create only Active users in the target application. However, Update User operation can be used to make the user InActive.

  • When a user create operation is tried with userName of a deleted user, the target system re-activates the deleted user and returns the details of that deleted user (with any updated values for attributes from the create request) instead of creating a new user with new user id.

  • The Databricks REST API supports a maximum of 30 requests per second per workspace. A 429 response status code is displayed if the requests exceed the rate limit.

  • A Databricks admin user whose Personal Access Token is used to authorize the target endpoints and who is managed by the Identity Provider (IdP) can be deprovisioned using the IdP, which may cause the SCIM provisioning integration to be disabled.

  • No meta information is retrieved for users and groups.

  • Target system follows soft delete of resources. Inactivating a user by updating 'active' to 'false' soft-deletes the user and that user cannot be retrieved.

  • Group's members will not contain 'type' attribute with values 'User' / 'Group' as the target system does not return the type of the members. Groups in target system can have users and groups as members.

  • Delete group request with invalid id returns 204 because of the target API behavior. The target API returns success when a deleted group is tried deleting again.

  • List users and list groups APIs are relatively slow. Hence used very minimal set of attributes in the query attributes on these endpoint.

User and Group mapping

The Databricks connector allows you to connect Databricks with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Databricks' unified platform for data and Artificial Intelligence (AI). Databricks provides services that allow you to migrate complex and expensive on-premises data systems to cloud data platforms.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Access Token

  • Target URL (Format:- https://databricks_instance/api/2.0/preview/scim/v2)

Supported objects and operations

Users

Table 322: Supported operations for Users
Operation VERB
Create User POST
Get User GET
List Users GET
Update User PUT
Delete User DELETE

Groups

Table 323: Supported operations for Groups
Operation Operation
Create Group POST
Get Group GET

List Groups

GET

Update Group

PUT

Delete Group

DELETE

Mandatory fields

This section lists the mandatory fields required to create a User or Group:

Users

  • userName

Groups

  • displayName

The user and group mappings are listed in the tables below.

Table 324: User mapping
SCIM Parameter Databricks parameter
id id
userName userName
name.familyName name.familyName
name.givenName name.givenName
displayName displayName
emails[0].value emails[0].value
emails[0].type emails[0].type
emails[0].primary emails[0].primary

active

active

groups[].value

groups[].value

groups[].display

groups[].display

entitlements[].value

entitlements[].value

Group

Table 325: Group mapping
SCIM Parameter Databricks parameter
id id
displayName displayName

members[].value

members[].value

members[].display

members[].display

extension.parentGroups[].value

groups[].value

extension.parentGroups[].display

groups[].display

extension.entitlements[].value

entitlements[].value

Connector limitations

  • If User's displayName attribute is present in the request, then the name attributes are not considered. If displayName is not provided, the values from the name attributes would be considered.

  • The connector doesn't implement roles for Users. Roles endpoints are not supported at target system and the user can not be assigned with random text to the roles.

  • The connector does not implement modifying the entitlements for Users or Groups. Entitlements endpoints are not supported at target system. The User or Group can not be assigned with random text to the entitlements.

  • Create User operation can create only Active users in the target application. However, Update User operation can be used to make the user InActive.

  • When a user create operation is tried with userName of a deleted user, the target system re-activates the deleted user and returns the details of that deleted user (with any updated values for attributes from the create request) instead of creating a new user with new user id.

  • The Databricks REST API supports a maximum of 30 requests per second per workspace. A 429 response status code is displayed if the requests exceed the rate limit.

  • A Databricks admin user whose Personal Access Token is used to authorize the target endpoints and who is managed by the Identity Provider (IdP) can be deprovisioned using the IdP, which may cause the SCIM provisioning integration to be disabled.

  • No meta information is retrieved for users and groups.

  • Target system follows soft delete of resources. Inactivating a user by updating 'active' to 'false' soft-deletes the user and that user cannot be retrieved.

  • Group's members will not contain 'type' attribute with values 'User' / 'Group' as the target system does not return the type of the members. Groups in target system can have users and groups as members.

  • Delete group request with invalid id returns 204 because of the target API behavior. The target API returns success when a deleted group is tried deleting again.

  • List users and list groups APIs are relatively slow. Hence used very minimal set of attributes in the query attributes on these endpoint.

Connector limitations

The Databricks connector allows you to connect Databricks with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Databricks' unified platform for data and Artificial Intelligence (AI). Databricks provides services that allow you to migrate complex and expensive on-premises data systems to cloud data platforms.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Access Token

  • Target URL (Format:- https://databricks_instance/api/2.0/preview/scim/v2)

Supported objects and operations

Users

Table 322: Supported operations for Users
Operation VERB
Create User POST
Get User GET
List Users GET
Update User PUT
Delete User DELETE

Groups

Table 323: Supported operations for Groups
Operation Operation
Create Group POST
Get Group GET

List Groups

GET

Update Group

PUT

Delete Group

DELETE

Mandatory fields

This section lists the mandatory fields required to create a User or Group:

Users

  • userName

Groups

  • displayName

User and Group mapping

The user and group mappings are listed in the tables below.

Table 324: User mapping
SCIM Parameter Databricks parameter
id id
userName userName
name.familyName name.familyName
name.givenName name.givenName
displayName displayName
emails[0].value emails[0].value
emails[0].type emails[0].type
emails[0].primary emails[0].primary

active

active

groups[].value

groups[].value

groups[].display

groups[].display

entitlements[].value

entitlements[].value

Group

Table 325: Group mapping
SCIM Parameter Databricks parameter
id id
displayName displayName

members[].value

members[].value

members[].display

members[].display

extension.parentGroups[].value

groups[].value

extension.parentGroups[].display

groups[].display

extension.entitlements[].value

entitlements[].value

  • If User's displayName attribute is present in the request, then the name attributes are not considered. If displayName is not provided, the values from the name attributes would be considered.

  • The connector doesn't implement roles for Users. Roles endpoints are not supported at target system and the user can not be assigned with random text to the roles.

  • The connector does not implement modifying the entitlements for Users or Groups. Entitlements endpoints are not supported at target system. The User or Group can not be assigned with random text to the entitlements.

  • Create User operation can create only Active users in the target application. However, Update User operation can be used to make the user InActive.

  • When a user create operation is tried with userName of a deleted user, the target system re-activates the deleted user and returns the details of that deleted user (with any updated values for attributes from the create request) instead of creating a new user with new user id.

  • The Databricks REST API supports a maximum of 30 requests per second per workspace. A 429 response status code is displayed if the requests exceed the rate limit.

  • A Databricks admin user whose Personal Access Token is used to authorize the target endpoints and who is managed by the Identity Provider (IdP) can be deprovisioned using the IdP, which may cause the SCIM provisioning integration to be disabled.

  • No meta information is retrieved for users and groups.

  • Target system follows soft delete of resources. Inactivating a user by updating 'active' to 'false' soft-deletes the user and that user cannot be retrieved.

  • Group's members will not contain 'type' attribute with values 'User' / 'Group' as the target system does not return the type of the members. Groups in target system can have users and groups as members.

  • Delete group request with invalid id returns 204 because of the target API behavior. The target API returns success when a deleted group is tried deleting again.

  • List users and list groups APIs are relatively slow. Hence used very minimal set of attributes in the query attributes on these endpoint.

Hive

The Hive connector allows you to connect Hive with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Hive's services as a collaborative tool used for project planning.

Supervisor configuration parameters

To configure the connector, following parameters are required:

  • Connector name

  • Workspace Id

  • API Key

  • User Id

  • Target URL (Cloud application's instance URL used as target URI in payload)

Supported objects and operations

Users

Table 326: Supported operations for Users

Operation

VERB

Create User POST
Update User PUT
Get User by id GET
Get All Users GET

Groups

Table 327: Supported operations for Groups

Operation

VERB

GET Group by Id

GET

Get All Groups GET

Mandatory fields

Users

  • email

Groups

  • Create Group is not supported by the target system.

User and Group mapping

The user and group mappings are listed in the tables below.

Table 328: User mapping
SCIM Parameter Hive parameter
Id id
UserName email
Name.GivenName profile.firstname
Name.FamilyName profile.lastname
Name.Formatted fullname
DisplayName fullname
Emails[0].value email

Groups

Table 329: Groups mapping
SCIM parameter Hive parameter
Id id
DisplayName name
Members.value members[]

Connector limitations

  • Connector gets All the Groups and filters the group from the list for GET Group By Id operation since the target system does not have an API to support Get Group by Id.

  • Update User operation supports only to update GivenName and FamilyName due to target system limitation.

  • Connector does not support the meta information created and lastModified as these are not supported by the target system.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级