立即与支持人员聊天
与支持团队交流

Starling Connect Hosted - One Identity Manager Administration Guide

About this guide One Identity Starling Connect overview One Identity Starling Supported cloud applications Working with connectors Connector versions Salesforce Facebook Workplace SAP Cloud Platform JIRA Server RSA Archer SuccessFactors AWS IAM ServiceNow Dropbox Crowd Atlassian JIRA Confluence Trello Box Pipedrive SuccessFactors HR NutShell Insightly Egnyte SugarCRM Oracle IDCS Statuspage Zendesk Sell Workbooks DocuSign Citrix ShareFile Zendesk Azure AD Google Workspace Concur Tableau GoToMeeting Coupa AWS Cognito Okta DataDog Hideez Opsgenie Informatica Cloud Services AppDynamics Marketo Workday HR OneLogin PingOne Aha! SAP Litmos HackerRank Slack ActiveCampaign Webex Apigee Databricks Hive PagerDuty Dayforce Smartsheet Pingboard SAP Cloud for Customer Azure Infrastructure Oracle Fusion Cloud Majesco LuccaHR OpenText JFrog Artifactory xMatters Discourse Testrail ChipSoft PingOne Platform Azure DevOps UKG PRO Atlassian Cloud Appendix: Creating a service account in Google Workspace Appendix: Setting a trial account on Salesforce Registering the application, providing necessary permissions, retrieving Client Id and Client Secret from the Azure AD tenant Generating a private key for service account in GoToMeeting Configuring AWS IAM connector to support entitlements for User and Group Configuring Box connector to support additional email IDs for users One Identity Manager E2E integration needs for Hideez connector Configuring custom attributes for ServiceNow v.1.0 Configuring custom attributes for Coupa v.1.0 Configuring custom attributes in connectors Disabling attributes Configuring a connector that uses the consent feature Synchronization and integration of Roles object type with One Identity Manager Synchronization and integration of Workspaces object type with One Identity Manager Synchronization and integration of Products object type with One Identity Manager User centric membership Creating multi-valued custom fields in One Identity Manager Synchronization and assignment of PermissionSets to Users with One Identity Manager Connectors that support password attribute in User object Connectors that do not support special characters in the object ID Creating an app for using SCIM on Slack Enterprise Grid Organization Creating a Webex integration application, providing necessary scopes, retrieving Client Id and Client Secret Retrieving the API key from Facebook Workplace Outbound IP addresses Values for customer-specific configuration parameters in Workday HR connector Initiate an OAuth connection to SuccessFactors Creating custom editable/upsertable attributes in Successfactors employee central Custom Foundation Objects in Successfactors HR connector Configuring additional datetime offset in connectors How to Create custom attribute for Users in SuccessFactors portal SAP Cloud for Customer - Steps to add custom fields at One Identity Manager attributes Creating a Service Principal for the Azure Infrastructure Connector Workday permissions needed to integrate via the Starling Connector Configuring integration application in DocuSign Creating integration Connect Client in Coupa Retrieving Azure DevOps Personal Access Token (PAT) Setup integration system and field override service in Workday Retrieving Atlassian Cloud API Key and Directory ID Retrieving Tableau Personal Access Token (PAT)

Connector limitations

SAP Cloud for Customer (C4C) is a cloud solution to manage customer sales, customer service and marketing activities efficiently and is one of the key SAP solution to manage customer relationship.

Supervisor configuration parameters

To configure the connector, following parameters are required:

Supported objects and operations

Users

Table 352: Supported operations for Users

Operation

VERB

Create User POST

Get a User

GET

List Users

GET

Update a User

PUT

Delete User

DELETE

Roles

Table 353: Supported operations for Roles

Operation

VERB

Get a Role

GET

List Roles

GET

Mandatory fields

Users

  • name.givenName

  • name.familyName

Mappings

Table 354: SAPC4CEmployee,BusinessUser to SCIM User mapping
SCIM properties SAPC4C properties
active EmployeeValidityEndDate
addresses[].country CountryCode
addresses[].postalCode PostalCode
addresses[].region RegionCode
addresses[].streetAddress Street
displayName FirstName + " " + LastName
emails[].value Email

extension.businessUserLanguageCode

LogonLanguageCode

extension.businessUserLanguage

LogonLanguageCodeText

extension.companyName CompanyName
extension.dateFormat DateFormat
extension.dateFormatCode DateFormatCode
extension.decimalFormatCode DecimalFormatCode
extension.department Department
extension.employeeId EmployeeID
extension.gender GenderCodeText
extension.genderCode GenderCode
extension.employeeLanguage LanguageCodeText
extension.employeeLanguageCode LanguageCode
extension.managerName ManagerName
extension.maritalStatus MaritalStatusCodeText
extension.maritalStatusCode MaritalStatusCode
extension.passwordPolicyCode PasswordPolicyCode
extension.timeFormat TimeFormat
extension.timeFormatCode TimeFormatCode
extension.titleCode TitleCode
extension.titleCodeText TitleCodeText
extension.userId UserID
extension.userLockedIndicator UserLockedIndicator

extension.validityEndDate

UserValidityEndDate

extension.validityStartDate

UserValidityStartDate

id ObjectID
meta.created CreatedOn
meta.lastModified EntityLastChangedOn
name.familyName LastName
name.givenName FirstName
name.middleName MiddleName
nickName NickName
phoneNumbers[].value MobilePhoneNumber
roles.value EmployeeUserBusinessRoleAssignment.BusinessRoleID
timezone TimeZoneCode
userName UserID
Table 355: SAPC4CIdentityBusinessRoles to SCIM Role mapping
SCIM properties SAPC4C properties
id ObjectID
name Name
meta.created CreationDateTime
meta.lastModified EntityLastChangedOn

 

  • Update is not supported for attributes like ManagerName, CompanyName and Department, as they come under Organization endpoints.

  • Deleting a User, will inactivate it. But the user will still be present in the list of users.

  • Due to the target API behavior, any text value can be used as the value for phoneNumbers.

  • For most of the error scenarios, the status code returned is 500.

  • While user creation, the user will still be created if there is an error while user role assignments.

  • Due to One IM limitation on DateTime attributes, value having 'YEAR' less than 1753 could not be shown in One IM user interface.

Azure Infrastructure

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Supervisor configuration parameters

To configure the connector, following parameters are required. For more information, refer How to create Service Principal to authenticate the resource management REST APIs:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

ManagementGroups

Table 356: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 357: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 358: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 359: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 360: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 361: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 362: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 363: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Create RoleAssignments

POST

Delete RoleAssignments

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE.

RoleAssignments

  • roleDefinitionId
  • principalId
  • scope

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 364: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 365: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 366: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 367: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 368: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 369: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 370: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 371: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

properties.assignableScopes

assignableScopes

Connector limitations

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

Supervisor configuration parameters

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

To configure the connector, following parameters are required. For more information, refer How to create Service Principal to authenticate the resource management REST APIs:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

Supported objects and operations

ManagementGroups

Table 356: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 357: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 358: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 359: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 360: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 361: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 362: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 363: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Create RoleAssignments

POST

Delete RoleAssignments

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE.

RoleAssignments

  • roleDefinitionId
  • principalId
  • scope

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 364: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 365: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 366: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 367: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 368: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 369: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 370: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 371: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

properties.assignableScopes

assignableScopes

Connector limitations

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

Supported objects and operations

AzureInfrastructure is an alias for Azure Resource Manager. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Supervisor configuration parameters

To configure the connector, following parameters are required. For more information, refer How to create Service Principal to authenticate the resource management REST APIs:

  • Connector name

  • Client Id of the app

  • Client Secret of the app

  • Directory Id of the Active Directory

  • Target URL (Cloud application's instance URL used as target URI in payload - Example:https://management.azure.com)

  • Instance DateTime Offset (refer Configuring additional datetime offset in connectors for more details).

ManagementGroups

Table 356: Supported operations for ManagementGroups

Operation

VERB

Get ManagementGroup By Id

GET

List ManagementGroups

GET

Subscriptions

Table 357: Supported operations for Subscriptions

Operation

VERB

Get Subscription By Id GET

List Subscriptions

GET

Get Subscriptions with Pagination

GET

ResourceGroups

Table 358: Supported operations for ResourceGroups

Operation

VERB

Get ResourceGroup By Id GET
List ResourceGroups GET

Get ResourceGroups with Pagination

GET

AzResource

Table 359: Supported operations for AzResource

Operation

VERB

List Azresources GET
Get AzResource by id GET

Get AzResource with Pagination

GET

AzResourceTypes

Table 360: Supported operations for AzResourceTypes

Operation

VERB

List AzresourcesTypes GET
Get AzResourceTypes by id GET

Locations

Table 361: Supported operations for Locations

Operation

VERB

List Locations GET

Get Location By Id

GET

Roles

Table 362: Supported operations for Divisions

Operation

VERB

Get Role By Id GET

List Roles

GET

RoleAssignments

Table 363: Supported operations for RoleAssignments

Operation

VERB

Get RoleAssignment By Id GET

List RoleAssignments

GET

Create RoleAssignments

POST

Delete RoleAssignments

DELETE

Mandatory fields

This section lists the mandatory field required to CREATE.

RoleAssignments

  • roleDefinitionId
  • principalId
  • scope

Attributes Mappings

Different mappings associated with this connector are listed in the tables below.

Table 364: AzureInfrastructure managementGroup to SCIM managementGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
Properties.displayName displayName
Properties.details.updatedBy updatedBy
Properties.tenantId tenantId
properties.details.parent.id parentManagementGroupId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
properties.details.updatedTime meta.LastModified
Table 365: AzureInfrastructure subscription to SCIM subscription mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name subscriptionId
Properties.displayName displayName
properties.state state
properties.tenant tenantId
id resourceId
properties.parent.id.Split('/')[4] managementGroupName
properties.parent.id managementGroupId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 366: AzureInfrastructure resourceGroup to SCIM resourceGroup mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
location location
properties.provisioningState provisioningState
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id resourceId
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 367: AzureInfrastructure resources to SCIM AzResources mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
name displayName
type resourceType
location location
id resourceId
id.Split('/')[2] subscriptionName
/subscriptions/{id.Split('/')[2]} subscriptionId
id.Split('/')[4] resourceGroupName
/subscriptions/{id.Split('/')[2]}/resourceGroups/{id.Split('/')[4]} resourceGroupId
tags[].Name tags[].name
tags[].Value tags[].value
role[].value.name role[].value
role[].value.properties.principalId role[].principalId
role[].value.properties.principalType role[].principalType
role[].value.properties.roleDefinitionId role[].azRoleReference
Table 368: AzureInfrastructure roleAssignments to SCIM roleAssignments mapping
Azure Infrastructure properties SCIM properties
id.Replace(“/”, “$$”) id

properties.description

description

properties.roleDefinitionId roleDefinitionId
properties.principalId principalId
properties.principalType principalType
properties.scope scope
id resourceId
properties.createdOn meta.Created
properties.updatedOn meta.LastModified
Table 369: AzureInfrastructure resourceTypes to SCIM AzResourceTypes mapping
Azure Infrastructure properties SCIM properties
Namespace + '$$' + resourceTypes.resourceType id
namespace + '/' + resourceTypes.resourceType displayName
Table 370: AzureInfrastructure locations to SCIM locations mapping
Azure Infrastructure properties SCIM properties
id.Replace("/", "$$") id
name name
displayName displayName
regionalDisplayName regionalDisplayName
id resourceId
Table 371: AzureInfrastructure roles to SCIM roles mapping
Azure Infrastructure properties SCIM properties
id id

properties.roleName

displayName

id resourceId
properties.roleName name
properties.description description
properties.type type
properties.createdOn meta.Created
properties.updatedOn meta.LastModified

properties.assignableScopes

assignableScopes

Connector limitations

  • Pagination is not supported for ManagementGroups, AzResourceTypes, Locations and Roles endpoints.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级