Azure AD is a connector that gives users a cloud-based platform for their on-premises resources. Using single sign-on, companies have access to any number of network or web-based applications along with hosting access and identity management resources.
NOTE: Update the synchronization shell or create a new synchronization shell in One Identity Manager as changes are introduced in the schema.
For more information on registering the application, providing permissions, retrieving client ID or client secret, see Working with Azure AD.
To configure the connector, following parameters are required:
Connector name
Client Id for the app
Client Secret of the app
Directory Id of the Active Directory
Target URL (Cloud application's instance URL used as target URI in payload - For example, https://graph.microsoft.com/v1.0).
|
Operation |
VERB |
|---|---|
|
Create User |
POST |
|
Update User |
PATCH |
|
Delete User |
DELETE |
|
Get User |
GET |
|
Get All Users |
GET |
|
Operation |
VERB |
|---|---|
|
Create Group |
POST |
|
Update Group |
PATCH |
|
Delete Group |
DELETE |
|
Get Group |
GET |
|
Get All Groups |
GET |
nickName
displayName
password
mailEnabled (value needs to be 'false')
mailNickname
securityEnabled (value needs to be 'true')
The user and group mappings are listed in the tables below.
| SCIM parameter | Azure AD parameter |
|---|---|
| Id | id |
| userName | userPrincipalName |
| name.familyName | surname |
| name.givenName | givenName |
| displayName | displayName |
| nickName | mailNickname |
| emails[0].value | userPrincipalName |
| addresses[0].streetAddress | streetAddress |
| addresses[0].locality | city |
| addresses[0].region | state |
| addresses[0].postalCode | postalcode |
|
addresses[0].country |
couontry |
|
phoneNumbers[0].value |
businessPhones[0] |
|
title |
jobTitle |
|
active |
accountEnabled |
|
preferredLanguage |
preferredLanguage |
|
userType |
userType |
|
groups[].value |
memberOf[].id |
|
groups[].display |
memberOf[].displayName |
|
userExtension.organization |
companyName |
|
userExtension.department |
department |
|
userExtension.employeeNumber |
employeeId |
|
userExtension.manager.value |
manager.id |
|
userExtension.manager.displayName |
manager.displayName |
|
meta.created |
createdDateTime |
| SCIM parameter | Azure AD parameter |
|---|---|
| Id | id |
| displayName | displayName |
| members[].value | members[].id |
| members[].display | members[].displayName |
|
enterpriseExtension.description |
description |
|
enterpriseExtension.mailNickname |
mailNickname |
|
meta.created |
createdDateTime |
lastModified is not provided along with the Users and Groups.
Groups are of two types: Security groups and Office 365 groups. Azure AD supports users and groups as the members of groups. Security groups can have users and other Security groups as members. However, only users can be added as members for Office 365 groups.
With the trial Azure AD account, it is possible to create only Security groups through APIs. For information on mapping the appropriate properties, see User and Group section.
Azure AD resource Id's follow GUID formats. When trying to edit, retrieve, or delete a group by Id with an invalid GUID format, the connector displays 400 as the response code. However with invalid id and a proper GUID format, connector displays 404 as the response code.
Email value for the user should have only those domains which are verified in the selected Active Directory. To find out the verified domain, go to the Azure Active Directory in the Azure portal and in the Overview page above the directory name, the verified domain names are displayed.
For more information on password policy settings applied to user accounts that are created and managed in Azure AD, see, Password policies that only apply to cloud user accounts.
GSuite is a cloud computing, productivity, and collaboration tool. It includes the Google web applications Gmail, Drive, Hangouts, Calendar, and Docs. It also includes an interactive whiteboard. The enterprise version offers custom-domain email addresses, additional storage, and 24/7 phone and email support.
You must create a service account to access the G Suite services. For information on creating a service account, see Creating a service account in GSuite.
To configure the connector, following parameters are required:
Connector name
UserName
Private_Key (Whole JSON content of private key file created for service account)
Target URL (Cloud application's instance URL used as targetURI in payload)
|
Operation |
VERB |
|---|---|
|
Create User |
POST |
|
Update User |
PUT |
|
Delete User |
DELETE |
|
Get User |
GET |
|
Get All Users |
GET |
|
Get All Users with Pagination |
GET |
|
Operation |
VERB |
|---|---|
|
Create Group |
POST |
|
Update Group |
PUT |
|
Delete Group |
DELETE |
|
Get Group |
GET |
|
Get All Groups |
GET |
|
Get All Groups with Pagination |
GET |
|
Update Membership |
PUT |
FirstName
LastName
Password
The user and group mappings are listed in the tables below.
| SCIM parameter | GSuite parameter |
|---|---|
| Id | id |
| userName | primaryEmail |
| Name.GivenName | name.givenName |
| Name.FamilyName | name.familyName |
| Name.Formatted | name.fullName |
| DisplayName | name.fullName |
| Emails[0].value | primaryEmail |
| Addresses[0].StreetAddress | streetAddress |
| Addresses[0].Locality | locality |
| Addresses[0].Region | region |
| Addresses[0].PostalCode | postalcode |
| PhoneNumbers[0].Value |
phones[0].value |
| PhoneNumbers[0].Type | phones[0].type |
| Active | suspended |
| ExternalId | externalIds.value |
| Extension.Organization | organizations.name |
| Extension.Department | organizations.department |
| Extension.Division | organizations.location |
| Created | creationTime |
| SCIM parameter | GSuite parameter |
|---|---|
| Id | id |
| displayName | name |
| members.value | groupMembers.id |
| members.type | groupMembers.type |
| groupExtension.Email |
|
| groupExtension.Description |
description |
Connector supports cursor based pagination even with any change at count in subsequent requests.
Created date is displayed for Users. Created date and Modified date are not displayed for Groups.
Group information of user is not displayed in user details.
The Email ID of Users and Groups to be created should be provided along with the domain name of target instance.
Concur offers two on-demand Software as a Service (SaaS) products to help manage travel. Concur Travel & Expense gives you web and mobile solutions for travel and expense management, and TripIt is a mobile travel organizer for individuals.
To configure the connector, following parameters are required:
Connector name
Client Id
Client Secret
Username
Geolocation
Target URL (Cloud application's instance URL used as targetURI in payload)
|
Operation |
VERB |
|---|---|
|
Create User |
POST |
|
Update User |
POST |
|
Delete User |
DELETE |
|
Get User |
GET |
|
Get All Users |
GET |
|
Get All Users with Pagination |
GET |
NA
userName
name.givenName
name.familyName
enterpriseUserExtension.empId
emails.value
password
scimUser.locale
enterpriseUserExtension.ctryCode
enterpriseUserExtension.crnKey
enterpriseUserExtension.ledgerKey
enterpriseUserExtension.custom21
NA
The user and group mappings are listed in the tables below.
| SCIM parameter | Concur parameter |
|---|---|
| Id | LoginId |
| userName | LoginId |
| Name.GivenName | FirstName |
| name.MiddleName | Mi |
| Name.FamilyName | LastName |
| DisplayName | FirstName+LastName |
| Emails[0].value | EmailAddress |
| Active | Active |
| Locale | LocaleName |
| Extension.EmpId | EmpId |
| Extension.LedgerKe | LedgerName |
| Extension.CtryCode | CtryCode |
| Extension.CrnKey | CrnKey |
| Extension.ExpenseApprover | ExpenseApprover |
| Extension.Custom21 | Custom21 |
NA
Only user end-points are supported in Concur connector.
Inactive user's information is not displayed when Get All Users operation is performed.
The search result status for inactive user is NotFound .
While Get Users by Pagination with StartIndex and count specified, next nearest multiple of 100 records to the count value are fetched.
Invalid Geolocation url returns BadRequest status.
Created and LastModified dates are not supported.
API does not return the details of groups to which a user is associated.
POST user with the details similar to that of existing user's id, email and EmpId will update existing user's information. In such case, status code 201 is returned.
Inactive user cannot be created or edited.
GivenName and FamilyName are not updated in PUT user operation.
Custom21 value accepts only the Expense list code. For example, a valid Custom21 value are IN - 890, IN - 562, AU - 510, NL - 842, NO - 432, and so on.
Currently, an authentication related issue is observed while Get User by Id for a user "cteadmin@quest.com". This issue causes integration failure. To fix this, two keys are introduced in AppSettings of function host named ShouldExcludeUsers and ExcludeUserIds.
ShouldExcludeUsers key accepts either true or false as value, and ExcludeUserIds takes comma separated user's ids.
If value for ShouldExcludeUsers is true, the user ids mentioned in ExcludeUserIds will not appear in GetAll Users response.
Tableau offers data visualization software to let users upload files to a server or the cloud. You can create custom dashboards to analyze business intelligence and data.
To configure the connector, following parameters are required:
Connector name
Username
Site name (Example: https://online.tableau.com/#/site/MarketingTeam/users)
Target URL (Cloud application's instance URL used as target URI in payload - Example: https://{instance-name}.online.tableau.com/api/{api-version})
|
Operation |
VERB |
|---|---|
|
Create User |
POST |
|
Update User |
PUT |
|
Delete User |
DELETE |
|
Get User |
GET |
|
Get Users |
GET |
|
Get All Users with Pagination |
GET |
|
Operation |
VERB |
|---|---|
|
Create Group |
POST |
|
Update Group |
PUT |
|
Get Group |
GET |
|
Get Groups |
GET |
|
Get All Groups with Pagination |
GET |
|
Update Membership |
PUT |
displayName
The user and group mappings are listed in the tables below.
| SCIM parameter | Tableau parameter |
|---|---|
| Id | LoginId |
| userName | name |
| name.formatted | fullName |
| displayName | fullName |
| emails[0].value | name |
| roles[0].value | siteRole |
| SCIM parameter | Tableau parameter |
|---|---|
| Id | LoginId |
| displayName | name |
| members[].value | members[].id |
User update is supported for User role only.
Created and last modified dates are not available.
Group deletion is not supported.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center
