Amazon (S3 and AWS) offers a suite of cloud-computing services that make up an on-demand computing platform. The most central and best-known of these are Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). AWS offers more than 70 services, including computing, storage, networking, database, analytics, application services, deployment, management, mobile, developer tools, and tools for the Internet of Things.
To configure the connector, following parameters are required:
Connector Name
Client Secret of the cloud account
Region of the cloud account
SCIM URL (Cloud application's REST API's base URL)
Operation |
VERB |
---|---|
Create |
POST |
Update |
PUT |
Delete | DELETE |
Deprovision | PUT |
Undo Deprovision | PUT |
Operation |
VERB |
---|---|
Create | POST |
Update | PUT |
Delete | DELETE |
Deprovision | PUT |
Undo Deprovision | PUT |
Group Membership |
PUT |
Group Name
The user and group mappings are listed in the tables below.
SCIM Parameter | Amazon Web Services (AWS) Parameter |
---|---|
Id | UserName |
UserName | UserName |
Password | password |
DisplayName | Arn |
Active |
(true) |
Groups |
(ListGroupsForUserResult)Group |
Entitlements |
(ListAttachedUserPoliciesResult)AttachedPolicies |
Created | CreateDate |
LastModified | PasswordLastUsed |
SCIM Parameter | Amazon Web Services (AWS) Parameter |
---|---|
Id | GroupName |
displayName | UserName |
Entitlements | (ListAttachedGroupPoliciesResult)AttachedPolicies |
Members | (GetGroupResult)Users |
Created | CreateDate |
LastModified | PasswordLastUsed |
Signature generation is embedded within a data process. Hence, the application performance is affected.
The Last Modified date is not available. Hence, the field contains the value of recently used Password.
While performing Delete User or Delete Group operation, users or groups that are part of the deleted users or groups get detached from the below mentioned services. However, some services must be detached manually.
The task of assigning entitlements to groups is available with the connector. For successful working, certain changes must be made in Active Roles.
ServiceNow is a service management platform that can be used for many different business units, including IT, human resources, facilities, and field services.
To configure the connector, following parameters are required:
Connector Name
Username
Password
Operation |
VERB |
---|---|
Create |
POST |
Update |
PUT |
Delete |
DELETE |
Deprovision | PUT |
Undo Deprovision | PUT |
Operation |
VERB |
---|---|
Create |
POST |
Update |
PUT |
Delete |
DELETE |
Deprovision | PUT |
Undo Deprovision | PUT |
Group Membership |
PUT |
This feature allows you to configure custom attributes in Starling Connector during connector subscription. You can provide the list of custom attributes in a defined format with the name, type and allowed values of the attributes. The custom mappings in Active Roles provides the values for these custom attributes.
To configure custom attributes in ServiceNow:
Create a Custom Attribute in ServiceNow.
|
NOTE: The Starling Platform currently supports only the string types dateTime, True/False and Choice. |
To configure the custom attributes in Starling UI, enter the Custom Properties in the specified format in the Starling Platform.
Map the created custom attributes that were specified in the Starling Platform.
Perform a synchronization and verify if the custom attributes are available.
|
NOTE:
|
The user and group mapping is listed in the table below.
SCIM Parameter | ServiceNow Parameter |
---|---|
userName | user_name |
name.familyName | last_name |
name.givenName | first_name |
name.middleName | middle_name |
displayName | name |
emails[0].value | |
addresses[0].streetAddress | street |
addresses[0].locality | city |
addresses[0].region | state |
addresses[0].postalCode | zip |
addresses[0].country | country |
phoneNumbers[0].value | phone |
title | title |
preferredLanguage | preferred_language |
timeZone | time_zone |
active | active |
password | user_password |
roles.value | {resource}.role.value |
extension.organization | company |
extension.department | department |
extension.manager.value | manager.value |
extension.employeeNumber | employee_number |
id | sys_id |
groups.value | {resource}.group.value |
extension.lastLogon |
last_login_time |
SCIM Parameter | ServiceNow Parameter |
---|---|
id | sys_id |
displayName | name |
members.value | {resource}.user.value |
extension.description | description |
extension.email | |
extension.groupType |
type |
extension.manager.value |
manager.value |
ServiceProviderAuthority contains only the Id field with the value being same as the instance id of the ServiceNow instance, as there are no APIs to fetch the tenant details in ServiceNow.
If the department name and organization name is provided during user create or update operations, the user gets assigned to the department and organization if the department and organization with the same name exists in ServiceNow cloud application.
If the invalid manager id is used for user's manager fields while performing user create or update operations, ServiceNow does not display any error. Instead, it invalid id is returned as the manager id.
GET Roles operation might not fetch all the roles. Some roles must be retrieved based on ServiceNow Access Control List (ACL).
If an invalid member id is used for group create or update, no error is displayed. Instead, the same invalid id as the member id is returned.
Create User operation with existing user details shows the status code as 403 instead 409. The status code and the status message cannot be interpreted.
Azure Active Directory is a connector that gives users a cloud-based platform for their on-premises resources. Using single sign-on, companies have access to any number of network or web-based applications along with hosting access and identity management resources.
For more information on registering the application, providing permissions, retrieving client ID or client secret, see Working with Azure Active Directory.
To configure the connector, following parameters are required:
Connector name
Client Id for the app
Client Secret of the app
Directory Id of the Active Directory
Target URL (Cloud application's instance URL used as target URI in payload - For example, https://graph.microsoft.com/v1.0).
Operation |
VERB |
---|---|
Create User |
POST |
Update User |
PATCH |
Deprovision | PUT |
Undo Deprovision | PUT |
nickName
displayName
password
mailEnabled (value needs to be 'false')
mailNickname
securityEnabled (value needs to be 'true')
The user and group mappings are listed in the tables below.
SCIM Parameter | Azure AD Parameter |
---|---|
Id | id |
userName | userPrincipalName |
name.familyName | surname |
name.givenName | givenName |
displayName | displayName |
nickName | mailNickname |
emails[0].value | userPrincipalName |
addresses[0].streetAddress | streetAddress |
addresses[0].locality | city |
addresses[0].region | state |
addresses[0].postalCode | postalcode |
addresses[0].country |
couontry |
phoneNumbers[0].value |
businessPhones[0] |
title |
jobTitle |
active |
accountEnabled |
preferredLanguage |
preferredLanguage |
userType |
userType |
groups[].value |
memberOf[].id |
groups[].display |
memberOf[].displayName |
userExtension.organization |
companyName |
userExtension.department |
department |
userExtension.employeeNumber |
employeeId |
userExtension.manager.value |
manager.id |
userExtension.manager.displayName |
manager.displayName |
meta.created |
createdDateTime |
SCIM Parameter | Azure AD Parameter |
---|---|
Id | id |
displayName | displayName |
members[].value | members[].id |
members[].display | members[].displayName |
enterpriseExtension.description |
description |
enterpriseExtension.mailNickname |
mailNickname |
meta.created |
createdDateTime |
lastModified is not provided along with the Users and Groups.
Groups are of two types: Security groups and Office 365 groups. Azure AD supports users and groups as the members of groups. Security groups can have users and other Security groups as members. However, only users can be added as members for Office 365 groups.
With the trial Azure AD account, it is possible to create only Security groups through APIs. For information on mapping the appropriate properties, see User and Group section.
Azure AD resource Id's follow GUID formats. When trying to edit, retrieve, or delete a group by Id with an invalid GUID format, the connector displays 400 as the response code. However with invalid id and a proper GUID format, connector displays 404 as the response code.
Email value for the user should have only those domains which are verified in the selected Active Directory. To find out the verified domain, go to the Azure Active Directory in the Azure portal and in the Overview page above the directory name, the verified domain names are displayed.
For more information on password policy settings applied to user accounts that are created and managed in Azure AD, see, Password policies that only apply to cloud user accounts.
Box lets users securely store, access, share, and collaboratively work on files across devices. It is accessible through web and mobile applications and REST APIs. It features functions such as search, metadata, granular permission models, enterprise-grade security, retention policies, and preview capabilities.
To configure the connector, following parameters are required:
Connector name
Client Id
Public Key
To get the Box credentials
Create an account in Box.
Log in to the Box account . The URL will be similar to https://{Business_Name}.app.box.com/folder/0.
Navigate to the Developer console.
Create a new custom application.
Select OAuth 2.0 with JWT (server authentication) as the authentication method.
Click View App and navigate to the Configuration section.
Set the value of Application Access to Enterprise.
Enable the advanced features by selecting the following options:
In the Add and manage public keys section, click generate Public/Private Key pair button. A config JSON file gets downloaded and it includes the credentials, that are required to get the access token for authentication.
Operation |
VERB |
---|---|
Create |
POST |
Update |
PUT |
Delete |
DELETE |
Deprovision | |
Undo Deprovision |
Operation |
VERB |
---|---|
Create | POST |
DisplayName
The user and group mappings are listed in the tables below.
SCIM Parameter | Box Parameter |
---|---|
id | id |
email[0].value | login |
userName |
login |
name.formatted | name |
displayName | name |
active | status |
address[0].formatted | address |
userType | type |
PhoneNumbers[0].Value | phone |
active | status |
title | job_title |
preferredLanguage |
language |
timezone |
timezone |
meta.created |
created_at |
meta.astModified |
modified_at |
SCIM Parameter | Box Parameter |
---|---|
id | id |
name | displayName |
created | created_at |
lastModified | modified_at |
members[].value |
user[].id |
members[].display |
user[].name |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center