Data provisioning (connector) settings
| Parameter | Description |
|---|
| Base address | https://{yourtenant}/scim/v2/ |
| Authentication mode | OAuth2 |
| OAuth Grant Type | Client credentials |
| URL for Authorization token | https://https://{yourtenant}/oauth2/token/{yourappid} |
| OAuth Client ID | Your client id |
| OAuth Client Secret | Your cliend secret |
| OAuth Static Token Type | Bearer |
| OAuth Scope | SCIM |
| Test connection | Select the checkbox |
| Test query | Users |
Task mappings
| Parameter | Resource Type | Description |
|---|
| CyberArkIdentityUser | CyberArk Privileged Cloud Account | Contains mappings of account assignments to CyberArk Privileged Cloud user assignments |
| CyberArkIdentityGroupAssignment | CyberArk Privileged Cloud – Group | Contains mappings of groups assignments to CyberArk Privileged Cloud user |
| CyberArkIdentityContainerAssignment | CyberArk Privileged Cloud - Container | Contains mappings of containers assignments to CyberArk Privileged Cloud user |
| CyberArkIdentityContainer | CyberArk Privilege Cloud - Container | Contains mappings of Containers Resources |
| CyberArkIdentityGroup | CyberArk Privilege Cloud – Group | Contains mappings of Groups Resources |
| CyberArkIdentityPrivilegeData | CyberArk Privileged Cloud – Privileged Data | Contains mappings of Privileged Data Resources |
CyberArk Identity User
The CyberArkIdentityUser object is used to create, update, and delete user (account).
| Parameter | Operator | Source |
|---|
| Object ID | Expression | Operation != "Create" ? Extensions.GetFirstValue(ROPE_DistinguisedName, ROPE_ExternalAnchor, JobAnchor) : "IGNORED" |
| Object type | Constant | Users |
| Operation | Map | Operation |
| schemas | Expression | Operation=="DeleteIfExists" ? null : "urn:ietf:params:scim:schemas:core:2.0:User" |
| userName | Expression | Operation=="Create" || Operation=="Update" ? ROPE_AccountName : null |
| name.givenName | Expression | Operation=="Create" || Operation=="Update" ? ROPE_ATTR_FIRSTNAME : null |
| name.familyName | Expression | Operation=="Create" || Operation=="Update" ? ROPE_ATTR_LASTNAME : null |
| displayName | Expression | Operation=="Create" || Operation=="Update" ? ROPE_ATTR_FIRSTNAME + " " + ROPE_ATTR_LASTNAME : null |
| employeeNumber | Expression | Operation=="Create" || Operation=="Update" ? ROPE_ATTR_EMPLOYEEID : null |
| active | Expression | ROPE_Disabled==true || Operation == "DeleteIfExists" ? "false" : "true" |
| password | Expression | Operation=="Create" ? ROPE_ATTR_INITIALPASSWORD : null |
| emails[].type | Expression | Operation == "Create" ? "work" : null |
| emails[].primary | Expression | Operation == "Create" ? "true" : null |
| emails[].value | Expression | Operation == "Create" ? ROPE_ATTR_EMAIL : null |
| emails[].value[type=work] | Expression | Operation == "Update" ? ROPE_ATTR_EMAIL : null |
CyberArk Identity Group Assignment
The CyberArkIdentityGroupAssignment object is used to add, and delete user into groups.
| Parameter | Type | Description |
|---|
| Object ID | Map | ROPE_ATTR_DESCRIPTION |
| Object type | Constant | groups |
| Operation | Expression | (Operation=="Create" || Operation=="Update") ? "Update" : Operation |
| displayName | Map | ROPE_Resource |
| members[].value | Expression | (Operation=="Create" || Operation=="Update") ? Extensions.GetFirstValue(ROPE_DistinguisedName, ROPE_AccountExternalAnchor, JobAnchor) : null |
| members[].value | Expression | (Operation=="Delete") ? Extensions.GetFirstValue(ROPE_DistinguisedName, ROPE_AccountExternalAnchor, JobAnchor) : null |
CyberArk Identity Container Assignment
The CyberArkIdentityContainerAssignment object is used to add, and delete user into container.
| Parameter | Type | Description |
|---|
| Object Id | Expression | (Operation=="Update" || Operation=="Delete" || Operation=="DeleteIfExists") ? ROPE_ATTR_CYBERARK_ASSIGNMENT_ID : ObjectId |
| Object type | Constant | ContainerPermissions |
| Operation | Map | Operation |
| schemas | Expression | (Operation=="Create" || Operation=="Update") ? "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission" : null |
| rights | Expression | (Operation=="Create" || Operation=="Update") ? ROPE_ATTR_CYBERARKRIGHTS_REF : null |
| container.name | Expression | (Operation=="Create" || Operation=="Update") ? ROPE_Resource : null |
| user.value | Expression | (Operation=="Create" || Operation=="Update") ? Extensions.GetFirstValue(ROPE_DistinguisedName, ROPE_AccountExternalAnchor, JobAnchor) : null |
CyberArk Identity Container
The CyberArkIdentityContainer object is used to create, and delete containers.
| Parameter | Type | Description |
|---|
| Object ID | Map | ObjectId |
| Object type | Constant | Containers |
| Operation | Map | Operation |
| schemas | Expression | Operation != "Delete" ? "urn:ietf:params:scim:schemas:pam:1.0:Container" : null |
| name | Expression | Operation != "Delete" ? RLM_NAME : null |
| containerId | Expression | (RLM_DESCRIPTION != null && RLM_DESCRIPTION.Length != 0 && !string.IsNullOrWhiteSpace(RLM_DESCRIPTION[0])) ? RLM_DESCRIPTION[0] : RLM_NAME |
CyberArk Identity Group
The CyberArkIdentityGroup object is used to create, and delete groups.
| Parameter | Type | Description |
|---|
| Object ID | Map | ObjectId |
| Object type | Constant | Groups |
| Operation | Map | Operation |
| schemas | Expression | Operation =="deleteIfExists" ? null : "urn:ietf:params:scim:schemas:core:2.0:Group" |
| displayName | Expression | Operation != "Delete" ? RLM_NAME : null |
| groupId | Expression | (RLM_DESCRIPTION != null && RLM_DESCRIPTION.Length != 0 && !string.IsNullOrWhiteSpace(RLM_DESCRIPTION[0])) ? RLM_DESCRIPTION[0] : RLM_NAME |
CyberArk Identity Privileged Data
The CyberArkIdentityPrivilegedData is used to create, and delete Privileged Data.
| Parameter | Type | Description |
|---|
| Object ID | Map | DOLM_ROLEID |
| Object type | Constant | PrivilegedData |
| Operation | Map | Operation |
| schemas | Expression | Operation=="DeleteIfExists" ? null : "urn:ietf:params:scim:schemas:pam:1.0:PrivilegedData" |
| schemas | Expression | Operation=="DeleteIfExists" ? null : "urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData" |
| type | Constant | password |
| name | Expression | DOLM_C_CYBERARK_PLATFORMID + "-" + DOLM_C_CYBERARK_USERNAME + "-" + DOLM_C_CYBERARK_ADDRESS |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].key | Constant | username |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].value | Map | DOLM_C_CYBERARK_USERNAME |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].key | Constant | platformId |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].value | Map | DOLM_C_CYBERARK_PLATFORMID |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].key | Constant | address |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].value | Map | DOLM_C_CYBERARK_ADDRESS |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].key | Constant | secret |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.properties[].value | Map | DOLM_C_CYBERARK_SECRET |
| urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData.safe | Map | DOLM_C_CYBERARK_SAFE_DisplayName |
| id | Map | DOLM_ROLEID |