Data import
Creating reference properties
Before you register a new system in Omada Identity, create two reference properties:
- Go to Setup > Properties and click New.
- Select the Reference Property. Enter the following information:
- Name: Delinea folder permissions
- System name: C_DELINEAFOLDERPERMISSIONS
- Refers object(s) of type: Resource [52]
- Create a second property and enter the following information:
- Name: Delinea secret permissions
- System name: C_DELINEASECRETPERMISSIONS
- Refers object(s) of type: Resource [52]
Connection details
| Parameter | Value |
|---|---|
| Base URL | {Base URL} |
| Authentication type | OAuth2 Password |
| User | [User] |
| Password | [Password] |
| Token endpoint | [Token endpoint] |
| Test connection | Select the checkbox |
Queries and mappings
Users – accounts
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | users |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | id |
| Unique ID | Map | id |
| Account Name | Map | userName |
| Display Name | Map | displayName |
| Status | Constant | active |
| Distinguished name | Map | id |
| ID | Map | id |
Roles – resources
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | roles |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | "Delinearoleid_" + id |
| Security resource business key | Expression | "Delinearoleid_" + id |
| Name | Map | name |
| Category | Constant | Permission |
| Type | Constant | Delinea Roles |
| Display name | Map | name |
| Short name | Expression | "Delinearoleid_" + id |
| Logic key | Map | id |
Groups – resources
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | groups |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | "Delineagroupid_" + id |
| Security resource business key | Expression | "Delineagroupid_" + id |
| Name | Map | name |
| Category | Constant | Permission |
| Type | Constant | Delinea Groups |
| Display name | Map | name |
| Short name | Expression | "Delineagroupid_" + id |
| Logic key | Map | id |
Folders – resources
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | folders |
| General | Distinct | Yes |
| General | Filter | !folderPath.Contains("\\Personal Folders") && parentFolderId==-1 |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | "Delineafolderid_" + id |
| Security resource business key | Expression | "Delineafolderid_" + id |
| Name | Map | folderName |
| Category | Constant | Permission |
| Type | Constant | Delinea Folders |
| Display name | Map | folderName |
| Short name | Expression | "Delineafolderid_" + id |
Folder permissions – resources
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | folders |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
| Paging | Nested URL | folder-permissions?filter.folderId={PARENT_id} |
| Nested requests | Nested URL is root | No |
| Nested requests | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | "folderAccessRoleId_" + folderAccessRoleId |
| Security resource business key | Expression | "folderAccessRoleId_" + folderAccessRoleId |
| Name | Map | folderAccessRoleName |
| Category | Constant | Permission |
| Type | Constant | Delinea Folder Permissions |
| Short name | Expression | "folderAccessRoleId_" + folderAccessRoleId |
| Description | Map | folderAccessRoleId |
Secret permissions – resources
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | folders |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
| Paging | Nested URL | folder-permissions?filter.folderId={PARENT_id} |
| Nested requests | Nested URL is root | No |
| Nested requests | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | secretAccessRoleName == "None" ? "secretAccessRoleId_0" : "secretAccessRoleId_" + secretAccessRoleId |
| Security resource business key | Expression | secretAccessRoleName == "None" ? "secretAccessRoleId_0" : "secretAccessRoleId_" + secretAccessRoleId |
| Name | Map | secretAccessRoleName |
| Category | Constant | Permission |
| Type | Constant | Delinea Secret Permissions |
| Short name | Expression | secretAccessRoleName == "None" ? "secretAccessRoleId_0" : "secretAccessRoleId_" + secretAccessRoleId |
| Description | Expression | secretAccessRoleName == "None" ? "0" : secretAccessRoleId.ToString() |
Roles - assignments
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | users |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
| Paging | Nested URL | users/{PARENT_id}/roles |
| Nested requests | Nested URL is root | No |
| Nested requests | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Expression | "Delinearoleid_" + roleid |
| Account – business key | Map | PARENT_id |
Groups - Assignments
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | users |
| General | Distinct | Yes |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
| Paging | Nested URL | users/{PARENT_id}/groups |
| Nested requests | Nested URL is root | No |
| Nested requests | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Expression | "Delineagroupid_" + groupId |
| Account – business key | Map | PARENT_id |
Folders - assignments
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | users |
| General | Distinct | Yes |
| General | Filter | !PARENT_folderPath.Contains("\\Personal Folders") && PARENT_parentFolderId==-1 |
| General | Enabled | Select the checkbox |
| Advanced | HTTP verb | GET |
| Advanced | URL is a DynamicExpresso expression | No |
| Paging | Change paging | No |
| Paging | Nested URL | folder-permissions?filter.folderId={PARENT_id} |
| Nested requests | Nested URL is root | No |
| Nested requests | Change paging | No |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Expression | "Delineafolderid_" + folderId |
| Account – business key | Map | userId |
| C_DELINEAFOLDERPERMISSIONS | Expression | folderAccessRoleName + "_" + folderAccessRoleId |
| C_DELINEASECRETPERMISSIONS | Expression | secretAccessRoleName + "_" + secretAccessRoleId |
Advanced configuration
Use the following configuration to effectively manage the retrieval of roles and their assignments while implementing pagination to handle large datasets.
| Parameter | Value |
|---|---|
| Paging mechanism | URL Parameters |
| URL parameters | pageCount={pageIndex}&take=100 |
| Starting index | 1 |
| Total field | total |
Account rules
Ownership rule
The account owner is set to the identity where the Email value of the identity matches the Name value of the account.
| Field | Value |
|---|---|
| Type | Identity lookup |
| Join reason | Exact Match |
| Account attribute | Name |
| Identity attribute | Identity’s unique ID |
Classification rule
If an identity with the account attribute Identity join reason equals Exact Match, the account type is set to Email.
| Field | Value |
|---|---|
| Account type | Personal |
| Scope attribute | Identity join reason |
| Scope operator | Equals |
| Scope value | Exact Match |
Properties
Before performing an import:
-
Go to Setup > Properties and open the Delinea folder permissions reference property name. Click Edit lookup view > Expressions and then New.
-
Enter the following information and save the reference property:
-
Left side: Resource type [ROLETYPEREF]
-
Right side (reference): Delinea Folder Permissions
-
-
Create an expression for the second reference property (Delinea secret permissions):
-
Left side: Resource type [ROLETYPEREF]
-
Right side (reference): Delinea Secret Permissions
-
Aditional configuration
Create the following resource types:
Delinea Account
- Go to Setup > Resource types. Open the Delinea Account.
- Enable Always provision changes.
- Click Apply and then OK.
Delinea Folders
- Go to Setup > Resource types. Open the Delinea Folders.
- Enable Reconcile on attribute level.
- Enter the Reconciliation attributes map as:
C_DELINEAFOLDERPERMISSIONS=C_DELINEAFOLDERPERMISSIONS;C_DELINEASECRETPERMISSIONS=C_DELINEASECRETPERMISSIONS - Click Apply and then OK.
Delinea Folder Permissions
- Go to Setup > Resource types. Open the Delinea Folder Permissions.
- Click Other settings.
- In the Prevent self-service* drop-down menu, select Yes.
- Click Apply and then OK.
Delinea Secret Permissions
- Go to Setup > Resource types. Open the Delinea Secret Permissions.
- Click Other settings.
- In the Prevent self-service* drop-down menu, select Yes.
- Click Apply and then OK.