Data import
Special limitations
MijnCaress may contain duplicated user groups assigned to the same person. Thanks to the XPath used in the data import mappings for user group assignments, these duplicates are ignored.
MijnCaress may contain users where the "end date" (valid to) is in the past, but the user status is active. After the import, Omada Identity will find those users and change their status to inactive (due to validity period) and provision these changes. If you do not want to have these corrections made, you must change the default mappings, for example, by removing the status property from the connector's mappings for update action.
General settings
| Setting | Description |
|---|---|
| Name | Type a unique name for the system. Two systems cannot have the same name. |
| System ID | Type a unique System ID for the system. Two systems cannot have the same System ID. You cannot change this setting. |
| Description | Type an optional description of the system. |
| Status | Status of the system. Set the status to Removed to ensure the system is no longer included in warehouse imports, reconciliation or provisioning. Setting a system as removed will delete all objects referring to the system, including resources, manual and automated provisioning tasks, and assignment policies. |
| Content | The type of content to import. You can choose: Identity data Access rights Both (Identity data and access rights) |
| Trusts | Optionally, select one or more trusted systems to associate with the system. |
| Prevent self-service | Optionally, decide if it will be possible or not to request the resource in a self-service requests in that system. |
info
Trust is specifically designed for use between physical systems. It is not intended for use between logical and physical systems.
Connection details
| Parameter | Description |
|---|---|
| Endpoint address | Specify the URL of the mijnCaress service to which the connection is made. |
| User | Type the username for the target system user used to authenticate connectivity. |
| Password | Type the password for the user to authenticate with the service. Each time you make a change to any of the settings in the Connection details dialog box, you must enter the password again. |
| Timeout in seconds | Specify the preferred connection timeout for one web service call. It is recommended that timeout is not lower than 100 seconds. If the import is not successful and, in the Import execution details, it is stated that the timeout has been reached, the user should increase the timeout value. |
| Security protocol | Select the name of the security protocol supported by the external server. It should match the security protocol used in the mijnCaress system. |
| PEM Certificate | Provide the authentication certificate in the PEM format. |
| PEM Private Key | Provide the certificate's RSA private key in the PEM format. |
| Session ID XPath (request) | XPath to attach session ID in the requests. This field is prefilled with the default value. |
| Username XPath (request) | XPath to attach username in the requests. This field is prefilled with the default value. |
| Test connection | This field is optional. You can check this field to force the collector to test the defined connection before moving froward. |
Queries and mappings
Out of the box, the Omada mijnCaress Connectivity provides the following mappings, that have been tested to work correctly. Each query is defined by a set of parameters.They are divided into four categories: Web method, Endpoint detail, Paging, Delta, and Mappings.
Accounts query
Web method
The following fields are filled by default:
- Request XML
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns:NS1="urn:libCCInvocableApplication" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS1:AuthHeader xsi:type="NS1:AuthHeader"> <sSessionId xsi:type="xsd:string"></sSessionId> <sUserName xsi:type="xsd:string" ></sUserName> <sCheckDatabaseId xsi:type="xsd:string" /> </NS1:AuthHeader> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:NS2="urn:InvokableUserManagement-IinvUserManagement" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS2:GetUsers /> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
- Entity node XPath
/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']
- Alias mappings
Username:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name()
= 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*
[local-name() = 'Username']
SysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() =
'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*
[local-name() = 'SysId'] Status:/*[local-name() = 'Envelope']/*[local-name()
= 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*
[local-name() = 'item']/*[local-name() = 'Status'] Start:/*[local-name() =
'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*
[local-name() = 'return']/*[local-name() = 'item']/*[local-name() =
'Start'] End:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[localname() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() =
'item']/*[local-name() = 'End']
Name:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() =
'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*
[local-name() = 'Name']
- Additional configurable fields
- WSDL path - type the URL path to the target system service to which the query is mapped. This parameter needs to be provided manually before the first import is started.
- Method - specify the target system method used to extract data.This field is automatically filled in when the system is onboarded.
- Response XML - you can use this field to help you fill in the Alias mapping. It is filled in with an empty XML template when the Generate XML button is pressed.
- XPath - you can use this field to help you fill in the Alias mapping. To get the XPath for the desired element (e.g. identity), in the Response XML field, place your cursor in the same line as the opening tag and after the whole element (after > character).Then press the Get XPath button.The XPath is calculated and placed in the XPath field.
- Filter - this field features a Dynamic Expresso expression that is used for filtering the data imported into Omada Identity.It returns a TRUE/FALSE result for each imported data row.If the expression returns “FALSE” for the given row that row is skipped during import.
- Description - type the description of what the query is doing.
Endpoint detail - parameters
- Endpoint address - populate this field if you want to specify a different Endpoint address than the one specified in Connection details.If the field is left empty the values from Connection details are used as a default.
- Content-type header value - populate this field if you want to specify a different Content-type header value than the one specified in Connection details.If the field is left empty the values from Connection details are used as a default.
- HTTP verb - populate this field if you want to specify a different HTTP verb than the one specified in Connection details.If the field is left empty the values from Connection details are used as a default.
Paging
Paging is not supported by mijnCaress web service. This function is, by default, disabled in the connectivity package and should not be enabled. Parameters:
- Use paging - decide whether paging will be used when analyzing target system XML requests and responses.In a newly onboarded system it is by default set to “No”.
- Paging strategy - decide whether paging is to be based on the Page number or Next ID approach.
- First ID XPath (request) - available for Next ID only. XPath in request XML for the first object ID.
- Next ID XPath (response) - available for Next ID only. XPath in response XML for the next object ID.
- Page number XPath (request) - available for Page number only. Specify the XPath to page number value in target system request XML.This field is automatically filled in when the system is onboarded.
- Elements per page XPath (request) - available for Page number only. Specify the XPath to elements per page value in target system request XML.This field is automatically filled in when the system is onboarded.
- Current page XPath (response) - available for Page number only. Specify the XPath to the current page number value in target system response XML.This field is automatically filled in when the system is onboarded.
- Elements per page XPath (response) - available for Page number only. Specify the XPath to elements per page value in target system response XML.This field is automatically filled in when the system is onboarded.
- Total pages XPath (response) - available for Page number only. Specify the XPath to the current page number value in target system response XML.This field is automatically filled in when the system is onboarded.
Delta
Delta is not supported by mijnCaress web service.This function is, by default, disabled in the connectivity package and should not be enabled. In the Delta tab, you can choose if the given request should use the delta import functionality.
- Use delta - select whether to use the delta import mode.If you choose “Yes”, you will need to fill in the two mandatory XPath fields (listed below).
- Date From XPath - the XPath to the element in the Request containing the initial date for delta import.
- Date To XPath - the XPath to the element in the Request containing the final date for delta import.
Mappings
| Destination | Operator | Source |
|---|---|---|
| Businesskey | Map | SysId |
| UniqueID | Map | Username |
| Accountname | Map | Username |
| Display name | Map | Name |
| Status | Expression | Status != null && Status.ToString() == "A" ? "Active" : "Inactive" |
| Valid from | Expression | Start != null && Start.ToString().Length > 9 ? Start.ToString().Substring(0, 10) : null |
| Valid to | Expression | End != null && End.ToString().Length > 9 ? End.ToString().Substring(0, 10) : null |
Resources - disciplines query
Web method
The following fields are filled by default:
- Request XML
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns:NS1="urn:libCCInvocableApplication" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS1:AuthHeader xsi:type="NS1:AuthHeader"> <sSessionId xsi:type="xsd:string"></sSessionId> <sUserName xsi:type="xsd:string" ></sUserName> <sCheckDatabaseId xsi:type="xsd:string" /> </NS1:AuthHeader> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:NS2="urn:InvokableUserManagement-IinvUserManagement" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS2:GetDisciplines /> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
2 Entity node XPath
/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetDisciplinesResponse']/*[local-name() = 'return']/*[local-name() = 'item']
- Alias mappings
Name:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetDisciplinesResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'Name']
SysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetDisciplinesResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'SysId']
- Mappings
| Destination | Operator | Source |
|---|---|---|
| Businesskey | Expression | "discipline_" + SysId |
| Security resource business key | Expression | "discipline_" + SysId |
| Name | Map | Name |
| Category | Constant | Permission |
| Type | Constant | mijnCaressDiscipline |
| Display name | Map | Name |
| Short name | Map | Name |
Resources - user groups query
Web method
The following fields are filled by default:
- Request XML
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns:NS1="urn:libCCInvocableApplication" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS1:AuthHeader xsi:type="NS1:AuthHeader"> <sSessionId xsi:type="xsd:string"></sSessionId> <sUserName xsi:type="xsd:string" ></sUserName> <sCheckDatabaseId xsi:type="xsd:string" /> </NS1:AuthHeader> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:NS2="urn:InvokableUserManagement-IinvUserManagement" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS2:GetUserGroups /> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
- Entity node XPath
/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUserGroupsResponse']/*[local-name() = 'return']/*[local-name() = 'item']
- Alias mappings
Name:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUserGroupsResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'Name']
SysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUserGroupsResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'SysId']
Type:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUserGroupsResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'Type']
- Mappings
| Destination | Operator | Source |
|---|---|---|
| Businesskey | Expression | "usergroup_" + SysId |
| Security resource business key | Expression | "usergroup_" + SysId |
| Name | Map | Name |
| Category | Constant | Permission |
| Type | Expression | string.Format("mijnCaress0Group", Type == "F" ? "Functional" : Type == "T" ? "Technical" : "Location") |
| Display name | Map | Name |
| Short name | Map | Name |
Resources assignments - discipline assignments
Web method
The following fields are filled by default:
- Request XML
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns:NS1="urn:libCCInvocableApplication" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS1:AuthHeader xsi:type="NS1:AuthHeader"> <sSessionId xsi:type="xsd:string"></sSessionId> <sUserName xsi:type="xsd:string" ></sUserName> <sCheckDatabaseId xsi:type="xsd:string" /> </NS1:AuthHeader> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:NS2="urn:InvokableUserManagement-IinvUserManagement" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS2:GetUsers /> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
- Entity node XPath
/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']
- Alias mappings
DisciplineSysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'DisciplineSysId']
UserSysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'SysId']
- Filter
DisciplineSysId != null && DisciplineSysId.ToString() != ""
- Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Expression | "discipline_" + DisciplineSysId |
| Account - business key | Map | UserSysId |
Resources assignments - user group memberships
Web method
The following fields are filled by default:
- Request XML
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns:NS1="urn:libCCInvocableApplication" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS1:AuthHeader xsi:type="NS1:AuthHeader"> <sSessionId xsi:type="xsd:string"></sSessionId> <sUserName xsi:type="xsd:string" ></sUserName> <sCheckDatabaseId xsi:type="xsd:string" /> </NS1:AuthHeader> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:NS2="urn:InvokableUserManagement-IinvUserManagement" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <NS2:GetUsers /> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
- Entity node XPath
/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'Usergroup']/*[local-name() = 'item']
- Alias mappings
UserGroupSysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'Usergroup']/*[local-name() = 'item']//SysId[not(.
= ../preceding-sibling::item/SysId)]
UserSysId:/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[local-name() = 'GetUsersResponse']/*[local-name() = 'return']/*[local-name() = 'item']/*[local-name() = 'Usergroup']/*[local-name() = 'item']/../../*[local-name() = 'SysId']
- Filter
UserGroupSysId != null && !string.IsNullOrEmpty(UserGroupSysId.ToString())
- Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Expression | "usergroup_" + UserGroupSysId |
| Account - business key | Map | UserSysId |
Account rules
Out-of-the box, the Omada mijnCaress connectivity has the following Account rules:
-
Ownership rule - the account owner is set to the identity where the 'Identity's unique ID' value of the identity matches the 'Account UID' value of the account. It has the following fields and values:
- Type - identity lookup
- Join reason - exact Match
- Account attribute - Account UID
- Identity attribute - Identity's unique ID
-
Classification rule - if an account with the account attribute 'Identity join reason' equals 'Exact Match', the account type is set to 'Personal'. It has the following fields and values:
- Account type - Personal
- Scope attribute - Identity join reason
- Scope operator - Equals
- Scope value - Exact Match