Data import
General settings
| Setting | Description |
|---|---|
| Name | Type a unique name for the system. Two systems cannot have the same name. |
| System ID | Type a unique System ID for the system. Two systems cannot have the same System ID. You cannot change this setting. |
| Description | Type an optional description of the system. |
| Status | Status of the system. Set the status to Removed to ensure the system is no longer included in warehouse imports, reconciliation or provisioning. Setting a system as removed will delete all objects referring to the system, including resources, manual andautomated provisioning tasks, and assignment policies. |
| Content | The type of content to import. You can choose: Identity data Access rights Both (Identity data and access rights) |
| Trusts | Optionally, select one or more trusted systems to associate with the system. |
Trust is specifically designed for use between physical systems. It is not intended for use between logical and physical systems.
Connection details
| Parameter | Description |
|---|---|
| Base URL | This field is optional. You can specify the Base URL of the service. When you specify aBase URL, this URL will be used for all defined queries if these do not specify a full URL of their own. The Base URL is part of the data connection data, and the Base URL should not be transported between environments, for example, http://api.slack.com/scim/v1 |
| Authentication type | Choose the type of authentication to use for theSlack system. For Slack connectivity, the only supported authentication is: OAuth2 Static Token – uses statically generated bearer token. |
| OAuth static token | This field applies only to OAuth2 Static Tokenauthentication option. Enter a statically generated bearer token.The value will be encrypted upon storage. |
| OAuth static token type | Provide a custom keyword that will be supplied in front of the static token. For Slack connectivity, the tokens are of Bearer type. If the field is left blank, the default Bearer value is also used. |
| Test connection | This field is optional. You can check this field to force the collector to test the defined connection before moving froward. |
| Test query | This field only appears if the Test connection field is enabled. Here you can enter an optional test query used to verify the connection. The query must be relative to the base address, e.g., 'Users.' Entering a test query is important for a proper test for authentication methods which doesn't access the target system, e.g., basic authentication or static bearer token. |
Queries and mappings
Out of the box, the Omada Slack Connectivity provides the following mappings:
Users - Accounts
Parameters
| Parameter | Value |
|---|---|
| URL | Users |
| Append | count=500 |
| Collection | Resources |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | id |
| Unique ID | Map | userName |
| Account name | Expression | userName.Length>100 ? userName.Substring(0,100) : userName |
| Display name | Map | displayName |
| Status | Map | active ? "Active" : "Disabled" |
| Expression | emails_primary ? emails_value : null |
Be aware of a specific behavior with disabled users. If you disable a user in Slack, this user will also lose its group memberships in Slack. When this user is again enabled, the group memberships will not be added immediately. Instead, you should perform a reconciliation import that will re-establish the group memberships.
Groups - Resources
Parameters
| Parameter | Value |
|---|---|
| URL | Groups |
| Append | count=500 |
| Collection | Resources |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | id |
| Security resource business key | Map | id |
| Name | Map | displayName |
| Category | Constant | Group |
| Type | Constant | Slack Group |
| Display name | Map | displayName |
| Short name | Map | id |
Groups - Resource assignments
Parameters
| Parameter | Value |
|---|---|
| URL | Groups |
| Append | count=500 |
| Collection | Resources |
Mappings
| Destination | Operator | Description |
|---|---|---|
| Resource business key | Map | id |
| Account - business key | Map | members_value |
Advanced queries and mappings configuration
If you require any custom mappings for your Slack implementation, this section describes the details of the fields available in the Queries task. This collector supports any number of queries and has the following query parameters which should be specified when creating or editing a query.
-
In the URL is a DynamicExpresso expression field, you can specify whether the URL is generated from a DynamicExpresso expression (if “Yes” is selected) or interpreted directly (if “No” is selected).
-
In the URL field, enter the URL for the resource. If “No” is selected in URL is a DynamicExpresso expression, you can specify a full URL or the part of the URL which should be appended to the Base URL. If “Yes” is selected in URL as a DynamicExpresso expression, the URL enables the user to specify a DynamicExpresso expression, which is used to generate the URL dynamically.
noteIt is recommended to use the SuccessFactors paging mechanisms when querying PerPerson entity to avoid missing or duplicate records. This behavior occurs when the same Entity is updated by another process in parallel while being read from SAP. To enable the paging mechanism to add the paging=snapshot query parameter at the beginning of the URL:
PerPerson?paging=snapshot&$filter... -
Optionally, in the Nested URL field, you can provide any attribute returned from the URL and use it as a nested query. The attribute must be enclosed in brackets, for example,
/groups/{PARENT_id}/members?roles=MEMBER.noteThe Nested URL field doesn't allow special characters.
If the URL returns a collection (multi-value), the Nested URL will only be called using the first element of each collection. Moreover, as the Nested URL is called for the number of rows returned from the URL, employing this feature causes a performance penalty.
-
Optionally, in the Nested URL is a root radio button, you can specify whether the return should be the first found collection, by selecting No (which is the default value) or a root element treated as a single element, by selecting Yes.
-
Optionally, when the Nested URL is root parameter is set to Yes, then the Nested URL Collection must be specified as well, to point to the collection inside the root element from which you want to collect data.
-
Optionally, disable paging for the Nested URL.
-
Optionally, in the Append field, enter some query parameters which should be appended.
-
Optionally, in the Distinct field, specify if the collector should remove possible duplicate rows.
-
Optionally, in the Collection field, you can specify the name of the collection element in the response from where the result should be read. By default, the result is read from the first found collection.
-
Optionally, in the Filter field under the Parameters heading, you can provide a Dynamic Expresso expression that is used for filtering the data imported into Omada Identity. It returns a TRUE/FALSE result for each imported data row. If the expression returns “FALSE” for the given row that row is skipped during import.
The filter can be supplied with special functions #MinRow() or #MaxRow(). The
#MinRow()/#MaxRow()are custom functions that can be combined with regular DynamicExpresso expressions thanks to the # prefix, for example, in line:#MinRow(col1, col2)#col=="active"the custom function is encapsulated with # at the start and optionally at the end (if a regular filter is to be appended like in the example (col=="active")).
The
MinRow()/MaxRow()functions take two parameters. The intention is similar to a "Group by function" in SQL server that allows you to eliminate duplicates and to take thelowestorhighest[order by column]for each[unique column]row, i.e.,MinRow([unique column], [order by column]). -
Optionally, in the Description field, enter a description for what this query is doing.
Naming convention for mapping and expressions
The name used for mapping or expressions is converted into a name that is usable as a C# parameter. Names can contain the characters _, a-z, A-Z, and 0-9, but the first character of the name cannot be a digit (0-9). Any illegal characters will be stripped from the name under the conversion.
For example, $somekey1 becomes somekey1 and 1another_key becomes another_key.
Advanced configuration
-
Optionally, in the Append URL parameters(s) field, enter any additional query parameters that should be added to any of the queries defined under Queries and Mappings.
-
Optionally, in the Security Protocol drop-down list, choose a security protocol to use for an HTTPS connection, for example, TLS 1.2. Your organization may limit the use of one or more of the default available security protocols.
-
Optionally, in the Paging mechanism field, select the type of paging the service uses. Services may result large datasets and will return data in chunks. The Slack collector offers the following options:
- None: Select this option if the service offers no paging and all data is returned.
- Paging marker: Use this option if the response contains a field with an indicator which should be used in the URL for the subsequent call. If the response is truncated (that is, if it does not contain all the requested objects), it will contain an IsTruncated element set to True and a Marker element, whose value needs to be used as a parameter in the URL of the call for the subsequent page.
- Paging URL: Use this option if the response contains a field with a URL for the next page.
- URL parameters: Use this option if the paging must be specified as URL parameters.
When the selected Paging mechanism is Paging marker:
- In the Marker element field, type in the name of the response element, whose value will be used in the subsequent pagination requests to obtain the next set of items if the pagination results are truncated.
- In the Marker parameter field, type in the name of the parameter that will be used in the subsequent pagination requests, with the Marker element value, to obtain the next set of items.
When the selected Paging mechanism is Paging URL:
- In the Paging URL field, specify the JSON field in the response that contains the URL for the next page of data. The collector will continue querying the service until this field is empty.
When the selected Paging mechanism is URL parameters:
- In the URL Parameters field, enter the parameters that must be appended to the query to get the next page of data.
- Optionally, in the Total field field, enter the JSON field in the response that indicates the total amount of records. If this field is not specified, the service will be called until an empty result set is returned.
-
The Timeout in seconds field allows you to specify how long the collector should wait for a response of the Slack service. The default value is set to 3600 seconds (1 hour).
Account rules
Out-of-the box, the Omada Slack connectivity has the following Account rules:
-
Ownership rule - the account owner is set to the identity where the 'Identity unique Id' value of the identity matches the 'Account UID' value of the account. The following list presents fields and their corresponding values:
- Type - Identity lookup
- Join reason - Exact Match
- Account attribute - Account UID
- Identity attribute - Identity's unique ID
-
Classification rule - if an identity with the account attribute 'Identity join reason' Equals 'Exact Match', the account type is set to 'Personal'. The following list presents fields and their corresponding values:
- Account type - Personal
- Scope attribute - Identity join reason
- Scope operator - Equals
- Scope value - Exact Match