Data provisioning
Prerequisites
If you have chosen one of the template connectors and given it a new name, you will be configuring and saving a copy of the template connector. This means that your version is stored in Omada Identity, so that when Omada rolls out changes to the template connectors, your configurations remain intact in your own version. To use the default preconfigured task mappings, select the use default configuration option while enabling provisioning.
Provisioning configuration
| Parameter | Description |
|---|---|
| Base address | Specify the server address. |
| Entity root | This is optional and is a fragment of the URL that points to provisioned entities, for example, /scim/v1. |
| Content-type header | Choose the format of the content. The default value is application/json. |
| Accept header | The default value is application/json. |
| Authentication mode | The type of authentication to use for the Slack system. Depending on the type of authentication that you choose to use, you may see more or fewer settings. For Slack connectivity, the only supported option is: * OAuth2 – all OAuth mandatory * fields must be completed with proper value. These values can be found in your external vendor’s documentation of your Slack system. |
| Security protocol | Security protocol of your Slack system. |
| Use numeric values | Setting this to true will ensure that intType, longType, and referenceType values in the JSON payload are sent as numeric values and not strings. For referenceType properties the value is only set as a numeric value when the resolved value can be converted to a numeric value. |
| Query address | Here you can enter a base address for querying objects. It is appended to Base URI if specified, for example, http://baseaddress/query |
| Root resource path | This parameter controls the root resource path used when resolving references and object id's. The default value is $.Resources\[0\] as defined in the SCIM standard |
| Test connection | This field is optional. You can check this field to force the collector to test the defined connection before moving froward. |
| Test query | This field only appears if the Test connection field is enabled. Here you can enter an optional test query used to verify the connection. The query must be relative to the base address, e.g., 'Users.' Entering a test query is important for a proper test for authentication methods which doesn't access the target system, e.g., basic authentication or static bearer token. |
OAuth2 authentication
For Slack connectivity, the only supported option is Static token.
Static token grant
OAuth Static Token Provide your OAuth Static Token. This token is required for the Static token grant.
OAuth Static Token Type Provide a custom keyword that will be supplied in front of the static token. For Slack connectivity, the tokens are of Bearer type. If the field is left blank, the default Bearer value is also used.
Data model
The data model for Slack is extensible and consists of two sections: properties and objects.
Properties
The properties section serves as a repository of properties of all objects in the remote system that is subject to provisioning. A single property consists of the following attributes:
| Name | Description |
|---|---|
| name | Unique name of the property. This name must match the property name in the target system. |
| required | Here, you can specify if the property is required or not. |
| dataType | The data type of the property. By default, the type is a string. If this value is set to referenceType, the property will be used to either calculate reference properties or to calculate the object ID value. |
Here, you can see the XML configuration for properties:
<connectorDataModel xmlns="http://schemas.omada.net/ops/2015/ConnectorDataModelML" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" modelNamespace="Slack">
<properties>
<property name="schemas" multiValued="true"/>
<property name="displayName" />
<property name="groupId" />
<property name="externalId" />
<property name="userName" />
<property name="userType" />
<property name="urn:scim:schemas:extension:enterprise:1.0.employeeNumber" />
<property name="urn:scim:schemas:extension:enterprise:1.0.department" />
<property name="urn:scim:schemas:extension:enterprise:1.0.organization" />
<property name="name.givenName" />
<property name="name.familyName" />
<property name="userId" dataType="referenceType" />
<property name="Operations[].op"/>
<property name="Operations[].path"/>
<property name="Operations[].value[].id" dataType="referenceType"/>
<property name="members[].value" dataType="referenceType"/>
<property name="members[].operation"/>
<property name="emails[].value" />
<property name="emails[].type" />
<property name="password" />
<property name="title" />
<property name="active" />
</properties>
Objects
Here, objects refers to a set of objects. Each object has a name property that must match one of the names in task mappings. For more about task mappings, see the Task mappings subchapter of the Omada Identity - Import and Onboarding Guide.
Inside an object, there are two sub nodes: objectDetails and objectProperties. For more information about each, see the following two subchapters.
objectDetails
ObjectDetails are used to provide details about how an object is treated. Each property can also have a reference property as part of its value. The name of the reference property must be in curly brackets, for example:
<objectProperty referenceObject="Profile"
referenceKeyProperty="Id"
referenceLookupProperty="Name">ProfileId</objectProperty>
When a property is used as part of an objectDetail, the property is removed from the JSON body of the HTTP request. If the property is needed for both the object detail and the JSON body, you must make another reference property with a different name.
The Slack Connector issues HTTP requests to the SCIM endpoints of the remote system. These endpoints are defined/calculated relatively and appended to a single baseAddress following the SCIM standards.
If the remote system has a custom SCIM implementation, you can use the objectDetails to define the custom properties in the Slack connector:
| Name | Description |
|---|---|
| VerbForCreate | Use this property if the remote system requires another verb for create operations where the default is POST. |
| VerbForUpdate | Use this property if the remote system requires another verb for update operations where the default is POST. |
| VerbForDelete | Use this property if the remote system requires another delete for update operations where the default is POST. |
objectProperty
The objectProperty element is used to determine a set of properties for an object.
When a property has the data type referenceType, it must have the following attributes:
| Name | Description |
|---|---|
| isKey | A Boolean attribute that defines the key properties. |
| referenceObject | The object to query. |
| referenceKeyProperty | The property of an object that is the result of the query. |
| referenceLookupProperty | A string property that indicates the property in the referenced object to make a lookup against to find the reference object from the task property value. |
Provisioning root properties and elements
In order to correctly provision root properties or elements for custom schemas they need to be correctly specified in the data model. Root properties must be specified in the following way:
urn:scim:schemas:extension:enterprise:1.0:.employeeNumber
Root elements must be specified in the following way:
urn:scim:schemas:extension:enterprise:1.0:.manager.managerId
Task mappings
The Omada Slack Connectivity provides the following mappings out of the box.
Slack Users
| Destination | Operator | Source |
|---|---|---|
| Object Id | Map | ObjectId |
| Object type | Constant | users |
| Operation | Map | Operation |
| userName | Expression | Operation=="Create" ? ROPE_AccountName : null |
| name.givenName | Expression | Operation=="Create" | Operation=="Update" ? ROPE_ATTR_FIRSTNAME : null |
| name.familyName | Expression | Operation=="Create" | Operation=="Update" ? ROPE_ATTR_LASTNAME : null |
| schemas | Expression | Operation=="DeleteIfExists" ? null : "urn:scim:schemas:core:1.0" |
| password | Expression | Operation=="Create" ? ROPE_ATTR_INITIALPASSWORD : null |
| title | Expression | Operation=="Create" | Operation=="Update" ? ROPE_ATTR_JOBTITLE : null |
| active | Expression | Operation=="Create" | Operation=="Update" | Operation=="DeleteIfExists" | Operation=="Delete" ? (ROPE_ATTR_IDENTITYSTATUS == "Terminated" ? "false" : "true") : null |
| userType | Expression | Operation=="Create" ? ROPE_ATTR_IDENTITYCATEGORY : null |
| displayName | Expression | Operation=="Create" ? String.Format("0 1",ROPE_ATTR_FIRSTNAME,ROPE_ATTR_LASTNAME) : null |
| userId | Expression | Operation=="DeleteIfExists" | Operation=="Delete" | Operation=="Update" ? ROPE_AccountName : null |
| emails[].value | Expression | Operation=="Create" | Operation=="Update" ? ROPE_ATTR_EMAIL : null |
| emails[].type | Expression | Operation=="Create" | Operation=="Update" ? "work" : null |
Slack Group Assignments
| Destination | Operator | Source |
|---|---|---|
| Object Id | Map | ROPE_ResourceKey |
| Object type | Constant | Groups |
| Operation | Expression | Operation == "Create" | Operation == "Delete" | Operation == "DeleteIfExists" ? "Update" : Operation |
| members[].operation | Expression | Operation == "Delete" | Operation == "DeleteIfExists" ? "delete" : "add" |
| schemas | Expression | "urn:scim:schemas:core:1.0" |
| members[].value | Map | ROPE_AccountName |