Data import
Connection details
| Parameter | Description |
|---|---|
| Endpoint address | Specify the URL of the SOAP service to which the connection is made. |
| Timeout in seconds | Specify the preferred connection timeout for one web service call. It is recommended that timeout is not lower than 180 seconds. If the import is not successful and, in the Import execution details, it is stated that the timeout has been reached at Omada.ODW.SOAPCollector, the user should increase the timeout value. |
| Content-type header value | Type the value of the HTTP content-type header. For SOAP collector, this field should be filled in with “text/xml”. |
| HTTP verb | Specify the HTTP request method used by the collector. For SOAP collector this field should be filled in with “POST”. |
| Authentication type | Choose authentication type which is supported by the target service. The available options are: - Authentication service - Basic |
| Authentication Service URL | The field applies to Authentication service authentication type option. Authentication Service URL |
| Auth request body | The field applies to Authentication service authentication type option. Raw body of the request sent to authentication server to get the access token. Sensitive values should be replaced with the placeholders starting with #SECURE. |
| Placeholders values | The field applies to Authentication service authentication type option. Key value pairs (one per line) for sensitive data used in the request body to get the access token. Define keys using the following pattern: #SECURE1 = MySecurePass123! |
| Include SOAPAction Header | The field applies to Authentication service authentication type option. Enable if you want to attach the SOAPAction header to the request. |
| SOAPAction Header | The field applies to Authentication service authentication type option. SOAPAction header value. It can be empty. |
| Access Token Response XPath | The field applies to Authentication service authentication type option. The XPath to the access token in the authentication reply. |
| Access token header | The field applies to Authentication service authentication type option. Name of the header where the retrieved access token is stored. |
| Access token format | The field applies to Authentication service authentication type option. Define the access token format. The placeholder {accesstoken} will be resolved with the actual value. |
| User | The field applies to Basic authentication type option. Type the username for the target system user used to authenticate connectivity. |
| Password | The field applies to Basic authentication type option. Type the password for the user to authenticate with the service. Each time you make a change to any of the settings in the Connection details dialog box, you must enter the password again. |
| Security protocol | Select the name of the security protocol supported by the external server. It should match the security protocol used in the SOAP system. |
| WS-Security password type | The field applies to Basic authentication type option. Choose “Password Text” if you want to use WS-Security authentication. |
Advanced settings
In Advanced Settings, you can choose to perform full or delta import for the following object types:
- Identities, accounts and resources
- Contexts
- Context assignments
- Context owners
- Identity owners
- Resource assignments and resource parent-child relations
- Resource owners
note
Delta import availability depends on the implementation of delta support in the SOAP-based system.
Queries and mappings
When onboarding a new SOAP system in Omada Identity, you need to set up your own queries. Each query is defined by a set of parameters.
Web method
| Parameter | Description |
|---|---|
| WSDL path | Type the URL path to the target system service to which the query is mapped.This parameter needs to be provided manually before the first import is started. |
| Method | Specify the target system method used to extract data. |
| Request XML | Specify the XML request which will be sent to the target system service.This field is automatically filled in when the system is onboarded, however you need to manually provide the service version in <soapenv:Body>. Pressing the Generate XML button resets this field and populates it with an empty XML template for the user to fill in manually. |
| Response XML | You can use this field to help you fill in the Alias mapping.It is filled in with an empty XML template when the Generate XML button is pressed. |
| XPath | You can use this field to help you fill in the Alias mapping. To get the XPath for the desired element (e.g. identity), in the Response XML field, place your cursor in the same line as the opening tag and after the whole element (after > character).Then press the Get XPath button.The XPath is calculated and placed in the XPath field. |
| Entity node XPath | Specify the collection of nodes that represents the entity that we want to import. |
| Alias mappings | Assign aliases (e.g. “firstname”, “lastname”) to XPath queries used to retrieve SOAP-based system data.These aliases will later be used in SOAP to Omada Identity data mapping (in the Mappings tab). To assign an alias, type in the alias, followed by a colon, followed by the XPath.Each alias needs to be separated by a line break: Variable_name:xpath {newline} You can use either absolute aliases or aliases that are relative to the entity node XPath (so that the full entity node XPath can be replaced by a full stop in the Alias mapping XPath). |
| Filter | This field features a Dynamic Expresso expression that is used for filtering the data imported into Omada Identity.It returns a TRUE/FALSE result for each imported data row.If the expression returns “FALSE” for the given row that row is skipped during import. |
| Description | Type the description of what the query is doing. |
Endpoint detail
| Parameter | Description |
|---|---|
| Endpoint address | Populate this field if you want to specify a different Endpoint address than the one specified in Connection details.If the field is left empty the values from Connection details are used as a default. |
| Content-type header value | Populate this field if you want to specify a different Content-type header value than the one specified in Connection details.If the field is left empty the values from Connection details are used as a default. |
| Include SOAPAction Header | Set to Yes if you want to include SOAPAction Header. |
| SOAPAction Header | If the Include SOAPAction Header setting is configured to Yes, then the SOAPAction Header setting is visible. There are APIs that require configuring this setting, but the field is not mandatory. |
| HTTP verb | Populate this field if you want to specify a different HTTP verb than the one specified in Connection details.If the field is left empty the values from Connection details are used as a default. |
Paging
| Parameter | Description |
|---|---|
| Use paging | Decide whether paging will be used when analyzing target system XML requests and responses.In a newly onboarded system it is by default set to “No”. |
| Paging strategy | Decide whether paging is to be based on the Page number or Next ID approach. |
| First ID XPath (request) | Available for Next ID only. XPath in request XML for the first object ID. |
| Next ID XPath (response) | Available for Next ID only. XPath in response XML for the next object ID. |
| Page number XPath (request) | Available for Page number only. Specify the XPath to page number value in target system request XML. |
| Elements per page XPath (request) | Available for Page number only. Specify the XPath to elements per page value in target system request XML. |
| Current page XPath (response) | Available for Page number only. Specify the XPath to the current page number value in target system response XML. |
| Elements per page XPath (response) | Available for Page number only. Specify the XPath to elements per page value in target system response XML. |
| Total pages XPath (response) | Available for Page number only. Specify the XPath to the current page number value in target system response XML. |
Delta
In the delta tab, you can choose if the given request should use the delta import functionality.
| Parameter | Description |
|---|---|
| Use delta | Select whether to use the delta import mode.If you choose “Yes”, you will need to fill in the two mandatory XPath fields (listed below). |
| Date From XPath | The XPath to the element in the Request containing the initial date for delta import. |
| Date To XPath | The XPath to the element in the Request containing the final date for delta import. |
Mappings
The Mappings tab lists the mappings of HR data from the SOAP-based system to Identity data in Omada Identity. Mappings need to match the names defined in Alias mappings. You can add new mappings. You can also add more fields to existing mappings using the Add extension button.
Task mappings
No standard mappings are provided out of the box. You need to create your own mappings. In order to do this, you also need to create appropriate resource types, and if relevant, attribute sets.
note
If you are building an XML mapping, and you want to introduce multivalued elements (for example, two phone numbers, mobile and landline), the XPath multivalued elements must be followed by :root:. Values for these elements are then filled in by the task mappings in the order in which the data is provided.
Alias mapping
Identity
| Mapped alias | Workday data source |
|---|---|
| UID | ./DEFAULT:Worker_Reference/DEFAULT:ID[@DEFAULT:type='Employee_ID'] |
| Name | ./DEFAULT:Worker_Data/DEFAULT:Personal_Data/DEFAULT:Name_Data/DEFAULT:Preferred_Name_Data/DEFAULT:Name_Detail_Data/@DEFAULT:Formatted_Name |
| FirstName | ./DEFAULT:Worker_Data/DEFAULT:Personal_Data/DEFAULT:Name_Data/DEFAULT:Preferred_Name_Data/DEFAULT:Name_Detail_Data/DEFAULT:First_Name |
| LastName | ./DEFAULT:Worker_Data/DEFAULT:Personal_Data/DEFAULT:Name_Data/DEFAULT:Preferred_Name_Data/DEFAULT:Name_Detail_Data/DEFAULT:Last_Name |
| JobTitle | ./DEFAULT:Worker_Data/DEFAULT:Employment_Data/DEFAULT:Position_Data/DEFAULT:Business_Title |
| Status | ./DEFAULT:Worker_Data/DEFAULT:Employment_Data/DEFAULT:Worker_Status_Data/DEFAULT:Active |
| Country | ./DEFAULT:Worker_Data/DEFAULT:Personal_Data/DEFAULT:Name_Data/DEFAULT:Preferred_Name_Data/DEFAULT:Name_Detail_Data/DEFAULT:Country_Reference/DEFAULT:ID[@DEFAULT:type='ISO_3166-1_Alpha-2_Code'] |
| Company | ./DEFAULT:Worker_Data/DEFAULT:Organization_Data/DEFAULT:Worker_Organization_Data/DEFAULT:Organization_Data[DEFAULT:Organization_Type_Reference/@DEFAULT:Descriptor= 'Company']/DEFAULT:Organization_Name |
| ValidFrom | ./DEFAULT:Worker_Data/DEFAULT:Employment_Data/DEFAULT:Worker_Status_Data/DEFAULT:Hire_Date \ |
| ValidTo | ./DEFAULT:Worker_Data/DEFAULT:Employment_Data/DEFAULT:Worker_Status_Data/DEFAULT:Termination_Date |
| Category | ./DEFAULT:Worker_Reference/DEFAULT:ID[@DEFAULT:type=``<br/><br/>'Employee_ID'] |
./DEFAULT:Worker_Data/DEFAULT:Personal_Data/DEFAULT:Contact_Data/DEFAULT:Email_Address_Data[DEFAULT:Usage_Data/DEFAULT:Type_Data/DEFAULT:Type_Reference/@DEFAULT:Descriptor='Home']/DEFAULT:Email_Address |
Identity owner
| Mapped alias | Workday data source |
|---|---|
| IdentityUID | ./DEFAULT:Worker_Data/DEFAULT:Worker_ID |
| OwnerUID | ./DEFAULT:Worker_Data/DEFAULT:Organization_Data/DEFAULT:Worker_Organization_Data/DEFAULT:Organization_Data/[DEFAULT:Organization_Type_Reference/@DEFAULT:Descriptor='Supervisory']/DEFAULT:Organization_Support_Role_Data/DEFAULT:Organization_Support_Role\[DEFAULT:Organization_Role_Reference/@DEFAULT:Descriptor='Manager']/DEFAULT:Organization_Role_Data/DEFAULT:Worker_Reference/DEFAULT:ID[@DEFAULT:type='Employee_ID'] |
Context
| Mapped alias | Workday data source |
|---|---|
| ID | ./DEFAULT:Organization_Data/DEFAULT:Reference_ID |
| Name | ./DEFAULT:Organization_Data/DEFAULT:Name |
| IncludeManagerInName | ./DEFAULT:Organization_Data/DEFAULT:Include_Manager_in_Name |
| Manager | ./DEFAULT:Organization_Data/DEFAULT:Manager_Reference/@DEFAULT:Descriptor |
| Type | ./DEFAULT:Organization_DataDEFAULT:Organization_Type_Reference/DEFAULT:ID[@DEFAULT:type='Organization_Type_ID'] |
| SubType | ./DEFAULT:Organization_Data/DEFAULT:Organization_Subtype_Reference/DEFAULT:ID[@DEFAULT:type='Organization_Subtype_ID'] |
| ParentID | ./DEFAULT:Organization_Data/DEFAULT:Hierarchy_Data/DEFAULT:Superior_Organization_Reference/DEFAULT:ID[@DEFAULT:type='Organization_Reference_ID'] |
Context owner
| Mapped alias | Workday data source |
|---|---|
| ContextID | ./DEFAULT:Organization_Data/DEFAULT:Reference_ID |
| OwnerID | ./DEFAULT:Organization_Data/DEFAULT:Manager_Reference/DEFAULT:ID[@DEFAULT:type='Employee_ID'] |
Context assignment
| Mapped alias | Workday data source |
|---|---|
| IdentityUID | ./DEFAULT:Worker_Data/DEFAULT:Worker_ID |
| ContextID | ./DEFAULT:Worker_Data/DEFAULT:Organization_Data/DEFAULT:Worker_Organization_Data[DEFAULT:Organization_Data/DEFAULT:Organization_Type_Reference/DEFAULT:ID[@DEFAULT:type='Organization_Type_ID']/text()='Supervisory']/DEFAULT:Organization_Data/DEFAULT:Organization_Reference_ID |
Mapping of resource owners
If you create a query to import resource owners, it is possible to specify the resource's owner in two ways. You can do it either by directly importing the UID of the identity or by specifying the account from which the resolved owner is imported as a resource owner.
When mapping directly to the UID of identity, ensure that identities are already imported to Omada Identity.
When mapping to an owned account, it is possible to either specify the business key of the account or the composed business key. The former should be used if the account is in the same system as the resource. The latter should be used if the account is imported into any of the trusted systems.
note
When the account stems from another system, use a Lookup mapping.