Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
- HelloID-Conn-Prov-Target-OzoVerbindzorg
HelloID-Conn-Prov-Target-OzoVerbindzorg is a target connector. OzoVerbindzorg provides a set of REST API's that allow you to programmatically interact with its data. The HelloID connector uses the API endpoints listed in the table below.
Endpoint | Description |
---|---|
/Users | User related API calls |
/Groups | Group related API calls |
The following lifecycle actions are available:
Action | Description |
---|---|
create.ps1 | PowerShell create lifecycle action |
delete.ps1 | PowerShell delete lifecycle action |
disable.ps1 | PowerShell disable lifecycle action |
enable.ps1 | PowerShell enable lifecycle action |
update.ps1 | PowerShell update lifecycle action |
permissions/groups/subPermissions.ps1 | PowerShell subPermissions lifecycle action |
configuration.json | Default configuration.json |
fieldMapping.json | Default fieldMapping.json |
The field mapping can be imported by using the fieldMapping.json file.
The following settings are required to connect to the API.
Setting | Description | Mandatory |
---|---|---|
BaseUrl | The URL to the API | Yes |
Secret | The secret to connect to the API | Yes |
User accounts within Ozo are integrated with customers' SCIM services, with all accounts managed through a single endpoint. Internally, these accounts are linked to a specific customer's SCIM service, ensuring that you can only access and retrieve the accounts you are authorized to upon authentication. However, users that already exist within Ozo are not connected to your SCIM service, making it impossible to retrieve existing users. As a result, it is not possible to verify if a specific user account already exists, and therefore, account correlation is unavailable.
Upon creation, if a user account is found with a matching userName
, the user account will be linked to the customers SCIM service and returned by the API allowing you use the id
as the accountReference
.
Warning
If you execute the create action a second time (after the initial linking), a 409-Conflict error will be returned.
The title
field can only be updated. Therefore, within the update lifecycle action, we have a separate process in place that checks if $actionContext.Correlated
is set to $true
. If so, the title
field will be updated using a PATCH call. We chose not to implement this within the create lifecycle action to maintain clarity in each process.
However, its worth noting that the title
field isn't being returned using a GET call. Therefore, within the comparison between the $correlatedAccount
and $actionContext.Data
this property is removed.
This connector uses subPermissions in order to grant/revoke a team. For our initial version we made the assumption that the CostCenter matches with the name of team in OzoVerbindzorg. This can be configured within the subPermissions.ps1 file on line 6.
# Contract permission mapping
$objectKey = 'CostCenter'
$externalIdKey = 'ExternalId'
$nameKey = 'Name'
For certain user properties specified in the fieldmapping, additional mapping is necessary in both the create and update lifecycle actions to generate the final SCIM JSON payload. That also means that the field mapping cannot be modified without making changes to the code.
How to setup the connector in HelloID. Are special settings required. Like the primary manager settings for a source connector.
Tip
For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages.
Tip
If you need help, feel free to ask questions on our forum.
The official HelloID documentation can be found at: https://docs.helloid.com/