05/18/2023 11:03 PM - edited 05/21/2023 11:04 PM
The integration was either created by Saviynt or by Saviynt community users. The integration is available “as is” and falls under standard connectors support for REST, SOAP, JDBC, LDAP, PowerShell, Jar, and Saviynt Connector Framework.
Contributor - Vedanth B.K
This guide describes the integration between Saviynt Enterprise Identity Cloud (EIC) and Cornerstone.
This guide is intended for administrators and target system integration teams responsible for integrating and importing users from Cornerstone.
Cornerstone provides cloud-based software solutions for human capital management (HCM) and talent management. Their software platform, known as Cornerstone OnDemand, offers a range of tools and modules to help organizations manage various aspects of their workforce, such as recruiting, onboarding, performance management, learning and development, and succession planning. Cornerstone OnDemand aims to support organizations in optimizing their workforce, improving employee engagement, and enhancing talent development.
The REST connector enables you to create an integration with Cornerstone for importing users to Saviynt EIC as an HR Identity source. For more information about different connectors in EIC, see Saviynt Enterprise Identity Cloud Connectors.
Note: This guide provides information about using the Cornerstone (REST-based) connector for performing operations listed in the Supported Features.
The Cornerstone integration supports the following features:
Release v4.5 and later
You must create an integration between EIC and the collaboration platform hosted by the target application to perform import tasks. The following components are involved in the integration:
Cornerstone is the target application that is integrated with the EIC through the REST connector to import the users.
The REST connector enables communication between EIC and the target application. It provides a simplified integration mechanism where in some instances you only need to create a connection with minimal connectivity information for your target application. The REST connector is used for importing users through the REST APIs. For more information about creating a connection, see Creating a Connection.
Job Scheduler is a software component that executes a job based on the configured schedule to perform import operations from EIC. For more information about the jobs used by the connector in the Cornerstone integration.
EIC uses a REST connection for integrating with Cornerstone for importing users. The REST connection uses the REST protocol to communicate with the REST interface of Cornerstone.
The following diagram illustrates the connector architecture and communication with the target application.
Configuring a Connection
If you are a Cornerstone client and would like to use APIs to build integrations for your organization, please submit a purchase inquiry through the Edge Marketplace. To do this, login to your Cornerstone portal and navigate to Admin > Tools > Edge > Marketplace > Search for 'Cornerstone API' > Click on the tile for 'Cornerstone API' > Click 'Purchase Inquiry' > Complete the form and hit 'Submit'. If you need access to the Reporting API, perform the same steps, however, instead of 'Cornerstone API', search for and click on 'Reporting API' in the Edge Marketplace. Note that you must have the 'Edge Marketplace - Manage' security permission to perform these actions.
Every application that you intend to integrate using Cornerstone's APIs and OAuth 2.0 must be registered within the API Management page. You can register multiple applications with Cornerstone to get a distinct client ID and secret for each application.
Login to your Cornerstone portal.
Navigate to Admin > Tools > Edge > API Management.
On the Manage Applications tab, click Register New Application.
Enter your Application Name.
Enter the User ID of an active user in your portal.
In the Access Token Validity Period field, enter the period in seconds for which Cornerstone should issue access tokens for this application. Value should be a valid integer between 300 and 86,400. If no value is entered in this field, Cornerstone will issue access tokens that are valid for 3600 seconds by default (1 hour).
In the Scopes section, select the scopes you want to associate with your application. In Cornerstone, scopes function like an access control list. They control the API endpoints your application has access to and the HTTP operations (GET, POST, PUT, PATCH) your application can perform against those endpoints. For example, if your application only needs access to create and retrieve learning object data from Cornerstone, you should select 'training: write' and 'training: read'. To select scopes,
Click on the 'Modify' button for one of the API products. Alternatively, you can select the checkbox next to Cornerstone API and Reporting API to grant your application access to all the endpoints under those products.
In the pop-up window, you can see the scope names and the corresponding HTTP operation and endpoints. Search for and select the scopes you want to associate with your application. You can select multiple scopes for each application.
Click on 'Save'
Click Register Application.
If the User ID entered is valid, the page refreshes and displays a client ID and client secret. Copy both values and add them to your external application or tool.
For more information check this link.
Connection refers to the configuration setup for connecting EIC to target applications. For more information about the procedure to create a connection, see Creating a Connection.
While creating a connection, you must specify connection parameters that the connector uses to connect with the target application, define the type of operations to perform, the target application objects against which those operations are performed, and the frequency of performing them. In addition, you can view and edit attribute mappings between EIC and the target application.
The connector uses the following parameters for creating a connection and for importing users from the target application:
Specify the name to identify the connection.
Specify the description for the connection.
Select the connection type as REST.
Default SAV Role
Specify this parameter to assign the SAV role for the connection.
The SAV role is a role in EIC that assigns specific access to users.
This parameter is valid only for importing users.
Specify this parameter to select an email template for sending notifications.
Email templates provide immediate triggers of emails to a user based on actions performed. The email informs the user about the action performed and if critical, needs immediate action from the user.
Specify this parameter to create a connection.
Specify this parameter to import the users.
Specify this parameter to update the users.
You can use the Cornerstone integration for performing user import after configuring it to meet your requirements.
To configure import, map all Cornerstone attributes to EIC user attributes using UserImport JSON.
Full User import: When configuring the connection for the first time, first perform the full import to import all existing Users from the target application to EIC. To perform full import, the invoke API gets response from the target application and maps the attributes in the target application with attributes in EIC.
The import jobs are automatically created in EIC after you create a connection for the Cornerstone integration.
To import users:
Specify the connection and import parameters.
Note: Ensure that the connection type is selected as REST.
Configure the User Import via a Connection (UserImportJob) to import users. For more information about creating jobs, see Data Jobs.
To troubleshoot common problems with connectors, answer frequently asked questions, and provide solutions to a few common issues you might encounter while configuring or working with connectors, see Common Troubleshooting Guide for Connectors.
To troubleshoot common problems or obtain answers to frequently asked questions for REST connectors, see the REST Connector Guide.