We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.
No ratings
Vedanth_BK
Saviynt Employee
Saviynt Employee

Disclaimer

The integration was either created by Saviynt or by Saviynt community users. The integration is available “as is” and falls under standard connectors support for REST, SOAP, JDBC, LDAP, PowerShell, Jar, and Saviynt Connector Framework.

Note: Contributor - Sai Srungaram, Vedanth B.K

 

Preface

This guide describes the integration between Saviynt Enterprise Identity Cloud (EIC) and Freshteam.

Audience

This guide is intended for administrators and target system integration teams responsible for integrating and importing users from Freshteams.

Introduction

Freshteam is the smart HR software for growing businesses. With Freshteam, you can attract, hire and onboard new hires, offboard exiting employees, manage employee information, and time off - all in one place. The REST connector enables you to create an integration with Freshteam for importing users to Saviynt EIC as HR Identity source.

For more information about different connectors in EIC, see Saviynt Enterprise Identity Cloud Connectors.

Note: This guide provides information about using the Freshteam (REST-based) connector for performing operations listed in the Supported Features.

Supported Features

The Freshteam integration supports the following features:

freshteams_features.png

Supported Software Versions

 

Software

Version

EIC

Release v4.5 and later

 

Understanding the Integration between EIC and Freshteam

You must create an integration between EIC and the collaboration platform hosted by the target application to perform import tasks. The following components are involved in the integration:

·        Freshteam is the trusted application that is integrated into the EIC through the connector to import the users.

·        Connector is a software component that enables the communication between EIC and the target application. It provides a simplified integration mechanism where in some instances you only need to create a connection with minimal connectivity information for your target application. The REST connector is used for importing users through the REST APIs. For more information about creating a connection, see Creating a Connection.

·        Job Scheduler is a software component that executes a job based on the configured schedule to perform import operations from EIC. For more information about the jobs used by the connector in the Freshteam integration,.

Integration Architecture

EIC uses a REST connection for integrating with Freshteam for importing users. The REST connection uses the REST protocol to communicate with the REST interface of Freshteam. 

The following diagram illustrates the connector architecture and communication with the target application. 

 

FRESHTEAM_ARCH_SS.png

Figure: Freshteam Integration Architecture

Configuring a Connection

Prerequisites

An Access token is used in the configuration parameters of the REST connector for importing data.

Perform the following steps to generate an access token for the Freshteam application:

  1. Login to your Freshteam account(admin).

  2. In the Profile drop-down list, select API Key.

 

Freshteam_APIKEY1.png

 

3. The token appears in a pop-up window. Copy the access token. You will use this token while creating a REST connection in the ConnectionJSON parameter.

 

FreshteamsAPI2.png

 

Creating a Connection

Connection refers to the configuration setup for connecting EIC to target applications. For more information about the procedure to create a connection, see Creating a Connection.

Understanding the Configuration Parameters

While creating a connection, you must specify connection parameters that the connector uses to connect with the target application, define the type of operations to perform, the target application objects against which those operations are performed, and the frequency of performing them. In addition, you can view and edit attribute mappings between EIC and the target application.

Configuration Parameters for User Import

The connector uses the following parameters for creating a connection and for importing users from the target application:

Connection Parameters
 

Parameter

Description

Example Configuration

Mandatory?

Connection Name 

Specify the name to identify the connection.

-

Yes

Connection Description

Specify the description for the connection.

-

No

Connection Type

Select the connection type as REST.

-

Yes

Default SAV Role 

Specify this parameter to assign the SAV role for the connection.

The SAV role is a role in EIC that assigns specific access to users.

This parameter is valid only for importing users.

Sample value: User assigned with the ROLE_ADMIN role, has access to all the sections of EIC.

-

No

Email Template

Specify this parameter to select an email template for sending notifications.

Email templates provide immediate trigger of emails to a user based on actions performed. Email informs user about the action performed and if critical, needs immediate action from the user.

-

No

ConnectionJSON

Specify this parameter to create a connection.

 

 

Use the following format to connect to the Freshteam application:

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "@@HOST_URL@@",
"authError": [
"InvalidAuthenticationToken",
"invalid_token",
"Invalid access token"
],
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "@@API_KEY",
"retryFailureStatusCode": [
401,
403
]
}
}
}

Yes

 
Import Parameters
 

Parameter

Description

Recommended Configuration

Mandatory?

UserImport JSON

Specify this parameter to import the users.

Use the following format to import users using the Freshteam application:

{
"connection": "userAuth",
"url": "@@HOST_URL@@/api/employees",
"httpMethod": "GET",
"httpHeaders": {
"contentType": "application/json",
"Authorization": "${access_token}"
},
"colsToPropsMap": {
"username": "employee_id~#~char",
"statuskey": "status~#~char",
"lastname": "last_name~#~char",
"firstname": "first_name~#~char",
"middlename": "middle_name~#~char",
"customproperty2": "official_email~#~char",
"secondaryemail": "personal_email~#~char",
"employeeid": "employee_id~#~char",
"employeetype": "employee_type~#~char",
"title": "designation~#~char",
"startdate": "joining_date~#~char",
"enddate": "termination_date~#~char",
"departmentnumber": "department_id~#~char",
"city": "address.city~#~char",
"customproperty1": "id~#~char"
},
"userResponsePath": "",
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.toString().contains('link')?headers?.link?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():null}"
}
}
}

 

Yes

 
Configuration Parameter for Provisioning
 

Parameter

Description

 

Recommended Configuration

Support for Binding Variables?

Support for Java Ternary Operations?

UpdateUserJSON

Specify this parameter to Update a user in the target application.

 

Use the following format to Update a User using the Freshteam application:

{
"actions": {
"Update Login": {
"call": [
{
"name": "Update Login",
"connection": "userAuth",
"url": "@@HOST_URL@@/api/employees/${user.customproperty1}",
"httpMethod": "PUT",
"httpParams": "{\"official_email\":\"${user.email}\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": 200
}
}
]
}
}
}

NOTE: To update the back user to the HR source, please create a security System and Endpoint and respective Update rule Policies for Freshteam and run the provisioning Job without any filter in place.

The bindings supported are:

  • user

  • response

  • userAccount

  • userManager

  • connection

  • account

  • arsTasks

Yes

 

Importing Connection Package

The connection package helps you build the connection with pre-defined JSONs, this can be used if your tenant does not already have out-of-the-box connection templates available. Here are the steps to import the Freshteam connection package.

  • Download the connection package.

  • Navigate to Admin → Transport → select Import Package.

  • Browse the downloaded package and Import.

  • Navigate to Admin → Connections → Select “Freshteam” Connection.

  • Edit the connection with your Freshteam tenant details.

Using the Freshteam Integration

You can use the Freshteam integration for performing user import after configuring it to meet your requirements. 

Guidelines for Using the Integration

To configure import, map all Freshteam attributes to EIC user attributes using UserImport JSON.

Configuring Import Operations

Full User import: When configuring the connection for the first time, first perform full import to import all existing Users from the target application to EIC. To perform full import, the invoke API gets response from the target application and maps the attributes in the target application with attributes in EIC.

The import jobs are automatically created in EIC after you create a connection for the Freshteam integration.

To import users: 

  1. Specify the connection and import parameters. For more information, see Configuration Parameters for User Import.
    Note: Ensure that the connection type is selected as REST.

  1. Configure the User Import via a Connection (UserImportJob) to import users. For more information about creating jobs, see Data Jobs.

 

Configuring Provisioning

Provisioning is automatically enabled when a connection is configured. For detailed information about performing provisioning tasks, see Access Request System.

To provision objects to the target application:

  1. Specify the connection and provisioning parameters. 
    Note: Ensure that the connection type is selected as REST.

  2. Configure the Provisioning job (WSRETRY). For more information, see Provisioning Jobs.

When a provisioning job is triggered, it creates provisioning tasks in EIC. When these tasks are completed, the provisioning action is performed on the target application through the connector.

Troubleshooting

To troubleshoot common problems with connectors, answer frequently asked questions, and provide solutions to a few common issues you might encounter while configuring or working with connectors, see Common Troubleshooting Guide for Connectors.

To troubleshoot common problems or obtain answers to frequently asked questions for REST connectors, see the REST Connector Guide.

Note: Ensure that you record the token expiry duration during the initial token generation. The connection may fail if the token is not refreshed.

Version history
Last update:
‎05/05/2023 09:01 AM
Updated by: