Click HERE to see how Saviynt Intelligence is transforming the industry. |
on 04/10/2023 10:46 PM - edited on 05/02/2023 11:18 PM by ManjuKumari
Disclaimer
The integration was either created by Saviynt or by Saviynt community users and verified by Saviynt. The integration is available “as is” and fall under standard connectors support for REST, SOAP, JDBC, LDAP, PowerShell, Jar and Saviynt Connector Framework.
Note: Contributor - Manju Kumari
This guide describes the integration between Saviynt Enterprise Identity Cloud (EIC) and xMatters.
This guide is intended for administrators and target application integration teams responsible for implementing a secure integration service with xMatters.
xMatters is a service reliability platform that helps DevOps, SREs, and operations teams automate workflows, ensure infrastructure and applications are always working, and rapidly deliver products at scale. xMatters code-free workflow builder, adaptive approach to incident management, and real-time performance analytics all support a single goal , the happiness of your customers.
The xMatters connector enables you to seamlessly integrate with xMatters to manage user lifecycle and govern access to their Groups and Roles.
For more information about different connectors in EIC, see Saviynt Enterprise Identity Cloud Connectors.
Note: This guide provides information about using the xMatters REST connector using REST API for performing operations listed in the Supported Features.
The xMatters integration supports the following features:
Software | Version |
EIC | Release v4.5 and later |
You must create an integration between EIC and the collaboration platform hosted by the target application to perform import, provisioning, and deprovisioning tasks. The following components are involved in the integration:
EIC uses a REST connection for integrating with xMatters for importing data and for performing provisioning and deprovisioning tasks. The REST connection uses the SCIM (System for Cross Identity Management) protocol to communicate with the SCIM interface of xMatters.
The following diagram illustrates the integration architecture and communication with the target application
Perform the following steps to Generate & Setup token authentication
Connection refers to the configuration setup for connecting EIC to target applications. For more information about the procedure to create a connection, see Creating a Connection.
While creating a connection, you must specify connection parameters that the connector uses to connect with the target application, define the type of operations to perform, the target application objects against which those operations are performed, and the frequency of performing them. In addition, you can view and edit attribute mappings between EIC and the target application, predefined correlation rules, and provisioning jobs and import jobs.
The connector uses the following parameters for creating a connection and for importing account and access from the target application:
Parameter | Description | Example Configuration | Mandatory? |
|
|
Connection Name | Specify the name to identify the connection. | - | Yes |
|
|
Connection Description | Specify the description for the connection. | - | No |
|
|
Connection Type | · Select the connection type as “xMatters(REST)” · If the “xMatters(REST) connection type is not present in your tenant then import the connection package using T2P · You can also create a new connection with type “REST” and use the JSONS specified in this document. | - | Yes |
|
|
Default SAV Role | Specify this parameter to assign the SAV role for the connection. The SAV role is a role in EIC that assigns specific access to users. This parameter is valid only for importing users. Sample value: User assigned with the ROLE_ADMIN role, has access to all the sections of EIC. | - | No |
|
|
Email Template | Specify this parameter to select an email template for sending notifications. Email templates provide immediate trigger of emails to a user based on actions performed. Email informs user about the action performed and if critical, needs immediate action from the user. | - | No |
|
|
ConnectionJSON | Specify this parameter to create a connection.
Note: Update TOKEN as per your xMatters details. | Use the following format to connect to the xMatters application: {"authentications": { "acctAuth": { "authType": "oauth2", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/oauth2/token", "httpMethod": "POST", "httpParams": { "client_id": "@CLIENT_ID@", "grant_type": "password", "username": "@USERNAME@", "password": "@PASSWORD@" }, "expiryError": "ExpiredAuthenticationToken", "retryFailureStatusCode": [ 401 ], "timeOutError": "Read timed out", "errorPath": "error", "maxRefreshTryCount": 5, "tokenResponsePath": "access_token", "tokenType": "Bearer", "accessToken": "Bearer abcd" } } } |
|
| Yes |
Parameter | Description
| Recommended Configuration | Mandatrory |
AccountEntImport JSON | Specify this parameter to reconcile the accounts and entitlements | Use the following format to import accounts and entitlements using the xMatters application: {"accountParams": { "connection": "acctAuth", "processingType": "SequentialAndIterative", "statusAndThresholdConfig": { "statusColumn": "customproperty15", "activeStatus": [ "true" ], "deleteLinks": true, "accountThresholdValue": 1000, "correlateInactiveAccounts": false, "inactivateAccountsNotInFile": true, "deleteAccEntForActiveAccounts": true }, "call": { "call1": { "callOrder": 0, "stageNumber": 0, "http": { "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/people", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "httpMethod": "GET" }, "listField": "data", "keyField": "accountID", "colsToPropsMap": { "accountID": "id~#~char", "name": "targetName~#~char", "displayName": "username~#~char", "customproperty1": "recipientType~#~char", "customproperty2": "externallyOwned~#~char", "customproperty3": "links[0].self~#~char", "customproperty4": "firstName~#~char", "customproperty5": "lastName~#~char", "customproperty6": "licenseType~#~char", "customproperty7": "language~#~char", "customproperty8": "timezone~#~char", "customproperty9": "webLogin~#~char", "customproperty10": "site[0].id~#~char", "customproperty11": "site[1].name~#~char", "customproperty12": "site[2].links~#~char", "customproperty13": "whenCreated~#~char", "customproperty14": "whenUpdated~#~char", "customproperty15": "active~#~char" }, "pagination": { "offset": { "offsetParam": "offset", "batchParam": "limit", "batchSize": 100, "totalCountPath": "completeResponseMap.total" } } } }, "entitlementParams": { "connection": "acctAuth", "processingType": "SequentialAndIterative", "entTypes": { "Group": { "entTypeOrder": 1, "entTypeLabels": {}, "call": { "call1": { "connection": "acctAuth", "callOrder": 0, "stageNumber": 0, "http": { "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/groups", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "httpMethod": "GET" }, "listField": "data", "keyField": "entitlementID", "colsToPropsMap": { "entitlementID": "id~#~char", "entitlement_value": "targetName~#~char", "customproperty1": "recipientType~#~char", "customproperty2": "status~#~char", "customproperty3": "externallyOwned~#~char", "customproperty4": "allowDuplicates~#~char", "customproperty5": "useDefaultDevices~#~char", "customproperty6": "observedByAll~#~char", "customproperty7": "links.self~#~char", "customproperty8": "created~#~char", "customproperty9": "groupType~#~char", "acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char" }, "pagination": { "offset": { "offsetParam": "offset", "batchParam": "limit", "batchSize": 100, "totalCountPath": "completeResponseMap.total" } }, "disableDeletedEntitlements": true } } }, "Roles": { "entTypeOrder": 2, "entTypeLabels": {}, "call": { "call1": { "connection": "acctAuth", "callOrder": 0, "stageNumber": 0, "http": { "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/roles", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "httpMethod": "GET" }, "listField": "data", "keyField": "entitlementID", "colsToPropsMap": { "entitlementID": "id~#~char", "entitlement_value": "name~#~char", "customproperty1": "description~#~char", "customproperty2": "links.self~#~char" }, "pagination": { "offset": { "offsetParam": "offset", "batchParam": "limit", "batchSize": 100, "totalCountPath": "completeResponseMap.total" } }, "disableDeletedEntitlements": true } } } } }, "acctEntParams": { "connection": "acctAuth", "entTypes": { "Group": { "call": { "call1": { "callOrder": 0, "stageNumber": 0, "processingType": "httpEntToAcct", "http": { "httpHeaders": { "Authorization": "${access_token}" }, "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/groups/${id}/members", "httpContentType": "application/x-www-form-urlencoded", "httpMethod": "GET" }, "listField": "data", "entKeyField": "entitlement_value", "acctIdPath": "member.id", "acctKeyField": "accountID" } } } } } } } |
Yes |
Parameter | Description
| Recommended Configuration | Support for Binding Variables? | Support for Java Ternary Operations? |
CreateAccountJSON | Specify this parameter to create an account in the target application.
| Use the following format to create accounts using the xMatters application: {"accountIdPath": "call1.message.id", "responseColsToPropsMap": { "name": "call1.message.targetName~#~char", "firstname": "call1.message.firstName~#~char", "lastname": "call1.message.lastName~#~char" }, "call": [ { "name": "call1", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/people", "httpMethod": "POST", "httpParams": "{\"targetName\":\"${user.username}\",\"firstName\":\"${user.firstname}\",\"lastName\":\"${user.lastname}\",\"recipientType\":\"PERSON\",\"licenseType\":\"FULL_USER\",\"roles\":[\"Standard User\"]}", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201 ] } } ] } | The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
Update Account JSON | Specify this parameter to update an account in the target application. | Use the following format to update accounts using the xMatters application: {"call": [ { "name": "call1", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/people", "httpMethod": "POST", "httpParams": "{\"id\":\"${account.accountID}\",\"targetName\":\"${user.username}\",\"firstName\":\"${user.firstname}\",\"lastName\":\"${user.lastname}\",\"roles\":[\"Standard User\"]}", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201 ] } } ] } | The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
AddAccessJSON | Specify this parameter to add access to an account.
| Use the following format to add access using the xMatters application: {"call": { "name": "Group", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/groups/${entitlementValue.entitlementID}/members", "httpMethod": "POST", "httpParams": "{\"id\":\"${account.accountID}\",\"recipientType\":\"PERSON\"}", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201 ] } } } | The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
RemoveAccessJSON | Specify this parameter to remove access from an account. | Use the following format to remove access using the Talend application: {"call": [ { "name": "Group", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/groups/${entitlementValue.entitlementID}/members/${account.accountID}", "httpMethod": "DELETE", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201 ] } } ] } | The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
EnableAccountJSON | Specify this parameter to Enable an account in the target application. | Use the following format to update accounts using the Talend application: {"call": [ { "name": "call1", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/people", "httpMethod": "POST", "httpParams": "{\"id\":\"${account.accountID}\",\"status\":\"ACTIVE\"}", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201 ] } } ] }
| The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
DisableAccountJSON | Specify this parameter to Disable an account in the target application. | Use the following format to update accounts using the Talend application: {"call": [ { "name": "call1", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/people", "httpMethod": "POST", "httpParams": "{\"id\":\"${account.accountID}\",\"status\":\"INACTIVE\"}", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201 ] } } ] }
| The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
RemoveAccountJSON | Specify this parameter to remove an account.
| Use the following format to remove an account using the xMatters application: {"call": [ { "name": "call1", "connection": "acctAuth", "url": "https://@HOSTNAME@.xMatters.com/api/xm/1/${account.accountID}", "httpMethod": "DELETE", "httpHeaders": { "Authorization": "${access_token}", "Accept": "application/json" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201, 204 ] } } ] } | The bindings supported are: · ServiceAccountOwnerMap · endpoints · accountName · userManager · approvers · arsTasks/task · managerAccount · password · requestid · response · connection · userAccount · requestAccessAttributes/reqAttrs · businessJustification · user | Yes |
connection package helps you build the connection with pre-defined JSONs, this can be used if your tenant does not already have out of the box connection templates available. Here are the steps to import the xMatters connection package.
The security system represents the connection between EIC and the target application. For more information on creating a security system, see Creating a Security System.
Endpoint refers to the target application used to provision accounts and entitlements (access). For more information on creating an endpoint, see Creating Endpoints.
You can use the xMatters integration for performing import and provisioning operations after configuring it to meet your requirements.
You must apply the following guidelines for configuring import:
You must apply the following guidelines for configuring provisioning:
The import jobs are automatically created in EIC after you create a connection for the xMatters integration. For more information about creating jobs, see Data Jobs.
You must import accounts after the users are available in EIC.
To import accounts:
Provisioning is automatically enabled when a connection is configured. For detailed information about performing provisioning tasks, see Access Request System.
To provision objects to the target application:
When a provisioning job is triggered, it creates provisioning tasks in EIC. When these tasks are completed, the provisioning action is performed on the target application through the connector.
To troubleshoot common problems with connectors, answer frequently asked questions, and provide solutions to a few common issues you might encounter while configuring or working with connectors, see Common Troubleshooting Guide for Connectors.
To troubleshoot common problems or obtain answers for frequently asked questions for REST connectors, see the REST Connector Guide.
Note: Ensure that you record the token expiry duration during the initial token generation. The connection may fail, if the token is not refreshed.