The Webex Teams Connectors supports Provisioning.
- The Provisioning functionalities of this connector enable exporting and importing People, Teams, Roles and Organizations in Webex Teams.
- Functionalities
- Prerequisitess
- Creating the Connected System in the Admin UI
- Creating the Connected System in the Studio
- Using the Connected System for Provisioning
- Connector Supported Data Formats
- Set Filter
- Lookup Data
Functionalities
Provisioning Integration
Data Format |
Export |
Create |
Modify |
Delete |
Trigger |
People |
Yes |
Yes |
Yes |
Yes |
No |
Team |
Yes |
Yes |
Yes |
Yes |
No |
Role |
Yes |
No |
No |
No |
No |
Organization |
Yes |
No |
No |
No |
No |
Prerequisites
The following prerequisites need to be satisfied in order to use Fischer Identity’s Webex Team connector:
- Create a service account.
- Create a user
- Add admin permissions
- Create an Integration.
Create a Service Account
A Webex account with admin privileges is required to configure Fischer Identity’s Webex Teams connector.
Create a User
- Login to Webex control hub with an admin user.
https://admin.webex.com/login - Go to the Users tab on the left navigation pane and Click “Manage Users”.
- Under “Modify Users” click “Manually Add Users” on the left.
This page notifies the admin that an email will be sent to the new user. - Click Next.
- Setup a new user with the service user’s email address.
- Give user permissions to Webex Teams and click Save.
- Click Finish and then go to the service user’s email and follow the instructions on how to setup a password and verify the account.
Add Admin Permissions
- Back on the User page search for the service account and click anywhere on the User’s entry.
- Click Administrator Roles under Roles and Security on the right.
- Set the permissions to Full administrator privileges and click save.
Create Integration
Once the user has been created, verified, and had the correct permissions added, a new app integration must be created.
- Follow this link to create a new integration. Use the service user’s account details to login. https://developer.webex.com/my-apps/new/integration
- Enter the Name, Contact Email, Description and choose an Icon.
- Setup the redirect URI to point to the Fischer Identity instance. The path will be /identity/webexauth. For example, if Fischer Identity is on https://www.myfischer.com the redirect URI would be, https://www.myfischer.com/identity/webexauth.
- Set the integration scopes as shown below. Click Add Integration at the bottom.
- After the Integration is created the page will display the Client Id and Client Secret at the top. If the Client Secret is lost you may regenerate it by returning to this page and clicking the regenerate button.
- Create the Webex Team connector in the Admin UI
Creating the Connected System in the Admin UI
The connected systems detail page is shown below. Only configurations which are specific to Webex Team will be documented below. For an overview of the configuration which are common to all connectors, please refer to our “CONNECTED SYSTEMS GUIDE LINK”.
Connection Information |
|
Service URL |
Webex Team API URL |
Redirect URI |
Redirect URI which was set in the Integration configuration |
Client ID |
The client ID created for the API during Webex Team Integration configuration |
Client Secret |
The client secret created for the API during Webex Team Integration configuration |
Access Token |
Token Object provided through the Get Token button in Admin UI. |
Getting the Access Token
- On the configuration page fill all the other required fields and then click Get Token.
If properly setup, a new popup window should open to the Webex Login Page. - Login with the Service User.
After logging in the page will ask to verify the Integration’s permissions. - Click Accept to continue.
After accepting the permissions, a page will display the Access Token. - Click Copy and then paste the text into the Access Token field in the Admin UI.
- Finally, the connection may be tested with the Test Connection button and saved with the Add button.
Creating the connected system in Studio
You cannot create the connected system through the Studio due to the Access Token setup.
Using the Connected System for Provisioning
Perform these procedures to configure the connector:
- Configuring for Export
- Configuring for Import
- Connector Details for Provisioning
Note: If the number of records to be processed exceeds one thousand, we recommend configuring the workflow to use bulk mode, which lowers the memory consumption of the system by streaming data to files. Because data is streamed for every task, performance of the workflow execution will be decreased due to increased read-write operations. See the Workflow and Connectivity Studio document for details on how to configure bulk mode.
Configuring for Export
Perform these procedures to configure the connector for data export:
- Configuring the Export Connector
- Configuring the Export Link
From the Workflow and Connectivity Studio, select the Webex Team UserExport workflow listed under the projects folder if a workflow does not already exist, create an export workflow. See Workflow and Connectivity Studio for details on creating export workflows.
Configure the Export Connector
- In the Design pane, double-click the export object (the first object after the Start object). The Configure Data Source window displays.
- From the Configure Plug-In tab. Set the properties as required:
Connector Details for Provisioning (Optional) Select the Attributes tab. Only the standard attributes display:
Modify schema attributes using these buttons.Add
Adds additional attributes to the list. The Add New Attribute dialog displays.
Export
Exports schema list to an XML file.
Import
Imports the schema list from an XML file.
Reset Schema
Resets the schema definition to the default schema prepackaged with the IdM Suite, plus any global variable added.
- (Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
- Click OK and save any changes and return to the Workflow and Connectivity Studio window.
Configure the Export Link
In the Design pane, double-click the export link between the export object (the first workflow object after the Start object) and the Data Mapper object. The Configure Link window displays.
Source Attributes
Select the attribute to export
Selected Attributes
Displays default attributes and those attributes that have been selected from the Source Attributes.
Note: The check boxes are used only for delta export operations. These checked attributes will always be exported whether they were changed or not. Usually, the attributes that are selected as mandatory attributes help in identifying or verifying an entry when completing mapping functions.
Format
Displays the Format Date window to specify a data/time format to be applied to the selected date type attribute. During export, the attribute’s value is converted to the specified format. See the Format Date steps below for additional information.
Note:
- The format button is only enabled for date attributes
- The Refresh Schema button on the Configure Data Source window’s Attributes tab must be used to refresh the schema and enable the Format button for date attributes
Advanced Settings
Displays the Configure Attributes window for configuring advanced settings for attributes. See the Configure Attributes window on page 39 for additional information.
- From the Attribute Selection tab, select attributes to export.
- (Optional) Click the Format button to specify a data/time format to be applied to the selected date type attribute. The Format Date window displays.
- Select the include Time check box to add the timestamp with the date
- Select the 24 hour or 12 hour option button and then select the required date/time format.
- Click OK to save the selected format. The configure Link window displays.
- Click Ok to save any changes and return to Workflow and Connectivity Studio window.
- Deploy the workflow by selecting Deploy New Deployment. See the Workflow and Connectivity Studio documentation for details of deployment options.
- Manage and run the deployed workflow from the Admin UI Server tab. See the documentation for details.
Configuring for Import
Perform these procedures to configure the connector for data import:
- Configure the import Connector
- Configure the Import Link
- From the Workflow and Connectivity Studio, select the Webex Team UserAdd, UserModify, or UserDelete workflow listed under the projects folder.
- If a workflow does not already exist, create an import workflow. See the Workflow and Connectivity Studio documentation for details on creating import workflows.
Configuring the Import Connector
- In the design pane, double-click the import object (the last workflow object). The Configure Data Source window displays.
From the Configure Plug-In tab, set these properties as required:
Associated Connected System
Select the connected system from the list. The import operation will be done to this connected system.
Data Formats
Select the type of data format to use.
DynamicConnectedSystem
Select the global variable to use as the dynamic connected system name. This works in conjunction with the DynamicConnectedSystemOption when GlobalVariable is selected.
DynamicConnectedSystemOption
Select how to control Dynamic System Support (DSS):
- None – there will not be any Dynamic System Support.
- Transaction-SystemName – The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
- GlobalVariable – Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
See the Dynamic System Support appendix in the Workflow and Connectivity Studio document for additional information.
- (Optional) Select the Attributes tab. Only standard attributes display.
Modify Schema attributes with the buttons at the bottom. - (Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Import Link
In the design pane, double-click the import link between the import link between the Data Mapper object and the import object (the last workflow object). The Configure Link window displays:
Source Attributes
Select the attributes to import.
Check for attribute-level auditing
If auditing is enabled and these attributes below are checked, Provisioning will log all events for auditing purposes.
Select Attributes
Displays default attributes and those attributes that have been selected from the source Attributes. Note: The default attributes are those that are commonly used to create a new user.
Advanced Settings
Displays the Configure Attributes window for configuring advanced settings for attributes. Under the Encrypted column, check the box of any attribute that needs to be encrypted.
Under the Diff With Target column, check the box of any attribute to update using differencing ( DiffWithTarget, AddDiffWithTarget and RemoveDiffWithTarget).
Audit Key
Select the attribute to associate with the Audit Key.
- From the Attribute Selection tab, select attributes to import.
- From the Attribute Selection tab, select attributes to import.
- (Optional) Select the Appearance tab to change how the link displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
- Deploy the workflow by selecting Deploy New Deployment. See the Workflow and Connectivity Studio for details of deployment options.
- Manage and run the deployed workflow from the Admin UI Server tab. See the Identity Suite Administration documentation for details.
Connector Supported Data Formats
People Data Format
This data format can be used in import mode to manage people in Webex Team.
The items in the MV (Multiple values), Export, Create, Modify, and Delete columns have these meanings:
- Y = Yes (Attribute is supported for this operation)
- N = No (Attribute is not supported for this operation)
- Y* = Required (attribute is mandatory for this operation)
- NA = Not Applicable
Name |
MV |
Export |
Create |
Modify |
Delete |
Description |
Avatar |
N |
Y |
Y |
Y |
N |
The URL to the person's avatar in PNG format. |
Created |
N |
Y |
N |
N |
N |
The date and time the person was created. |
DisplayName |
N |
Y |
Y |
Y |
N |
The full name of the person. In filtering this will list people whose name starts with this string. |
N |
Y |
N |
N |
N |
Filter attribute only, used to find a person by Email. |
|
Emails |
N |
Y |
Y* |
Y |
N |
The email addresses of the person. Used to create a new person, currently the API only supports one email per person. |
ID |
N |
Y |
N |
Y* |
Y* |
A unique identifier for the person. Up to 85 IDs are accepted for filtering. If using “GetById” it will accept a single ID. |
FirstName |
N |
Y |
Y |
Y |
N |
The first name of the person. |
LastName |
N |
Y |
Y |
Y |
N |
The last name of the person. |
NickName |
N |
Y |
N |
N |
N |
The nickname of the person if configured. If no nickname is configured for the person, this field will not be present. |
InvitePending |
N |
Y |
N |
N |
N |
Whether or not an invite is pending for the user to complete account activation. |
LastActivity |
N |
Y |
N |
N |
N |
The date and time of the person's last activity within Webex Teams. |
LastModified |
N |
Y |
N |
N |
N |
The date and time the person was last changed. |
Licenses |
Y |
Y |
Y |
Y |
N |
An array of license strings allocated to this person. |
LoginEnabled |
N |
Y |
N |
N |
N |
Whether or not the user is allowed to use Webex Teams. |
OrgID |
N |
Y |
Y |
Y |
N |
The ID of the organization to which this person belongs. Can filter by OrgID but only service accounts setup as an admin user of another organization may use this parameter. |
Roles |
Y |
Y |
Y |
Y |
N |
An array of role strings representing the roles to which this person belongs. |
PhoneNumbers |
Y |
Y |
N |
N |
N |
Phone numbers for the person. |
Status |
N |
Y |
N |
N |
N |
The current presence status of the person, such as Active or DoNotDisturb |
Timezone |
N |
Y |
N |
N |
N |
The time zone of the person if configured. If no timezone is configured on the account, this field will not be present |
Type |
N |
Y |
N |
N |
N |
The type of person account, such as person or bot. |
Important:
- Currently emails only supports one email address per person in both the connector and API.
- Phone numbers is an array of objects containing phone type and phone numbers.
Team Data Format
We can use this data format in import mode to manage Teams and Team Memberships. Teams are groups of people with a set of rooms that are visible to all members of that team and Team Memberships represent a person's relationship to a team. Team management includes add/modify/delete. Team management’s modification action changes Team Memberships. The modify actions include add/replace/delete. The replace action is a delta process so every new record in the record set will be added, every existing record will remain, and every missing record will be deleted.
The items in the MV (Multiple values), Export, Create, Modify, and Delete columns have these meanings:
- Y = Yes (Attribute is supported for this operation)
- N = No (Attribute is not supported for this operation)
- Y* = Required (attribute is mandatory for this operation)
- Y** = Required for Team Membership Operations
- NA = Not Applicable
Name |
MV |
Export |
Create |
Modify |
Delete |
Description |
TeamID |
N |
Y |
Y** |
Y* |
Y* |
A unique identifier for the team. Required to filter by team ID and to create a team membership. Not supported for Team Creation since the API generates this ID. |
Name |
N |
Y |
Y* |
Y |
N |
Team Name, only parameter that can be created or updated for teams if not modifying memberships |
Created |
N |
Y |
N |
N |
N |
The date and time the team was created. |
TeamMembership-> ID |
Y |
Y |
N |
Y |
Y** |
A unique identifier for the team membership. Required for team membership delete. Can be used with modify with modifyType set to replace. |
TeamMembership-> TeamID |
Y |
Y |
N |
N |
N |
Same value as the TeamID. |
TeamMembership-> PersonID |
Y |
Y |
Y** |
Y |
N |
A PersonID which is a unique identifier for the person. |
TeamMembership-> PersonEmail |
Y |
Y |
Y** |
Y |
N |
The email address of the person. |
TeamMembership-> PersonDisplayName |
Y |
Y |
N |
N |
N |
The display name of the person. |
TeamMembership-> PersonOrgId |
Y |
Y |
N |
N |
N |
The organization ID of the person. |
TeamMembership-> isModerator |
Y |
Y |
Y |
Y |
N |
Whether or not the participant is a team moderator. |
TeamMembership-> created |
Y |
Y |
N |
N |
N |
The date and time when the team membership was created. |
Important:
- Due to limitations of the API the service user must be a member of the team to be able to perform actions, including export.
- If the team was created by the service user, the service account user will automatically be added as a team member.
- The team membership attribute is an array of team membership objects.
- Modify Replace action is a delta operation and will not remove moderator team members.
- Delta action refers to if a team has users A and E and users A, B, C, D are passed then the connector will remove user E and add users B, C, and D.
- Cannot remove the final moderator in the team without removing all other team members.
- Removing every team member will delete the team.
- To create a team membership either PersonID or PersonEmail must be passed along with TeamID, if both attributes are passed the membership will be created using the PersonID.
Organization Data Format
We can use this data format to export organizations and the people associated with the organization.
The items in the MV (Multiple values), Export, Create, Modify, and Delete columns have these meanings:
- Y = Yes (Attribute is supported for this operation)
- N = No (Attribute is not supported for this operation)
- Y* = Required (attribute is mandatory for this operation)
- NA = Not Applicable
Name |
MV |
Export |
Create |
Modify |
Delete |
Description |
OrgID |
N |
Y |
N |
Y* |
Y* |
A unique identifier for the organization. |
Name |
N |
Y |
Y* |
Y* |
N |
Organization Name |
Created |
N |
Y |
N |
N |
N |
The date and time the organization was created. |
Person-> Avatar |
Y |
Y |
N |
N |
N |
The URL to the person's avatar in PNG format. |
Person-> Created |
Y |
Y |
N |
N |
N |
The date and time the person was created. |
Person-> DisplayName |
Y |
Y |
N |
N |
N |
The full name of the person. |
Person-> Emails |
Y |
Y |
N |
N |
N |
The email addresses of the person. |
Person-> FirstName |
Y |
Y |
N |
N |
N |
The first name of the person. |
Person-> LastName |
Y |
Y |
N |
N |
N |
The last name of the person. |
Person-> NickName |
Y |
Y |
N |
N |
N |
The nickname of the person if configured. If no nickname is configured for the person, this field will not be present. |
Person-> ID |
Y |
Y |
N |
N |
N |
A unique identifier for the person. |
Person-> InvitePending |
Y |
Y |
N |
N |
N |
Whether or not an invite is pending for the user to complete account activation. |
Person-> LastActivity |
Y |
Y |
N |
N |
N |
The date and time of the person's last activity within Webex Teams. |
Person-> LastModified |
Y |
Y |
N |
N |
N |
The date and time the person was last changed. |
Person-> Licenses |
Y |
Y |
N |
N |
N |
An array of license strings allocated to this person. |
Person-> LoginEnabled |
Y |
Y |
N |
N |
N |
Whether or not the user is allowed to use Webex Teams. |
Person-> OrgID |
Y |
Y |
N |
N |
N |
Same as OrgID |
Person-> PhoneNumbers |
Y |
Y |
N |
N |
N |
Phone numbers for the person. |
Person-> Roles |
Y |
Y |
N |
N |
N |
An array of role strings representing the roles to which this person belongs. |
Person-> Status |
Y |
Y |
N |
N |
N |
The current presence status of the person, such as Active or DoNotDisturb |
Person-> TimeZone |
Y |
Y |
N |
N |
N |
The time zone of the person if configured. If no timezone is configured on the account, this field will not be present. |
Person-> Type |
Y |
Y |
N |
N |
N |
The type of person account, such as person or bot. |
Role Data Format
The items in the MV (Multiple values), Export, Create, Modify, and Delete columns have these meanings:
- Y = Yes (Attribute is supported for this operation)
- N = No (Attribute is not supported for this operation)
- Y* = Required (attribute is mandatory for this operation)
- NA = Not Applicable
Name |
MV |
Export |
Create |
Modify |
Delete |
Description |
RoleId |
N |
Y |
N |
Y |
Y |
A unique identifier for the team. |
Name |
N |
Y |
Y* |
Y |
N |
Role Name |
Person-> Avatar |
Y |
Y |
N |
N |
N |
A unique identifier for the team membership. |
Person-> Created |
Y |
Y |
N |
N |
N |
The date and time the person was created. |
Person-> DisplayName |
Y |
Y |
N |
N |
N |
The full name of the person. |
Person-> Emails |
Y |
Y |
N |
N |
N |
The email addresses of the person. |
Person-> FirstName |
Y |
Y |
N |
N |
N |
The first name of the person. |
Person-> LastName |
Y |
Y |
N |
N |
N |
The last name of the person. |
Person-> NickName |
Y |
Y |
N |
N |
N |
The nickname of the person if configured. If no nickname is configured for the person, this field will not be present. |
Person-> ID |
Y |
Y |
N |
N |
N |
A unique identifier for the person. |
Person-> InvitePending |
Y |
Y |
N |
N |
N |
Whether or not an invite is pending for the user to complete account activation. |
Person-> LastActivity |
Y |
Y |
N |
N |
N |
The date and time of the person's last activity within Webex Teams. |
Person-> LastModified |
Y |
Y |
N |
N |
N |
The date and time the person was last changed. |
Person-> Licenses |
Y |
Y |
N |
N |
N |
An array of license strings allocated to this person. |
Person-> LoginEnabled |
Y |
Y |
N |
N |
N |
Whether or not the user is allowed to use Webex Teams. |
Person-> OrgID |
Y |
Y |
N |
N |
N |
Same as OrgID |
Person-> PhoneNumbers |
Y |
Y |
N |
N |
N |
Phone numbers for the person. |
Person-> Roles |
Y |
Y |
N |
N |
N |
An array of role strings representing the roles to which this person belongs. |
Person-> Status |
Y |
Y |
N |
N |
N |
The current presence status of the person, such as Active or DoNotDisturb |
Person-> TimeZone |
Y |
Y |
N |
N |
N |
The time zone of the person if configured. If no timezone is configured on the account, this field will not be present. |
Person-> Type |
Y |
Y |
N |
N |
N |
The type of person account, such as person or bot. |
Set Filter
In order to get specific data from the connected system, use the Filter export option. Filtering can be used during Lookup as shown in the next section.
Select the Filter option from the Export connector screen. Then click Set Filter. The below screen will be displayed.
The Attribute list shows attributes which are available for filtering for the selected data format. Attributes are specific for the data format. Organization, Role, and Team data formats can only filter by ID.
The value will be used to do the filtering in conjunction with the comparison operator. The value is validated against a regex expression and has to follow the “a-zA-Z0-9 ~`.,!%$^#&?=\\-+{}\\[\\]<>|;:'\"_@” pattern.
The Condition List displays the filtering conditions being configured.
- Add will add the configured condition to the list of conditions
- Delete will delete the highlighted condition from the list of conditions
- Clear will clear the list of conditions
Every condition added to the list of conditions is considered as an AND operation. In the People data format up to 85 IDs may be passed to the condition list. ID may not be used with other filter conditions.
The Filter Syntax field will be populated as conditions are added to the list. The filter can be modified or created manually by checking the Edit Filter Manually check box.
IMPORTANT: All attributes except for DisplayName use the Equal to operator. DisplayName uses the Contains operator and must be at least 3 characters in length.
Lookup Data
To filter data, use the Lookup Data map rule.
- Log in the Workflow and Connectivity studio and double-click the Data Mapper object on the Design pane. The Configure Data Mapper window displays.
- Select the Lookup Data rule under the Mapping Rule column and then click the Source Value.
The Configure Lookup window displays. - Select the Webex Team system from the Select System drop-down list.
- In the Enter Lookup Prefix field, enter the prefix to be added to the Lookup fields.
- Select the Lookup Type (People, Team, Organization, Role) from the drop-down list.
- Select the lookup method (i.e. By RecID or By Filter) for the lookup type.
- Selecting “By RecID” will change the field below to RecID. Clicking the Pick button will open a dialog where either the variable which stores the ID can be selected or a literal may be passed.
- Selecting “By Filter” the next field will change to Filter. Clicking the Build button will bring up the filter dialog. The filter usage is explained above in the “Set Filter” section.
- The Fields section is used to define the attributes to be exported from the lookup. Select the Exit as Mapper Task Failed on Lookup Failure checkbox to exit the task with a Failed status on lookup failure. It will not process the succeeding entries and will ignore the already processed entries and will not return any data. This is selected by default.
- Click Ok.