Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
HelloID-Conn-Prov-Target-Intus-Inplanning is a target connector. The Intus Inplanning connector facilitates the creation, updating, enabling, and disabling of user accounts in Intus Inplanning. Additionally, it grants and revokes roles as entitlements to the user account.
| Endpoint | Description |
|---|---|
| /api/token | Gets the Token to connect with the api (POST) |
| /api/users/AccountReference | get user based on the account reference (GET) |
| /api/users | creates and updates the user (POST), (PUT) |
The following lifecycle actions are available:
| Action | Description |
|---|---|
| create.ps1 | PowerShell create lifecycle action |
| delete.ps1 | - |
| disable.ps1 | PowerShell disable lifecycle action |
| enable.ps1 | PowerShell enable lifecycle action |
| update.ps1 | PowerShell update lifecycle action |
| grantPermission.ps1 | PowerShell grant lifecycle action |
| revokePermission.ps1 | PowerShell revoke lifecycle action |
| permissions.ps1 | PowerShell permissions lifecycle action |
| resources.ps1 | - |
| configuration.json | Default Configuration.json |
| fieldMapping.json | Default FieldMapping.json |
The correlation configuration is used to specify which properties will be used to match an existing account within Intus-Inplanning to a person in HelloID.
To properly setup the correlation:
-
Open the
Correlationtab. -
Specify the following configuration:
Setting Value Enable correlation TruePerson correlation field Not Supported Account correlation field username
Tip
For more information on correlation, please refer to our correlation documentation pages.
The field mapping can be imported by using the fieldMapping.json file.
The following settings are required to connect to the API.
| Setting | Description | Mandatory |
|---|---|---|
| Client id | The Client id to connect to the API | Yes |
| Client secret | The Client Secret to connect to the API | Yes |
| BaseUrl | The URL to the API | Yes |
- Before using this connector, ensure you have the appropriate Client ID and Client Secret in order to connect to the API.
- Set the number of concurrent actions to 1. Otherwise, the 'get token' operation of one run will interfere with that of another run.
- The username cannot be modified in Intus Inplanning or helloId since it serves as the account reference.
- A user in Intus Inplanning can have multiple roles with the same name. These roles cannot be managed by HelloID. The HelloID connector only supports managing unique role names.
- The creation and update of entitlements utilize the same script, named grant.ps1.
- The connector uses a pre-defined set of entitlements that are created in Intus Inplanning
- The connector exclusively assigns a start date when a new entitlement is appended to an account. The start date remains unaltered when the user's entitlement is subsequently updated.
- The grant script does not establish the end date; instead, the business rules handle the removal of entitlement when it becomes unnecessary. It is possible to modify this process to assign the attribute 'endDate'.
- The permission script employs an inline JSON object to retrieve the permissions. Alternatively, it is possible to obtain this information from a file using the following command:
$jsonPermissions = Get-Content "C:\IntusPermissions.json" | ConvertFrom-Json. Please note that an agent is required to perform this operation. - When working with inline permissions in the permission.ps1 script, utilize the following structure:
[
{
"Admin": {
"role": "Admin",
"resourceGroup": "Company",
"exchangeGroup": "Company",
"shiftGroup": "Diensten",
"worklocationGroup": null,
"userGroup": "n.v.t."
}
}
]- You can utilize a variable within the JSON permissions, such as your own CostCenter, for example. Currently, an example variable named
{{costCenterOwn}}AND{{LocationOwn}}is included in the grant script. You can integrate this variable name into your JSON within the permission script. Additionally, an example is provided in the grant script to substitute the variable with a value from the contract that is 'incondition'. It's important to note that this value must be recognized and established within Intus.
Example of the JSON permissions and the PowerShell code snippet
"resourceGroup": "{{costCenterOwn}}",foreach ($contract in $personContext.Person.Contracts) {
....
$mappedProperty = $contract.CostCenter.Name
foreach ($property in $newRole.PSObject.Properties) {
if ($property.value -eq '{{costCenterOwn}}') {
if ([string]::IsNullOrEmpty($mappedProperty)) {
throw 'Permission expects [{{costCenterOwn}}] to grant the permission the specified cost center is empty'
}
$newRole."$($property.name)" = $mappedProperty
Write-verbose "Replacing property: [$($property.name)] value: [{{costCenterOwn}}] with [$($mappedProperty)]"
}
}
...
}Tip
For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages.
Tip
If you need help, feel free to ask questions on our forum
The official HelloID documentation can be found at: https://docs.helloid.com/