Warning
This connector has not been tested on a ChipSoft-HiX environment in combination with HelloID. Therefore, changes will have to be made accordingly.
Warning
At this point, the security configuration for ChipSoft-HiX is not clear. The API connection itself has no security settings apart from an EV certificate that appears to be a server certificate only. This will need to be addressed before implementing this connector
Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
- HelloID-Conn-Prov-Target-ChipSoft-HiX
HelloID-Conn-Prov-Target-ChipSoft-HiX is a target connector. ChipSoft-HiX provides a SOAP WSDL interface that allow you to programmatically interact with its data. The HelloID connector uses the methods endpoints listed in the table below.
| Message type | Description |
|---|---|
| /nieuwegebruiker.gegevens | Create a new user account. |
| /wijzigengebruiker.gegevens | Modify a user account. |
| /blokkerengebruiker.gegevens | Disable a user account. |
| /deblokkerengebruiker.gegevens | Enable a user account. |
| /aanvraag.zisgebruikers | Retrieve a user account. |
The following lifecycle actions are available:
| Action | Description |
|---|---|
| create.ps1 | PowerShell create lifecycle action |
| delete.ps1 | PowerShell delete lifecycle action |
| disable.ps1 | PowerShell disable lifecycle action |
| enable.ps1 | PowerShell enable lifecycle action |
| update.ps1 | PowerShell update lifecycle action |
| permissions/groups/grantPermission.ps1 | PowerShell groups grant lifecycle action |
| permissions/groups/revokePermission.ps1 | PowerShell groups revoke lifecycle action |
| permissions/groups/permissions.ps1 | PowerShell groups permissions lifecycle action |
| permissions/logingroups/grantPermission.ps1 | PowerShell loginGroups grant lifecycle action |
| permissions/logingroups/revokePermission.ps1 | PowerShell loginGroups revoke lifecycle action |
| permissions/logingroups/permissions.ps1 | PowerShell loginGroups permissions lifecycle action |
| configuration.json | Default configuration.json |
| fieldMapping.json | Default fieldMapping.json |
The correlation configuration is used to specify which properties will be used to match an existing account within ChipSoft-HiX_ to a person in HelloID.
To properly setup the correlation:
-
Open the
Correlationtab. -
Specify the following configuration:
Setting Value Enable correlation TruePerson correlation field PersonContext.Person.UserNameAccount correlation field ldap
Tip
For more information on correlation, please refer to our correlation documentation pages.
The field mapping can be imported by using the fieldMapping.json file.
The following settings are required to connect to the API.
| Setting | Description | Mandatory | Example |
|---|---|---|---|
| BaseUrl | The URL of the ChipSoft Gomez application server. (This address must also include a port number.) | Yes | http://127.0.0.1:12345 |
Because ChipSoft HiX is an application that runs on-premises, the HelloID agent is required in order to use this connector.
At this point, the security configuration for ChipSoft-HiX is not clear. The API connection itself has no security settings apart from an EV certificate that appears to be a server certificate only. This will need to be addressed before implementing this connector.
If a user is updated, the complete object must be send the API. The same applies to groups and loginGroups.
-
The
titlefield can only contain a maximum of 5 characters. -
departmentfield can only contain a maximum of 6 characters.
Tip
For both fields, this is being handled within the fieldMapping by using a complex mapping.
Currently we made the assumption that the gebruikersnaam and ldap properties will both be mapped to the same value. E.g. $personContext.Person.UserName.
Tip
The ldap field is being used by ChipSoft HiX to actually retrieve a user account. This is also the value that's being used for correlation.
To ensure that the grant for groups and the grant for login groups do not interfere with each other, it's necessary to set concurrent actions to 1 for the connector. Otherwise, permissions may be overwritten or not properly assigned.
All requests sent to the ChipSoft-HiX Gomez application server must include a unique identifier. Currently, this identifier is a combination of a GUID and the current timestamp. This will guarantee the id is always unique. This unique identifier will be verified within ChipSoft-HiX. If the numbers match, a response will be send back containing the same number. This number will be verified within the connector.
Tip
For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages.
Tip
If you need help, feel free to ask questions on our forum.
The official HelloID documentation can be found at: https://docs.helloid.com/