--- title: Adobe Admin Console connector description: The Adobe admin console connector allows you to manage users and groups, as well as manage user group memberships between the Adobe admin console and IDM. You need an administrator account. component: openicf page_id: openicf:connector-reference:adobe-admin-console canonical_url: https://docs.pingidentity.com/openicf/connector-reference/adobe-admin-console.html section_ids: before_you_start: Before you start install_the_adobe_admin_console_connector: Install the Adobe Admin Console connector configure_the_adobe_admin_console_connector: Configure the Adobe Admin Console connector config-connection-pooling-adobe-admin: Configure connection pooling mapping: Mapping test_the_adobe_admin_console_connector: Test the Adobe Admin Console connector ADOBE_USERS: User create_user: Create user get_users: Get Users get_user: Get user get_users_type: Get users type update_user: Update user delete_user: Delete user ADOBE_GROUPS: GROUPS create_group: Create group get_groups: Get groups get_group: Get group update_a_group: Update a group delete_a_group: Delete a group implemented-interfaces-org-forgerock-openicf-connectors-adobe-AdobeConnector-1.5.20.34: OpenICF Interfaces Implemented by the Adobe Admin Console Connector config-properties-org-forgerock-openicf-connectors-adobe-AdobeConnector-1.5.20.34: Adobe Admin Console Connector Configuration basic-configuration-properties-org-forgerock-openicf-connectors-adobe-AdobeConnector-1.5.20.34: Basic Configuration Properties --- # Adobe Admin Console connector | | | | - | ------------------------------------------------------------ | | | This is a [SaaS common connector](preface.html#saas-common). | The Adobe admin console connector allows you to manage users and groups, as well as manage user group memberships between the Adobe admin console and IDM. You need an administrator account. ## Before you start 1. Create an [Adobe Admin Console developer account](https://developer.adobe.com/console/home/). 2. Create a new project. Add User Management API, choose the type of authentication OAuth server-to-server 3. From the credentials tab, get the client\_id, client\_secret, orgId, and scope. ## Install the Adobe Admin Console connector | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To check for an Advanced Identity Cloud application for this connector, refer to:- [Application management](https://docs.pingidentity.com/pingoneaic/latest/app-management/applications.html) - [App catalog](https://docs.pingidentity.com/pingoneaic/latest/app-management/app-catalog.html) | You can download any connector from [Backstage](https://backstage.forgerock.com/downloads/browse/idm/featured/connectors), but some are included in the default deployment for Advanced Identity Cloud, IDM, or RCS. When using an included connector, you can skip installing it and move directly to configuration. **Connector included in default deployment** | Connector | IDM | RCS | | ----------------------------------------------- | ----------------------- | ----------------------- | | [Adobe Admin Console](adobe-admin-console.html) | [icon: times, set=fa]No | [icon: times, set=fa]No | Download the connector .jar file from [Backstage](https://backstage.forgerock.com/downloads/browse/idm/featured/connectors). * If you're running the connector locally, place it in the `/path/to/openidm/connectors` directory, for example: ``` mv ~/Downloads/adobe-connector-1.5.20.34.jar /path/to/openidm/connectors/ ``` * If you're using a remote connector server (RCS), place it in the `/path/to/openicf/connectors` directory on the RCS. ## Configure the Adobe Admin Console connector Create a connector configuration using the IDM admin UI: 1. From the navigation bar, click Configure > Connectors. 2. On the Connectors page, click New Connector. 3. On the New Connector page, type a Connector Name. 4. From the Connector Type list, select Adobe Admin Console Connector - 1.5.20.34. 5. Complete the Base Connector Details and any applicable Additional Options. | | | | - | ------------------------------------------------------------------------------------------------------------------------------ | | | For a list of all configuration properties, refer to [Adobe Admin Console Connector Configuration](#adobe-config-prop-ezLink). | 6. Click Save. When your connector is configured correctly, the connector displays as Active in the admin UI. Refer to [this procedure](configure-connector.html#connector-wiz-REST) to create a connector configuration over REST. > **Collapse: Base Connector Details** > > * `Adobe User Management API Endpoint` : https\://usermanagement.adobe.io/v2 > > * `Use Basic Auth For OAuth Token Neg` : `true` | `false` > > * `Max connections`: Max size of the http connection pool used. Defaults to `10`. > > * `Connection Timeout (seconds)`: Defines a timeout for the underlying http connection in seconds. Defaults to `30`. > **Collapse: Authentication** > > * `Token Endpoint`: https\://ims-na1.adobelogin.com/ims/token/v3 > > * `Client ID`: Your Client ID. > > * `Client Secret`: Your Client Secret. > > * `Grant type`: client\_credentials > > * `Scope`: openid, AdobeID, user\_management\_sdk > > * `orgId`: Your Organization Id > > | | | > | - | ------------------------------------------------------------ | > | | In the Scope field, the scopes must be separated by a comma. | > **Collapse: Object Types** > > If necessary, add or edit your object types to have these three objects with their properties: > > > **Collapse: ** > > > > | PROPERTY NAME | TYPE | NATIVE TYPE | REQUIRED | > > | ----------------- | ------- | ----------- | -------- | > > | `_id` | String | String | NO | > > | `email` | String | String | YES | > > | `firstname` | String | String | NO | > > | `lastname` | String | String | NO | > > | `status` | String | String | NO | > > | `username` | String | String | NO | > > | `type` | String | String | YES | > > | `orgSpecific` | boolean | boolean | NO | > > | `businessAccount` | boolean | boolean | NO | > > | `country` | String | String | NO | > > | `__GROUPS__` | Array | String | NO | > > > **Collapse: ** > > > > | PROPERTY NAME | TYPE | NATIVE TYPE | REQUIRED | > > | ------------------ | ------- | ----------- | -------- | > > | `_id` | String | String | NO | > > | `groupName` | String | String | YES | > > | `type` | String | String | NO | > > | `adminGroupName` | String | String | NO | > > | `userGroupName` | String | String | NO | > > | `memberCount` | Integer | Integer | NO | > > | `productName` | String | String | NO | > > | `profileGroupName` | String | String | NO | If configuring the connector over REST or through the filesystem, specify the connection details to the Adobe resource provider in the `configurationProperties` for the connector. If you are using OAuth for your connection, the minimum required properties are `scope`, `orgId`, `grantType`, `serviceUri`, `tokenEndpoint`, `clientId`, and `clientSecret`. On startup, IDM encrypts the value of the `clientSecret`. > **Collapse: Sample Configuration** > > ```json > { > "configurationProperties" : { > "tokenExpiration" : null, > "accessToken" : null, > "serviceUri" : "https://usermanagement.adobe.io/v2", > "login" : null, > "password" : null, > "authenticationMethod" : "OAUTH", > "tokenEndpoint" : "https://ims-na1.adobelogin.com/ims/token/v3", > "clientId" : "xxxxxxxxxxxxxxxxxx", > "clientSecret" : "xxxxxxxxxxxxxxxxxx", > "refreshToken" : null, > "authToken" : null, > "acceptSelfSignedCertificates" : false, > "disableHostNameVerifier" : false, > "disableHttpCompression" : false, > "clientCertAlias" : null, > "clientCertPassword" : null, > "maximumConnections" : "10", > "httpProxyHost" : null, > "httpProxyPort" : null, > "httpProxyUsername" : null, > "httpProxyPassword" : null, > "connectionTimeout" : "30", > "grantType" : "client_credentials", > "scope" : "openid, AdobeID, user_management_sdk", > "authorizationTokenPrefix" : "Bearer", > "useBasicAuthForOauthTokenNeg" : true, > "groupReadRateLimit" : "0.09/sec", > "userReadRateLimit" : "0.41/sec", > "writeRateLimit" : "0.16/sec" > } > } > ``` > > | | | > | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | | If throttling problems continue, this guide may be helpful: [Improve reconciliation query performance](https://docs.pingidentity.com/pingidm/8/synchronization-guide/chap-performance.html#recon-query-optimization). | ### Configure connection pooling The Adobe Admin Console connector supports [HTTP pooling](pooling.html#http-pooling), which can substantially improve the performance of the connector. Learn more about the basic connection pooling configuration and different pooling mechanisms described in [Connection pooling configuration](pooling.html). ## Mapping > **Collapse: From Adobe users to IDM Users** > > Attributes Grid: Where the columns represent the attribute name mapped from source to target and the necessary data transformation to synchronize successfully. > > | SOURCE | TARGET | TRANSFORMATION SCRIPT | > | ----------------- | ----------------- | --------------------- | > | `id` | `userId` | N/A | > | `email` | `_id` | N/A | > | `firstname` | `givenName` | N/A | > | `lastname` | `sn` | N/A | > | `type` | `type` | N/A | > | `status` | `status` | N/A | > | `username` | `username` | N/A | > | `country` | `country` | N/A | > | `orgSpecific` | `orgSpecific` | N/A | > | `businessAccount` | `businessAccount` | N/A | > | `__GROUPS__` | `__GROUPS__` | N/A | > **Collapse: From IDM Users to Adobe Users** > > Attributes Grid: Where the columns represent the attribute name mapped from source to target and the necessary data transformation to synchronize successfully. > > | SOURCE | TARGET | TRANSFORMATION SCRIPT | > | ------------ | ------------ | --------------------- | > | `mail` | `email` | N/A | > | `givenName` | `firstname` | N/A | > | `sn` | `lastname` | N/A | > | `type` | `type` | N/A | > | `username` | `username` | N/A | > | `country` | `country` | N/A | > | `__GROUPS__` | `__GROUPS__` | N/A | > **Collapse: From Adobe groups to IDM Groups** > > Attributes Grid: Where the columns represent the attribute name mapped from source to target and the necessary data transformation to synchronize successfully. > > | SOURCE | TARGET | TRANSFORMATION SCRIPT | > | ------------------ | ------------------ | --------------------- | > | `groupId` | `_id` | N/A | > | `groupname` | `groupName` | N/A | > | `type` | `type` | N/A | > | `memberCount` | `memberCount` | N/A | > | `adminGroupName` | `adminGroupName` | N/A | > | `productName` | `productName` | N/A | > | `licenseQuota` | `licenseQuota` | N/A | > | `profileGroupName` | `profileGroupName` | N/A | > **Collapse: From IDM Groups to Adobe groups** > > Attributes Grid: Where the columns represent the attribute name mapped from source to target and the necessary data transformation to synchronize successfully. > > | SOURCE | TARGET | TRANSFORMATION SCRIPT | > | ------------- | ------------- | --------------------- | > | `groupName` | `groupName` | N/A | > | `description` | `description` | N/A | ## Test the Adobe Admin Console connector Test that the connector was configured correctly: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Accept-API-Version: resource=1.0' \ --request POST \ 'http://localhost:8080/system/adobe?_action=test' { "name": "adobe", "enabled": true, "config": "config/provisioner.openicf/adobe", "connectorRef": { "bundleVersion": "1.5.20.34", "bundleName": "org.forgerock.openicf.connectors.adobe-connector", "connectorName": "org.forgerock.openicf.connectors.adobe.AdobeConnector" }, "displayName": "Adobe Admin Console Connector", "objectTypes": [ "__GROUP__", "__ACCOUNT__", "__ALL__", ], "ok": true } ``` ### User #### Create user To create a user, it is necessary to provide *at least* the `email` and `type` fields. The possible values for the `type` field are adobeID, federatedID, and enterpriseID (case insensitive). To add groups or product profiles to a user, you must use the `__GROUPS__` field. To do this, you need to provide the corresponding IDs. The country field of a set cannot be updated. If not sent, it defaults to the country of the domain name. When creating a user, the username field is initially set to be the same as the email address; however, this username field can be modified later through user profile updates: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request POST \ --data '{ "email" : "john.doe@domain1.com", "type" : "adobeID", "firstName" : "John", "lastName" : "Doe", "lastName" : "US", "__GROUPS__" : [ "groupId", "groupId", ] }' \ 'http://localhost:8080/system/adobe/__ACCOUNT__?_action=create' { "_id" : "john.doe@domain1.com", "id" : "userID", "email" : "john.doe@domain1.com", "username" : "john.doe@domain1.com", "orgSpecific": true, "businessAccount": true, "firstName" : "John", "lastname" : "Doe", "type" : "adobeID", "__NAME__" : "john.doe@domain1.com", "status" : "active", "country" : "US", "__GROUPS__" : [ "groupId" "groupId" ] } ``` #### Get Users Retrieve a list of users from Adobe Admin Console. To paginate the results, the parameter pageSize must have a value greater than 1. The size of each page is 2,000 except, for the first page, which can contain fewer results due to technical users not being retrieved. By default, all users are retrieved. ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/adobe/__ACCOUNT__?_queryFilter=true' { "result": [ { "_id": "email@domain1.com", "__GROUPS__": [ "groupId" ], "id": "userID", "country": "US", "email": "email@domain1.com", "orgSpecific": true, "username": "email@domain1.com", "businessAccount": true, "firstname": "John", "__NAME__": "john.doe@domain1.com", "type": "adobeID", "status": "active", "lastname": "Doe" }, /…​ ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Get user Retrieve a user from Adobe Admin Console. The user email must be provided in the URI path. ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/adobe/__ACCOUNT__/USER_EMAIL' { "_id" : "email@domain1.com", "email" : "email@domain1.com", "firstname" : "John", "lastname" : "Doe", "username" : "email@domain1.com", "type" : "adobeID", "status" : "active", "orgSpecific" : true, "businessAccount" : true, "__GROUPS__" : [ "groupId1", "groupId2", ] } ``` #### Get users type Retrieves Adobe users only by displaying `type` and `_id` field. By default, retrieves all users: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/adobe/__ACCOUNT__?_queryFilter=true&_fields=type' { "result": [ { "_id" : "email1@domain.com", "type": "adobeID" { "_id" : "email2@domain.net", "type": "federatedID" }, { "_id" : "email3@domain.org", "type": "enterpriseID" } ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Update user Only enterprise or federated users can be updated. The fields that can be updated are `firstname`, `lastname`, `username`, and `__GROUPS__`. The user email must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request PUT \ --data '{ "firstname" : "Jonny", "lastname" : "Doo", "username" : "jonnydoo", "__GROUPS__" : [ "groupId1", "groupId2", ] }' \ 'http://localhost:8080/system/adobe/__ACCOUNT__/USER_EMAIL' { "_id": "john.doe@domain1.com", "id": "userID", "firstname": "Jonny", "username": "jonnydoo", "lastname": "Doo", "email": "john.doe@domain1.com", "orgSpecific": true, "status": "active", "businessAccount": true, "country": "US", "type": "federatedID", "__NAME__": "userjd", "__GROUPS__": [ "groupId1", "groupId2" ] } ``` #### Delete user Delete a user from the Adobe organization. The user email must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request DELETE \ 'http://localhost:8080/openidm/system/adobe/__ACCOUNT__/USER_EMAIL' { "_id": "john.doe@domain1.com", "id": "946F1E3A65DDEA2A0A495CEB@196c1e336579f87e495faa.e", "firstname": "John", "username": "userjd", "lastname": "Doe", "email": "john.doe@domain1.com", "orgSpecific": true, "status": "active", "businessAccount": true, "country": "US", "type": "federatedID", "__NAME__": "userjd", "__GROUPS__": [ "groupId" ] } ``` ### GROUPS #### Create group To create a group, it's necessary to *at least* provide `groupName` field. The `description` field is optional and isn't returned. It's only visible from the Adobe web interface console: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request POST \ --data '{ "groupName" : "group name", "description" : "group description" }' \ 'http://localhost:8080/openidm/system/adobe/__GROUP__?_action=create' { "_id" : "groupId", "__NAME__" : "groupId", } ``` #### Get groups Retrieve a list of groups. To paginate the results the pageSize parameter value must be greater than 1, the size of each page is 400. By default, retrieves all users: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/adobe/__GROUP__?_queryFilter=true' { "result": [ { "_id" : "groupId1" }, { "_id" : "groupId2" }, { "_id" : "groupId3", }, ... ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Get group Retrieve a group, only the `_id` field can be displayed. The group id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/adobe/__GROUP__/GROUP_ID' { "_id" : "groupId", "__NAME__" : "groupId" } ``` #### Update a group The field that can be updated for a group is `description`. The group description is only visible from the web interface console. The group id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request PUT \ --header 'If-Match: *' \ --data '{ "description" : "New Description" }' \ 'http://localhost:8080/openidm/system/adobe/__GROUP__/GROUP_ID' { "_id" : "groupId", "__NAME__" : "groupId", } ``` #### Delete a group The group id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request DELETE \ 'http://localhost:8080/openidm/system/adobe/__GROUP__/GROUP_ID' { "_id" : "groupId", "__NAME__" : "groupId" } ``` ## OpenICF Interfaces Implemented by the Adobe Admin Console Connector The Adobe Admin Console Connector implements the following OpenICF interfaces. For additional details, see [ICF interfaces](interfaces.html): * Create Creates an object and its `uid`. * Delete Deletes an object, referenced by its `uid`. * Schema Describes the object types, operations, and options that the connector supports. * Script on Connector Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics: * The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access. * The script has access to a `connector` variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration. * The script has access to any script arguments passed in by the application. * Search Searches the target resource for all objects that match the specified object class and filter. * Test Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid. This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out). You can invoke the test operation before a connector configuration has been validated. * Update Updates (modifies or replaces) objects on a target resource. []() ## Adobe Admin Console Connector Configuration The Adobe Admin Console Connector has the following configurable properties: ### Basic Configuration Properties | Property | Type | Default | Encrypted(1) | Required(2) | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -------- | ------------------------ | ------------------------- | | `serviceUri` | `String` | `null` | | [icon: check, set=fas]Yes | | The service endpoint URI. | | | | | | `orgId` | `String` | `null` | | [icon: check, set=fas]Yes | | Your organization's unique ID, for example 12345\@AdobeOrg. | | | | | | `login` | `String` | `null` | | [icon: check, set=fas]Yes | | The service login name. | | | | | | `groupReadRateLimit` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines throttling for read operations either per seconds (`30/sec`) or per minute (`100/min`). | | | | | | `password` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | The service user password. | | | | | | `userReadRateLimit` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines throttling for read operations either per seconds (`30/sec`) or per minute (`100/min`). | | | | | | `authenticationMethod` | `String` | `OAUTH` | | [icon: check, set=fas]Yes | | Defines which method is to be used to authenticate on the remote server. Options are `BASIC` (username/password), `OAUTH` (Client id/secret), `JWT_TOKEN` (jwt token), or `TOKEN` (static token). | | | | | | `tokenEndpoint` | `String` | `null` | | [icon: times, set=fas]No | | When using OAUTH as authentication method, this property defines the endpoint where a new access token should be queried for (). | | | | | | `writeRateLimit` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines throttling for write operations (create/update/delete) either per second (`30/sec`) or per minute (`100/min`). | | | | | | `clientId` | `String` | `null` | | [icon: check, set=fas]Yes | | The client identifier for OAuth2. | | | | | | `clientSecret` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | Secure client secret for OAuth2. | | | | | | `authToken` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | Static authentication token. | | | | | | `acceptSelfSignedCertificates` | `boolean` | `false` | | [icon: check, set=fas]Yes | | To be used for debug/test purposes. To be avoided in production. | | | | | | `disableHostNameVerifier` | `boolean` | `false` | | [icon: check, set=fas]Yes | | To be used for debug/test purposes. To be avoided in production. | | | | | | `disableHttpCompression` | `boolean` | `false` | | [icon: check, set=fas]Yes | | Set this property to `true` to disable content compression. | | | | | | `clientCertAlias` | `String` | `null` | | [icon: check, set=fas]Yes | | If TLS Mutual Auth is needed, set this to the certificate alias from the keystore. | | | | | | `clientCertPassword` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: check, set=fas]Yes | | If TLS Mutual Auth is needed and the client certificate (private key) password is different from the keystore password, set this to the client private key password. | | | | | | `maximumConnections` | `Integer` | `10` | | [icon: check, set=fas]Yes | | Defines the max size of the HTTP connection pool used. | | | | | | `httpProxyHost` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines the Hostname if an HTTP proxy is used between the connector and the service. | | | | | | `httpProxyPort` | `Integer` | `null` | | [icon: check, set=fas]Yes | | Defines the Port if an HTTP proxy is used between the connector and the service. | | | | | | `httpProxyUsername` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines Proxy Username if an HTTP proxy is used between the connector and the service. | | | | | | `httpProxyPassword` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: check, set=fas]Yes | | Defines Proxy Password if an HTTP proxy is used between the connector and the service. | | | | | | `connectionTimeout` | `int` | `30` | | [icon: times, set=fas]No | | Defines a timeout for the underlying HTTP connection in seconds. | | | | | | `refreshToken` | `GuardedString` | `null` | | [icon: times, set=fas]No | | Used by the refresh\_token grant type. | | | | | | `grantType` | `String` | `null` | | [icon: times, set=fas]No | | The OAuth2 grant type to use (`client_credentials`, `refresh_token`, or `jwt_bearer`). | | | | | | `scope` | `String` | `null` | | [icon: times, set=fas]No | | The OAuth2 scope to use. | | | | | | `authorizationTokenPrefix` | `String` | `Bearer` | | [icon: times, set=fas]No | | The prefix to be used in the Authorization HTTP header for Token authentication. | | | | | | `useBasicAuthForOauthTokenNeg` | `boolean` | `true` | | [icon: check, set=fas]Yes | | The Authentication method for refresh token (Basic Authentication or Sending the ClientId and Client Secret in the Header). | | | | | | `jwtKey` | `String` | `null` | | [icon: times, set=fas]No | | The JWT data structure that represents a cryptographic key. | | | | | | `jwtExpiration` | `Integer` | `null` | | [icon: times, set=fas]No | | Defines the JWT expiration time in seconds. | | | | | | `jwtAlgorithm` | `String` | `null` | | [icon: times, set=fas]No | | The Algorithm type to sign payload. | | | | | | `jwtClaims` | `Map` | `null` | | [icon: times, set=fas]No | | JWT Claims to be included in the payload | | | | | | `jwtPem` | `String` | `null` | | [icon: times, set=fas]No | | The contents of the private key of the PEM file | | | | | | `jwtCert` | `String` | `null` | | [icon: times, set=fas]No | | The contents of the certificate of the PEM file | | | | | | `keyAlgorithm` | `String` | `null` | | [icon: times, set=fas]No | | Indicates the type of key (such as RSA, DSA or EC) used to sign from the PEM. | | | | | (1) Whether the property value is considered confidential, and is therefore encrypted in IDM. (2) A list of operations in this column indicates that the property is required for those operations.