--- title: Webex Connector description: The Webex connector allows you to manage users and groups between Webex Control Hub and Advanced Identity Cloud or IDM. A Webex administrator account is required for the connector to work. component: openicf page_id: openicf:connector-reference:webex canonical_url: https://docs.pingidentity.com/openicf/connector-reference/webex.html section_ids: install_the_webex_connector: Install the Webex connector webex_requirements: Webex requirements configure-webex: Configure the Webex connector base-details-webex: Base Connector Details authentication: Authentication additional_options: Additional Options object_types: Object Types account: __ACCOUNT__ group: __GROUP__ roles: Roles licenses: Licenses config-connection-pooling-webex: Configure connection pooling mapping: Mapping test_the_webex_connector: Test the Webex connector use_the_webex_connector: Use the Webex connector USERS: User create_user: Create user get_users: Get Users get_user: Get user get_user_emails: Get user emails get_user_filter_by_email: Get user filter by email get_user_filter_starts_with: Get user filter starts with update_user: Update user delete_user: Delete user GROUPS: GROUPS create_group: Create group get_groups: Get groups update_a_group: Update a group delete_a_group: Delete a group ROLES: Get Roles get_role: Get Role LICENSES: Get Licenses get_license: Get License implemented-interfaces-org-forgerock-openicf-connectors-webex-WebexConnector-1.5.20.34: OpenICF Interfaces Implemented by the Webex Connector config-properties-org-forgerock-openicf-connectors-webex-WebexConnector-1.5.20.34: Webex Connector Configuration basic-configuration-properties-org-forgerock-openicf-connectors-webex-WebexConnector-1.5.20.34: Basic Configuration Properties --- # Webex Connector | | | | - | ------------------------------------------------------------ | | | This is a [SaaS common connector](preface.html#saas-common). | The Webex connector allows you to manage users and groups between Webex Control Hub and Advanced Identity Cloud or IDM. A Webex administrator account is required for the connector to work. ## Install the Webex connector | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To check for an Advanced Identity Cloud application for this connector, refer to:- [Application management](https://docs.pingidentity.com/pingoneaic/latest/app-management/applications.html) - [App catalog](https://docs.pingidentity.com/pingoneaic/latest/app-management/app-catalog.html) | You can download any connector from [Backstage](https://backstage.forgerock.com/downloads/browse/idm/featured/connectors), but some are included in the default deployment for Advanced Identity Cloud, IDM, or RCS. When using an included connector, you can skip installing it and move directly to configuration. **Connector included in default deployment** | Connector | IDM | RCS | | ------------------- | ----------------------- | ----------------------- | | [Webex](webex.html) | [icon: times, set=fa]No | [icon: times, set=fa]No | Download the connector .jar file from [Backstage](https://backstage.forgerock.com/downloads/browse/idm/featured/connectors). * If you're running the connector locally, place it in the `/path/to/openidm/connectors` directory, for example: ``` mv ~/Downloads/webex-connector-1.5.20.34.jar /path/to/openidm/connectors/ ``` * If you're using a remote connector server (RCS), place it in the `/path/to/openicf/connectors` directory on the RCS. ## Webex requirements In Webex, set up a Webex integration application: 1. Create a [Webex developer account](https://developer.webex.com/). 2. Create an integration application. Add the required scopes to manage users, groups, licenses, and roles. Minimum scope required: * `spark-admin:people_write` * `spark-admin:people_read` * `spark-admin:licenses_read` * `spark-admin:roles_read` * `identity:groups_rw` * `identity:groups_read` 3. Save the client secret and client ID. 4. If you're configuring the connector using REST, get a [refresh token](https://developer.webex.com/blog/generating-an-oauth-token-pair-using-a-webex-integration). | | | | - | ---------------------------------------------------------------------------- | | | A refresh\_token isn't required when configuring the connector using the UI. | 5. In another browser tab, start [configuring the connector](#configure-webex). When you get to the Base Connector Details, copy the Callback URL. > **Collapse: Show Me** > > ![Webex Callback URL](_images/webex-callback-url.png) 6. In Webex, in your Webex integration application Redirect URI(s) area, paste the redirect URI, and click Save. > **Collapse: Show Me** > > ![Webex integration app redirect URI](_images/webex-integration-app-redirect-uri.png) 7. Continue [configuring the connector](#configure-webex). ## Configure the Webex connector Create a connector configuration using the IDM admin UI: 1. From the navigation bar, click Configure > Connectors. 2. On the Connectors page, click New Connector. 3. On the New Connector page, type a Connector Name. 4. From the Connector Type list, select Webex Connector - 1.5.20.34. 5. Complete the Base Connector Details and any applicable Additional Options. | | | | - | ---------------------------------------------------------------------------------------------------------------- | | | For a list of all configuration properties, refer to [Webex Connector Configuration](#webex-config-prop-ezLink). | 6. Click Save. When your connector is configured correctly, the connector displays as Active in the admin UI. Refer to [this procedure](configure-connector.html#connector-wiz-REST) to create a connector configuration over REST. ### Base Connector Details | Field | Description | | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | Webex Endpoint | The service endpoint URI. Default: `https://webexapis.com/v1` | | Use Basic Auth For OAuth Token Neg | The authentication method for the refresh token (Basic Authentication or sending the Client ID and Client Secret in the header). Default: `true` | | Max connections | Maximum size of the HTTP connection pool. Default: `10` | | Connection Timeout (seconds) | Timeout for the underlying HTTP connection in seconds. Default: `30` | ### Authentication | Field | Description | | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Token Endpoint | The OAuth 2.0 access token endpoint. Default: `https://webexapis.com/v1/access_token` | | Client ID | The client identifier for OAuth 2.0 flow. | | Client Secret | The client secret for OAuth 2.0 flow. | | Refresh Token | The refresh token for OAuth 2.0. Required when configuring over REST; not required when configuring through the UI (the redirect URI flow handles authorization automatically). | ### Additional Options | Field | Description | | ---------------- | -------------------------------------------------------------------------- | | Read rate limit | Throttling for read operations. Recommended: `2.5` | | Write rate limit | Throttling for write operations (create/update/delete). Recommended: `2.5` | ### Object Types You can add or edit your object types. #### `__ACCOUNT__` | Property name | Type | Native type | Required | | -------------- | ------ | ----------- | -------- | | `_id` | String | String | NO | | `firstName` | String | String | NO | | `lastName` | String | String | NO | | `displayName` | String | String | YES | | `emails` | Array | String | YES | | `avatar` | String | String | NO | | `licenses` | Array | String | YES | | `groups` | Array | String | NO | | `roles` | Array | String | NO | | `extension` | String | String | NO | | `locationId` | String | String | NO | | `orgId` | String | String | NO | | `department` | String | String | NO | | `manager` | String | String | NO | | `managerId` | String | String | NO | | `title` | String | String | NO | | `siteUrls` | Array | String | NO | | `phoneNumbers` | Array | Object | NO | | `addresses` | Array | Object | NO | #### `__GROUP__` | Property name | Type | Native type | Required | | ------------- | ------ | ----------- | -------- | | `_id` | String | String | NO | | `displayName` | String | String | YES | | `orgId` | String | String | NO | | `description` | String | String | NO | | `members` | Array | Object | NO | #### Roles | Property name | Type | Native type | Required | | ------------- | ------ | ----------- | -------- | | `id` | String | String | NO | | `name` | String | String | NO | #### Licenses | Property name | Type | Native type | Required | | ---------------- | ------- | ----------- | -------- | | `id` | String | String | NO | | `name` | String | String | NO | | `totalUnits` | Integer | Integer | NO | | `consumedUnits` | Integer | Integer | NO | | `subscriptionId` | String | String | NO | | `siteUrl` | String | String | NO | | `siteType` | String | String | NO | If configuring the connector over REST or through the filesystem, specify the connection details to the Webex resource provider in the `configurationProperties` for the connector. If you're using OAuth for your connection, the minimum required properties are `serviceUri`, `tokenEndpoint`, `refreshToken`, `clientId`, and `clientSecret`. The `readRateLimit` and `writeRateLimit` fields are for limiting the rate of requests. The recommended rate is 2.5. > **Collapse: Sample Configuration** > > ```json > { > "configurationProperties" : { > "tokenExpiration" : null, > "accessToken" : null, > "serviceUri" : "https://webexapis.com/v1", > "readRateLimit" : "2.5", > "login" : null, > "password" : null, > "writeRateLimit" : "2.5", > "authenticationMethod" : "OAUTH", > "tokenEndpoint" : "https://webexapis.com/v1/access_token", > "clientId" : "k3..........5g", > "clientSecret" : "xxxxxxxxxxxxxxxxxx", > "refreshToken" : "xxxxxxxxxxxxxxxxxx", > "authToken" : null, > "acceptSelfSignedCertificates" : false, > "disableHostNameVerifier" : false, > "disableHttpCompression" : false, > "clientCertAlias" : null, > "clientCertPassword" : null, > "maximumConnections" : "10", > "httpProxyHost" : null, > "httpProxyPort" : null, > "httpProxyUsername" : null, > "httpProxyPassword" : null, > "connectionTimeout" : "30", > "grantType" : "refresh_token", > "scope" : null, > "authorizationTokenPrefix" : "Bearer", > "useBasicAuthForOauthTokenNeg" : true > } > } > ``` > > | | | > | - | ---------------------------------------------------------------------------- | > | | On startup, IDM encrypts the value of the `clientSecret` and `refreshToken`. | ### Configure connection pooling The Webex connector supports [HTTP pooling](pooling.html#http-pooling), which can substantially improve the performance of the connector. Learn more about the basic connection pooling configuration and different pooling mechanisms described in [Connection pooling configuration](pooling.html). ## Mapping No transformation scripts are required for synchronization. Each row maps a source attribute to a target attribute. > **Collapse: Webex users ⇒ Advanced Identity Cloud or IDM users** > > | Source | Target | > | -------------- | -------------- | > | `id` | `_id` | > | `email` | `emails` | > | `lastName` | `sn` | > | `firstName` | `givenName` | > | `displayName` | `displayName` | > | `extension` | `extension` | > | `locationId` | `locationId` | > | `avatar` | `avatar` | > | `title` | `title` | > | `orgId` | `orgId` | > | `department` | `department` | > | `roles` | `roles` | > | `licenses` | `licenses` | > | `addresses` | `addresses` | > | `siteUrls` | `siteUrls` | > | `phoneNumbers` | `phoneNumbers` | > | `manager` | `manager` | > | `managerId` | `managerId` | > **Collapse: Advanced Identity Cloud or IDM users ⇒ Webex users** > > | Source | Target | > | -------------- | -------------- | > | `_id` | `id` | > | `sn` | `lastName` | > | `givenName` | `firstName` | > | `displayName` | `displayName` | > | `emails` | `emails` | > | `roles` | `roles` | > | `licenses` | `licenses` | > | `addresses` | `addresses` | > | `siteUrls` | `siteUrls` | > | `phoneNumbers` | `phoneNumbers` | > | `department` | `department` | > | `extension` | `extension` | > | `avatar` | `avatar` | > | `locationId` | `locationId` | > | `manager` | `manager` | > | `managerId` | `managerId` | > | `title` | `title` | > | `orgId` | `orgId` | > **Collapse: Webex groups ⇒ Advanced Identity Cloud or IDM groups** > > | Source | Target | > | ------------- | ------------- | > | `id` | `_id` | > | `displayName` | `displayName` | > | `orgId` | `orgId` | > | `members` | `members` | > | `description` | `description` | > **Collapse: From Advanced Identity Cloud or IDM groups ⇒ Webex groups** > > | Source | Target | > | --------------------- | ----------------------- | > | `displayName` | `displayName` | > | `groupManagementType` | `group_management_type` | > | `groupExternalId` | `group_external_id` | > | `members` | `members` | ## Test the Webex connector Test that the Webex connector is configured correctly: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Accept-API-Version: resource=1.0' \ --request POST \ 'http://localhost:8080/system/webex?_action=test' { "name": "webex", "enabled": true, "config": "config/provisioner.openicf/webex", "connectorRef": { "bundleVersion": "1.5.20.34", "bundleName": "org.forgerock.openicf.connectors.webex-connector", "connectorName": "org.forgerock.openicf.connectors.webex.WebexConnector" }, "displayName": "Webex Connector", "objectTypes": [ "__GROUP__", "__ACCOUNT__", "ROLES", "__ALL__", "LICENSES" ], "ok": true } ``` ## Use the Webex connector ### User #### Create user To create a user, it is necessary to *at least* provide the `email` and `displayName` fields. Some fields, such as `extension`, `locationId`, or `siteUrls` require their respective licenses. Field `locationId` requires the `extension` field, and `locationId` and `phoneNumbers` fields are mutually exclusive. It is possible that licenses will be added by default, so it is advisable to perform a reconciliation to be up to date. If you create a user with a role or license (bad format) that is not allowed to be assigned or with an incorrect avatar URL, the user is still created with the exception of the fields that failed: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request POST \ --data '{ "displayName" : "John Doe", "firstName" : "John", "LastName" : "Doe", "groups" : [ "groupId", "groupId" ], "emails" : [ "john.doe@example.com" ], "licenses" : [ "licenseId" ], "roles" : [ "roleId" ], "extension" : "123", "avatar" : "urlAvatar", "title" : "Title", "department" : "Sales", "manager" : "Manager Name", "managerId" : "managerId", "phoneNumbers": [ { "type": "work", "value": "+1 010 110 1101" } ], "addresses": [ { "type": "work", "country": "US", "locality": "Milpitas", "region": "California", "streetAddress": "1111 Bird Ave.", "postalCode": "010101" } ], "siteUrls": [ "mysite.webex.com#attendee" ], "orgId" : "orgId", "locationId" : "locationId" }'\ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__?_action=create' { "_id" : "userId", "displayName" : "John Doe", "firstName" : "John", "LastName" : "Doe", "groups" : [ "groupId", "groupId" ], "emails" : [ "john.doe@example.com" ], "licenses" : [ "licenseId" ], "roles" : [ "roleId" ], "extension" : "123", "avatar" : "urlAvatar", "title" : "Title", "department" : "Sales", "manager" , "Manager Name", "managerId" : "managerId", "phoneNumbers": [ { "type": "work", "value": "+1 010 110 1101" } ], "addresses": [ { "type": "work", "country": "US", "locality": "Milpitas", "region": "California", "streetAddress": "1111 Bird Ave.", "postalCode": "010101" } ], "siteUrls": [ "mysite.webex.com#attendee" ], "orgId" : "orgId", "locationId" : "locationId" } ``` #### Get Users Retrieve a list of user ids from Webex. By default, retrieves all users: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__?_queryId=query-all-ids' { "result": [ { "_id" : "001" }, { "_id" : "002" }, { "_id" : "003" }, ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Get user Retrieve a user from Webex. The user id must be provided in the URI path. The locationId and extension fields will only be displayed if they have their corresponding license: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__/ID' { "_id" : "userId", "displayName" : "active", "firstName" : "active", "LastName" : "active", "groups" : [ "groupId", "groupId", ], "emails" : [ "test@email.com" ], "licenses" : [ "licenseId" ], "roles" : [ "roleId" ], "extension" : "gs", "avatar" : "avatarURL", "title" : "surname", "department" : "Sales", "manager" , "John Doe", "managerId" : "managerId", "phoneNumbers": [ { "type": "work", "value": "+1 010 110 1101" } ], "addresses": [ { "type": "work", "country": "US", "locality": "Milpitas", "region": "California", "streetAddress": "1099 Bird Ave.", "postalCode": "99212" } ], "siteUrls": [ "mysite.webex.com#attendee" ], "orgId" : true, "locationId" : "locationId" } ``` #### Get user emails Retrieve a user in Webex filtering by the `emails` field: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__?_queryFilter=true&_fields=emails' { "result": [ { "_id" : "001", "emails": [ "email001@example.wbx.ai" ], }, { "_id" : "003", "emails": [ "email003@example.wbx.ai" ], }, { "_id" : "003", "emails": [ "email003@example.wbx.ai" ], } ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Get user filter by email Retrieve a user in Webex filtering by the `emails` field. The locationId and extension fields will only be displayed if they have their corresponding license: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__?_queryFilter=emails%20eq%20"john@example.wbx.ai"' { "result": [ { "_id": "userId", "firstName": "John", "displayName": "John Doe", "lastName": "Doe", "orgId": "orgId", "emails": [ "john@example.wbx.ai" ], "roles": [ "roleId" ], "groups": [], "licenses": [ "licenseId" ], "__NAME__": "John" } ] } ``` #### Get user filter starts with Retrieve a user in Webex filtering by the `displayName` field. Minimum characters to search for displayName. The locationId and extension fields will only be displayed if they have their corresponding license: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__?_queryFilter=displayName%20sw%20"john"' { "result": [ { "_id": "userId", "firstName": "John", "displayName": "John Doe", "lastName": "Doe", "orgId": "orgId", "emails": [ "john@example.wbx.ai" ], "roles": [ "roleId" ], "groups": [ "groupId_1", "groupId_2" ], "licenses": [ "licenseId" ], "__NAME__": "John" } ], "resultCount": 1, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Update user To update a user, it is necessary to *at least* provide the `email`, `displayName` and `licenses` fields. To update the `locationId`, `extension`, and `siteUrls` fields, the user must have the corresponding licenses. `locationId` requires the extension field. `locationId` and `phoneNumbers` are mutually exclusive: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request PUT \ --data '{ "displayName" : "John Doe", "firstName" : "John", "LastName" : "Doe", "groups" : [ "groupId", "groupId" ], "emails" : [ "john.doe@example.com" ], "licenses" : [ "licenseId" ], "roles" : [ "roleId" ], "extension" : "123", "avatar" : "urlAvatar", "title" : "Title", "department" : "Sales", "manager" , "Manager Name", "managerId" : "managerId", "phoneNumbers" : [ { "type": "work", "value": "+1 010 110 1101" } ], "addresses" : [ { "type": "work", "country": "US", "locality": "Milpitas", "region": "California", "streetAddress": "1111 Bird Ave.", "postalCode": "010101" } ], "siteUrls": [ "mysite.webex.com#attendee" ], "orgId" : "orgId", "locationId" : "locationId" }' \ 'http://localhost:8080/system/webex/__ACCOUNT__/USER_ID' { "_id" : "userId", "displayName" : "John Doe", "firstName" : "John", "LastName" : "Doe", "groups" : [ "groupId", "groupId", ], "emails" : [ "john.doe@example.com" ], "licenses" : [ "licenseId" ], "roles" : [ "roleId" ], "extension" : "123", "avatar" : "avatarURL", "title" : "Title", "department" : "Developer", "manager" , "Manager Name", "managerId" : "managerId", "phoneNumbers": [ { "type": "work", "value": "+1 010 110 1101" } ], "addresses": [ { "type": "work", "country": "US", "locality": "Milpitas", "region": "California", "streetAddress": "1111 Bird Ave.", "postalCode": "010101" } ], "siteUrls": [ "mysite.webex.com#attendee" ], "orgId" : "orgId", "locationId" : "locationId" } ``` | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | To update the licenses correctly, it is necessary to deactivate the default licenses and to have the option "Preserve licenses for users joining another group" activated in Webex Control Hub in the user licenses tab. | #### Delete user Delete a user from the Webex organization. The user id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request DELETE \ 'http://localhost:8080/openidm/system/webex/__ACCOUNT__/USER_ID' { "_id" : "USER_ID", "email" : "deleted.member@email.com", ... } ``` ### GROUPS #### Create group To create a group, it is necessary to *at least* provided `displayName` field: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request POST \ --data '{ "displayName" : "Group name", "description" : "Group Description", "orgId" : "orgId" }' \ 'http://localhost:8080/openidm/system/webex/__GROUP__?_action=create' { "_id" : "groupId", "displayName" : "Group name", "description" : "Group Description", "orgId" : "orgId", "members": [] } ``` #### Get groups Retrieve a list of groups showing only the ids. By default returns all groups: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/__GROUP__?_queryId=query-all-ids' { "result": [ { "_id" : "groupid1" }, { "_id" : "groupId2" }, { "_id" : "groupId3", }, ... ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Update a group The fields that can be updated for a group are `description` and `displayName`. The group id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request PUT \ --header 'If-Match: *' \ --data '{ "displayName" : "New Group Name", "description" : "New Description" }' \ 'http://localhost:8080/openidm/system/webex/__GROUP__/GROUP_ID' { "_id" : "groupId", "displayName" : "New Group Name", "description" : "New Description", "orgId" : "orgId", "members": [] } ``` #### Delete a group The group id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request DELETE \ 'http://localhost:8080/openidm/system/webex/__GROUP__/GROUP_ID' { "_id" : "groupId", "displayName" : "New Group Name", "description" : "New Description", "orgId" : "orgId", "members": [] } ``` ### Get Roles Retrieve a list of roles for Webex users. ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/ROLES/?_queryFilter=true' { "result" : [ { "_id" : "roleId", "__NAME__" : "Role name", }, ... ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Get Role Retrieve a role from the Webex organization. The user id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/ROLES/ROLE_ID' { "_id": "roleId", "__NAME__": "Role Name" } ``` ### Get Licenses Retrieve a list of licenses for Webex users. ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/LICENSES/?_queryFilter=true' { "result" : [ { "_id" : "LicenseId", "name" : "Role Name", "totalUnits" : 50, "consumedUnits": 1, "subscriptionId": "subscriptionId", "siteUrl": "site1-example.webex.com", "siteType": "Control Hub managed site", }, ... ], "resultCount": 999, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 } ``` #### Get License Retrieve a user license. The user id must be provided in the URI path: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header 'Content-Type: application/json' \ --request GET \ 'http://localhost:8080/openidm/system/webex/LICENSES/LICENSE_ID' { "_id": "LicenseId", "name": "License Name", "totalUnits": "10", "subscriptionId": "subscriptionId", "siteType": "Control Hub managed site", "__NAME__": "License Name", "siteUrl": "sityUrl.webex.com" } ``` ## OpenICF Interfaces Implemented by the Webex Connector The Webex Connector implements the following OpenICF interfaces. For additional details, see [ICF interfaces](interfaces.html): * Create Creates an object and its `uid`. * Delete Deletes an object, referenced by its `uid`. * Schema Describes the object types, operations, and options that the connector supports. * Script on Connector Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics: * The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access. * The script has access to a `connector` variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration. * The script has access to any script arguments passed in by the application. * Search Searches the target resource for all objects that match the specified object class and filter. * Test Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid. This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out). You can invoke the test operation before a connector configuration has been validated. * Update Updates (modifies or replaces) objects on a target resource. []() ## Webex Connector Configuration The Webex Connector has the following configurable properties: ### Basic Configuration Properties | Property | Type | Default | Encrypted(1) | Required(2) | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -------- | ------------------------ | ------------------------- | | `serviceUri` | `String` | `null` | | [icon: check, set=fas]Yes | | The service endpoint URI. | | | | | | `readRateLimit` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines throttling for read operations either per seconds (`30/sec`) or per minute (`100/min`). | | | | | | `login` | `String` | `null` | | [icon: check, set=fas]Yes | | The service login name. | | | | | | `writeRateLimit` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines throttling for write operations (create/update/delete) either per second (`30/sec`) or per minute (`100/min`). | | | | | | `password` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | The service user password. | | | | | | `authenticationMethod` | `String` | `OAUTH` | | [icon: check, set=fas]Yes | | Defines which method is to be used to authenticate on the remote server. Options are `BASIC` (username/password), `OAUTH` (Client id/secret), `JWT_TOKEN` (jwt token), or `TOKEN` (static token). | | | | | | `tokenEndpoint` | `String` | `null` | | [icon: times, set=fas]No | | When using OAUTH as authentication method, this property defines the endpoint where a new access token should be queried for (). | | | | | | `clientId` | `String` | `null` | | [icon: check, set=fas]Yes | | The client identifier for OAuth2. | | | | | | `clientSecret` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | Secure client secret for OAuth2. | | | | | | `authToken` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: times, set=fas]No | | Static authentication token. | | | | | | `acceptSelfSignedCertificates` | `boolean` | `false` | | [icon: check, set=fas]Yes | | To be used for debug/test purposes. To be avoided in production. | | | | | | `disableHostNameVerifier` | `boolean` | `false` | | [icon: check, set=fas]Yes | | To be used for debug/test purposes. To be avoided in production. | | | | | | `disableHttpCompression` | `boolean` | `false` | | [icon: check, set=fas]Yes | | Set this property to `true` to disable content compression. | | | | | | `clientCertAlias` | `String` | `null` | | [icon: check, set=fas]Yes | | If TLS Mutual Auth is needed, set this to the certificate alias from the keystore. | | | | | | `clientCertPassword` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: check, set=fas]Yes | | If TLS Mutual Auth is needed and the client certificate (private key) password is different from the keystore password, set this to the client private key password. | | | | | | `maximumConnections` | `Integer` | `10` | | [icon: check, set=fas]Yes | | Defines the max size of the HTTP connection pool used. | | | | | | `httpProxyHost` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines the Hostname if an HTTP proxy is used between the connector and the service. | | | | | | `httpProxyPort` | `Integer` | `null` | | [icon: check, set=fas]Yes | | Defines the Port if an HTTP proxy is used between the connector and the service. | | | | | | `httpProxyUsername` | `String` | `null` | | [icon: check, set=fas]Yes | | Defines Proxy Username if an HTTP proxy is used between the connector and the service. | | | | | | `httpProxyPassword` | `GuardedString` | `null` | [icon: lock, set=fas]Yes | [icon: check, set=fas]Yes | | Defines Proxy Password if an HTTP proxy is used between the connector and the service. | | | | | | `connectionTimeout` | `int` | `30` | | [icon: times, set=fas]No | | Defines a timeout for the underlying HTTP connection in seconds. | | | | | | `refreshToken` | `GuardedString` | `null` | | [icon: times, set=fas]No | | Used by the refresh\_token grant type. | | | | | | `grantType` | `String` | `null` | | [icon: times, set=fas]No | | The OAuth2 grant type to use (`client_credentials`, `refresh_token`, or `jwt_bearer`). | | | | | | `scope` | `String` | `null` | | [icon: times, set=fas]No | | The OAuth2 scope to use. | | | | | | `authorizationTokenPrefix` | `String` | `Bearer` | | [icon: times, set=fas]No | | The prefix to be used in the Authorization HTTP header for Token authentication. | | | | | | `useBasicAuthForOauthTokenNeg` | `boolean` | `true` | | [icon: check, set=fas]Yes | | The Authentication method for refresh token (Basic Authentication or Sending the ClientId and Client Secret in the Header). | | | | | | `jwtKey` | `String` | `null` | | [icon: times, set=fas]No | | The JWT data structure that represents a cryptographic key. | | | | | | `jwtExpiration` | `Integer` | `null` | | [icon: times, set=fas]No | | Defines the JWT expiration time in seconds. | | | | | | `jwtAlgorithm` | `String` | `null` | | [icon: times, set=fas]No | | The Algorithm type to sign payload. | | | | | | `jwtClaims` | `Map` | `null` | | [icon: times, set=fas]No | | JWT Claims to be included in the payload | | | | | | `jwtPem` | `String` | `null` | | [icon: times, set=fas]No | | The contents of the private key of the PEM file | | | | | | `jwtCert` | `String` | `null` | | [icon: times, set=fas]No | | The contents of the certificate of the PEM file | | | | | | `keyAlgorithm` | `String` | `null` | | [icon: times, set=fas]No | | Indicates the type of key (such as RSA, DSA or EC) used to sign from the PEM. | | | | | (1) Whether the property value is considered confidential, and is therefore encrypted in IDM. (2) A list of operations in this column indicates that the property is required for those operations.