Important
Spacewell Axxerion uses a generic User API which needs to be configured for each customer by an Spacewell consultant. Therefore this connector will not work out of the box without assistance from a Spacewell consultant and HelloID consultant
Warning
This connector has been fully tested. Specific changes will have to be made according to the customer environment
Important
This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
- HelloID-Conn-Prov-Target-Spacewell-Axxerion-V2
HelloID-Conn-Prov-Target-Spacewell-Axxerion-V2 is a target connector. Spacewell-Axxerion-V2 provides a set of REST API's that allow you to programmatically interact with its data.
The following features are available:
| Feature | Supported | Actions | Remarks |
|---|---|---|---|
| Account Lifecycle | ✅ | Create, Update, Enable, Disable, Delete | |
| Permissions | ✅ | Retrieve, Grant, Revoke | Static |
| Resources | ❌ | - | |
| Entitlement Import: Accounts | ✅ | - | |
| Entitlement Import: Account Access | ❌ | - | |
| Entitlement Import: Permissions | ❌ | - | |
| Governance Reconciliation Resolutions | ✅ | - |
The following settings are required to connect to the API.
| Setting | Description |
|---|---|
| Username | The username of the user who has rights to access the API. This is case-sensitive |
| Password | The password for the user who has rights to access the API |
| BaseUrl | The URL to the Spaxewell Axxerion environment |
| UserReference | The name of the Spacewell Axxerion report which provides user information |
| OrganizationReference | The name of the organization used in the endpoints of the Spaxewell Axxerion environment |
| ProfileReference | The name of the Spacewell Axxerion report which provides profilegroup information |
The correlation configuration is used to specify which properties will be used to match an existing account within Spacewell-Axxerion-V2 to a person in HelloID.
| Setting | Value |
|---|---|
| Enable correlation | True |
| Person correlation field | Accounts.MicrosoftActiveDirectory.mail |
| Account correlation field | Email |
[!TIP] > For more information on correlation, please refer to our correlation documentation pages.
The field mapping can be imported by using the fieldMapping.json file.
The correlation is based on the email address. Since this is the only unique key within Axxerion. When retrieving users, the field to filter on is the externalReference. See also: retrieve users
When creating a user an id will be returned. However this is not the internal database id of the user but merely a reference to internal logging.
Error handling is limited because of limitions of the API. No errors are returned by the API as each response results in a '200OK' containing an id. This id is a reference to internal logging within Axxerion.
Each POST request to rest/functions/createupdate/ImportItem requires a _clobMBValue_, which holds the JSON payload for the corresponding action.
- JSON payload
{
"username": "JDoe",
"email": "jdoe@example",
"first_name": "John",
"last_name": "Doe"
}- Full request including the
clobMBValue
{
"datasource": "HelloID",
"stringValue": "AccountGrant",
"clobMBValue": "ew0KICAgICJ1c2VybmFtZSI6ICJKRG9lIiwNCiAgICAiZW1haWwiOiAiamRvZUBleGFtcGxlIiwNCiAgICAiZmlyc3RfbmFtZSI6ICJKb2huIiwNCiAgICAibGFzdF9uYW1lIjogIkRvZSINCn0="
}- JSON payload
{
"username": "JDoe",
"email": "jdoe@example",
"first_name": "John",
"last_name": "Doe"
}- Full request including the
clobMBValue
{
"datasource": "HelloID",
"stringValue": "AccountUpdate",
"clobMBValue": "ew0KICAgICJ1c2VybmFtZSI6ICJKRG9lIiwNCiAgICAiZW1haWwiOiAiamRvZUBleGFtcGxlIiwNCiAgICAiZmlyc3RfbmFtZSI6ICJKb2huIiwNCiAgICAibGFzdF9uYW1lIjogIkRvZSINCn0="
}- JSON payload
{
"Email": "JDoe@example"
}- Full request including the
clobMBValue
{
"datasource": "HelloID",
"stringValue": "AccountAccessGrant",
"clobMBValue": "ew0KICAgICJFbWFpbCI6ICJKRG9lQGV4YW1wbGUiDQp9"
}- JSON payload
{
"Email": "JDoe@example"
}- Full request including the
clobMBValue
{
"datasource": "HelloID",
"stringValue": "AccountAccessRevoke",
"clobMBValue": "ew0KICAgICJFbWFpbCI6ICJKRG9lQGV4YW1wbGUiDQp9"
}- JSON payload
The entitlement is the id of the permission.
{
"email": "JDoe@example",
"entitlement": "1510000000000002"
}- Full request including the
clobMBValue
{
"datasource": "HelloID",
"stringValue": "EntitlementGrant",
"clobMBValue": "ew0KICAgICJlbWFpbCI6ICJKRG9lQGV4YW1wbGUiLA0KICAgICJlbnRpdGxlbWVudCI6ICIxNTEwMDAwMDAwMDAwMDAyIg0KfQ=="
}- JSON payload
The entitlement is the id of the permission.
{
"email": "JDoe@example",
"entitlement": "1510000000000002"
}- Full request including the
clobMBValue
{
"datasource": "HelloID",
"stringValue": "EntitlementRevoke",
"clobMBValue": "ew0KICAgICJlbWFpbCI6ICJKRG9lQGV4YW1wbGUiLA0KICAgICJlbnRpdGxlbWVudCI6ICIxNTEwMDAwMDAwMDAwMDAyIg0KfQ=="
}Data will need to be retrieved using a POST to rest/functions/completereportresult/. The JSON payload must contain a reference that corresponds to the action. The name of the reference might be subject to change.
Retrieve a single user based on the externalReference which is mapped to the email address.
{
"reference": "HELLOID-USERS",
"filterFields": ["externalReference"],
"filterValues": ["name@example"]
}To retrieve permissions:
{
"reference": "HELLOID-PROFILES"
}The following endpoints are used by the connector
| Endpoint | Description |
|---|---|
| /rest/functions/completereportresult/ | Retrieve user and permission information |
| /rest/functions/createupdate/ImportItem/ | Create and update a user |
[!TIP] > For more information on how to configure a HelloID PowerShell connector, please refer to our documentation pages.
Tip
If you need help, feel free to ask questions on our forum.
The official HelloID documentation can be found at: https://docs.helloid.com/