Connectors

Connectors are Usercube's links to the managed systems, the technical representation of the entity model. A connector is used to export data as CSV source files for Usercube's synchronization process and to fulfill entitlement assignments to a given managed system.

Overview

Connectors are the mechanisms that enable Usercube to read and write data to/from your organization's systems. The feedback mechanism ensures Usercube's reliability.

In this documentation, we talk about managed systems (sometimes called external systems) to refer to third-party applications, i.e. the applications used in your organization, such as Active Directory, ServiceNow, EasyVista, SAP, SharePoint, etc.

A connector, therefore, acts as an interface between Usercube and a managed system.

NETWRIX strongly recommends the creation of one connector for one application.

For example, integrators may create an AD connector with the goal of importing an Active Directory's data into Usercube, and writing to the Active Directory from Usercube, either manually for administration accounts, or automatically for basic accounts.

Integrators may create a SharePoint connector in order to manage read and write entitlements for users in SharePoint.

Data Flows

In the early steps of a project, we'll consider most of our connectors to be outbound, i.e. Usercube will feed data into connected managed systems.

In this case, data flows between Usercube and the managed system are also called:

• synchronization in the "managed system-to-Usercube" direction;
• provisioning in the "Usercube-to-managed system" direction.

For a connector's synchronization, Usercube provides tools to perform a basic extraction of the system's data in the form of CSV files. These files are cleaned and loaded into Usercube. In other words, synchronizing means taking a snapshot of the managed system's data and loading into Usercube.

For provisioning, Usercube generates provisioning orders and the connector provides tools to either automatically write these orders to the managed system or to create a ticket for manual provisioning.

For example, we can use the data from Usercube's identity repository to fill in later the AD's fields, such as users' display names based on their first names and last names from the repository.

Usercube can also benefit from inbound connectors, that will write data to Usercube's central identity repository. While both inbound and outbound connectors allow data to flow both ways, they do not work in the same manner. See more details about this advanced topic.

Technical principles

Usercube's connectors all operate on the same basic principles. Technically speaking:

For example, let's say that we want to connect Usercube to our Active Directory, or AD.

• a connector must be created, first as a named container which will include the connections and entity types related to one managed system;

  We create a connector named AD (so far, an empty shell).

• a connector is linked to an agent which acts as the go-between for Usercube's server and the managed system;

  Our AD connector uses the provided SaaS agent.

• a connection describes the technology used that enables data to flow back and forth between Usercube and the managed system;

  We want to use a connection Directory/Active Directory to perform synchronization and automated provisioning, and a second connection Ticket/identitymanager to perform manual provisioning through Usercube.

  You can find standard connections dedicated to one application (AD, Microsoft Entra ID, etc.), and generic connections to communicate with any application (CSV, Powershell, RobotFramework, SQL, etc.).

• the shape of the extracted managed system's data is modeled by entity types (we will use the term resource to refer to an entity type that has been instantiated);

  We create a single entity type AD - Entry which contains all the attributes that will describe its resources, i.e. AD groups and users. The attributes include the department, the employee identifier, the manager, the group membership (member/memberOf), the dn, the parent dn, etc.

• the intent of resources within the managed system is made clear by categorizing resources into resource types. More details are given when tackling categorization.

  We categorize AD resources into distinct resource types: AD User (nominative) for basic accounts, which we want Usercube to provision automatically; AD User (administration) for sensitive administration accounts, which we want to provision manually through Usercube.

A connector requires at least one connection and one entity type.

When provisioning a managed system, the corresponding connector also needs at least one resource type.

Local vs. Saas agents: To simplify things, Usercube has made it possible to start configuring connectors without installing a local agent in your organization's network. Instead, you can use the agent integrated with Usercube's server in the Cloud (SaaS agent).

Configure a Connector

NETWRIX recommends creating and configuring a connector via the UI.

Supported Systems

Active Directory	Exports and fulfills data from/to an Active Directory instance. Active Directory References
Azure	Exports Azure resources, role definitions and role assignments. Azure References
Microsoft Entra ID (formerly Microsoft Azure AD)	Exports and fulfills data from/to a Microsoft Entra ID instance. Microsoft Entra ID References How to create a Microsoft Entra ID connector How to set up incremental synchronization for Entra ID
CSV	Exports data from a CSV file. CSV References
EasyVista	Exports data from an EasyVista-compliant system. EasyVista References
EasyVista Ticket	Creates tickets in an EasyVista instance. EasyVista Ticket References How to Write a Template for a Ticket Connector
Google Workspace	Exports and fulfills users and groups from/to a Google Workspace instance. Google Workspace References
Home Folder	Export home folders from input directories. Home Folder References
InternalResources	Opens manual provisioning tickets in Usercube. InternalResources References
InternalWorkflow	Retrieves provisioning order files from a connector or a resource type list, and starts a workflow accordingly. InternalWorkflow References
Json	Generates JSON files for each provisioning order. ToFile References
LDAP	Exports and fulfills data from/to an LDAP-compliant system. LDAP References
LDIF	Generates CSV source files from an LDIF file. LDIF References
Microsoft Excel	Exports data from an XLSX file. Microsoft Excel References
Microsoft Exchange	Exports data from a Microsoft Exchange instance. Microsoft Exchange References
OData	Exports entities from an OData instance. OData References
OpenLDAP	Exports and fulfills from/to an OpenLDAP directory. OpenLDAP References
PowerShell	Executes PowerShell scripts to generate CSV source files from otherwise unsupported sources. PowerShell References How to Write a Powershell Script How to Fulfill a PowerShell-compliant system via PowerShell
RACF	Exports data from a RACF file. RACF References
Robot Framework	Executes Robot Framework scripts to fulfill data to external systems. Robot Framework References How to Write a Robot Framework Script How to Interact with a Web Page via Robot Framework How to Interact with a GUI application via Robot Framework
SAP	Exports and fulfills data from/to an SAP system. SAP References
SAP ERP 6.0	Exports and fulfills data from/to an SAP ERP 6.0 system. SAP ERP 6.0 References
SCIM	Exports and fulfills data from/to a SCIM-compliant web application. SCIM References How to Export CyberArk Data via SCIM How to Provision Salesforce Users' Profiles via SCIM
ServiceNow Entity Management	Manages ServiceNow entities. ServiceNow Entity Management References
ServiceNow Ticket	Creates tickets in ServiceNow. ServiceNow Ticket References How to Write a Template for a Ticket Connector
SharedFolder	Scans a Windows file directory and exports a list of folders, files, users and their associated permissions. SharedFolder References
SharePoint	Exports a SharePoint's list of objects, users, groups, roles and their relationships. SharePoint References How to Set up SharePoint's Export and Synchronization
SQL	Exports data from various Database Management Systems. SQL References
SQL Server Entitlements	Exports server and database principals from Microsoft SQL Server. SQL Server Entitlements References
Top Secret	Exports the Top Secret (TSS) users and profiles. TSS References
Workday	Exports data from a Workday instance. Workday References