Skip to main content

Configuring Google Sheet

Attribute Sync Direction

While adding attribute in json file, you can choose which direction your data flows for every attribute in IDHub.

Use function syncDirection for every attribute to choose their data flow directions.

Possible values are as follows:

'bi-directional': 'Bidirectional Synchronization',
'idhub-to-app': 'Sync IDHub to Application only',
'app-to-idhub': 'Sync Application to IDHub only',
'no-sync': 'No Synchronization'

Based on attribute functions we recommend directions. See below:

  • RBAC (Role based Access Control) : app-to-idhub or bi-directional
  • Reporting and not sensitive : bi-directional
  • Modify functions in target system and RBAC : idhub-to-app
  • Only for display : no-sync
  • Sensitive Attribute not used for audit/ reporting : Do not add attribute

Field Mapping

Another function in the json is to match a specific IDHub field with the target system attribute.

Use function idhubFieldName and add from IDHub field list to match the fields.

info

List of IDHub fields can be viewed in your IDHub instance in Admin Settings page in Admin Module. Target System fields can be matched with custom added IDHub field as well.

Example
{
  "name": "userLogin",
  "multiValued": false,
  "description": "login for the user.",
  "idhubFieldName": "login",
  "mutability": "readOnly",
  "returned": "always",
  "isVisible": true,
  "uniqueness": "server",
  "syncDirection": "app-to-idhub",
  "type": "string"
}

Here target system attribute userLogin is mapped with IDHub attribute login.

Unique Field

Every target system provides at-least one unique attribute to distinguish their accounts. To mark that attribute as unique account name (In case multiple unique keys are present and you do not wish for IDHub to fetch all unique keys and mark only one as account name) use function uniqueness and value can be server or global

note

Reconciliation will fail if more than one attribute is added as unique.

For Google Sheet, below are some of the attributes among others that can be unique account name.

  • userLogin - Recommended
  • email
  • employeeId

Reconciliation Key

Possible unique reconciliation key to match account in Google Sheet with User in IDHub are as follows:

  • email (Google Sheet) with email (IDHub) - Recommended
  • userLogin (Google Sheet) with login (IDHub)
  • employeeId (Google Sheet) with employeeNumber (IDHub)

Use function

  • isRecon and mark as true AND
  • mutability and mark as immutable

Both functions need to be added to the attribute to mark it as a reconciliation key.

Example : Below is a Email attribute which is marked as Reconciliation key.
{
"name": "email",
"description": "User's email address.",
"multiValued": false,
"mutability": "immutable",
"required": true,
"isRecon": true,
"idhubFieldName": "email",
"syncDirection": "bi-directional",
"type": "string"
}

More than one attribute can be used as reconciliation key. It is used to match IDHub users with accounts and combination of reconciliation keys will be used to match the account.