Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tools4everbv/helloid-conn-prov-target-blacklist-sql

Blacklist - Target (SQL)
https://github.com/tools4everbv/helloid-conn-prov-target-blacklist-sql

blacklist database db powershell provisioning sql target

Last synced: 3 days ago
JSON representation

Blacklist - Target (SQL)

Host: GitHub
URL: https://github.com/tools4everbv/helloid-conn-prov-target-blacklist-sql
Owner: Tools4everBV
Created: 2023-11-15T10:55:48.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-11-28T12:58:37.000Z (about 1 month ago)
Last Synced: 2024-11-28T13:34:00.408Z (about 1 month ago)
Topics: blacklist, database, db, powershell, provisioning, sql, target
Language: PowerShell
Homepage:
Size: 194 KB
Stars: 1
Watchers: 5
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # HelloID-Conn-Prov-Target-Blacklist-SQL

Repository for HelloID Provisioning Target Connector to SQL Blacklist









> [!IMPORTANT]

> This repository contains the connector and configuration code only. The implementer is responsible to acquire the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.



  



## Table of Contents

- [HelloID-Conn-Prov-Target-Blacklist-SQL](#helloid-conn-prov-target-blacklist-sql)

  - [Table of Contents](#table-of-contents)

  - [Introduction](#introduction)

  - [Requirements](#requirements)

  - [Repository contents](#repository-contents)

  - [Connection settings](#connection-settings)

  - [Correlation configuration](#correlation-configuration)

  - [Settings in AD uniqueness script](#settings-in-ad-uniqueness-script)

  - [Remarks](#remarks)

  - [Getting help](#getting-help)

  - [HelloID docs](#helloid-docs)

## Introduction

This connector allows for the storage of attribute values that must remain unique, such as SamAccountName and/or UserPrincipalName, in a blacklist database. When a new account is created, this database is checked alongside the primary target system to verify the uniqueness of these account attributes.

## Requirements

- HelloID Provisioning agent (cloud or on-prem).

- Available MSSQL database (External server or local SQL(express) instance).

- SQL database setup containing a table created with the query in the createTableBlacklist.sql file.

- Rights to database for the agent's service account or use a SQL-authenticated account.

- (Optional) Database table is filled with the current AD data.

## Repository contents

The HelloID connector consists of the template scripts shown in the following table.

| Action                            | Action(s) Performed                             | Comment                                                                                                                                                                   |

| --------------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

| create.ps1 | Write account data to SQL DB table             | Uses account data from another system |

| create.ps1 | Write account data to SQL DB table             | Uses account data from another system |

| delete.ps1 | Write whenDeleted date to SQL DB table         | Uses account data from another system. Can also be used as an update script |

| configuration.json | Default configuration file             ||

| fieldMapping.json | Default field mapping file              ||

| checkOnExternalSystemsAd.ps1        | Check mapped fields against the SQL database              | This is configured in the built-in Active Directory connector |

| createTableBlacklist.sql        | Script to create the SQL table in the SQL database              |Run this within the SQL Management Studio|

| /GenerateUniqueData/example.create.ps1     | Generate unique value and write to SQL DB table | Checks the current data in SQL and generates a value that doesn't exist yet. Use this when generating a random number and use this as input for your AD or Azure AD system. Please be aware this is an example build for the legacy PowerShell connector.  |

## Connection settings

The following settings are required to connect to SQL DB.

| Setting           | Description                                                                  | Mandatory |

| ----------------- | ---------------------------------------------------------------------------- | --------- |

| Connection string | String value of the connection string used to connect to the SQL database    | Yes       |

| Table             | String value of the table name in which the blacklist values reside          | Yes       |

| Username          | String value of the username of the SQL user to use in the connection string | No        |

| Password          | String value of the password of the SQL user to use in the connection string | No        |

## Correlation configuration

The correlation configuration is not used or required in this connector

## Settings in AD uniqueness script

The following settings can and should be set in the AD uniqueness script

| Setting           | Description                                                            | Default value |

| ----------------- | ---------------------------------------------------------------------- | ---------------------------------------- |

| $attributeNames   | Array list of the attributes to check                                  | @('SamAccountName', 'UserPrincipalName') |

| $syncIterations   | Raise iteration of all configured fields when one is not unique        | $true |

| $syncIterationsAttributeNames   | Array list of the extra attributes to return when at least one attribute is not unique. Usually mirrors the AD field mapping configuration. Only active when $syncIterations = $true   | @('SamAccountName', 'UserPrincipalName','commonName', 'mail',"proxyAddresses") |

| $excludeSelf      | Exclude the records bound to the externalId of the user from the query | $true |

## Remarks

- This connector is designed to connect to an MS-SQL DB. Optionally you can also configure this to use another DB, such as SQLite or Oracle. However, the connector currently isn't designed for this and requires additional configuration.

- Make sure the attribute names in the mapping correspond with the attribute names in the primary source system.

- If updating the values is not required, the account update script can be omitted. Ensure that the mapping is updated accordingly.

- The mapping field employeeId should only be configured to the create & update event.

- The mapping field whenDeleted should only be mapped to the delete event.

## Getting help

> [!TIP]

> _For more information on how to configure a HelloID PowerShell connector, please refer to our [documentation](https://docs.helloid.com/en/provisioning/target-systems/powershell-v2-target-systems.html) pages_.

> [!TIP]

> _If you need help, feel free to ask questions on our [forum](https://forum.helloid.com)_.

## HelloID docs

The official HelloID documentation can be found at: https://docs.helloid.com/.