Identity propagation store entities represent a connection to an identity store owned by a customer. The connectionUrl attribute captures connection information including credentials, tokens, and store type, which can point to a SCIM or Salesforce store. Store instances may be associated with multiple rule entities, and must not be deleted when referred to by a rule instance.

The examples that follow show common actions to find and manage identity propagation store resources. You need the Environment Admin role to perform operations on identity propagation store entities.

Propagation store base data model

Property Description
description A string that specifies a description for the identity propagation store resource.
environment.id A string that specifies the environment resource’s unique identifier associated with the resource.
id A string that specifies the resource’s unique identifier.
image.id A string that specifies the image ID for the identity store resource.
image.href A string that specifies the URL for the identity store resource image file.
name A string that specifies the name of the identity store. This is a required property.
status A string that specifies the status of the identity store.
syncStatus A string indicating the current state of synchronization with a propagation store or stores. This can be either “Syncing” or “Failed”.
type A string that specifies the type of the identity store and determines the required and acceptable configuration properties. It also determines the acceptable target attribute mappings. This is a required property. Options are scim and Salesforce.
url A string that specifies the identity store’s URL. This is a required property.

Propagation store SCIM data model

Property Description
configuration.freezeAccountOnDeprovisioning A boolean that specifies whether the account is frozen when deprovisioned.
configuration.AUTHENTICATION_METHOD A string that specifies the account authentication method. For example, OAuth 2 Bearer Token, or Basic Authentication.
configuration.SCIM_URL A string that specifies the SCIM URL.
configuration.SCIM_VERSION A string that specifies the SCIM version.
configuration.OAUTH_ACCESS_TOKEN A string that specifies the OAuth access token for account authentication.
configuration.OAUTH_TOKEN_REQUEST A string that specifies the OAuth token request endpoint.
configuration.OAUTH_CLIENT_ID A string that specifies the OAuth client ID.
configuration.OAUTH_CLIENT_SECRET A string that specifies the OAuth client secret.
configuration.BASIC_AUTH_USER A string that specifies the user name for account authentication.
configuration.BASIC_AUTH_PASSWORD A string that specifies the password for account authentication.
configuration.createNewUsers A boolean indicating whether or not users are allowed to be created.
configuration.updateNewUsers A boolean indicating whether or not users are allowed to be updated.
configuration.disableNewUsers A boolean indicating whether or not users are allowed to be disabled.
configuration.REMOVE_ACTION The action to take when removing a user. This can be either “Disable” or “Delete”.
configuration.USERS_RESOURCE A string that specifies the user’s API path.
configuration.GROUPS_RESOURCE A string that specifies the password for account authentication.
configuration.UNIQUE_USER_IDENTIFIER Specifies the unique user identifer to use. This can be either “userName” or “workEmail”.
configuration.USER_FILTER A string that specifies a SCIM filter expression.
configuration.AUTHORIZATION_TYPE A string that specifies the authorization header type.
configuration.GROUP_NAME_SOURCE The source to use for the group name. This can be either “Common Name” or “Distinguished Name”.

Propagation store Salesforce data model

Property Description
configuration.FREEZE_USER_FLAG A boolean that specifies whether the user account is frozen.
configuration.PERMISSION_SET_MANAGEMENT A string that specifies the permission sets to be merged with Salesforce.
configuration.SALESFORCE_DOMAIN A string that specifies the account’s salesforce.com domain.
configuration.CLIENT_ID A string that specifies the Salesforce client ID.
configuration.CLIENT_SECRET A string that specifies the Salesforce client secret.
configuration.ACCOUNT_ID A string that specifies the Salesforce account ID.
configuration.PROFILE_ID A string that specifies the Salesforce profile ID.
configuration.ENABLE_COMMUNITIES A boolean indicating whether or not to enable Salesforce communities.
configuration.OAUTH_ACCESS_TOKEN A string that specifies the access token for account authentication.
configuration.OAUTH_REFRESH_TOKEN A string that specifies the refresh token for account authentication.
configuration.CREATE_NEW_USERS A boolean indicating whether or not users are allowed to be created.
configuration.UPDATE_NEW_USERS A boolean indicating whether or not users are allowed to be updated.
configuration.DISABLE_USERS A boolean indicating whether or not users are allowed to be disabled.
configuration.PROVISION_DISABLED_USERS A boolean indicating whether or not disabled users can be provisioned.

Propagation store SalesforceContacts data model

Property Description
configuration.FREEZE_USER_FLAG A boolean that specifies whether the user account is frozen.
configuration.PERMISSION_SET_MANAGEMENT A string that specifies the permission sets to be merged with Salesforce.
configuration.SALESFORCE_DOMAIN A string that specifies the account’s salesforce.com domain.
configuration.CLIENT_ID A string that specifies the Salesforce client ID.
configuration.CLIENT_SECRET A string that specifies the Salesforce client secret.
configuration.ACCOUNT_ID A string that specifies the Salesforce account ID.
configuration.PROFILE_ID A string that specifies the Salesforce profile ID.
configuration.ENABLE_COMMUNITIES A boolean indicating whether or not to enable Salesforce communities.
configuration.OAUTH_ACCESS_TOKEN A string that specifies the access token for account authentication.
configuration.OAUTH_REFRESH_TOKEN A string that specifies the refresh token for account authentication.
configuration.RECORD_TYPE A string that specifies the type of Salesforce record. This can be “Lead” or “Contact”.
configuration.CREATE_NEW_USERS A boolean indicating whether or not users are allowed to be created.
configuration.UPDATE_NEW_USERS A boolean indicating whether or not users are allowed to be updated.
configuration.DISABLE_USERS A boolean indicating whether or not users are allowed to be disabled.
configuration.PROVISION_DISABLED_USERS A boolean indicating whether or not disabled users can be provisioned.

Propagation store Aquera data model

Property Description
configuration.AUTHENTICATION_METHOD A string that specifies the account authentication method. For example, OAuth Bearer Token, or Basic Auth.
configuration.SCIM_URL A string that specifies the SCIM URL.
configuration.BASIC_AUTH_USER A string that specifies the user name for account authentication.
configuration.BASIC_AUTH_PASSWORD A string that specifies the password for account authentication.
configuration.createNewUsers A boolean indicating whether or not users are allowed to be created.
configuration.updateNewUsers A boolean indicating whether or not users are allowed to be updated.
configuration.disableNewUsers A boolean indicating whether or not users are allowed to be disabled.
configuration.REMOVE_ACTION The action to take when removing a user. This can be either “Disable” or “Delete”.
configuration.GROUP_NAME_SOURCE The source to use for the group name. This can be either “Common Name” or “Distinguished Name”.
configuration.ACCESS_TOKEN A string specifying the access token for account authentication.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
404 The requested resource was not found.