Configuration Parameters

The following lists the configuration parameters of SAP BTP Cockpit Cloud Foundry connector:

Note
Attributes marked with an asterisk (*) are mandatory.

SAP BTP Cockpit Cloud Foundry Connection Settings

The desired BTP layer for identity management. For example, Global Account/ Directory/ Sub-Account

The Host URL(API URL) of SAP BTP Cockpit.

The Token URL depending upon the selected Account type.

By default the Authentication Type is Oauth2.0.

By default the Grant Type is Client Credentials.

The Client ID depending on the selected Account type.

The Client Secret depending on the selected Account type.

Note
For proper entitlement mapping and provisioning of platform users in organizations and spaces, ensure that the Cloud Foundry Organization details are correctly mapped to the associated Subaccount.

To configure organization & spaces for platform users, ensure the Account Type is selected as Subaccount. And then, complete the following: 

Enables the configuration of additional details for managing Org and Spaces for Platform Users.

When enabled, it allows you to specify the necessary information to connect and manage the Cloud Foundry Org and Spaces associated with the Subaccount.

The host URL (API URL) of the Cloud Foundry Org.

The URL of the User Account and Authentication (UAA) server for the selected Cloud Foundry Org. The UAA Token URL is used to obtain authentication tokens required for accessing the Cloud Foundry API.

The name of the Cloud Foundry Org that is associated with the correct Subaccount. This name should match the actual Org name in the Cloud Foundry environment.

The unique identifier (ID) of the Cloud Foundry Org associated with the correct Subaccount. The Org ID is used to establish the connection between the Subaccount and the corresponding Cloud Foundry Org.

The authentication type to be used for authenticating the Cloud Foundry REST APIs. The default authentication type is Oauth2.0.

The grant type to be used for authenticating the Cloud Foundry REST APIs. The default grant type is password.

The username of the S-user who has the necessary permissions to manage organizations and spaces.

This user should have the required roles and privileges to perform the desired actions within the Cloud Foundry environment. For more information, refer to Required Permissions.

The password associated with the S-user mentioned in the Username field.

Settings

This option allows you to control the behavior of user deletion from the associated Cloud Foundry Organization and Space during an update operation. When selected, if a user's last entitlement is revoked during an update, they will be automatically removed from the respective Org and Space.

This ensures that users who no longer have any entitlements associated with them are removed from the Org and Space, maintaining consistency between the entitlements and user memberships.

Caution
Selecting this setting will result in the automatic deletion of users from the Cloud Foundry Organization and Space based on their entitlement changes. Ensure that this behavior aligns with your organization’s policies and requirements for user management.

Page Size Settings

The number of records to aggregate in a single page when iterating over large datasets. You can set it from 10 to 500. The default is 100 records.

Filter Settings

Enter the query expressions for filtering users based on status or parameters before they are aggregated on the SailPoint platform. For example,

userName sw "A" or active eq true

Note
For multiple and complex query expression, you can use AND and OR.

Supported Operator

Definition

eq Equal to

co

Contains
ge Greater than or equal
sw Starts with
gt Greater than

pr

Present or has a value

le

Less than or equal

lt Less than
and Returns a match only if both expressions evaluate to true
or Returns a match if either expression evaluates to true

For more information on supported user search attributes, refer to User Search Attributes.