New directory connector: Admin Console

[adorton-adobe]

We need a new directory connector that treats the Admin Console as an identity source. The primary use case for this is for customers that user Azure or Google sync to populate users to a console that owns one or more console directories, that has trust relationships with one or more secondary consoles.

Azure an Google can currently only sync to the primary console. The Sync Tool is needed to automate user sync between that console any any trusted console.

This new connector, which we're calling the Adobe Console Connector, will query users from a defined Admin Console instance and sync users to one or more other consoles.

Module

user_sync.connector.directory_adobe_console.py

Connector Name

adobe_console

CLI Enablement

--connector adobe_console

Config to Specify Connector (in user-sync-config.yml)

directory_users:
    connectors:
        # ldap: ...
        # okta: ...
        # csv: ...
        adobe_console: connector-adobe-console.yml

Invocation default

invocation_defaults:
    connector: adobe_console

connector-adobe-console.yml Example

server:
  #host: usermanagement.adobe.io
  #endpoint: /v2/usermanagement
  #ims_host: ims-na1.adobelogin.com
  #ims_endpoint_jwt: /ims/exchange/jwt
  #timeout: 120
  #retries: 3

integration:
  org_id: "Org ID goes here"
  api_key: "API key goes here"
  client_secret: "Client secret goes here"
  tech_acct: "Tech account ID goes here"
  priv_key_path: "private.key"

identity_type_filter: all