Beisen HR System as an Identity Source

Overview

IDaaS supports enterprises to import user and organizational information into the IDaaS platform through various identity source channels. This article will introduce how to configure the Beisen HR System identity source in the IDaaS platform to achieve synchronization of organizational and user data.

Prerequisites

• Have administrator permissions for the Beisen Open Platform.
• Have administrator permissions for the IDaaS Enterprise Center platform.

Configuration Flow

Steps

Create a Connector on the Beisen Open Platform

1. Log in to the Beisen Open Platform (opens new window), enter the administrator backend, select "My Connectors > Create Connector", fill in the connector name and description, and click "Confirm" after setup.

   

2. Click to enter the details page of the newly created connector and add connector interface permissions.

   • User: Paginated query of changed employee information based on modification time window
     • Interface URL: openapi.italent.cn/TenantBasePublicApiV2/v2/employee/timewindow/search (opens new window)
   • Organization: Query the list of subordinate organizational units for a specified organization
     • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/Organization/GetSubOrganizations (opens new window)
   • Position: Scroll query of changed position information based on time window
     • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/Position/GetByTimeWindow (opens new window)
   • Job Post: Scroll query of changed job post information based on time window
     • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/JobPost/GetByTimeWindow (opens new window)

3. After configuration is complete, obtain and save the Key and Secret.

   

Configure Beisen Identity Source in IDaaS

1. Log in to the IDaaS Enterprise Center platform, select "Users > Identity Source Management" in the top navigation bar, click "Add Identity Source" and choose the "Beisen HR" identity source.

   

2. Customize the identity source name, fill in parameters such as Key, Secret, Beisen HR Root Department ID according to the interface prompts, and click "Confirm" to save after setup.

3. Enter the details page of the newly added identity source to view and update the "Basic Configuration" of the Beisen HR identity source, including connection parameters and synchronization mechanism.

   

4. Switch to the "Advanced Configuration" tab. It is recommended to keep the defaults or fill in according to actual needs.

   

   Parameter	Description
   Select Root Org	Import data from the identity source into this organization; default is fine.
   Org Matching Policy	Mapping relationship for importing organizations from Beisen identity source to IDaaS; default is fine.
   Create Organization	Default is to check "Yes" for creating and updating organizations.
   Delete Organization	Default is to retain the organization (i.e., organization deleted in Beisen HR is retained in IDaaS). Also supports disabling or deleting the organization.
   User Matching Policy	Mapping relationship for importing users from Beisen identity source to IDaaS; default is fine.
   Create User	Default is to check "Yes" for creating and updating users.
   Delete User	Default is to disable the user (i.e., user deleted in Beisen HR is disabled in IDaaS). Also supports retaining or deleting the user.
   Security Threshold Adjustment	Set the maximum threshold percentage for changes such as user deletion/organization deletion/organization hierarchy changes when they occur in the upstream identity source. Threshold = (Difference between platform recycled data and this round's recycled data / Recycled data) * 100%. When the upstream identity source application disables/deletes data exceeding the set threshold, the platform will not perform the disable/delete operation upon receiving the instruction.

5. After configuration is complete, switch to the "Object Model" tab and select "Property Definition". You can add properties for organizations and users from the Beisen HR system according to the actual project requirements. You can add predefined properties or create custom properties based on your own system.

   

6. Custom properties can be added for user objects. Please configure the correct properties based on the fields returned by the Beisen HR Paginated Query for Changed Employee Information Interface (opens new window). For properties under BasicInfos and ServiceInfos, directly enter the field name.

7. Custom properties can be added for organization objects. Please configure the correct properties based on the fields returned by the Beisen HR Query Subordinate Organization Unit List for a Specified Organization Interface (opens new window). For object properties, use English period (.) for concatenation. For example: url, address, customProperties.extBrand_605801_1638480538

:::

6. After configuration is complete, switch to the "Object Model" tab and select "Mapping Definition". Configure mapping relationships between the properties of organizations and users in the Beisen HR system and the properties of organizations and users in IDaaS according to the actual project requirements.

   The object model supports mapping and matching the properties of users and organizations from the Beisen HR identity source with the properties of users and organizations in IDaaS. After configuration, user and organization properties can be retrieved from Beisen HR and synchronized to the corresponding user and organization properties in IDaaS.

• Execution Mode: Sets under which circumstances the property needs to be mapped.
  • No Mapping: This property will not be synchronized to IDaaS.
  • Create: The property is only synchronized during creation.
  • Update: The property is only synchronized during updates.
  • Create and Update: The property is synchronized during both creation and updates.
• Conversion Mode: Sets the method for property mapping.
  • Automatic Conversion: Synchronizes the value as-is from the identity source.
  • Script Conversion: Use this method to transform values from the identity source if they do not meet the required format. Refer to Script Mapping Methods.

7. After configuration is complete, click "Execute Sync" to immediately perform the synchronization operation.

If the synchronization mechanism in the basic configuration is set to scheduled synchronization, manual execution of synchronization tasks is not required here.

8. After execution is complete, switch to the "Sync Events" page to view all synchronization tasks for this identity source. Click "Details" under the "Operation" column of a sync task to view the import results, or check the imported data on the "Users > Users & Organizations" page.
9. If real-time retrieval of Beisen user data is needed, please complete the configuration as follows:
   (1) Enable real-time callback in the basic configuration within the Beisen identity source. (2) After enabling real-time callback, copy the callback URL displayed on the page and provide it to the Beisen administrator for configuring the weHook connection method on the Beisen side. (Note: This URL currently needs to be configured by contacting Beisen customer service, and configuration for this address is only performed at 8 PM every Friday). Then, obtain the signature token and encryption EncodingAESKey configuration from Beisen staff and configure them in the Beisen identity source. (3) Enable relevant interface permissions in Beisen

• User: Get non-deleted employee information based on a collection of employee UserIDs
  • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/Employee/GetBasicInfoByIds (opens new window)
• User: Get employment record information meeting specified conditions based on a collection of employee UserIDs
  • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/Employee/GetServiceInfoByIds (opens new window)
• Organization: Get organization information based on a collection of organization OIds
  • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/Organization/GetByIds (opens new window)
• Position: Get position information based on a collection of position OIds
  • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/Position/GetByOIds (opens new window)
• Job Post: Get job post information by Job Post OID
  • Interface URL: openapi.italent.cn/TenantBaseExternal/api/v5/JobPost/GetByOIds (opens new window)

Reclaiming Job Assignment Data from Beisen IDaaS Identity Source

1. Enable job assignment management on the system side. For specific operations, refer to Managing User Job Assignment Information.

2. Enable job assignment information reclamation within the Beisen identity source object model.

   • After enabling, default data for the object models of positions, job titles, and assignment relationships will be added.
     • Once enabled, it cannot be disabled.
     • The object models for positions and job titles do not support customization; they default to reclaiming the name and code from Beisen.
     • The assignment relationship object model supports customization, allowing configuration of the relevant data to be reclaimed as needed.

   

   

   • When data is reclaimed again, the position, job title, and user assignment information data from the upstream Beisen system will be reclaimed to the IDaaS platform. You can view the reclaimed data content in the reclamation details.