Cloud ConnectorsOpen API

Table of Contents

Configure and Authenticate Cloud Apps

To authenticate the various Cloud Apps, a different set of credentials is required. When you configure authentication for an app, you must set specific values for application and authn-data.

In addition, refer the the following guidelines for configuring and authenticating Cloud Apps.

  • A field value marked as obfuscated indicates that the returning value is not the clear-text that was set, but an indication that the value is returned in an encrypted manner and is not visible further.

    All data is stored encrypted on the backend.

  • Field value marked as options accepts only the following listed values as valid.

  • Field value marked as multiline indicates that the transported value needs to keep its line breaks, or is expected to be a large chunk of text. useful for building client UI forms.

  • All fields are required, unless explicitly marked as optional

The following Cloud Apps require specific authentication configurations:

AWS

application: AWS

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"region",
         "value":"string"
      },
      {
         "name":"access-key",
         "value":"string"
      },
      {
         "name":"secret-key",
         "value":"string. obfuscated"
      }
   ]
}

AWS-MultiTenant

application: AWS-MultiTenant

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"sqs-url",
         "value":"string"
      },
      {
         "name":"sqs-region",
         "value":"string"
      },
      {
         "name":"s3-region",
         "value":"string"
      },
      {
         "name":"access-key",
         "value":"string"
      },
      {
         "name":"secret-key",
         "value":"string. obfuscated"
      }
   ]
}

Azure

application: Azure

authn-data:

{
   "type":"oauth2",
   "fields":[
      {
         "name":"client-id",
         "value":"string"
      },
      {
         "name":"client-secret",
         "value":"string. obfuscated"
      },
      {
         "name":"tenant-id",
         "value":"string"
      }
   ]
}

Box

application: Box

authn-data:

{
   "type":"JWT",
   "fields":[
      {
         "name":"jwt-json",
         "value":"string <JSON>"
      }
   ]
}

Duo

application: DUO

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"API hostname",
         "value":"string"
      },
      {
         "name":"Integration key",
         "value":"string"
      },
      {
         "name":"Secret key",
         "value":"string. obfuscated."
      }
   ]
}

Google Apps

application: Google Apps

authn-data:

{
   "type":"service-account",
   "fields":[
      {
         "name":"service-credentials-json",
         "value":"json object"
      },
      {
         "name":"admin-username",
         "value":"string"
      },
      {
         "name":"api-scopes",
         "value":string, default:https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.rolemanagement,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/apps.alerts
      }
   ]
}

Important

The API scopes MUST be the exact same set of scopes authorized for the service account in Google admin console

Google Cloud Platform (GCP)

application: Google Cloud Platform (GCP)

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"service-credentials-json",
         "value":"string. multiline."
      }
   ]
}

Office 365

application: Office 365

authn-data:

{
   "type":"oauth2",
   "fields":[
      {
         "name":"client-id",
         "value":"string"
      },
      {
         "name":"client-secret",
         "value":"string. obfuscated"
      },
      {
         "name":"tenant-id",
         "value":"string"
      },
      {
         "name":"username",
         "value":"string. optional"
      },
      {
         "name":"password",
         "value":"string. obfuscated. optional"
      }
   ]
}

Office 365 also requires additional authentication data needed for exposed files data.

authn-data:

{
   "name":"certificate",
   "value":"string for certificate (public key) of X.509 certificate"
},
{
   "name":"private-key",
   "value":"string for private key of X.509 certificate"
}

Okta

application: Okta

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"url",
         "value":"string"
      },
      {
         "name":"api-token",
         "value":"string. obfuscated"
      }
   ]
}

OneLogin

application: OneLogin

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"region",
         "value":"string. options"[
            "eu",
            "us"
         ]
      },
      {
         "name":"client-id",
         "value":"string"
      },
      {
         "name":"client-secret",
         "value":"string. obfuscated."
      }
   ]
}

Salesforce

application: "Sales Cloud"

authn-data:

{
   "type":"service-account",
   "fields":[
      {
         "name":"service-credentials-json",
         "value":"JSON object"
      },
      {
         "name":"admin-username",
         "value":"string",
         "username of an admin having permission to view admin activity report"
      },
      {
         "name":"api-scopes",
         "value":"string",
         "scopes list",
         "comma delimited (has default value hence optional)"
      }
   ]
}

ServiceNow

application: ServiceNow

authn-data:

{
   "type":"basic",
   "fields":[
      {
         "name":"hostname",
         "value":"string"
      },
      {
         "name":"username",
         "value":"string"
      },
      {
         "name":"password",
         "value":"string. obfuscated"
      },
      {
         "name":"time-zone",
         "value":"string"
      }
   ]
}

Private Application

application: Private Application

authn-data:

There are two possible authentication sets, depending on the storage method:

For type local-directory:

{
   "type":"basic",
   "fields":[
      {
         "name":"url",
         "value":"string"
      },
      {
         "name":"api-token",
         "value":"string. obfuscated"
      }
   ]
}

For type azure-shared-access-signature:

{
   "type":"azure-shared-access-signature",
   "fields":[
      {
         "name":"application-name",
         "value":"string"
      },
      {
         "name":"shared-access-signature",
         "value":"string. obfuscated"
      }
   ]
}

Custom Application

application: Custom Application

authn-data:

{
   "type":"s3-sqs-authn-type",
   "fields":[
      {
         "name":"access-key",
         "value":"string"
      },
      {
         "name":"secret",
         "value":"string. obfuscated"
      },
      {
         "name":"s3-region",
         "value":"string"
      },
      {
         "name":"sqs-region",
         "value":"string"
      },
      {
         "name":"sqs-url",
         "value":"string"
      },
      {
         "name":"processor",
         "value":"string. options"[
            "Windows Security Events",
            "Duo Events",
            "Pulse VPN Events",
            "Windows Events",
            "Bluecoat Proxy Events"
         ]
      }
   ]
}