Connector Configuration

Slack Configuration

Slack Instance Settings

Configuration Options required to establish a connection to the target Slack instance.

Name Description

Workspace URL

Workspace URL for targeting Slack Instance.

Access Token

Access Token for targeting Slack instance.

Use Proxy

Flag to connect to Slack via a proxy.

Use Proxy Authentication

Flag to connect to proxy with authentication.

Proxy URL

URL for targeting Proxy.

Proxy Username

Username of the authenticating user against proxy.

Proxy Password

Password of the authenticating user against proxy.

Slack Connection Settings

Configuration options for fine-tuning the Http connection parameters.

Name Description

Max Requests per Second

Maximum amount of requests per second.

Configure Max Message Age

Flag to configure maximum age of messages in days.

Max Message Age in Days

Maximum message age in number of days. The reference point for this timeframe is the start of a traversal.

Request Timeout in Milliseconds

Timeout of requests to Slack.

Socket Timeout in Milliseconds

Timeout of the socket connected to Slack.

Max Retries

Maximum number of retries for a request.

Slack Pagination Settings

Configuration options for paginated API requests.

Name Description

Max Page Limit of Channels

Maximum number of channels requested with a single call.

Max Page Limit of Messages

Maximum number of messages requested with a single call.

Slack Message Filter Settings

Configuration options for applying include/exclude list filter on Slack Message subtypes.

Name Description

Subtype Include List

List for including messages based on Slack Message subtypes. Only subtypes in this list are processed by the connector if the list is not empty.

Subtype Exclude List

List for excluding messages based on Slack Message subtypes. All subtypes configured in this list will not be processed by the connector.

Slack Channel Filter Settings

Configuration options for applying include/exclude list filter on Slack Channels.

Name Description

Channel Include List

List for including channels based on Slack Channel Ids. Only channels in this list are processed by the connector if the list is not empty.

Channel Exclude List

List for excluding channels based on Slack Channel Ids. All channels configured in this list will not be processed by the connector.

Google Cloud Search Configuration

Account Settings

Configuration Options to specify the service account settings.

Name Property Key Description

Account E-Mail Address for Lookup

raytion.connector.backend
.google-cloud-search
.connection.accountEMail

The E-Mail Address of the user to impersonate. It is used in the principal sync to check if users exist before feeding them to Google Cloud Search. This is not the service account.

Datasource Settings

Configuration Options related to the target Google Cloud Search Datasource. The connector will send any search items to the configured datasource.

Name Property Key Description

Datasource ID

raytion.connector.backend
.google-cloud-search
.datasource.id

The ID of the Google Cloud Search Datasource to index the items to. The IDs can be inspected at admin.google.com.

Default Object Type

raytion.connector.backend
.google-cloud-search
.datasource.objectType

If a document has no meta date objectType set, the value from here is used. The object type specifies which schema object definition, registered for the specified datasource, is used.

Identity Source Settings

Configuration Options related to the target Google Cloud Search Identity Source. The connector will feed the principals to the configured Identity Source.

Name Property Key Description

Identity Source ID

raytion.connector.backend
.google-cloud-search
.identitysource.id

The ID of the Google Cloud Search Identity Source to synchronize the external source system principals. The IDs can be inspected at admin.google.com.

Encoding Settings

Configuration Options to specify encoding settings for indexing items.

Name Property Key Description

Group Encoding Scheme

raytion.connector.backend
.google-cloud-search
.encoding
.groupEncodingScheme

When groups were indexed into the Identity Source using GCDS, their IDs are encoded with Base16 or Base64. When the connector is handling groups it also has to encode group IDs in the correct scheme for the connector to work correctly.

HTTP Settings

Configuration Options related to the HTTP connections to Google Cloud Search.

Name Property Key Description

Max Connections (Content)

raytion.connector.backend
.google-cloud-search
.http.maxConnectionsContent

Maximum number of connections to the Google Cloud Search Content Service.

Max Connections (Security)

raytion.connector.backend
.google-cloud-search
.http.maxConnectionsSecurity

Maximum number of connections to the Google Cloud Search Security Service.

Connect Timeout

raytion.connector.backend
.google-cloud-search
.http.connectTimeout

Timeout to establish a connection.

Read Timeout

raytion.connector.backend
.google-cloud-search
.http.readTimeout

Timeout to read data from an established connection.

Use Proxy

raytion.connector.backend
.google-cloud-search
.connection.useProxy

Flag to connect to Google Cloud Search via a proxy.

Use Proxy Authentication

raytion.connector.backend
.google-cloud-search
.connection.proxy
.useProxyAuthentication

Flag to connect to proxy with authentication.

Proxy URL

raytion.connector.backend
.google-cloud-search
.connection.proxy.baseUrl

URL for targeting Proxy.

Proxy Username

raytion.connector.backend
.google-cloud-search
.connection.proxy.username

Username of the authenticating user against proxy.

Proxy Password

raytion.connector.backend
.google-cloud-search
.connection.proxy.password

Password of the authenticating user against proxy.

Request Settings

Configuration Options related to sending synchronous/asynchronous requests to Google Cloud Search.

Name Property Key Description

Request Mode

raytion.connector.backend
.google-cloud-search
.request.mode

Mode of item requests against Google Cloud Search (Synchronous or Asynchronous)

Request Timeout

raytion.connector.backend
.google-cloud-search
.request.timeout

Timeout of synchronous requests against Google Cloud Search.

Request Period

raytion.connector.backend
.google-cloud-search
.request.period

Time Period in which asynchronous requests against Google Cloud Search should be checked for a response.

Request Workers

raytion.connector.backend
.google-cloud-search
.request.workers

Maximum number of workers requesting the callback for asynchronous requests.

Rate Limit Settings

Configuration Options related to rate limiting to reduce network traffic.

Name Property Key Description

Max Queries Per Second (Content)

raytion.connector.backend
.google-cloud-search
.ratelimit
.maxQueriesPerSecondContent

Maximum number of queries per second to the Google Cloud Search Content Service.

Max Queries Per Second (Security)

raytion.connector.backend
.google-cloud-search
.ratelimit
.maxQueriesPerSecondSecurity

Maximum number of queries per second to the Google Cloud Search Security Service.

Retry Settings

Configuration Options related to the retry mechanism of requests against Google Cloud Search.

Name Property Key Description

Max Retries

raytion.connector.backend
.google-cloud-search
.retry.maxRetries

Maximum number of retries for a request.

Initial Waiting Time

raytion.connector.backend
.google-cloud-search
.retry.initialWaitingTime

Initial Waiting Time for the response of a request.

Delay Factor

raytion.connector.backend
.google-cloud-search
.retry.delayFactor

Factor multiplied to the delay after each failed retry.

Feeding Settings

Configuration Options related to feeding (indexing) items and principals.

Name Property Key Description

Feed only existing GCS Users

raytion.connector.backend
.google-cloud-search
.feeding
.feedOnlyExistingUsers

Flag to indicate if only users who exist in Google Cloud Search should be fed. If a user does not exist and this flag is active then the membership of the user to a group is just not fed. The ACE of an item containing the user is dropped if the user does not exist and this flag is active.

Cache Settings

Name Property Key Description

Maximum Cache Size

raytion.connector.backend
.google-cloud-search
.cache.maxCacheSize

Maximum number of entries in the Cache which stores mappings of principal IDs to GCS resource names.

General Configuration

Database Configuration

Name Property Key Description

URL

spring.datasource.url

JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: jdbc:postgresql:<host>:<port>/<database>

Username

spring.datasource.username

Database Username to read and write to database.

Password

spring.datasource.password

Database Password for the specified user

Traversal Configuration

Name Property Key Description

Traversal History Length

raytion.connector.agent.traversal
.store.historyLength

Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100)

Number of Traversal Workers

raytion.connector.agent.traversal
.workers.worker

Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10)

Traversal Job Poll Interval

raytion.connector.agent.traversal
.workers.jobPollInterval

Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms)

Completion Timeout

raytion.connector.agent.traversal
.workers.completionTimeout

If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m)

Principal Aliaser Configuration

Principal Aliasing is applied on user information as part of Content ACL processing during Content Synchronization and Principal processing during Principal Synchronization. It’s purpose is to map external source system user to the corresponding user in search engines domain. You can configure a list of aliasers in the connector which will be applied in sequence and in order on user ACEs and user principals. The Connector supports following custom aliasing mechanism.

Custom Aliaser Disabled

If the Custom Aliaser checkbox is not selected, the connector will process user information on ACE and user principals unchanged to Search Engine. If all relevant users in the source system can be found with the same identifier in the search engine, this setup is sufficient to reflect the same secure search experience in the search engine as defined by the policy in the source system. The connector uses this option as default to process user information.

Custom Aliaser Enabled

If custom aliasing is enable then there are four types of aliaser avaialble:

Simple XML Table Aliaser

Static mapping table which can be uploaded as XML file. The connector uses the uploaded file as lookup table to map a user in the source system to a user in the search engine. Users missing a record in the file will be dropped from the ACE and during Principal Synchronization. This option is only recommended for environment with a manageable amount of users as for each user the corresponding mapping entry needs to be specified in the file.

Name Description

XML Mapping File

Browse and upload or drag and drop.

Sample XML mapping file:

<?xml version="1.0" encoding="UTF-8"?>
<storeddata>
    <entry keyValue="user1">user1@raytion.com</entry>
    <entry keyValue="user2">user2@raytion.com</entry>
    <entry keyValue="user3">user3@raytion.com</entry>
</storeddata>
Regex Replacer Aliaser

Regex Replacer Aliaser computes aliases based on a regular expression. Principals that match the regular expression are replaced by the Substitution String.

Name Property Key Description

Pattern

raytion.connector.aliaser.aliasers[*]
.replacer.pattern

The regular expression to match, this is the part that will be replaced. If braces (…​) are used in the pattern then the matched value can be retrieved using $1

Substitute String

raytion.connector.aliaser.aliasers[*]
.replacer.substituteString

String to replace the matching part of the find string. Matched value is accessed by employing $1
Regex Extractor Aliaser

Regex Extractor Aliaser computes aliases based on a regular expression. Principals that match the regular expression are inserted into the Insert-Into String.

Name PropertyKey Description

Pattern

raytion.connector.aliaser.aliasers[*]
.extractor.pattern

The regular expression to match, this is the part that will be inserted into the new value. If braces (…​) are used in the pattern then the matched value can be retrieved using $$

Insert-Into String

raytion.connector.aliaser.aliasers[*]
.extractor.insertIntoString

String to replace the matching part of the pattern. Matched value is accessed by employing $$
LDAP Aliaser

Ldap Aliaser searches for an LDAP entry with the requested name in the input value and returns the specified output attribute.

Name Property Key Description

Host

raytion.connector.aliaser.aliasers[*]
.ldap.host

Fully Qualified Domain Name of an LDAP server

Port

raytion.connector.aliaser.aliasers[*]
.ldap.port

Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL

AccountDN

raytion.connector.aliaser.aliasers[*]
.ldap.bindAccountDN

AccountDN for bind to LDAP

Password

raytion.connector.aliaser.aliasers[*]
.ldap.password

Password part of credentials

Input Field

raytion.connector.aliaser.aliasers[*]
.ldap.inputField

The Active Directory attribute name for this equality filter

Search Root DN

raytion.connector.aliaser.aliasers[*]
.ldap.baseDN

Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree

Output Field

raytion.connector.aliaser.aliasers[*]
.ldap.outputField

Attribute that should be returned in result entries