• The Smart ID version must include SCIM export (applicable for versions from 22.04.x and later).

1. Read the official documentation. 
2. Target URL: Enter /api/events.
3. Username and Password: This part is optional. The credentials can be verified by Identity Manager Operator if the idm-operator.test-connection.enabled flag is defined as true in the config/idm-operator.yaml file. 
4. Format: Make sure to select JSON.
5. Select the events you want to subscribe to.

The Workspace One connector is a Spring Boot application that uses the .yaml format within its configuration files.

The "idm-operator.payload.routing" section defines how to route an event from the Workspace One to the Identity Manager Operator API endpoint URL. This URL consists of parameters that need to be adapted according to your configuration (for example, the process definition key, task ID, tenant ID, etc.)

Configure the routing in the config/idm-operator.yaml file.

The actual export and provisioning of certificates to the VMWare Escrow Gateway is configured via SCIM export in Smart ID Identity Manager. The SCIM export definition will be used to send the certificates to the Workspace One connector, which will forward them to the Escrow Gateway.

1. Configure the "escrow-gateway" section in config/escrow-gateway.yaml in the Workspace One connector.

2. Log in to Identity Manager Admin and open Export Definitions. You can create a new pre-defined export definition for Workspace One if it is not configured already. For more information, see Set up data export to external data source from Identity Manager.
3. Make sure that the SCIM export definition includes these properties:
   • the Connection string must end with "/api/scim/v2"
   • the Resource must be "/Certificates"
4. Configure the Certificates section to set up the mutual TLS between the connector and Identity Manager Operator.

5. Set up the field mappings of the SCIM export, see this example:
   

   Internal field	External field
   ${deviceUuid}	device_uuid
   ${userUuid}	user_uuid
   ${signingCertData}	smime_certificates.signing[0].pkcs12
   ${signingCertPassword}	smime_certificates.signing[0].password
   ${encryptionCertData}	smime_certificates.encryption[0].pkcs12
   ${encryptionCertPassword}	smime_certificates.encryption[0].password

This is an example of the result after field mapping:

{
  "device_uuid": "cbe7ecc8-45c5-4156-b212-c563209c2839",
  "user_uuid": "3780e878-6955-4d2b-af96-c60837d7cb77",
  "smime_certificates": {
    "signing": [
      {
        "pkcs12": "p12 encoded in base64",
        "password": "w9TDX3WE"
      }
    ],
    "encryption": [
      {
        "pkcs12": "p12 encoded in base64",
        "password": "79iUnpCK"
      }
    ],
    "archived": [
      {
        "pkcs12": "p12 encoded in base64",
        "password": "kwGcDX0K"
      }
    ]
  }
}

Docker

1. Open the environment file <SMARTIDHOME>/compose/smartid.env for editing. 

2. Set the properties for the following three variables to fit your deployment:
   
   

   PRIME_CONNECTORS_VERSION=2303.0.0
   # -- Workspace One connector properties
   WORKSPACE_ONE_CONNECTOR_PORT=7076
   WORKSPACE_ONE_CONNECTOR_CERT_RESOLVER=le
   WORKSPACE_ONE_CONNECTOR_PREFIX=workspace-one-connector

3. Update the docker/compose/identitymanager/workspace-one-connector/docker-compose.yml

Tomcat (stand-alone)

1. Adapt the config files in the WEB-INF/classes/config folder.