| title | Set up a [Connector Name] connector |
|---|---|
| og:title | Set up a [Connector Name] connector |
| description | C1 provides identity governance and just-in-time provisioning for [App Name]. Integrate your [App Name] instance with C1 to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access. |
| og:description | C1 provides identity governance and just-in-time provisioning for [App Name]. Integrate your [App Name] instance with C1 to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access. |
| sidebarTitle | [Connector Name] |
{/* TIP TO WRITER: Please make the doc file name match the name of the baton repo. The connector name should include the name of the parent company, if relevant. The app name can be a shortened version of the name, if relevant.
Example: baton repo: baton-jira-datacenter doc file name: jira-datacenter connector name: Atlassian Jira Data Center app name: Jira Data Center */}
The [App Name] connector syncs the following resources and supports the following provisioning capabilities:
| Resource | Sync | Provision |
|---|---|---|
| Accounts | ||
| Groups | ||
| Roles | ||
| [Other resources] |
Notes:
- The [App Name] connector supports account provisioning and deprovisioning.
- [Add any special notes about permissions, inheritance, or limitations]
- [Optional] This connector supports secrets syncing. Enable this feature to display secrets on the Inventory page.
[Optional screenshot]
<Frame>
<img src="/images/product/assets/[filename].png" alt="[Descriptive alt text]"/>
</Frame>
<Tip>
[Helpful context or best practice]
</Tip>
<Warning>
The **scope:name** scope is used by C1 when automatically provisioning and deprovisioning access. **If you do not want C1 to perform these tasks, do not give your token this scope.**
</Warning>
5. Click **[Generate/Create]**
6. Copy the [token/secret/credentials] and save it securely. You'll need it in the next section.
<Steps>
<Step>
1. In C1, navigate to **Integrations** > **Connectors** > **Add connector**.
2. Search for **[Connector Name]** and click **Add**.
</Step>
<Step>
Choose how you want to set up your [App Name] app in C1:
- **Add to unmanaged app**: Add this connector to an existing unmanaged app. This option is useful if you've already created an app in C1 for [App Name] and want to add this connector to it.
- **Add to existing managed app**: Add this connector to an existing managed app. This option is useful if you've already set up a connector for [App Name] and want to add another instance.
- **Create new managed app**: Create a new managed app in C1 for this connector. This option is useful if you haven't yet created an app in C1 for [App Name].
</Step>
<Step>
Select the user who will be the owner of the [App Name] app in C1.
</Step>
<Step>
Enter the following information:
- **[Field name]**: [Description of what to enter]
- **[API token/credentials]**: Paste the [token/credentials] you created earlier
- **[Other required fields]**: [Instructions]
**Optional.** Enable **Sync secrets** to display them on the [Inventory page](/product/admin/inventory).
</Step>
<Step>
Click **Save**. C1 will begin syncing data from [App Name].
To verify the sync is working:
1. Navigate to **Integrations** > **Connectors**.
2. Find your [App Name] connector
3. Check that the **Last sync** time is recent and there are no errors
</Step>
</Steps>
**Done.** Your [App Name] connector is now pulling access data into C1.
<Steps>
<Step>
1. In C1, navigate to **Integrations** > **Connectors** > **Add connector**.
2. Search for **[Connector Name]** and click **Add**.
3. Choose how you want to set up your [App Name] app in C1 (see cloud-hosted instructions above for details).
4. Set the app owner.
5. Click **Save**.
6. Make note of the **Client ID** and **Client Secret** that are displayed. You'll need these values in the next step.
</Step>
<Step>
Create two files: one for the connector's secrets and one for the deployment.
**secrets.yaml**
```yaml expandable
apiVersion: v1
kind: Secret
metadata:
name: baton-[connector-name]
namespace: baton
type: Opaque
stringData:
# C1 credentials
BATON_CLIENT_ID: "<C1 client ID>"
BATON_CLIENT_SECRET: "<C1 client secret>"
# [App Name] credentials
BATON_[APP]_[CREDENTIAL_NAME]: "<Your [App Name] [token/credentials]>"
# Add other required credentials here
```
**deployment.yaml**
```yaml expandable
apiVersion: apps/v1
kind: Deployment
metadata:
name: baton-[connector-name]
namespace: baton
labels:
app: baton-[connector-name]
spec:
replicas: 1
selector:
matchLabels:
app: baton-[connector-name]
template:
metadata:
labels:
app: baton-[connector-name]
spec:
containers:
- name: baton-[connector-name]
image: ghcr.io/conductorone/baton-[connector-name]:latest
args:
- "--client-id"
- "$(BATON_CLIENT_ID)"
- "--client-secret"
- "$(BATON_CLIENT_SECRET)"
# Add connector-specific arguments here
# Example: - "--[app]-domain"
# Example: - "$(BATON_[APP]_DOMAIN)"
env:
- name: BATON_CLIENT_ID
valueFrom:
secretKeyRef:
name: baton-[connector-name]
key: BATON_CLIENT_ID
- name: BATON_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: baton-[connector-name]
key: BATON_CLIENT_SECRET
- name: BATON_[APP]_[CREDENTIAL_NAME]
valueFrom:
secretKeyRef:
name: baton-[connector-name]
key: BATON_[APP]_[CREDENTIAL_NAME]
# Add other environment variables here
resources:
limits:
memory: "256Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "250m"
```
</Step>
<Step>
Apply the configuration files to your Kubernetes cluster:
```bash
kubectl apply -f secrets.yaml
kubectl apply -f deployment.yaml
```
Verify the deployment:
```bash
kubectl get pods -n baton
kubectl logs -n baton -l app=baton-[connector-name]
```
</Step>
</Steps>
**Done.** Your [App Name] connector is now pulling access data into C1.