Documentation

Connector Quick Start

Get started with TigerIdentity connectors in minutes. Follow this guide to configure and deploy your first connector.

Connectors enable TigerIdentity to sync identity data from external sources like identity providers, cloud platforms, and SaaS applications. This guide walks you through the process of setting up your first connector.

Getting Started

Choose Your Connector

Select the connector type that matches your identity source. TigerIdentity supports 50+ connectors including identity providers, cloud platforms, and custom integrations.

View available connectors:

tiger connector list

Configure the Connector

Create a configuration file for your connector. Here's an example for Okta:

# okta-connector.yaml
name: okta-production
type: okta
enabled: true

config:
  domain: your-company.okta.com
  apiToken: ${OKTA_API_TOKEN}

  sync:
    mode: webhook
    interval: 5m
    resources:
      - users
      - groups
      - applications

  mapping:
    user:
      id: id
      email: profile.email
      firstName: profile.firstName
      lastName: profile.lastName
      status: status
    group:
      id: id
      name: profile.name
      members: _embedded.users

  filters:
    users:
      - status eq "ACTIVE"
    groups:
      - type.name eq "OKTA_GROUP"

webhooks:
  enabled: true
  secret: ${OKTA_WEBHOOK_SECRET}
  events:
    - user.lifecycle.create
    - user.lifecycle.update
    - user.lifecycle.deactivate
    - group.user_membership.add
    - group.user_membership.remove

Deploy the Connector

Deploy your connector using the TigerIdentity CLI:

# Create the connector

tiger connector create -f okta-connector.yaml

# Trigger initial sync

tiger connector sync okta-production

Verify Connection

Check the connector status and verify data is syncing correctly:

# Check connector status

tiger connector status okta-production

# View sync history

tiger connector logs okta-production

# Test connection

tiger connector test okta-production

Common Configuration Options

All connectors support these common configuration options:

Option	Type	Description	Default
name	string	Unique identifier for the connector	required
type	string	Connector type (okta, azure-ad, aws, etc.)	required
enabled	boolean	Enable or disable the connector	true
sync.mode	string	Sync mode: webhook or polling	polling
sync.interval	duration	Polling interval (5m, 1h, etc.)	15m
sync.resources	array	Resources to sync (users, groups, etc.)	all
retryPolicy.maxAttempts	number	Maximum retry attempts on failure	3
retryPolicy.backoff	string	Backoff strategy (exponential, linear)	exponential

Troubleshooting

Connection Errors

If your connector fails to connect, check the following:

•Verify credentials: Ensure API tokens and secrets are correct and not expired
•Check network access: Verify firewall rules allow outbound connections
•Validate domain: Ensure the domain/URL is correct and accessible
•Review permissions: Confirm the API token has necessary permissions

Authentication Failures

Common authentication issues and solutions:

•OAuth tokens expired: Refresh tokens using tiger connector refresh
•Invalid credentials: Regenerate API tokens in the source system
•MFA required: Some systems require service accounts with MFA exemption
•IP allowlisting: Add TigerIdentity IPs to your source system's allowlist

Sync Issues

If data is not syncing properly:

•Check filters: Verify filter expressions are not excluding expected data
•Review mapping: Ensure attribute mappings match the source schema
•Validate webhooks: Test webhook delivery using tiger connector test-webhook
•Check rate limits: Verify you're not hitting API rate limits

Need Help?

Our team is here to help you get started with connectors.

Contact Support Browse All Docs