Capabilities Resource Sync Provision Users Service accounts User groups Roles Resource groups
Gather Harness credentials Use a Harness service account API key token with account-scope read access to
the RBAC surface. A personal API key token also works, but C1 recommends a
dedicated service account for connector sync.
In Harness, create or select the service account that C1 will use.
Assign role bindings and resource groups that grant
core_user_view, core_usergroup_view, core_serviceaccount_view,
core_role_view, core_resourcegroup_view, and
core_authsetting_view.
Create an API key and token for that service account.
Copy the token. Harness shows token values only at creation time.
Copy the Harness account identifier from the Harness UI URL.
Copy the Harness API base URL if you do not use Harness SaaS.
Configuration fields Field Required Description base-urlNo Harness NextGen API base URL. Defaults to https://app.harness.io for SaaS. api-keyYes Harness API key token sent as x-api-key on each request. account-idYes Harness account identifier sent as accountIdentifier on API calls.
Synced resource types
Users : Harness account users.Service accounts : Harness service accounts.User groups : user groups and group membership grants.Roles : Harness roles and role assignment grants.Resource groups : Harness resource groups used by role assignments.
Special notes
The connector targets the Harness NextGen platform API.
Harness SaaS uses https://app.harness.io. The connector authenticates with
the Harness NextGen x-api-key header.
Role assignment grants can point to users, service accounts, or user groups.
Disabled role assignments are not emitted as grants.
Follow these instructions to use a built-in, no-code connector hosted by C1.
In C1, navigate to Integrations > Connectors and click Add connector .
Search for Harness and click Add .
Choose how to set up the new Harness connector.
Set the owner for this connector.
Find the Settings area of the page and click Edit .
Paste the Harness settings into the relevant fields:
Base URL : Optional Harness API base URL.API key : Harness API key.Account identifier : Harness account identifier.
The connector’s label changes to Syncing , followed by
Connected . You can view the logs to ensure that information is
syncing.
Done. Your Harness connector is now pulling access data into C1.Follow these instructions to run the Harness connector in your own
environment.
In C1, navigate to Integrations > Connectors and click Add connector .
Search for Baton and click Add .
Choose how to set up the new Harness connector, set the owner, and
click Next .
In the Settings area, click Edit , then click Rotate to
generate a new Client ID and Client Secret. Store these values
securely for your deployment.
Configure C1 credentials and Harness settings as environment variables: BATON_CLIENT_ID =< C1 client I D > BATON_CLIENT_SECRET =< C1 client secre t > BATON_HOST_ID = baton-harness BATON_BASE_URL = https://app.harness.io BATON_API_KEY =< Harness API ke y > BATON_ACCOUNT_ID =< Harness account identifie r >
Deploy the connector using the Public ECR image: public.ecr.aws/conductorone/baton-harness: <version>
Use a version tag without the leading v, such as 0.0.3. Done. Your Harness connector is now pulling access data into C1.
