# Integratie Gids ## Overzicht Deze gids beschrijft de beschikbare integratiemogelijkheden van het Noveu platform. ## Integratie Methoden ### 1. Single Sign-On (SSO) #### SAML 2.0 **Ondersteunde Identity Providers:** - Azure Active Directory - Okta - Google Workspace - ADFS - Keycloak - Andere SAML 2.0 compliant IdPs **Configuratie:** ```xml ``` **Vereiste Claims:** - `email` (verplicht) - `name` of `displayName` - `groups` (optioneel, voor RBAC) #### OIDC / OAuth 2.0 **Ondersteunde flows:** - Authorization Code + PKCE (aanbevolen) - Implicit (legacy) **Endpoints:** ``` Authorization: https://auth.noveu.eu/{tenant}/authorize Token: https://auth.noveu.eu/{tenant}/token UserInfo: https://auth.noveu.eu/{tenant}/userinfo JWKS: https://auth.noveu.eu/{tenant}/.well-known/jwks ``` **Scopes:** | Scope | Beschrijving | |-------|--------------| | openid | Required voor OIDC | | profile | Naam, avatar | | email | E-mailadres | | groups | Groepslidmaatschappen | | offline_access | Refresh tokens | ### 2. Directory Sync #### LDAP/LDAPS **Gebruik:** Synchronisatie van gebruikers en groepen vanuit Active Directory **Configuratie:** | Parameter | Voorbeeld | |-----------|-----------| | Server | ldaps://dc.example.com:636 | | Base DN | DC=example,DC=com | | Bind User | CN=noveu-sync,OU=Service,DC=example,DC=com | | User Filter | (&(objectClass=user)(mail=*)) | | Group Filter | (objectClass=group) | | Sync Interval | 15 minuten | **Gesynchroniseerde attributen:** - sAMAccountName - mail - displayName - memberOf - telephoneNumber - department #### SCIM 2.0 **Endpoint:** `https://api.noveu.eu/{tenant}/scim/v2` **Ondersteunde resources:** - /Users - /Groups **Operaties:** - POST (create) - GET (read) - PUT (replace) - PATCH (update) - DELETE (remove) ### 3. API Integratie #### REST API **Base URL:** `https://api.noveu.eu/v1` **Authenticatie:** - Bearer token (OAuth 2.0) - API Key + Secret (service accounts) **Rate Limits:** | Tier | Requests/min | Burst | |------|--------------|-------| | Basis | 60 | 100 | | Pro | 300 | 500 | | Enterprise | 1000+ | Custom | **Voorbeeld Request:** ```bash curl -X GET "https://api.noveu.eu/v1/users" \ -H "Authorization: Bearer {access_token}" \ -H "Content-Type: application/json" ``` **Response Format:** ```json { "data": [...], "meta": { "page": 1, "per_page": 50, "total": 150 }, "links": { "next": "https://api.../users?page=2" } } ``` #### Webhooks **Beschikbare Events:** | Event | Beschrijving | |-------|--------------| | user.created | Nieuwe gebruiker | | user.updated | Gebruiker gewijzigd | | user.deleted | Gebruiker verwijderd | | message.received | Mail ontvangen | | file.shared | Bestand gedeeld | | incident.created | Security incident | **Webhook Payload:** ```json { "event": "user.created", "timestamp": "2026-01-15T10:30:00Z", "data": { "id": "user-uuid", "email": "user@example.com", "name": "Example User" }, "signature": "sha256=..." } ``` ### 4. Log Forwarding #### SIEM Integratie **Ondersteunde formaten:** - Syslog (RFC 5424) - JSON over HTTPS - CEF (Common Event Format) **Configuratie (Syslog):** ``` Protocol: TCP/TLS Port: 6514 Format: RFC 5424 Facility: LOCAL0 ``` **Log Types:** | Type | Inhoud | Volume | |------|--------|--------| | Authentication | Login/logout events | Laag | | Authorization | Access decisions | Medium | | Audit | Admin actions | Laag | | Security | Threats, anomalies | Variabel | | Application | User actions | Hoog | ### 5. Email Integratie #### IMAP/SMTP **Instellingen:** | Protocol | Server | Port | Encryptie | |----------|--------|------|-----------| | IMAP | mail.noveu.eu | 993 | TLS | | SMTP | mail.noveu.eu | 587 | STARTTLS | #### CalDAV/CardDAV **Endpoints:** ``` CalDAV: https://dav.noveu.eu/{tenant}/calendar CardDAV: https://dav.noveu.eu/{tenant}/contacts ``` #### EWS Compatibility Voor Outlook clients: ``` Autodiscover: https://autodiscover.noveu.eu/autodiscover/autodiscover.xml EWS: https://ews.noveu.eu/EWS/Exchange.asmx ``` ### 6. File Storage #### WebDAV **Endpoint:** `https://files.noveu.eu/{tenant}/webdav` **Authenticatie:** Basic + MFA of OAuth #### S3-Compatible API **Endpoint:** `https://s3.noveu.eu` **Operaties:** - PutObject - GetObject - DeleteObject - ListBucket - Multipart Upload ## Voorbeelden ### Azure AD SSO Setup 1. **Azure Portal** - Enterprise Applications → New Application - Add custom SAML application - Upload Noveu metadata 2. **Configureer Claims:** ``` user.mail → email user.displayname → name user.groups → groups ``` 3. **Noveu Portal** - Settings → Identity → Add SAML IdP - Upload Azure metadata - Map attributes 4. **Test:** - Initiate login from Noveu - Verify redirect to Azure - Confirm user creation ### ServiceNow Incident Bridge ```javascript // ServiceNow Script Include function createNoveuIncident(data) { var restMessage = new sn_ws.RESTMessageV2(); restMessage.setEndpoint('https://api.noveu.eu/v1/incidents'); restMessage.setHttpMethod('POST'); restMessage.setRequestHeader('Authorization', 'Bearer ' + getToken()); restMessage.setRequestBody(JSON.stringify({ title: data.short_description, severity: mapSeverity(data.priority), source: 'ServiceNow', reference: data.number })); return restMessage.execute(); } ``` ### Power Automate / Logic Apps 1. Custom connector aanmaken met OpenAPI spec 2. OAuth 2.0 connection configureren 3. Actions beschikbaar: - Get users - Create user - Send mail - Create ticket ## SDKs en Libraries | Taal | Package | Status | |------|---------|--------| | Python | noveu-sdk | Beschikbaar | | JavaScript | @noveu/sdk | Beschikbaar | | C# / .NET | Noveu.SDK | In ontwikkeling | | Java | noveu-java | In ontwikkeling | **Python Voorbeeld:** ```python from noveu import Client client = Client( tenant="example", client_id="...", client_secret="..." ) users = client.users.list(limit=100) for user in users: print(user.email) ``` ## Troubleshooting ### Common Issues | Issue | Oorzaak | Oplossing | |-------|---------|-----------| | SAML assertion invalid | Clock skew | NTP synchronisatie | | Token expired | Short lifetime | Refresh token gebruiken | | 403 Forbidden | Insufficient scope | Controleer scopes | | Rate limited | Te veel requests | Exponential backoff | ### Debug Mode Test mode voor integraties: ``` # Header toevoegen X-Noveu-Debug: true # Response bevat extra info: X-Request-Id: uuid X-Debug-Info: {...} ``` ## Support - **Documentatie**: docs.noveu.eu - **API Reference**: api.noveu.eu/docs - **Support**: integration-support@noveu.eu --- *Laatste update: Januari 2026* *API versie: v1*