Skip to main content
Liaison

SSN Configuration

  1. Last updated
  2. Save as PDF

Planning

If your CAS allows applicants to record their SSN information as a part of their application submission, then retrieving the SSN information to load into TargetX requires a data integration setup.

Prerequisites

If you want to retrieve encrypted SSNs through the WebAdMIT API, you must first install a version of PGP (Pretty Good Privacy) software. This software creates a public and private key:

  • The public key is used by Liaison to encrypt the SSN for you.
  • The private key is retained by key contact(s) at your institution and is used to decrypt the SSN.

You should never share the private key with anyone outside of your institution. You may use any PGP encryption software. This software must be installed on at least one computer that you'll routinely use to decrypt the SSN. If your institution collects official GRE or TOEFL scores from ETS, you may already have PGP software, as this is the same method ETS uses to transmit scores to institutions.

Generate a PGP Private and Public Key Pair

Once you have installed the PGP software, you must generate a private and public key (i.e., "key pair").

When generating your key pair, use RSA with 2048 or 3072 bits. Additionally, include your email address in the configuration.

If you need assistance with using PGP software or creating a private and public key pairing, contact the PGP software vendor's customer support or your institution's IT support.

Export the Public Key to a File

After you create a public key, export that key into a text file with a .txt file extension.

Email the Public Key to the Client Support Specialist Team

Once you have the public key as a .txt file, email it to the Client Support Specialist team at webadmitsupport@liaisonedu.com and identify the CAS and cycle it can be used for.

Saving the Private Key

As a best practice, you should back up your PGP private key, as without it you cannot open any encrypted files. If your private key is lost, you must generate a new public and private key pairing and resend the new public key to Liaison for setup.

Save the private key file on your Informatica server at CAS\dropbox location.

WebAdMIT User Identities

To access the WebAdMIT API, you need an Institution Manager in WebAdMIT that can access data for all departments and programs at the university. You should have an Institution Manager account in the prelaunch and production environments. Once that is in place, complete the following steps in both environments:

  1. Log in to WebAdMIT with the Institution Manager account.
  2. Click Account on the top right to view Account Details.
  3. Click Edit My Account on the top right.
  4. Verify that your account has the correct organization assignments and program assignments.
  5. In the API Key section, click Generate New Key to generate a unique API key for your account.
  6. Click Show Key to view your API Key.
  7. Make note of the API Key, which is required for the script and retrieving your User identity ID.

Retrieving Your User Identity ID

Make the following API call to retrieve your User Identity ID.

Use CURL or POSTMAN to make the below API calls:

PRODUCTION

$ curl -n https://api.webadmit.org/api/v1/user_identities \

  -H "x-api-key: <ENTER YOUR API KEY>"

PRELAUNCH

$ curl -n https://prelaunch.webadmit.org/api/v1/user_identities \
-H "x-api-key: <ENTER YOUR API KEY>"

Make sure to use the correct API Keys for PRELAUNCH and PRODUCTION.

A successful API call should generate a status code of “200” with the following example response body:           

{
"href": "/api/v1/user_identities",
"user_identities": [
{
"id": 42,
"type": "Admissions User",
"association": "SOPHAS",
"institution": "Demo University",
"organization": "Demo University School of Public Health",
"cycle": "2014 - 2015"
}
]
}

Make note of the number after "id":. Corresponding to the cycle for which you want to extract SSN, this is the Identity ID and is needed for prelaunch and production. This “id” will be used in the swagger file required for setting up this integration.

If the API call is unsuccessful, then it will return a status code of 401. This means the user is not authorized to gain access to the API. Verify the user’s permissions in WebAdMIT and ensure the user has the correct organization and program assignments.

Download Required Jars

The decryption process is handled by Informatica using Informatica’s Java transformation. To support the decryption process, certain JAR files are required to be placed on the Informatica server.

  1. Download the JarsRequiredforSSN.zip file and place it on your Informatica server.
  2. Extract the zip file which should have 3 Jar files:
  • bcpg-jdk15on-1.62.jar
  • bcprov-jdk15on-1.62.jar
  • commons-io-2.11.0.jar
  1. Place the Jar files in the following location on your Informatica server:

C:\Program Files\Informatica Cloud Secure Agent

Setting JVMClassPath in Informatica

  1. Login to your Informatica instance.
  2. Navigate to Administrator > Runtime Environments:

TargetX Integration Runtime environment screen

  1. Edit your Runtime environment.
  2. The Edit page should bring you to the following page:

TargetX Integration Agent Name edit screen

  1. Change the Service dropdown to Data Integration and the Type to DTM, as shown below: 

TargetX Integration System Config details screen

  1. Click the pencil icon next to the JVMClassPath to edit its value.

TargetX Integration_JVM Class Path.png

  1. Replace the existing value with the following:
'pmserversdk.jar;C:\Program Files\Informatica Cloud Secure Agent\bcpg-jdk15on-1.62.jar;C:\Program Files\Informatica Cloud Secure Agent\bcprov-jdk15on-1.62.jar;C:\Program Files\Informatica Cloud Secure Agent\commons-io-2.11.0.jar;'
  1. Once changed, click the Save icon on the top right of the screen.
  2. Close out of the edit window. This restarts the Data Integration service for your runtime environment.
  3. Verify the service starts up successfully.

Execution

Initial Setup

  1. Create a few test applications in the Prelaunch environment that would have SSNs.
  2. Download the SSNinformaticaSwagger.json file.
  3. Make two copies of the SSNinformaticaSwagger.json file and place them on your Informatica server in the CAS\dropbox location.
  4. Rename them to PrelaunchSSNinformaticaSwagger.json and ProdSSNinformaticaSwagger.json.
  5. Edit both the JSON files.
  6. For the line “/user_identities/[user_identity_id]/social_security_numbers”, replace the value with the user identity id generated for Prelaunch and Production in the step Retrieving Your User Identity ID.
  7. Save both JSON files.

Setting Up the Rest V2 Connector in Informatica

  1. Login to your Informatica instance.
  2. Navigate to Administrator > Connections.
  3. Click New Connection in the top right corner.
  4. Give your connection a name to identify it to be a prelaunch connection.
    1. Type: REST V2 (Informatica).
    2. Runtime Environment: use the dropdown to select your runtime environment.
    3. Authentication: select “API Key” from the dropdown.
    4. Key: set this to “x-api-key”.
    5. Value: set this to be your API key for Prelaunch which was identified in the section WebAdMIT User Identities.
    6. Add API Key to: set this to “Request Header”.
    7. Swagger File Path: set this to be the path to your prelaunch swagger file. Like: “C:\Informatica\CAS\dropbox\ PrelaunchSSNinformaticaSwagger.json”
  5. Leave the rest of the values as is and click Test Connection in the top right corner.
  6. A successful connection results in this message: The test for this connection was successful.
  7. Repeat steps 2-6 to create a production connection with the difference being the Value field and the Swagger File Path, both of which should be production-based.
  8. Save both connections.

Informatica Mapping Import

  1. Download the SSN_Import_Informatica_Mappings.zip file.
  2. Login to your Informatica instance.
  3. Click Explore > Your Project folder.
  4. Click Import in the top right corner.
  5. Choose the SSN_Import_Informatica_Mappings.zip file in the next step.
  6. On the import screen select the following values for in and out parameters:

TargetX Informatica Mapping import screen

  1. In the Review Locations section, select your folder in the Target Project 1 dropdown.
  2. In Review Connections set Target Connection 1 as your Rest V2 connector for Prelaunch setup in the step Rest V2 connector setup in Informatica.
  3. Set Target Connection 2 as your Sandbox Salesforce Connector.
  4. In the Review Runtime Environments section, select your Target Runtime Environment.
  5. Click Test in the top right corner to make sure the import parameters are correct.
  6. If it shows successful, click Import in the top right corner.

Setting Up Informatica Mappings and Sandbox Testing

  1. If the imported mappings do not show in your desired folder, you will need to move them there.
  2. You should see the following 3 mappings:

TargetX Informatica Mapping SSN data

  1. Click the SSN Data Mapping, which opens the mapping.
  2. Click APISource.
  3. In the Properties section, click Source.
  4. For Connection, select your REST V2 connection for prelaunch.
  5. For Operation, click  Select,  and choose the GetSSN2 object.
  6. Click Save in the top right corner.
  7. Under Request Options configure the Request Message
{
"x-api-key" : "InsertValueForPreLaunchAPIkey"
}
  1. Click Save.
  2. Click Field Mapping within the source.
  3. Under Response Structure, map all the descendants of the Element Name GETSSN2_OUTPUT.
  4. The result should look like below:

TargetX Informatica Mapping SSN data result

  1. Click Save.
  2. Next, click fields and change the precision value of the field Response_200 to 50000:

TargetX Informatica mapping SSN data Response

  1. Click Save.
  2. Click Java transformation.
  3. Click Java under Properties.
  4. Select your runtime environment in the top right corner.
  5. In the Java code, under Helper code, change the following:
    1. filePath: this should be the path to your key file, similar to “C:\\Informatica\\CAS\\dropbox\\privateKeyFile.txt”. Note: Double slashes are required for the file path.
    2. passphraseText: If your private key has a passphrase then that value should be captured here. If it does not then you can leave it blank:TargetX Informatica Mapping passphrase text.png
  6. After making this change you must compile the Java code by clicking on Compile in the top right corner of the Properties screen.
  7. If there are no errors based on the changes you made, the compilation results were successful.
  8. Click Save.
  9. Run a Preview on the Java Transformation. The result should look like below: 

TargetX Informatica Mapping Prevw Java Trnsf

  1. This shows that the decryption process was successful.
  2. Click the Lookup Transformation.
  3. Under Properties > Lookup Object, change the connection to reflect your Sandbox Salesforce connector.
  4. Click Save.
  5. Click Target.
  6. Under Properties > Target, change the connection to reflect your Sandbox Salesforce Connector.
  7. Click Save.
  8. Close the mapping.
  9. Edit the SSN Data Mapping Task.
  10. Verify your Target value points to your Sandbox Salesforce connection.
  11. Verify your Input Parameters are validated.
  12. Click Save.
  13. Run the SSN Data Mapping Task.

Note: applicants must exist in the sandbox environment before running this task.

  1. Login to your Sandbox Salesforce environment and check the applicants for which you expected to see SSN.

Moving to Production

  1. Copy over the following tasks from your Sandbox testing folder in Informatica to your production folder:

TargetX Informatica Copy Tasks example

  1. Click the SSN Data Mapping to open the mapping.
  2. Click APISource.
  3. In the Properties section, click Source.
  4. For Connection, select your REST V2 connection for Production.
  5. For Operation, click Select and choose the GetSSN2 object.
  6. Click  Save in the top right corner.
  7. Under Request Options, configure the Request Message:
{
"x-api-key" : "InsertValueForProductionAPIkey"
}
  1. Click Save.
  2. Click Field Mapping within the source.
  3. Under Response Structure, map all the descendants of the Element Name GETSSN2_OUTPUT.
  4. The result should look like below:

TargetX Informatica Response Structure result.png

  1. Click Save.
  2. Click the fields and change the precision value of the field Response_200 to 50000:

TargetX Informatica Response_200 update example.png

  1. Click Save.
  2. Click Lookup Transformation.
  3. Under Properties > Lookup Object, change the connection to the connection for your Production Salesforce connector.
  4. Click Save.
  5. Click Target.
  6. Under Properties > Target, change the connection to the connection for your Production Salesforce Connector.
  7. Click Save.
  8. Close the mapping.
  9. Edit the SSN Data Mapping Task.
  10. Verify your Target value points to your Production Salesforce connection.
  11. Verify the Input Parameters are validated.
  12. Click Save.
  13. You can now include this mapping task in your Linear flow that runs the other tasks to load Contact/Application/Enrollment History etc. The SSN task should be the last task to run in such a linear flow.
  14. Continue post-launch monitoring.

Cycle Over Cycle Changes

  1. Cycle over Cycle the User Identity ID retrieved in the step Retrieving Your User Identity ID does change.
  2. You must repeat the steps documented under Retrieving Your User Identity ID to get the User Identity ID corresponding to your new cycle.
  3. Edit the ProdSSNinformaticaSwagger.json file found in your CAS\dropbox folder on the Informatica Server.
  4. For the line /user_identities/[user_identity_id]/social_security_numbers, replace the value with the user identity id for your new cycle.
  5. Save the ProdSSNinformaticaSwagger.json file.

Overlapping Cycles

If you have two cycles running at the same time, then please perform the below steps to manage accessing SSN for both cycles:

Create a copy of the Swagger file

  1. On your Informatica server in the “C:\Informatica\CAS\dropbox\” you will find the file ProdSSNinformaticaSwagger.json. Create a copy of that file.
  2. Rename the copy to be ProdSSNinformaticaSwagger_NewCycleYear.json.
  3. Edit the ProdSSNinformaticaSwagger_NewCycleYear.json file using Notepad or Notepad++.
  4. For the line /user_identities/[user_identity_id]/social_security_numbers, replace the value with the user identity id for your new cycle.
  5. Save the ProdSSNinformaticaSwagger_NewCycleYear.json file.

Set up a new Rest V2 Connector in Informatica

  1. Log in to your Informatica instance.
  2. Navigate to Administrator > Connections.
  3. Click New Connection in the top right corner.
  4. Give your connection a name to identify it to be the new cycle connection:
    1. Type: REST V2 (Informatica)
    2. Runtime Environment: use the dropdown to select your runtime environment
    3. Authentication: select “API Key” from the dropdown
    4. Key: set this to “x-api-key
    5. Value: set this to be your API key for production which was identified in the section WebAdMIT User Identities
    6. Add API Key to: set this to “Request Header”
    7. Swagger File Path: set this to be the path to your new swagger file. Like: “C:\Informatica\CAS\dropbox\ ProdSSNinformaticaSwagger_NewCycleYear.json
  5. Leave the rest of the values and click Test Connection in the top right corner.
  6. A successful connection results in this message: The test for this connection was successful.
  7. Save the connection.

Create a Copy of existing Informatica Mappings

  1. Create a copy of your existing SSN Data Mapping and SSN Data Mapping Task.
  2. Rename the SSN Data Mapping - Copy to be SSN Data Mapping -NewCycleYear.
  3. Rename the SSN Data Mapping Task – Copy to be SSN Data Mapping Task-NewCycleYear.
  4. Click the SSN Data Mapping-NewCycleYear, which opens the mapping.
  5. Click APISource.
  6. In the Properties section, click Source.
  7. For Connection, select your REST V2 connection, previously set up in the section Setting Up a new Rest V2 Connector in Informatica.
  8. Leave the Operation as GETSSN2.
  9. Expand the Request Options menu and click Configure next to Request Message.
  10. Replace the user api key with the updated key for this cycle. It will look like this:

"x-api-key" : "InsertValueForProductionAPIkey

  1. Click Ok.
  2. Click Save.
  3. Click Field Mapping within the source.
  4. Under Response Structure, map all the descendants of the Element Name GETSSN2_OUTPUT.NOTE: This may already be mapped
  5. The result should look like below:

TargetX Integration_SSNConfig_ResponseStructure.png

  1. Click Save.
  2. Next, click fields and change the precision value of the field Response_200 to 50000. Note: This may already be updated.:

TargetX Integration_SSNConfig_Response200.png

  1. Click Save.
  2. Run a Preview of the Java Transformation. The result should look like the following: 

WA_TX_Integration_SSNConfig3.png

  1. This confirms that the decryption process was successful.
  2. You can now include this mapping task in your linear flow, which runs the other tasks to load Contact/Application/Enrollment History, etc., for the new cycle. The SSN task should be the last to run in such a linear flow.

 

Frequently Asked Questions

Question

Answer

What is the trigger for the SSN to be included in the export?

Only applications that have been submitted will have an SSN delivered in the encrypted export. The following statuses make an application eligible for SSN encyrption:

  • Received
  • Complete
  • Verified
  • Redirected
Does the SSN keep getting sent so that the file is cumulative? Yes – the SSN encrypted file is cumulative and will always include all applicants’ SSNs for the given organization and CAS/cycle.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
    Media
    Image
    Content Reuse
    Reused Content
    Stage
    Work in Progress
  2. Tags
    This page has no tags.