> ## Documentation Index
> Fetch the complete documentation index at: https://developers.techwolf.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Installation

> Step-by-step guide to configure Cornerstone OnDemand for the TechWolf Data Source Connector.

This page walks through the Cornerstone OnDemand setup required for the TechWolf
Data Source Connector.

## Prerequisites

* An active TechWolf contract.
* A Cornerstone OnDemand tenant with the Reporting API enabled in Edge
  Marketplace and API Management. Production tenants may require Reporting API
  purchase and enablement first.
* Access to Cornerstone Edge and API Management.
* The `Edge APIs - Manage` security permission.
* A service-account user that has, or can be granted, the
  `Reporting API - Read Only` security permission.
* Employees already synchronized into TechWolf through an HRIS connector.

**Important:** Cornerstone completed learning events are linked to TechWolf
Employees by an Employee identifier. By default, TechWolf assumes
`users_core.user_ref` in Cornerstone is the same value as the Employee
`external_id` in the SkillEngine API. Confirm this alignment with TechWolf
before enabling the connector.

## Cornerstone configuration

### 1. Confirm the Cornerstone portal

Find the Cornerstone portal value for your tenant. This is the exact host prefix
before `.csod.com`. If your Cornerstone URL is:

```text theme={null}
https://acme.csod.com
```

the portal value to share with TechWolf is:

```text theme={null}
acme
```

For a pilot or staging tenant, use that environment's host prefix, for example
`acme-pilot` from `https://acme-pilot.csod.com`.

### 2. Enable Reporting API access

In Cornerstone, go to **Admin > Tools > Edge > Marketplace** and enable the
**Reporting API** for the tenant. Then go to **Admin > Tools > Edge > API
Management** and make sure the Reporting API toggle is enabled.

### 3. Register an OAuth 2.0 application

In Cornerstone, go to **Admin > Tools > Edge > API Management > Manage OAuth 2.0
Applications** and register a new application for the TechWolf connector.

Configure the application with:

* A descriptive application name, for example `TechWolf Connector`.
* The **User ID** of the service-account user that has
  `Reporting API - Read Only`.
* An access token validity period that matches your security policy.

After registering the application, securely store the generated **Client ID**
and **Client Secret**. You will share them with TechWolf at the end of this
guide.

### 4. Add the required Data Exporter API scopes

In the application **Endpoint scopes/permissions**, select **Reporting API**,
filter for Data Exporter API endpoints by typing `obj`, and add the following
read scopes:

| Scope                          | Used for                                                        |
| ------------------------------ | --------------------------------------------------------------- |
| `obj_training_local_core:read` | Course titles, descriptions, and language-specific catalog data |
| `obj_training_core:read`       | Course active status and learning object metadata               |
| `obj_culture_core:read`        | Language lookup for catalog entries                             |
| `obj_transcript_core:read`     | Completed learning transcripts                                  |
| `obj_users_core:read`          | Mapping Cornerstone transcript users to Employee identifiers    |

### 5. Grant Reporting API read access

Grant the service-account user linked to the OAuth app the following Cornerstone
permission:

```text theme={null}
Reporting API - Read Only
```

This permission is required in addition to the OAuth scopes. The scopes allow
the token to request the objects; the service-account permission allows
Cornerstone to return the Data Exporter API rows.

### 6. Confirm Employee identifier alignment

Confirm that Cornerstone `users_core.user_ref` contains the same identifier as
the Employee `external_id` loaded into the SkillEngine API by the customer's
HRIS connector.

If Cornerstone uses a different Employee key, align with TechWolf before
continuing. Without this mapping, completed learning events cannot be attached
to the right Employees.

## Share credentials with TechWolf

Once the Cornerstone configuration is complete, securely share the following
values with TechWolf:

| Credential    | Description                                                                       |
| ------------- | --------------------------------------------------------------------------------- |
| Portal        | The Cornerstone portal subdomain, for example `acme` from `https://acme.csod.com` |
| Client ID     | The OAuth app client ID                                                           |
| Client secret | The OAuth app client secret                                                       |

**Important:** The client secret grants access to your Cornerstone Data Exporter
API objects. Share it only through the secure channel agreed with your TechWolf
representative. Never share it over plain email or chat.
