Skip to main content
C1 provides identity governance for Shareworks by Morgan Stanley. Integrate your Shareworks instance with C1 for unified visibility and governance over equity plan participant access.

Capabilities

ResourceSyncProvision
Participants
Companies
Plans

Gather Shareworks credentials

Shareworks API access is provisioned during partner onboarding with Morgan Stanley. You receive a client identifier and an RSA key pair; the connector performs read-only API calls.
1
Complete Shareworks API onboarding to obtain a client ID and register your RSA public key with Shareworks.
2
Keep the matching RSA private key (PEM) available; the connector uses it to sign the verification JWT that is exchanged for an access token.
3
Note whether your access targets the production or QA Shareworks environment, and any key identifier (kid) assigned during onboarding.

Configuration fields

FieldRequiredDescription
environmentNoShareworks environment to target: production or qa. Defaults to production.
api-client-idYesShareworks client identifier issued during onboarding. Used as the JWT issuer claim.
private-keyYesRSA private key (PEM) used to sign the verification JWT.
key-idNoOptional key identifier (kid) assigned during onboarding.

Synced resource types

  • Participants: equity plan participants from GET /rest/admin/v1/participants.
  • Companies: administering companies from GET /rest/admin/v1/companies.
  • Plans: equity and stock plans from GET /rest/admin/v1/plans.
  • Company membership grants: participants are emitted as company member grants, and company administrators receive an additional admin grant.
  • Plan membership grants: enrolled participants are emitted as plan member grants.

Special notes

  • All Shareworks resource types are opt-in.
  • Company and plan memberships are not separate resources; they are grant edges on the company and plan resources.
  • Authentication is a two-step exchange: the connector signs a verification JWT with the client RSA private key and exchanges it for a short-lived access token, which is cached and refreshed before expiry.
  • List endpoints use offset and limit pagination.
  • On rate limit responses, the connector retries with exponential backoff.

Configure the Shareworks connector

Follow these instructions to use a built-in, no-code connector hosted by C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for Shareworks and click Add.
3
Choose how to set up the new Shareworks connector.
4
Set the owner for this connector.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the Shareworks credentials:
  • Environment: production or qa.
  • Client ID: the client identifier from onboarding.
  • Private key (PEM): the RSA private key matching your registered public key.
  • Key ID: the optional key identifier, if assigned.
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
Done. Your Shareworks connector is now pulling access data into C1.