1. Administering Oracle Identity Cloud Service
  2. Configure Administrator Settings
  3. Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service
  4. Define Attribute Mappings for a Microsoft Active Directory (AD) Bridge

Define Attribute Mappings for a Microsoft Active Directory (AD) Bridge

By default, when you create a Microsoft Active Directory (AD) Bridge, attribute mappings are defined between AD and Oracle Identity Cloud Service. Attribute mappings enable the AD Bridge to pass values associated with user accounts between AD and Oracle Identity Cloud Service.

You can map attributes in two different ways: inbound and outbound. Inbound mappings allow you to map attributes from AD to Oracle Identity Cloud Service. Outbound mappings allow you to map any changes in Oracle Identity Cloud Service attributes to AD attributes.

For example, when you run the AD Bridge, the bridge can use the givenName - First Name mapping to transfer the first name of the user account from the First name field on the General tab of the Properties window of AD to the First Name field on the Details tab of the Users page of Oracle Identity Cloud Service. Similarly, you can perform an outbound mapping so that when you make any change to the first name of the user account in Oracle Identity Cloud Service, this change is reflected in AD. See Run a Microsoft Active Directory (AD) Bridge.

In addition to the predefined attribute mappings, you can define custom attribute mappings between AD and Oracle Identity Cloud Service.

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Directory Integrations.
  2. Click the AD Bridge for which you want to define custom attribute mappings.
  3. Click Configuration.
  4. In the Configure Attribute Mappings area, click Edit Attribute Mappings. In the Edit Attribute Mappings window, two tabs appear:
    • Microsoft Active Directory to Identity cloud: This tab contains inbound attribute mappings from AD to Oracle Identity Cloud Service.
    • Identity cloud to Microsoft Active Directory: This tab contains outbound attribute mappings from Oracle Identity Cloud Service to AD.
  5. If you want to define inbound attribute mappings, then click the Microsoft Active Directory to Identity cloud tab. Otherwise, go to step 9.
    You'll see predefined inbound mappings from AD to Oracle Identity Cloud Service. These mappings include:
    List of predefined attributes Required Description
    sAMAccountName Yes The user's user name.
    givenName No The user's first name.
    sn Yes The user's last name.
    middleName No The user's middle name.
    displayName No The user's display name.
    title No The user's job title.
    preferredlanguage No The user's preferred language (for example, English).
    localeID No The user's language and region (locale).
    mail Yes The user's email address.
    telephonenumber No The user's telephone number.
    homePhone No The user's home telephone number.
    mobile No The user's mobile telephone number.
    postalAddress No The user's postal address.
    streetAddress No The user's street address.
    l No The user's work location.
    st No The state of the user's work address.
    postalCode No The zip code of the user's work address.
    c No The country of the user's work address.
    usercertificate No This multi-valued attribute contains the DER-encoded X509v3 certificates issued to the user.
    userAccountControl Yes Specifies flags that control behavior for the user, such as whether the user has an Active or Inactive status, or whether the user's account is locked.
  6. Click Add Row because you want to define an inbound attribute mapping from AD to Oracle Identity Cloud Service.
  7. In the Directory User Attributes column, select the name of the AD attribute that contains a value which you want to transfer into Oracle Identity Cloud Service. If the attribute id is not available in the drop-down list, you can enter the new attribute name. After you save the changes, this new attribute will appear in the drop-down list.
  8. In the Oracle Identity Cloud Service User Attributes column, enter or select the name of the Oracle Identity Cloud Service attribute that will contain the value transferred from AD.
  9. If you want to define outbound attribute mappings, then click the Identity cloud to Microsoft Active Directory tab. Otherwise, go to step 13.
    You'll see predefined outbound mappings from Oracle Identity Cloud Service to AD. These mappings include:
    List of predefined attributes Required Description
    User Name No The user's user name.
    Display Name No The user's display name.
    Work Email No The user's work-related email address.
    First name No The user's first name.
    Last name No The user's last name.
    Middle name No The user's middle name.
    Title No The user's job title.
    Locale No The user's language and region (locale
    Preferred Language No The user's preferred language (for example, English).
    Work Phone number No The user's work-related telephone number.
    Mobile Phone number No The user's mobile telephone number.
    Work Address Formatted No The user's work-related postal address.
    Work Street Address No The user's street address.
    Work Locality No The user's work location.
    Work Address Region No The state or region of the user's work address.
    Work Address Zip Code No The zip code of the user's work address.
    Work Address Country No The country of the user's work address.
    Home Phone number No The user's home telephone number.
  10. Click Add Row because you want to define an outbound attribute mapping from Oracle Identity Cloud Service to AD.
  11. In the Oracle Identity Cloud Service User Attributes column, enter or select the name of the Oracle Identity Cloud Service attribute that contains a value which you want to transfer into AD.
  12. In the Directory User Attributes column, enter or select the name of the AD attribute that will contain the value transferred from Oracle Identity Cloud Service.
  13. Click Save.