12 Developing Reconciliation Scheduled Tasks

Oracle Identity Manager provides connectors for reconciliation of users/accounts from various target systems, such as Microsoft Active Directory, Sun Java System Directory, Oracle Internet Directory, and Oracle E-Business Suite. For information about these connectors, see Oracle Identity Manager Connectors Documentation in the Oracle Technology Network (OTN) Web site at the following URL:

http://www.oracle.com/technology/documentation/index.html

However, to create a custom connector, you must develop a new scheduled task that performs the following:

  1. Retrieve user/account information from the target system.

  2. Use reconciliation APIs to create reconciliation events to submit event data.

  3. Create events for creating, modifying, or deleting an entity.

See Also:

Chapter 5, "Developing Scheduled Tasks" for information about developing a scheduled task

12.1 Prerequisites for Developing Reconciliation Scheduled Tasks

To connect to a specific target system, you must:

  • Create a new IT resource type

  • Define a new IT resource

  • Use the IT resource as an input parameter for the scheduled task

See Also:

Oracle Fusion Middleware Java API Reference for Oracle Identity Manager for information about the APIs to lookup IT resource definition

12.2 Customizing Reconciliation Operations

In Oracle Identity Manager, a provisioning process and a process instance is associated with activities related to users or accounts. This provides a hook or point to add customizations upon various actions.

Changes to the user state or the account state can occur via direct APIs or reconciliation. The changes can be of many types, such as:

See Also:

"Reconciliation APIs" for information about the reconciliation APIs
  • Data change in the user or account profile

  • Status change, such as enable or disable

  • Changes to user based on attestation processes

  • Organization change

  • Attribute propagation

  • Password propagation

For each of these changes, the process definition provides a facility to add hooks to be run upon any of these changes. For reconciliation, the process definition provides the hooks in the form of the following conditional tasks:

  • Reconciliation Insert Received: This conditional task is inserted when an account is created via reconciliation.

  • Reconciliation Update Received: This conditional task is inserted when an existing account linked to a user is updated via reconciliation. Data in the process form or status of the account are updated.

  • Reconciliation Delete Received: This conditional task is inserted when an existing account is revoked via reconciliation.

These tasks provide starting points for the workflows. You can create custom workflows in the provisioning process, and create a dependency between the reconciliation trigger tasks and the workflows. This causes the workflows to be run upon the respective triggers.

Every reconciliation event that is successfully linked to a user or an account inserts a single trigger from the conditional tasks. All the data in the user profile and the account profile is available as context-sensitive data for any adapter that is attached to one of these dependant tasks.

See Also:

Part IV, "Requests and Approval Processes" and Part I, "Concepts" for details about creating conditional tasks, adapters, and dependencies