You can extend the functionality of the connector to address your specific business requirements.
Note:
From Oracle Identity Manager Release 11.1.2 onward, lookup queries are not supported. See Managing Lookups in Oracle Fusion Middleware Administering Oracle Identity Manager for information about managing lookups by using the Form Designer in the Oracle Identity Manager System Administration console.
The connector provides a default set of attribute mappings for reconciliation between Oracle Identity Manager and the target system. If required, you can add new user or group attributes for reconciliation.
By default, the attributes listed in Table 1-8 are mapped for reconciliation between Oracle Identity Manager and the target system.
Note:
This connector supports configuration of already existing (standard) attributes of Box for reconciliation.
Only single-valued attributes can be mapped for reconciliation.
The following topics discuss the procedure to add new attributes for users:
You can add a new attribute on the process form in the Form Designer section of Oracle Identity Manager Design Console.
You can add the new attribute to the resource object in the Resource Objects section of Oracle Identity Manager Design Console.
You can create reconciliation field mapping for the new attribute in the Process Definition section of Oracle Identity Manager Design Console.
You must create an entry for the newly added attribute in the lookup definition that holds attribute mappings for reconciliation.
To create an entry for the newly added attribute in the lookup definition:
You must replicate all changes made to the Form Designer of the Design Console in a new UI form.
The connector provides a default set of attribute mappings for provisioning between Oracle Identity Manager and the target system. If required, you can add new user or group attributes for provisioning.
By default, the attributes listed in Table 1-11 are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional user attributes for provisioning.
The following topics discuss the procedure to add new user or group attributes for provisioning:
To add a new attribute on the process form, perform the following procedure:
Note:
If you have already added an attribute for reconciliation, then you need not repeat steps performed as part of that procedure.
You must create an entry for the newly added attribute in the lookup definition that holds attribute mappings for provisioning.
To create an entry for the newly added attribute in the lookup definition that holds attribute mappings for provisioning:
Create a task to enable updates on the new user or group attribute during provisioning operations.
You must replicate all changes made to the Form Designer of the Design Console in a new UI form.
You can configure validation of reconciled and provisioned single-valued data according to your requirements.
For example, you can validate data fetched from the User Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the User Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations. For data that fails the validation check, the following message is displayed or recorded in the log file: Validation failed for attribute ATTRIBUTE_NAME.
Note:
This feature cannot be applied to the Locked/Unlocked status attribute of the target system.
To configure validation of data:
You can configure transformation of reconciled single-valued account data according to your requirements.
For example, you can use User Name and Last Name values to create a value for the Full Name field in Oracle Identity Manager.
Note:
This feature cannot be applied to the Locked/Unlocked status attribute of the target system.
To configure transformation of single-valued account data fetched during reconciliation:
You must create copies of the connector to configure it for multiple installations of the target system.
The following example illustrates this requirement:
The London and New York offices of Example Multinational Inc. have their own installations of the target system. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of the target system.
To meet the requirement posed by such a scenario, you must create copies of the connector. See Cloning Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.
You can define a customized or reconfigured connector using the Oracle Identity System Administration. Defining a connector is equivalent to registering the connector with Oracle Identity Manager.
A connector is automatically defined when you install it using the Install Connectors feature or when you upgrade it using the Upgrade Connectors feature. You must manually define a connector if:
You import the connector by using the Deployment Manager.
You customize or reconfigure the connector.
You upgrade Oracle Identity Manager.
The following events take place when you define a connector:
A record representing the connector is created in the Oracle Identity Manager database. If this record already exists, then it is updated.
The status of the newly defined connector is set to Active. In addition, the status of a previously installed release of the same connector automatically is set to Inactive.
See Defining Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about the procedure to define connectors.