3 Using the Box Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

This chapter contains the following topics:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

• Scheduled Job for Lookup Field Synchronization for Box Connector

• Configuring Reconciliation for Box Connector

• Configuring Scheduled Jobs

• Guidelines on Performing Provisioning Operations

• Performing Provisioning Operations

• Uninstalling the Box Connector

3.1 Scheduled Job for Lookup Field Synchronization for Box Connector

Scheduled jobs for lookup field synchronization fetch the most recent values from specific fields in the target system to lookup definitions in Oracle Identity Manager. These lookup definitions are used as an input source for lookup fields in Oracle Identity Manager.

The Box Group Lookup Reconciliation scheduled job is used to reconcile group lookup data from the target system in the target resource (account management) mode of the connector. The values that are fetched by this scheduled job are populated in the Lookup.Box.Groups lookup definition.

Table 3-1 describes attributes of the Box Group Lookup Reconciliation scheduled job. The procedure to configure scheduled jobs is described later in this guide.

Table 3-1 Attributes of the Box Group Lookup Reconciliation Scheduled Job

Attribute	Description
Code Key Attribute	Name of the connector attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). Default value:UID
Decode Attribute	Name of the connector attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default value:NAME
IT Resource Name	Name of the IT resource for the target system installation from which you want reconcile user records. Default value: Box
Lookup Name	Enter the name of the lookup definition in Oracle Identity Manager that must be populated with values fetched from the target system. Default value: Lookup.Box.Groups If you create a copy of the Lookup.Box.Groups definition, then enter the name of that new lookup definition as the value of the Lookup Name attribute.
Object Type	This attribute is used to perform reconciliation of specified object type. As per the Scheduled job select the applicable object type. Default value: __GROUP__

3.2 Configuring Reconciliation for Box Connector

You can configure the connector to specify the type of reconciliation and its schedule.

This section provides details on the following topics related to configuring reconciliation:

• Full Reconciliation for Box Connector

• Limited Reconciliation for Box Connector

• Reconciliation Scheduled Jobs for Box Connector

3.2.1 Full Reconciliation for Box Connector

Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Manager.

After you deploy the connector, you must first perform full reconciliation. To perform a full reconciliation run, ensure that no value is specified for the Filter attribute of the scheduled job for reconciling users.

3.2.2 Limited Reconciliation for Box Connector

Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.

By default, all target system records are reconciled during the current reconciliation run. You can customize this process by specifying the subset of target system records that must be reconciled. You do this by creating filters for the reconciliation module.

The scheduled job provides a Filter Suffix parameter that allows you to use any of the Box resource attributes to filter the target system records. You can perform limited reconciliation by creating filters for the reconciliation module. For detailed information about the various filter syntax that are supported, refer the Box documentation.

For the Filter Suffix attribute on the scheduled job, following are sample values that can be provided:

• ?filter_term=sand

  In the above sample, sand is specified after the ?filter_term= syntax in the filter suffix attribute. This returns all users starting with the term sand in either the name or the login values.

  Similarly, any value specified after the ?filter_term= syntax returns users whose name or login begins with the string value specified in the filter syntax field.

• /181216415

  In the above sample, 181216415 is specified after the / syntax in the filter suffix attribute. This returns all users records whose UID matches 181216415.

  Similarly, any value specified after the / syntax returns users whose UID attributes which is equal to the string specified in the filter syntax field.

3.2.3 Reconciliation Scheduled Jobs for Box Connector

When you run the Connector Installer, reconciliation scheduled jobs are automatically created in Oracle Identity Manager. You must configure these scheduled jobs to suit your requirements by specifying values for its attributes.

This section discusses the following scheduled jobs that you can configure for reconciliation:

• Box User Reconciliation

• Box Update Access Token Job

3.2.3.1 Box User Reconciliation

You use the Box User Reconciliation scheduled job to reconcile user account data from the target system.

Table 3-2 describes the attributes of this scheduled job.

Table 3-2 Attributes of the Box User Reconciliation Scheduled Task

Attribute	Description
Filter Suffix	Enter the search filter for fetching user records from the target system during a reconciliation run. See Limited Reconciliation for Box Connector.
Latest Token	This attribute holds the value of the attribute that is specified as the value of the Incremental Recon Attribute. The Latest Token attribute is used for internal purposes. By default, this value is empty. Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: 1354753427000
Incremental Recon Attribute	Attribute that holds the date on which the token record was modified.
Object Type	This attribute holds the name of the object type for the reconciliation run. Default value: User Do not change the default value.
IT Resource Name	Enter the name of the IT resource for the target system installation from which you want to reconcile user records. Default value: Box
Resource Object Name	This attribute holds the name of the resource object used for reconciliation. Default value: Box User Do not change the default value.

3.2.3.2 Box Update Access Token Job

Access token configured as part of IT resource will expire in 60 minutes and refresh token will expire in 60 days. Box Update Access Token Job is used to keep the value of the access token (in the IT resource) always valid. Every 50 minutes, this job is scheduled to run periodically.

Note:

If for some reason this scheduler is not run for more than 60 days, then the refresh token value in IT resource would have expired due to which if you run the Box Update Access Token Job after 60 days, it will fail. In such cases, a new access token and refresh token has to be generated manually.

Table 3-3 describes the attributes of this scheduled job.

Table 3-3 Attributes of the Box Update Access Token Job Schedule Job

Attribute	Description
Access Token Endpoint	This attribute holds the Box REST endpoint to get the new access token. Default value: https://app.box.com/api/oauth2/token
IT Resource Name	Enter the name of the IT resource for the target system installation from which you want to reconcile user records. Default value: Box
Task Name	This attribute holds the name of the scheduled task. Default value: Box Update Access Token You must not change the default value.

3.3 Configuring Scheduled Jobs

Configure scheduled jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Manager.

You can apply this procedure to configure the scheduled jobs for lookup field synchronization and reconciliation.

To configure a scheduled job:

1. Log in to Oracle Identity System Administration.
2. In the left pane, under System Management, click Scheduler.
3. Search for and open the scheduled job as follows:
   1. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
   2. In the search results table on the left pane, click the scheduled job in the Job Name column.
4. On the Job Details tab, you can modify the parameters of the scheduled task:
   • Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
   • Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.

     Note:

     See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about schedule types.

   In addition to modifying the job details, you can enable or disable a job.

5. On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

   Note:

   • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.

   • See Reconciliation Scheduled Jobs for Box Connector for the list of scheduled tasks and their attributes.

6. Click Apply to save the changes.

   Note:

   The Stop Execution option is available in the Administrative and User Console. You can use the Scheduler Status page to either start, stop, or reinitialize the scheduler.

3.4 Guidelines on Performing Provisioning Operations

These guidelines provide information on what to do when performing provisioning operations.

The following is a guideline that you must apply while performing a provisioning operation:

For a Create User provisioning operation, you must specify a value for the Name and Login fields in the form.

For example:

Name : John Doe

Login : johndoe@example.com

3.5 Performing Provisioning Operations

You create a new user in Oracle Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Manager:

1. Log in to Oracle Identity Administrative and User console.
2. Create a user as follows:

   1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.

   2. From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.

   3. Enter details of the user in the Create User page.

3. On the Account tab, click Request Accounts.
4. In the Catalog page, search for and add to cart the application instance created in Step 3, and then click Checkout.
5. Specify value for fields in the application form and then click Ready to Submit.
6. Click Submit.
7. If you want to provision entitlements, then:
   1. On the Entitlements tab, click Request Entitlements.
   2. In the Catalog page, search for and add to cart the entitlement, and then click Checkout.
   3. Click Submit.

3.6 Uninstalling the Box Connector

Uninstalling the connector deletes all the account related data associated with resource objects of the connector.

If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.