You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.
This chapter contains the following topics:
Note:
These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.Scheduled jobs for lookup field synchronization fetch the most recent values from specific fields in the target system to lookup definitions in Oracle Identity Manager. These lookup definitions are used as an input source for lookup fields in Oracle Identity Manager.
The Box Group Lookup Reconciliation scheduled job is used to reconcile group lookup data from the target system in the target resource (account management) mode of the connector. The values that are fetched by this scheduled job are populated in the Lookup.Box.Groups lookup definition.
Table 3-1 describes attributes of the Box Group Lookup Reconciliation scheduled job. The procedure to configure scheduled jobs is described later in this guide.
Table 3-1 Attributes of the Box Group Lookup Reconciliation Scheduled Job
Attribute | Description |
---|---|
Code Key Attribute |
Name of the connector attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: |
Decode Attribute |
Name of the connector attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: |
IT Resource Name |
Name of the IT resource for the target system installation from which you want reconcile user records. Default value: |
Lookup Name |
Enter the name of the lookup definition in Oracle Identity Manager that must be populated with values fetched from the target system. Default value: If you create a copy of the Lookup.Box.Groups definition, then enter the name of that new lookup definition as the value of the Lookup Name attribute. |
Object Type |
This attribute is used to perform reconciliation of specified object type. As per the Scheduled job select the applicable object type. Default value: |
You can configure the connector to specify the type of reconciliation and its schedule.
This section provides details on the following topics related to configuring reconciliation:
Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Manager.
After you deploy the connector, you must first perform full reconciliation. To perform a full reconciliation run, ensure that no value is specified for the Filter attribute of the scheduled job for reconciling users.
Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.
By default, all target system records are reconciled during the current reconciliation run. You can customize this process by specifying the subset of target system records that must be reconciled. You do this by creating filters for the reconciliation module.
The scheduled job provides a Filter Suffix parameter that allows you to use any of the Box resource attributes to filter the target system records. You can perform limited reconciliation by creating filters for the reconciliation module. For detailed information about the various filter syntax that are supported, refer the Box documentation.
For the Filter Suffix attribute on the scheduled job, following are sample values that can be provided:
?filter_term=sand
In the above sample, sand is specified after the ?filter_term= syntax in the filter suffix attribute. This returns all users starting with the term sand in either the name or the login values.
Similarly, any value specified after the ?filter_term= syntax returns users whose name or login begins with the string value specified in the filter syntax field.
/181216415
In the above sample, 181216415 is specified after the / syntax in the filter suffix attribute. This returns all users records whose UID matches 181216415.
Similarly, any value specified after the / syntax returns users whose UID attributes which is equal to the string specified in the filter syntax field.
When you run the Connector Installer, reconciliation scheduled jobs are automatically created in Oracle Identity Manager. You must configure these scheduled jobs to suit your requirements by specifying values for its attributes.
This section discusses the following scheduled jobs that you can configure for reconciliation:
You use the Box User Reconciliation scheduled job to reconcile user account data from the target system.
Table 3-2 describes the attributes of this scheduled job.
Table 3-2 Attributes of the Box User Reconciliation Scheduled Task
Attribute | Description |
---|---|
Filter Suffix |
Enter the search filter for fetching user records from the target system during a reconciliation run. See Limited Reconciliation for Box Connector. |
Latest Token |
This attribute holds the value of the attribute that is specified as the value of the Incremental Recon Attribute. The Latest Token attribute is used for internal purposes. By default, this value is empty. Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: |
Incremental Recon Attribute |
Attribute that holds the date on which the token record was modified. |
Object Type |
This attribute holds the name of the object type for the reconciliation run. Default value: Do not change the default value. |
IT Resource Name |
Enter the name of the IT resource for the target system installation from which you want to reconcile user records. Default value: |
Resource Object Name |
This attribute holds the name of the resource object used for reconciliation. Default value: Do not change the default value. |
Access token configured as part of IT resource will expire in 60 minutes and refresh token will expire in 60 days. Box Update Access Token Job is used to keep the value of the access token (in the IT resource) always valid. Every 50 minutes, this job is scheduled to run periodically.
Note:
If for some reason this scheduler is not run for more than 60 days, then the refresh token value in IT resource would have expired due to which if you run the Box Update Access Token Job after 60 days, it will fail. In such cases, a new access token and refresh token has to be generated manually.Table 3-3 describes the attributes of this scheduled job.
Table 3-3 Attributes of the Box Update Access Token Job Schedule Job
Attribute | Description |
---|---|
Access Token Endpoint |
This attribute holds the Box REST endpoint to get the new access token. Default value: |
IT Resource Name |
Enter the name of the IT resource for the target system installation from which you want to reconcile user records. Default value: |
Task Name |
This attribute holds the name of the scheduled task. Default value: You must not change the default value. |
Configure scheduled jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Manager.
You can apply this procedure to configure the scheduled jobs for lookup field synchronization and reconciliation.
To configure a scheduled job:
These guidelines provide information on what to do when performing provisioning operations.
The following is a guideline that you must apply while performing a provisioning operation:
For a Create User provisioning operation, you must specify a value for the Name and Login fields in the form.
For example:
Name : John Doe
Login : johndoe@example.com
You create a new user in Oracle Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.
To perform provisioning operations in Oracle Identity Manager:
Uninstalling the connector deletes all the account related data associated with resource objects of the connector.
If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.