Oracle® Identity Manager Connector Guide for Oracle e-Business Employee Reconciliation Release 9.0.4 Part Number E10163-01 |
|
|
View PDF |
After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:
Note:
These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager additions of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.
Creating a filter involves specifying a value for a target system attribute, which will be used in the query SELECT criteria to retrieve the records to be reconciled. You can specify values for any one or a combination of the following target system attributes:
Last Name
Nationality
If you want to use multiple target system attributes to filter records, then you must also specify the logical operator (AND or OR) that you want to apply to the combination of target system attributes that you select.
For example, suppose you specify the following values for these attributes:
Last Name: Doe
Nationality: US
Operator: OR
Because you are using the OR
operator, during reconciliation, only user records for which any one of these criteria is met are reconciled. If you were to use the AND
operator, then only user records for which all of these criteria are met are reconciled.
While deploying the connector, follow the instructions in the "Specifying Values for the Scheduled Task Attributes" section to specify values for these attributes and the logical operator that you want to apply.
During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.
You can configure batched reconciliation to avoid these problems.
To configure batched reconciliation, you must specify values for the following user reconciliation scheduled task attributes:
BatchSize
: Use this attribute to specify the number of records that must be included in each batch. The default value is 1000.
NumOfBatches
: Use this attribute to specify the total number of batches that must be reconciled. The default value is All
.
If you specify a value other than All
, then some of the newly added or modified user records may not get reconciled during the current reconciliation run. The following example illustrates this:
Suppose you specify the following values while configuring the scheduled tasks:
BatchSize
: 20
NumOfBatches
: 10
Suppose that 314 user records were created or modified after the last reconciliation run. Of these 314 records, only 200 records would be reconciled during the current reconciliation run. The remaining 114 records would be reconciled during the next reconciliation run.
You specify values for the BatchSize
and NumOfBatches
attributes by following the instructions described in the "Specifying Values for the Scheduled Task Attributes" section.
While configuring the connector, the target system can be designated as a trusted source or a target resource. If you designate the target system as a trusted source, then both newly created and modified user accounts are reconciled in Oracle Identity Manager. If you designate the target system as a target resource, then only modified user accounts are reconciled in Oracle Identity Manager.
Note:
You can skip this section if you do not want to designate the target system as a trusted source for reconciliation.Import the XML file for trusted source reconciliation, XellOraEmp.xml
, by using the Deployment Manager. This section describes the procedure to import the XML file.
Note:
Only one target system can be designated as a trusted source. If you import theXellOraEmp.xml
file while you have another trusted source configured, then both connector reconciliations would stop working.Specify values for the attributes of the Reconcile Ora HR EmpTrusted
scheduled task. This procedure is described later in this guide.
To configure trusted source reconciliation:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the XellOraEmp.xml
file, which is in the OIM_home
/xlclient
directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Import.
In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.
When you perform the procedure described in the "Step 3: Copying the Connector Files and External Code Files" section, the scheduled tasks for lookup fields, trusted source user, and nontrusted user reconciliations are automatically created in Oracle Identity Manager. To configure these scheduled tasks:
Expand the Xellerate Administration folder.
Select Task Scheduler.
Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.
For the first scheduled task, enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the ERROR
status to the task.
Ensure that the Disabled and Stop Execution check boxes are not selected.
In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.
In the Interval region, set the following schedule parameters:
To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.
If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.
To set the task to run only once, select the Once option.
Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.
See Also:
Oracle Identity Manager Design Console Guide for information about adding and removing task attributesClick Save. The scheduled task is created. The INACTIVE
status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.
Repeat Steps 5 through 10 to create the second scheduled task.
After you configure all three scheduled tasks, proceed to the "Adding Custom Attributes for Reconciliation" section.
This section provides information about the values to be specified for the following scheduled tasks:
You must specify values for the following attributes of the Reconcile Apps HR Emp Lookup
lookup fields reconciliation scheduled task.
Note:
Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.
Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.
After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.
Depending on whether you want to implement trusted or nontrusted soured reconciliation, you must specify values for the attributes of one of the following employee reconciliation scheduled tasks:
Reconcile Ora HR EmpTrusted
(Scheduled task for trusted source reconciliation)
Reconcile Ora HR Emp Non Trusted
(Scheduled task for nontrusted source reconciliation)
The following table describes the attributes of both scheduled tasks.
Note:
Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.
Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.
Attribute | Description | Default/Sample Value |
---|---|---|
Target System Recon - Resource Object name |
Name of the resource object | Oracle HR Employee |
Server |
IT resource instance that the connector uses to reconcile data | Oracle HR |
IsTrusted |
Specifies whether or not reconciliation must be performed in trusted mode | For trusted source reconciliation, set the value of this attribute to Yes .
For nontrusted source reconciliation, set the value of this attribute to |
XellerateOrganization |
Default name of the Oracle Identity Manager organization
This value is used to create the Xellerate User in trusted source reconciliation mode. Note: This attribute is specific to the scheduled task for trusted source reconciliation |
Xellerate Users |
BatchSize |
Number of records in each batch that is reconciled
You must specify an integer value greater than zero. See Also: The "Batched Reconciliation" section |
The default value is 1000. |
NumOfBatches |
Number of batches to be reconciled
The number of records in each batch is specified by the See Also: The "Batched Reconciliation" section |
Specify All if you want to reconcile all the batches. This is the default value.
Specify an integer value if you want to reconcile only a fixed number of batches |
Last Name | This is a filter attribute. Use this attribute to specify the last name of the user whose records you want to reconcile.
If you do not want to use this filter attribute, then specify See Also: The "Partial Reconciliation" section |
The value can be either the last name or Nodata .
The default value is |
Nationality |
This is a filter attribute. Use this attribute to specify the nationality of the user whose records you want to reconcile.
If you do not want to use this filter attribute, then specify See Also: The "Partial Reconciliation" section |
The value can be either the nationality or Nodata .
The default value is |
Operator |
Specifies the logical operator to be applied to the filter attribute
If you do not want to use this filter attribute, then specify See Also: The "Partial Reconciliation" section |
The value can be one of the following:
The default value is |
After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.
Note:
In this section, the term "attribute" refers to the identity data fields that store user dataBy default, the attributes listed in the "Reconciliation Module" section are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional attributes for reconciliation as follows:
Note:
You need not perform this procedure if you do not want to add custom attributes for reconciliation.See Also:
Oracle Identity Manager Design Console for detailed instructions on performing the following stepsModify the attributemapping_recon.properties
file, which is in the OIM_home
/xellerate/XLIntegrations/OracleEmpRecon/config
directory.
At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to make it a part of the list of reconciliation attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:
OimAttributeName=TargetAttributeTableName,Field_Name
For example:
Users.email=per_all_people_f.email_address
In this example, email
is the reconciliation field and per_all_people_f
is the equivalent table name and email_address
is the column name on the target system. As a standard, the prefix "Users.
" is added at the start of all reconciliation field names.
In the resource object definition, add a reconciliation field corresponding to the new attribute as follows:
Open the Resource Objects form. This form is in the Resource Management folder.
Click Query for Records.
On the Resource Objects Table tab, double-click the Oracle HR Employee
resource object to open it for editing.
On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.
Specify a value for the field name.
You must specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 2.
For example, if you uncomment the Users.email=per_all_people_f.email_address
line in Step 2, then you must specify Users.email
as the attribute name.
From the Field Type list, select a data type for the field.
For example: String
Save the values that you enter, and then close the dialog box.
If required, repeat Steps d through g to map more fields.
Modify the process definition to include the mapping between the newly added attribute and the corresponding reconciliation field as follows:
Open the Process Definition form. This form is in the Process Management folder.
On the Reconciliation Field Mappings tab, click Add Field Map to open the Add Reconciliation Field Mapping dialog box.
Enter the required values, save the values that you enter, and then close the dialog box.
If required, repeat Steps b and c to map more fields.
Note:
Perform this procedure only if you want to configure the connector for multiple installations of Sun Java System Directory.You may want to configure the connector for multiple installations of Sun Java System Directory. The following example illustrates this requirement:
The Tokyo, London, and New York offices of Acme Multinational Inc. have their own installations of Sun Java System Directory. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of Sun Java System Directory.
To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of Sun Java System Directory.
To configure the connector for multiple installations of the target system:
See Also:
Oracle Identity Manager Design Console Guide for detailed instructions on performing each step of this procedureConfigure reconciliation for each target system installation. Refer to the "Configuring Reconciliation" section for instructions. Note that you only need to modify the attributes that are used to specify the IT resource and to specify whether or not the target system installation is to be set up as a trusted source.
If required, modify the fields to be reconciled for the Xellerate User resource object.