1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. This guide discusses the procedure to deploy the connector that is used to integrate Oracle Identity Manager with SAP CUA.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

• Reconciliation Module

• Provisioning Module

• Supported Functionality

• Multilanguage Support

• Files and Directories on the Installation Media

• Determining the Release Number of the Connector

Note:

In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.

At some places in this guide, SAP CUA has been referred to as the target system.

1.1 Reconciliation Module

Reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. It is an automated process initiated by a scheduled task that you configure.

See Also:

The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about reconciliation configurations

Based on the type of data reconciled from the target system, reconciliation can be divided into the following types:

• Lookup Data Reconciliation

• User Reconciliation

1.1.1 Lookup Data Reconciliation

The following fields of SAP CUA are reconciled:

• Lookup.SAP.CUA.Roles

• Lookup.SAP.CUA.TimeZone

• Lookup.SAP.CUA.LangComm

• Lookup.SAP.CUA.UserTitle

• Lookup.SAP.CUA.DecimalNotation

• Lookup.SAP.CUA.DateFormat

• Lookup.SAP.CUA.UserGroups

• Lookup.SAP.CUA.CommType

• Lookup.SAP.CUA. ChildSystem

• Lookup.SAP.CUA.Profiles

The following lookup fields are not reconciled:

• Lookup.SAP.CUA.UserType

• Lookup.SAP.CUA.LockUser

• Lookup.SAP.CUA.RoleProfileOption

1.1.2 User Reconciliation

This section discusses elements that are specific to user reconciliation between SAP CUA and Oracle Identity Manager.

1.1.2.1 Reconciled SAP CUA Resource Object Fields

The following fields are reconciled:

• Extension

• Telephone

• Time Zone

• Lang Logon

• User Group

• Department

• Lang Comm

• Last Name

• First Name

• User Title

• User ID

• Start Menu

• User Type

• Alias

• Lock User

• Communication Type

• Code

• Building

• Floor

• Room No

• Function

• Decimal Notation

• Date Format

• Email Address

• Fax Number

• User Profile

  • User Profile

  • System Name

• User Role

  • User Role

  • System Name

  • StartDate

  • EndDate

1.1.2.2 Reconciled Xellerate User (OIM User) Fields

If trusted source reconciliation is implemented, then the following fields are reconciled:

• User ID

• FirstName

• LastName

• Organization

• Email

• Employee Type

• User Type

1.2 Provisioning Module

Provisioning involves creating or modifying a user's account on the target system through Oracle Identity Manager. You use the Oracle Identity Manager Administrative and User Console to perform provisioning operations.

See Also:

The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about provisioning

For this target system, the following fields are provisioned:

• User ID

• Password

• Last Name

• User Group

The following fields are mandatory for the Create User provisioning function to work:

Note:

To ensure that provisioning is completed successfully, you must specify either the role or profile in the field provided in the process form and then specify whether it is a role or profile. This is to activate the user on the SAP CUA master system.

• User Role or Profile

• Role or Profile Option

1.3 Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user in SAP CUA
Delete User	Provisioning	Deletes a user from SAP CUA
Lock User	Provisioning	Locks a user in SAP CUA
Unlock User	Provisioning	Unlocks a user in SAP CUA
Reset User Password	Provisioning	Resets a user password in SAP CUA
Edit User	Provisioning	Modifies information about a user in SAP CUA
Add User to Activity Group (Role)	Provisioning	Adds a user to an activity group in SAP CUA
Remove User from Activity Group (Role)	Provisioning	Removes a user from an activity group in SAP CUA
Assign Profile to User	Provisioning	Adds a profile to a user in SAP CUA
Remove Profile from User	Provisioning	Removes a profile from a user in SAP CUA
Create User	Reconciliation	Creates a user in Oracle Identity Manager
Delete User	Reconciliation	Deletes a user from Oracle Identity Manager
Lock User	Reconciliation	Locks a user in Oracle Identity Manager
Unlock User	Reconciliation	Unlocks a user in Oracle Identity Manager
Edit User	Reconciliation	Modifies information about a user in Oracle Identity Manager
Add User to Activity Group (Role)	Reconciliation	Assigns an activity group to a user in Oracle Identity Manager
Remove User from Activity Group (Role)	Reconciliation	Removes an activity group from a user in Oracle Identity Manager
Add Profile to User	Reconciliation	Assigns a profile to a user in Oracle Identity Manager
Remove Profile from User	Reconciliation	Removes a profile from a user in Oracle Identity Manager

See Also:

Appendix A for information about attribute mappings between Oracle Identity Manager and SAP CUA

1.4 Multilanguage Support

This release of the connector supports the following languages:

• Arabic

• Chinese Simplified

• Chinese Traditional

• English

• French

• German

• Italian

• Japanese

• Korean

• Portuguese (Brazilian)

• Spanish

See Also:

Oracle Identity Manager Globalization Guide for information about supported special characters

1.5 Files and Directories on the Installation Media

The files and directories on the installation media are listed and described in Table 1-1.

Table 1-1 Files and Directories on the Installation Media

File in the Installation Media Directory	Description
configuration/SAPCUA-CI.xml	This XML file contains configuration information that is used during connector installation.
BAPI/xlsapcuacar.sar	This file is extracted and the components are deployed on the SAP CUA server for the connector to work with SAP CUA.
lib/xliSAPCUA.jar	This JAR file contains the class files that are required for provisioning. During connector deployment, this file is copied into the following directory: OIM_HOME/xellerate/JavaTasks
lib/xliSAPCUARecon.jar	This JAR file contains the class files that are required for reconciliation. During connector deployment, this file is copied into the following directory: OIM_HOME/xellerate/ScheduleTask
Files in the resources directory	Each of these resource bundle files contains language-specific information that is used by the connector. During connector deployment, this file is copied into the following directory: OIM_HOME/xellerate/connectorResources Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the Administrative and User Console. These text strings include GUI element labels and messages.
test/Troubleshoot/TroubleShootingUtility.class	This utility is used to test connector functionality.
test/Troubleshoot/global.properties	This file is used to specify the parameters and settings required to connect to the target system by using the testing utility.
test/Troubleshoot/log.properties	This file is used to specify the log level and the directory in which the log file is to be created when you run the testing utility.
xml/SAPCUAResourceObject.xml	This XML file contains definitions for the following components of the connector: IT resource type Custom process form Process task and adapters (along with their mappings) Resource object Provisioning process Pre-populate rules Reconciliation process Lookup definitions
xml/SAPCUAXLResourceObject.xml	This XML file contains the configuration for the Xellerate User (OIM User). You must import this file only if you plan to use the connector in trusted source reconciliation mode.

Note:

The files in the test directory are used only to run tests on the connector.

1.6 Determining the Release Number of the Connector

You might have a deployment of an earlier release of the connector. While deploying the latest release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:

1. In a temporary directory, extract the contents of the following JAR file:

   OIM_HOME/xellerate/JavaTasks/xliSAPCUA.jar
   

2. Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliSAPCUA.jar file.

   In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.