3 Configuring the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

• Configuring Reconciliation

• Configuring the Connector for Multiple Installations of the Target System

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

• Partial Reconciliation

• Batched Reconciliation

• Configuring Trusted Source Reconciliation

• Configuring the Reconciliation Scheduled Tasks

3.1.1 Partial Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

For this connector, you create a filter by specifying values for the CustomizedReconQuery IT resource parameter while configuring the IT resource. The procedure is described in earlier in this guide.

The following table lists the SAP Employee Reconciliation attributes, and the corresponding Oracle Identity Manager attributes, that you can use to build the query condition. You specify this query condition as the value of the CustomizedReconQuery parameter.

Oracle Identity Manager Attribute	SAP Employee Reconciliation Attribute
User ID	userid
First Name	firstname
Last Name	lastname
City	city
State	state
Country	country
District	district
Postalcode	postalcode
Department	department
EmployeeID	employeeID
SSN	ssn
StartDate	startdate
EndDate	enddate

The following are sample query conditions:

• firstname=John&lastname=Doe

  With this query condition, records of users whose first name is John and last name is Doe are reconciled.

• firstname=John&lastname=Doe|district=AcmeCounty

  With this query condition, records of users who meet either of the following conditions are reconciled:

  • The user's first name is John or last name is Doe.

  • The user belongs to the AcmeCounty district.

If you do not specify values for the CustomizedReconQuery parameter, then all the records in the target system are compared with existing Oracle Identity Manager records during reconciliation.

The following are guidelines to be followed while specifying a value for the CustomizedReconQuery parameter:

• For the SAP Employee Reconciliation attributes, you must use the same case (uppercase or lowercase) as given in the table shown earlier in this section. This is because the attribute names are case-sensitive.

• You must not include unnecessary blank spaces between operators and values in the query condition.

  A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators. For example, the output of the following query conditions would be different:

  firstname=John&lastname=Doe

  firstname= John&lastname= Doe

  In the second query condition, the reconciliation engine would look for first name and last name values that contain a space at the start.

• You must not include special characters other than the equal sign (=), ampersand (&), and vertical bar (|) in the query condition.

  Note:

  An exception is thrown if you include special characters other than the equal sign (=), ampersand (&), and vertical bar (|).

You specify a value for the CustomizedReconQuery parameter while configuring the IT resource. The procedure is described later in this guide.

3.1.2 Batched Reconciliation

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can configure batched reconciliation to avoid such problems.

To configure batched reconciliation, you must specify values for the following user reconciliation scheduled task attributes:

• StartRecord: Use this attribute to specify the record number from which batched reconciliation must begin.

• BatchSize: Use this attribute to specify the number of records that must be included in each batch.

• NumberOfBatches: Use this attribute to specify the total number of batches that must be reconciled. If you do not want to use batched reconciliation, specify All Available as the value of this attribute.

  Note:

  If you specify All Available as the value of this attribute, then the values of the StartRecord and BatchSize attributes are ignored.

You specify values for these attributes by following the instructions described in the "Specifying Values for the Scheduled Task Attributes" section.

After you configure batched reconciliation, if reconciliation fails during a batched reconciliation run, then refer to the log file for information about the batch at which reconciliation has failed.

3.1.3 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or target resource. If you designate the target system as a trusted source, then during a reconciliation run:

• For each newly created user on the target system, an OIM User is created.

• Updates made to each user on the target system are propagated to the corresponding OIM User.

If you designate the target system as a target resource, then during a reconciliation run:

• For each account created on the target system, a resource is assigned to the corresponding OIM User.

• Updates made to each account on the target system are propagated to the corresponding resource.

Note:

Skip this section if you do not want to designate the target system as a trusted source for reconciliation.

Configuring trusted source reconciliation involves the following steps:

1. Import the XML file for trusted source reconciliation, SAPHRXLResourceObject.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

2. Set the IsTrustedRecon scheduled task attribute to True. You specify a value for this attribute while configuring the user reconciliation scheduled task, which is described later in this guide.

To import the XML file for trusted source reconciliation:

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

4. Locate and open the SAPHRXLResourceObject.xml file, which is in the OIM_home/xellerate/XLIntegrations/saphrms/xml directory. Details of this XML file are shown on the File Preview page.

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click Import.

8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must set the value of the IsTrustedRecon reconciliation scheduled task attribute to True. This procedure is described in the "Configuring the Reconciliation Scheduled Tasks" section.

3.1.4 Configuring the Reconciliation Scheduled Tasks

When you deploy the connector, the scheduled tasks for lookup fields and user reconciliations are automatically created in Oracle Identity Manager. To configure the scheduled task:

1. Open the Oracle Identity Manager Design Console.

2. Expand the Xellerate Administration folder.

3. Select Task Scheduler.

4. Click Find. The details of the predefined scheduled task are displayed.

5. Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the ERROR status to the task.

6. Ensure that the Disabled and Stop Execution check boxes are not selected.

7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

8. In the Interval region, set the following schedule parameters:

   • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

     If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

   • To set the task to run only once, select the Once option.

9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

   See Also:

   Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

After you create both scheduled tasks, proceed to the "Configuring the Connector for Multiple Installations of the Target System" section

3.1.4.1 Specifying Values for the Scheduled Task Attributes

You must specify values for the following attributes of the HR Reconciliation user reconciliation scheduled task.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Default/Sample Value
Organization	Default organization assigned to a new user	Xellerate Users
Role	Default type assigned to a new user	Consultant
Xellerate Type	Default type assigned to a new user	End-user administrator
ITResource	Name of the IT resource for setting up a connection with the target system	SAP HRMS
ResourceObject	Name of the resource object into which users need to be reconciled	SAP HRMS Resource Object
SAPUserResourceObject	The SAP resource object used to provision Oracle Identity Manager users to the SAP system This is required to get a SAP user ID. See Also: Appendix B, "Linking of User Accounts in SAP Employee Reconciliation and SAP User Management"	SAP R3 Resource Object
SAPResourceObjectUserId	Name of the user attribute field for linking an SAP User Management user with an SAP Employee Reconciliation user By using this parameter, you can use the SAP Employee Reconciliation connector to reconcile users created in SAP User Management. Set the value of the parameter to UD_SAPR3_USERID. This is the name of the field that uniquely identifies users created in SAP User Management.	UD_SAPR3_USERID
InfoType	Defines the type of employee data that SAP BAPI forwards to Oracle Identity Manager The value is a comma-separated list of infotypes.	0000,0001
EmpStatus	This value is used and returned by the SAP BAPI as the Active status of the Employee. This depends on the InfoTypeStatus field. If InfoTypeStatus=0001, then EmpStatus=1. If InfoTypeStatus=0000, then EmpStatus=3.	3
InfoTypeStatus	Infotype currently used by SAP BAPI to store the status of employees	0000
StartRecord	The start record for the batching process This attribute is also discussed in the "Batched Reconciliation" section.	1
BatchSize	The number of records that must be there in a batch This attribute is also discussed in the "Batched Reconciliation" section.	3
NumberOfBatches	The number of batches that must be reconciled This attribute is also discussed in the "Batched Reconciliation" section.	Default value: All Available (for reconciling all the users) Sample value: 50
IsTrustedRecon	Specifies whether reconciliation is to be performed in trusted source or target resource (nontrusted source) mode	Specify True if you want to enable trusted source reconciliation. Specify False if you want to enable trusted source (nontrusted source) reconciliation.

After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

Stopping Reconciliation

Suppose the User Reconciliation Scheduled Task for the connector is running and user records are being reconciled. If you want to stop the reconciliation process:

1. Perform Steps 1 through 4 of the procedure to configure reconciliation scheduled tasks.

2. Select the Stop Execution check box in the task scheduler.

3. Click Save.

3.2 Configuring the Connector for Multiple Installations of the Target System

Note:

Perform this procedure only if you want to configure the connector for multiple installations of SAP Employee Reconciliation.

You may want to configure the connector for multiple installations of SAP Employee Reconciliation. The following example illustrates this requirement:

The Tokyo, London, and New York offices of Acme Multinational Inc. have their own installations of SAP Employee Reconciliation. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of SAP Employee Reconciliation.

To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of SAP Employee Reconciliation.

To configure the connector for multiple installations of the target system:

See Also:

Oracle Identity Manager Design Console Guide for detailed instructions on performing each step of this procedure

1. Create and configure one resource object for each target system installation.

   The Resource Objects form is in the Resource Management folder. The SAP HRMS Resource Object resource object is created when you import the connector XML file. You can use this resource object as the template for creating the remaining resource objects.

2. Create and configure one IT resource for each resource object.

   The IT Resources form is in the Resource Management folder. The SAP HRMS IT resource is created when you import the connector XML file. You can use this IT resource as the template for creating the remaining IT resources, of the same resource type.

3. Design one process form for each resource object.

   The Form Designer form is in the Development Tools folder. The UD_SAPHR process form is created when you import the connector XML file. You can use this process form as a template for creating the remaining process forms.

4. Create and configure one process definition for each resource object.

   The Process Definition form is in the Process Management folder. The SAP HR Process process definition is created when you import the connector XML file. You can use this process definition as the template for creating the remaining process definitions.

   While creating process definitions for each target system installation, the following steps that you must perform are specific to the creation of each process definition:

   • From the Object Name lookup field, select the resource object that you create in Step 1.

   • From the Table Name lookup field, select the process form that you create in Step 3.

   • While mapping the adapter variables for the IT Resource data type, ensure that you select the IT resource that you create in Step 2 from the Qualifier list.

5. Configure reconciliation for each target system installation. Refer to the "Configuring Reconciliation" section for instructions. Note that only the values of the following attributes are to be changed for each reconciliation scheduled task:

   • ITResource

   • ResourceObject

6. If required, modify the fields to be reconciled for the Xellerate User resource object.

When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the SAP Employee Reconciliation installation to which you want to provision the user.