Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with external, identity-aware applications. This guide discusses the connector that enables you to use Siebel Enterprise Applications either as a managed (target) resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager.
Note:
At some places in this guide, Siebel Enterprise Applications has been referred to as the target system.
In the account management (target resource) mode of the connector, information about users created or modified directly on the target system can be reconciled into Oracle Identity Manager. In addition, you can use Oracle Identity Manager to perform provisioning operations on the target system.
In the identity reconciliation (trusted source) configuration of the connector, users are created or modified only on the target system and information about these users is reconciled into Oracle Identity Manager.
Note:
It is recommended that you do not configure the target system as both an authoritative (trusted) source and a managed (target) resource.
This chapter contains the following sections:
Section 1.5, "Lookup Definitions Used During Reconciliation and Provisioning"
Section 1.6, "Connector Objects Used During Target Resource Reconciliation and Provisioning"
Section 1.7, "Connector Objects Used During Trusted Source Reconciliation"
Section 1.8, "Roadmap for Deploying and Using the Connector"
Table 1-1 lists the certified components for this connector.
Table 1-1 Certified Components
Item | Requirement |
---|---|
You can use one of the following releases of Oracle Identity Manager:
|
|
Siebel 7.5 through Siebel CRM 8.1.1 |
|
For Siebel 7.5 through 7.7: SiebelJI.jar, SiebelJI_Common.jar, and SiebelJI_enu.jar For Siebel 7.8 through 8.1.1: Siebel.jar and SiebelJI_enu.jar |
|
JDK |
The JDK version can be one of the following:
|
This release of the connector supports the following languages:
Arabic
Chinese Simplified
Chinese Traditional
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish
See Also:
Oracle Identity Manager Globalization Guide for information about supported special characters
Figure 1-1 shows the architecture of the connector.
Note:
In Oracle Identity Manager release 11.1.1, a scheduled job is an instance of a scheduled task. In this guide, the term scheduled task used in the context of Oracle Identity Manager release 9.1.0.x is the same as the term scheduled job in the context of Oracle Identity Manager release 11.1.1.
See Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for more information about scheduled tasks and scheduled jobs.
The connector can be configured to run in one of the following modes:
Identity reconciliation is also known as authoritative or trusted source reconciliation. In this form of reconciliation, OIM Users are created or updated corresponding to the creation of and updates to users on the target system.
Account management is also known as target resource management. This mode of the connector enables the following operations:
Provisioning involves creating or updating users on the target system through Oracle Identity Manager. When you allocate (or provision) a Siebel resource to an OIM User, the operation results in the creation of an account on Siebel for that user. In the Oracle Identity Manager context, the term provisioning is also used to mean updates made to the target system account through Oracle Identity Manager.
During provisioning, adapters carry provisioning data submitted through the process form to the target system. Siebel APIs accept provisioning data from the adapters, carry out the required operation on Siebel, and return the response from Siebel to the adapters. The adapters return the response to Oracle Identity Manager.
Target resource reconciliation
In target resource reconciliation, data related to newly created and modified target system accounts can be reconciled (using scheduled tasks) and linked with existing OIM Users and provisioned resources.
The following are features of the connector:
Section 1.4.1, "Target Resource and Trusted Source Reconciliation"
Section 1.4.6, "Support for Transformation of Data During Reconciliation"
You can use the connector to configure Siebel as either a target resource or trusted source of Oracle Identity Manager.
See Section 3.4, "Configuring Reconciliation" for more information.
You can set a reconciliation filter as the value of the CustomizedReconQuery IT resource parameter while configuring the IT resource. This filter specifies the subset of added and modified target system records that must be reconciled.
See Section 3.4.2, "Limited Reconciliation" for more information.
You can specify the Siebel user type (Employee, Partner User, or Customer) for which you want to reconcile records from the target system.
See Section 3.4.3, "Reconciliation Based on User Type" for more information.
You can configure the connector for reconciliation of deleted user records. In target resource mode, if a record is deleted on the target system, then the corresponding Siebel resource is revoked from the OIM User. In trusted source mode, if a record is deleted on the target system, then the corresponding OIM User is deleted.
See the description of the isDeleteRecon attribute in Section 3.4.4, "User Reconciliation Scheduled Task."
After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, change-based or incremental reconciliation is automatically enabled from the next run of the user reconciliation onward.
You can perform a full reconciliation run at any time.
See Section 3.4.1, "Performing Full Reconciliation" for more information.
You can configure transformation of data during reconciliation. For example, you can automate the look up of the field name from an external system and set the value based on the field name.
See Section 4.5, "Configuring Transformation of Data During Reconciliation" for more information.
Lookup definitions used during reconciliation and provisioning can be divided into the following categories:
The following lookup definitions are populated with values fetched from the target system when you run the Siebel Lookup Recon scheduled task. Section 3.2, "Scheduled Task for Lookup Field Synchronization" provides information about this scheduled task.
Lookup.Siebel.TimeZone
Lookup.Siebel.PreferredCommunications
Lookup.Siebel.Position
Lookup.Siebel.EmployeeTypeCode
Lookup.Siebel.Responsibility
Lookup.Siebel.PersonalTitle
Lookup.Siebel.UserType
Table 1-2 describes the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.
Table 1-2 Other Lookup Definitions
Lookup Definition | Description of Values | Method to Specify Values for the Lookup Definition |
---|---|---|
Lookup.Configuration.Siebel |
This lookup definition holds connector configuration entries that are used during reconciliation and provisioning. |
Some of the entries in this lookup definition are preconfigured. See Section 2.3.1.6, "Setting Up the Lookup.Configuration.Siebel Lookup Definition" for information about the entries for which you can set values. |
Lookup.Siebel.Constants |
This lookup definition stores values that are used internally by the connector. The connector development team can use this lookup definition to make minor configuration changes in the connector. |
You must not modify the entries in this lookup definition. |
Lookup.Transform.Siebel |
This lookup definition is used to configure transformation of attribute values fetched from the target system during reconciliation. |
It is optional to enter values in this lookup definition. Section 4.5, "Configuring Transformation of Data During Reconciliation" provides information about this lookup definition. |
AttrName.Map.Recon.Siebel |
This lookup definition holds mappings between resource object fields and target system attributes. |
This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for reconciliation. Chapter 4, "Extending the Functionality of the Connector" provides more information. |
AttrName.Map.Prov.Siebel |
This lookup definition holds mappings between process form fields and target system attributes. |
This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for provisioning. Chapter 4, "Extending the Functionality of the Connector" provides more information. |
The following sections provide information about connector objects used during target resource reconciliation and provisioning:
See Also:
The "Reconciliation" section in Oracle Identity Manager Connector Concepts for conceptual information about reconciliation
Section 1.6.1, "User Attributes for Target Resource Reconciliation and Provisioning"
Section 1.6.4, "Reconciliation Rule for Target Resource Reconciliation"
Section 1.6.5, "Reconciliation Action Rules for Target Resource Reconciliation"
Table 1-3 provides information about user attribute mappings for target resource reconciliation and provisioning.
Table 1-3 User Attributes for Target Resource Reconciliation and Provisioning
Resource Object Field (Code Key for AttrName.Map.Recon.Siebel) | Process Form Field (Code Key for AttrName.Map.Prov.Siebel) | Siebel Enterprise Applications Attribute (Decode) | Description |
---|---|---|---|
UserID |
UD_SIEBEL_USERID |
Login Name |
Login ID |
LastName |
UD_SIEBEL_LASTNAME |
Last Name |
Last name |
FirstName |
UD_SIEBEL_FIRSTNAME |
First Name |
First name |
WorkPhone |
UD_SIEBEL_WORKPHONE |
Phone # |
Phone number |
Extension |
UD_SIEBEL_EXTENSION |
Work Phone Extension |
Extension for the phone number |
Fax |
UD_SIEBEL_FAX |
Fax # |
Fax number |
|
UD_SIEBEL_EMAIL |
EMail Addr |
E-mail address |
Alias |
UD_SIEBEL_ALIAS |
Alias |
User alias |
MiddleName |
UD_SIEBEL_MIDDLENAME |
Middle Name |
Middle name |
TimeZone |
UD_SIEBEL_TIMEZONE |
Time Zone Name - Translation |
Time zone |
EmployeeType |
UD_SIEBEL_EMPLOYEETYPE |
Employee Type Code |
Type of employee |
Title |
UD_SIEBEL_TITLE |
Personal Title |
Title of the user |
JobTitle |
UD_SIEBEL_JOBTITLE |
Job Title |
Job title |
PreferredCommunications |
UD_SIEBEL_PREFERREDCOMM |
Preferred Communications |
Mode of communication |
MPosition |
UD_SIEBEL_POSITION |
Position |
Primary position |
HomePhone |
UD_SIEBEL_HOMEPHONE |
Home Phone # |
Home telephone number |
Primary Responsibility |
UD_SIEBEL_RESPONSIBILITY |
Responsibility |
Primary responsibility |
Table 1-4 provides information about position attribute mappings for provisioning.
Table 1-5 provides information about responsibility attribute mappings for provisioning.
Table 1-5 Responsibility Attributes for Provisioning
Resource Object Field (Code Key for AttrName.Map.Recon.Siebel) | Process Form Field (Code Key for AttrName.Map.Prov.Siebel) | Siebel Enterprise Applications Attribute (Decode) | Description |
---|---|---|---|
Responsibility |
UD_SIEBEL_RESPONSIBILITY |
Responsibility |
Responsibility name |
See Also:
Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules
The following is the process matching rule:
Rule name: Siebel Recon Rule
Rule element: User Login Equals User ID
In this rule element:
User Login is the User ID field on the OIM User form.
User ID is the User ID field of Siebel.
After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:
Note:
Perform the following procedure only after the connector is deployed.
Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Search for Siebel Recon Rule. Figure 1-2 shows the reconciliation rule for target resource reconciliation.
Figure 1-2 Reconciliation Rule for Target Resource Reconciliation
Table 1-6 lists the action rules for target resource reconciliation.
Table 1-6 Action Rules for Target Resource Reconciliation
Rule Condition | Action |
---|---|
No Matches Found |
Assign to Administrator With Least Load |
One Entity Match Found |
Establish Link |
One Process Match Found |
Establish Link |
Note:
No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Oracle Identity Manager Design Console Guide for information about modifying or creating reconciliation action rules.
After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:
Log in to the Oracle Identity Manager Design Console.
Expand Resource Management.
Double-click Resource Objects.
Search for and open the Siebel resource object.
Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rules for target resource reconciliation.
Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation
Table 1-7 lists the provisioning functions supported by the connector.
Table 1-7 Provisioning Functions
Function | Adapter |
---|---|
Create User |
Siebel Create User |
Delete User |
Siebel Delete User |
Add Position to User |
Siebel Add Position |
Add User Responsibility |
Siebel Add Responsibility |
Delete User Position |
Siebel Remove Position |
Delete User Responsibility |
Siebel Remove Responsibility |
Primary Position Updated |
Siebel Add Primary Position |
Primary Responsibility Updated |
Siebel Add Primary Responsibility |
Time Zone Updated |
Siebel Modify User |
Email Updated |
Siebel Modify User |
Alias Updated |
Siebel Modify User |
MI Updated |
Siebel Modify User |
Work Phone Updated |
Siebel Modify User |
First Name Updated |
Siebel Modify User |
Last Name Updated |
Siebel Modify User |
Title Updated |
Siebel Modify User |
Home Phone Updated |
Siebel Modify User |
Fax Updated |
Siebel Modify User |
Preferred Communications Updated |
Siebel Modify User |
Extension Updated |
Siebel Modify User |
Employee Type Updated |
Siebel Modify User |
Job Title Updated |
Siebel Modify User |
Add Multivalued attribute |
AddMultiValueAttribute To Siebel User |
Remove Multivalued attribute |
RemoveMultiValueAttribute To Siebel User |
Update Multivalued attribute |
Siebel Update Multivalue attribute |
The following sections provide information about connector objects used during trusted source reconciliation:
Section 1.7.1, "User Attributes for Trusted Source Reconciliation"
Section 1.7.2, "Reconciliation Rule for Trusted Source Reconciliation"
Section 1.7.3, "Reconciliation Action Rules for Trusted Source Reconciliation"
Table 1-8 lists user attributes for trusted source reconciliation.
Table 1-8 User Attributes for Trusted Source Reconciliation
OIM User Form Field | Siebel Attribute | Description |
---|---|---|
User ID |
Login Name |
Login ID |
First Name |
First Name |
First Name |
Last Name |
Last Name |
Last name |
Employee Type |
NA |
The default value is |
User Type |
NA |
The default value is |
Organization |
NA |
The default value is |
|
EMail Addr |
The e-mail address of the employee. |
See Also:
Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules
The following is the process matching rule:
Rule name: Trusted Source recon Rule
Rule element: User Login Equals User ID
In this rule element:
User Login is the User ID field on the OIM User form.
User ID is the User ID field of Siebel.
After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:
Note:
Perform the following procedure only after the connector is deployed.
Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Search for Trusted Source recon Rule. Figure 1-4 shows the reconciliation rule for target resource reconciliation.
Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation
Table 1-9 lists the action rules for trusted source reconciliation.
Table 1-9 Action Rules for Trusted Source Reconciliation
Rule Condition | Action |
---|---|
No Matches Found |
Create User |
One Entity Match Found |
Establish Link |
One Process Match Found |
Establish Link |
Note:
No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Oracle Identity Manager Design Console Guide for information about modifying or creating reconciliation action rules.
After you deploy the connector, you can view action rules by performing the following steps:
Log in to the Oracle Identity Manager Design Console.
Expand Resource Management.
Double-click Resource Objects.
Search for and open the Xellerate User resource object.
Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rule for target resource reconciliation.
Figure 1-5 Reconciliation Action Rules for Target Resource Reconciliation
The following is the organization of information in the rest of this guide:
Chapter 2, "Deploying the Connector" describes procedures that you must perform on Oracle Identity Manager and the target system during each stage of connector deployment.
Chapter 3, "Using the Connector" describes guidelines on using the connector and the procedure to configure reconciliation runs and perform provisioning operations.
Chapter 4, "Extending the Functionality of the Connector" describes procedures that you can perform if you want to extend the functionality of the connector.
Chapter 5, "Testing and Troubleshooting" describes the procedure to use the connector testing utility for testing the connector.
Chapter 6, "Known Issues" lists known issues associated with this release of the connector.