1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with external, identity-aware applications. This guide discusses the connector that enables you to use Siebel Enterprise Applications either as a managed (target) resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager.

Note:

At some places in this guide, Siebel Enterprise Applications has been referred to as the target system.

In the account management (target resource) mode of the connector, information about users created or modified directly on the target system can be reconciled into Oracle Identity Manager. In addition, you can use Oracle Identity Manager to perform provisioning operations on the target system.

In the identity reconciliation (trusted source) configuration of the connector, users are created or modified only on the target system and information about these users is reconciled into Oracle Identity Manager.

Note:

It is recommended that you do not configure the target system as both an authoritative (trusted) source and a managed (target) resource.

This chapter contains the following sections:

• Section 1.1, "Certified Components"

• Section 1.2, "Certified Languages"

• Section 1.3, "Connector Architecture"

• Section 1.4, "Features of the Connector"

• Section 1.5, "Lookup Definitions Used During Reconciliation and Provisioning"

• Section 1.6, "Connector Objects Used During Target Resource Reconciliation and Provisioning"

• Section 1.7, "Connector Objects Used During Trusted Source Reconciliation"

• Section 1.8, "Roadmap for Deploying and Using the Connector"

1.1 Certified Components

Table 1-1 lists the certified components for this connector.

Table 1-1 Certified Components

Item	Requirement
Oracle Identity Manager	You can use one of the following releases of Oracle Identity Manager: Oracle Identity Manager release 9.1.0.2 or later Note: In this guide, Oracle Identity Manager release 9.1.0.x has been used to denote Oracle Identity Manager release 9.1.0.2 and future releases in the 9.1.0.x series that the connector will support. Oracle Identity Manager 11g release 1 (11.1.1) Note: In this guide, Oracle Identity Manager release 11.1.1 has been used to denote Oracle Identity Manager 11g release 1 (11.1.1).
Target systems	Siebel 7.5 through Siebel CRM 8.1.1
External code	For Siebel 7.5 through 7.7: SiebelJI.jar, SiebelJI_Common.jar, and SiebelJI_enu.jar For Siebel 7.8 through 8.1.1: Siebel.jar and SiebelJI_enu.jar
JDK	The JDK version can be one of the following: For Oracle Identity Manager release 9.1.0.x, use JDK 1.5 or later in the 1.5 series. For Oracle Identity Manager release 11.1.1, use JDK 1.6 update 18 or later, or JRockit JDK 1.6 update 17 or later.

1.2 Certified Languages

This release of the connector supports the following languages:

• Arabic

• Chinese Simplified

• Chinese Traditional

• Danish

• English

• French

• German

• Italian

• Japanese

• Korean

• Portuguese (Brazilian)

• Spanish

See Also:

Oracle Identity Manager Globalization Guide for information about supported special characters

1.3 Connector Architecture

Figure 1-1 shows the architecture of the connector.

Note:

In Oracle Identity Manager release 11.1.1, a scheduled job is an instance of a scheduled task. In this guide, the term scheduled task used in the context of Oracle Identity Manager release 9.1.0.x is the same as the term scheduled job in the context of Oracle Identity Manager release 11.1.1.

See Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for more information about scheduled tasks and scheduled jobs.

Figure 1-1 Connector Architecture

Description of "Figure 1-1 Connector Architecture"

The connector can be configured to run in one of the following modes:

• Identity reconciliation

  Identity reconciliation is also known as authoritative or trusted source reconciliation. In this form of reconciliation, OIM Users are created or updated corresponding to the creation of and updates to users on the target system.

• Account Management

  Account management is also known as target resource management. This mode of the connector enables the following operations:

  • Provisioning

    Provisioning involves creating or updating users on the target system through Oracle Identity Manager. When you allocate (or provision) a Siebel resource to an OIM User, the operation results in the creation of an account on Siebel for that user. In the Oracle Identity Manager context, the term provisioning is also used to mean updates made to the target system account through Oracle Identity Manager.

    During provisioning, adapters carry provisioning data submitted through the process form to the target system. Siebel APIs accept provisioning data from the adapters, carry out the required operation on Siebel, and return the response from Siebel to the adapters. The adapters return the response to Oracle Identity Manager.

  • Target resource reconciliation

    In target resource reconciliation, data related to newly created and modified target system accounts can be reconciled (using scheduled tasks) and linked with existing OIM Users and provisioned resources.

1.4 Features of the Connector

The following are features of the connector:

• Section 1.4.1, "Target Resource and Trusted Source Reconciliation"

• Section 1.4.2, "Limited Reconciliation"

• Section 1.4.3, "Reconciliation Based on User Type"

• Section 1.4.4, "Reconciliation of Deleted User Records"

• Section 1.4.5, "Full and Incremental Reconciliation"

• Section 1.4.6, "Support for Transformation of Data During Reconciliation"

1.4.1 Target Resource and Trusted Source Reconciliation

You can use the connector to configure Siebel as either a target resource or trusted source of Oracle Identity Manager.

See Section 3.4, "Configuring Reconciliation" for more information.

1.4.2 Limited Reconciliation

You can set a reconciliation filter as the value of the CustomizedReconQuery IT resource parameter while configuring the IT resource. This filter specifies the subset of added and modified target system records that must be reconciled.

See Section 3.4.2, "Limited Reconciliation" for more information.

1.4.3 Reconciliation Based on User Type

You can specify the Siebel user type (Employee, Partner User, or Customer) for which you want to reconcile records from the target system.

See Section 3.4.3, "Reconciliation Based on User Type" for more information.

1.4.4 Reconciliation of Deleted User Records

You can configure the connector for reconciliation of deleted user records. In target resource mode, if a record is deleted on the target system, then the corresponding Siebel resource is revoked from the OIM User. In trusted source mode, if a record is deleted on the target system, then the corresponding OIM User is deleted.

See the description of the isDeleteRecon attribute in Section 3.4.4, "User Reconciliation Scheduled Task."

1.4.5 Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, change-based or incremental reconciliation is automatically enabled from the next run of the user reconciliation onward.

You can perform a full reconciliation run at any time.

See Section 3.4.1, "Performing Full Reconciliation" for more information.

1.4.6 Support for Transformation of Data During Reconciliation

You can configure transformation of data during reconciliation. For example, you can automate the look up of the field name from an external system and set the value based on the field name.

See Section 4.5, "Configuring Transformation of Data During Reconciliation" for more information.

1.5 Lookup Definitions Used During Reconciliation and Provisioning

Lookup definitions used during reconciliation and provisioning can be divided into the following categories:

• Section 1.5.1, "Lookup Definitions Synchronized with the Target System"

• Section 1.5.2, "Other Lookup Definitions"

1.5.1 Lookup Definitions Synchronized with the Target System

The following lookup definitions are populated with values fetched from the target system when you run the Siebel Lookup Recon scheduled task. Section 3.2, "Scheduled Task for Lookup Field Synchronization" provides information about this scheduled task.

• Lookup.Siebel.TimeZone

• Lookup.Siebel.PreferredCommunications

• Lookup.Siebel.Position

• Lookup.Siebel.EmployeeTypeCode

• Lookup.Siebel.Responsibility

• Lookup.Siebel.PersonalTitle

• Lookup.Siebel.UserType

1.5.2 Other Lookup Definitions

Table 1-2 describes the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

Table 1-2 Other Lookup Definitions

Lookup Definition	Description of Values	Method to Specify Values for the Lookup Definition
Lookup.Configuration.Siebel	This lookup definition holds connector configuration entries that are used during reconciliation and provisioning.	Some of the entries in this lookup definition are preconfigured. See Section 2.3.1.6, "Setting Up the Lookup.Configuration.Siebel Lookup Definition" for information about the entries for which you can set values.
Lookup.Siebel.Constants	This lookup definition stores values that are used internally by the connector. The connector development team can use this lookup definition to make minor configuration changes in the connector.	You must not modify the entries in this lookup definition.
Lookup.Transform.Siebel	This lookup definition is used to configure transformation of attribute values fetched from the target system during reconciliation.	It is optional to enter values in this lookup definition. Section 4.5, "Configuring Transformation of Data During Reconciliation" provides information about this lookup definition.
AttrName.Map.Recon.Siebel	This lookup definition holds mappings between resource object fields and target system attributes.	This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for reconciliation. Chapter 4, "Extending the Functionality of the Connector" provides more information.
AttrName.Map.Prov.Siebel	This lookup definition holds mappings between process form fields and target system attributes.	This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for provisioning. Chapter 4, "Extending the Functionality of the Connector" provides more information.

1.6 Connector Objects Used During Target Resource Reconciliation and Provisioning

The following sections provide information about connector objects used during target resource reconciliation and provisioning:

See Also:

The "Reconciliation" section in Oracle Identity Manager Connector Concepts for conceptual information about reconciliation

• Section 1.6.1, "User Attributes for Target Resource Reconciliation and Provisioning"

• Section 1.6.2, "Position Attributes for Provisioning"

• Section 1.6.3, "Responsibility Attributes for Provisioning"

• Section 1.6.4, "Reconciliation Rule for Target Resource Reconciliation"

• Section 1.6.5, "Reconciliation Action Rules for Target Resource Reconciliation"

• Section 1.6.6, "Provisioning Functions"

1.6.1 User Attributes for Target Resource Reconciliation and Provisioning

Table 1-3 provides information about user attribute mappings for target resource reconciliation and provisioning.

Table 1-3 User Attributes for Target Resource Reconciliation and Provisioning

Resource Object Field (Code Key for AttrName.Map.Recon.Siebel)	Process Form Field (Code Key for AttrName.Map.Prov.Siebel)	Siebel Enterprise Applications Attribute (Decode)	Description
UserID	UD_SIEBEL_USERID	Login Name	Login ID
LastName	UD_SIEBEL_LASTNAME	Last Name	Last name
FirstName	UD_SIEBEL_FIRSTNAME	First Name	First name
WorkPhone	UD_SIEBEL_WORKPHONE	Phone #	Phone number
Extension	UD_SIEBEL_EXTENSION	Work Phone Extension	Extension for the phone number
Fax	UD_SIEBEL_FAX	Fax #	Fax number
Email	UD_SIEBEL_EMAIL	EMail Addr	E-mail address
Alias	UD_SIEBEL_ALIAS	Alias	User alias
MiddleName	UD_SIEBEL_MIDDLENAME	Middle Name	Middle name
TimeZone	UD_SIEBEL_TIMEZONE	Time Zone Name - Translation	Time zone
EmployeeType	UD_SIEBEL_EMPLOYEETYPE	Employee Type Code	Type of employee
Title	UD_SIEBEL_TITLE	Personal Title	Title of the user
JobTitle	UD_SIEBEL_JOBTITLE	Job Title	Job title
PreferredCommunications	UD_SIEBEL_PREFERREDCOMM	Preferred Communications	Mode of communication
MPosition	UD_SIEBEL_POSITION	Position	Primary position
HomePhone	UD_SIEBEL_HOMEPHONE	Home Phone #	Home telephone number
Primary Responsibility	UD_SIEBEL_RESPONSIBILITY	Responsibility	Primary responsibility

1.6.2 Position Attributes for Provisioning

Table 1-4 provides information about position attribute mappings for provisioning.

Table 1-4 Position Attributes for Provisioning

Resource Object Field (Code Key for AttrName.Map.Recon.Siebel)	Process Form Field (Code Key for AttrName.Map.Prov.Siebel)	Siebel Enterprise Applications Attribute (Decode)	Description
Position Id	UD_SIEBEL_POSITION	Position	Position ID

1.6.3 Responsibility Attributes for Provisioning

Table 1-5 provides information about responsibility attribute mappings for provisioning.

Table 1-5 Responsibility Attributes for Provisioning

Resource Object Field (Code Key for AttrName.Map.Recon.Siebel)	Process Form Field (Code Key for AttrName.Map.Prov.Siebel)	Siebel Enterprise Applications Attribute (Decode)	Description
Responsibility	UD_SIEBEL_RESPONSIBILITY	Responsibility	Responsibility name

1.6.4 Reconciliation Rule for Target Resource Reconciliation

See Also:

Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules

The following is the process matching rule:

Rule name: Siebel Recon Rule

Rule element: User Login Equals User ID

In this rule element:

• User Login is the User ID field on the OIM User form.

• User ID is the User ID field of Siebel.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

1. Log in to the Oracle Identity Manager Design Console.

2. Expand Development Tools.

3. Double-click Reconciliation Rules.

4. Search for Siebel Recon Rule. Figure 1-2 shows the reconciliation rule for target resource reconciliation.

   Figure 1-2 Reconciliation Rule for Target Resource Reconciliation

   
   Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation"
   
   

1.6.5 Reconciliation Action Rules for Target Resource Reconciliation

Table 1-6 lists the action rules for target resource reconciliation.

Table 1-6 Action Rules for Target Resource Reconciliation

Rule Condition	Action
No Matches Found	Assign to Administrator With Least Load
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Oracle Identity Manager Design Console Guide for information about modifying or creating reconciliation action rules.

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

1. Log in to the Oracle Identity Manager Design Console.

2. Expand Resource Management.

3. Double-click Resource Objects.

4. Search for and open the Siebel resource object.

5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rules for target resource reconciliation.

   Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation

   
   Description of "Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation"
   
   

1.6.6 Provisioning Functions

Table 1-7 lists the provisioning functions supported by the connector.

Table 1-7 Provisioning Functions

Function	Adapter
Create User	Siebel Create User
Delete User	Siebel Delete User
Add Position to User	Siebel Add Position
Add User Responsibility	Siebel Add Responsibility
Delete User Position	Siebel Remove Position
Delete User Responsibility	Siebel Remove Responsibility
Primary Position Updated	Siebel Add Primary Position
Primary Responsibility Updated	Siebel Add Primary Responsibility
Time Zone Updated	Siebel Modify User
Email Updated	Siebel Modify User
Alias Updated	Siebel Modify User
MI Updated	Siebel Modify User
Work Phone Updated	Siebel Modify User
First Name Updated	Siebel Modify User
Last Name Updated	Siebel Modify User
Title Updated	Siebel Modify User
Home Phone Updated	Siebel Modify User
Fax Updated	Siebel Modify User
Preferred Communications Updated	Siebel Modify User
Extension Updated	Siebel Modify User
Employee Type Updated	Siebel Modify User
Job Title Updated	Siebel Modify User
Add Multivalued attribute	AddMultiValueAttribute To Siebel User
Remove Multivalued attribute	RemoveMultiValueAttribute To Siebel User
Update Multivalued attribute	Siebel Update Multivalue attribute

1.7 Connector Objects Used During Trusted Source Reconciliation

The following sections provide information about connector objects used during trusted source reconciliation:

• Section 1.7.1, "User Attributes for Trusted Source Reconciliation"

• Section 1.7.2, "Reconciliation Rule for Trusted Source Reconciliation"

• Section 1.7.3, "Reconciliation Action Rules for Trusted Source Reconciliation"

1.7.1 User Attributes for Trusted Source Reconciliation

Table 1-8 lists user attributes for trusted source reconciliation.

Table 1-8 User Attributes for Trusted Source Reconciliation

OIM User Form Field	Siebel Attribute	Description
User ID	Login Name	Login ID
First Name	First Name	First Name
Last Name	Last Name	Last name
Employee Type	NA	The default value is Employee.
User Type	NA	The default value is End-User Administrator.
Organization	NA	The default value is Xellerate Users.
Email	EMail Addr	The e-mail address of the employee.

1.7.2 Reconciliation Rule for Trusted Source Reconciliation

See Also:

Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules

The following is the process matching rule:

Rule name: Trusted Source recon Rule

Rule element: User Login Equals User ID

In this rule element:

• User Login is the User ID field on the OIM User form.

• User ID is the User ID field of Siebel.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

1. Log in to the Oracle Identity Manager Design Console.

2. Expand Development Tools.

3. Double-click Reconciliation Rules.

4. Search for Trusted Source recon Rule. Figure 1-4 shows the reconciliation rule for target resource reconciliation.

   Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation

   
   Description of "Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation"
   
   

1.7.3 Reconciliation Action Rules for Trusted Source Reconciliation

Table 1-9 lists the action rules for trusted source reconciliation.

Table 1-9 Action Rules for Trusted Source Reconciliation

Rule Condition	Action
No Matches Found	Create User
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Oracle Identity Manager Design Console Guide for information about modifying or creating reconciliation action rules.

After you deploy the connector, you can view action rules by performing the following steps:

1. Log in to the Oracle Identity Manager Design Console.

2. Expand Resource Management.

3. Double-click Resource Objects.

4. Search for and open the Xellerate User resource object.

5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rule for target resource reconciliation.

   Figure 1-5 Reconciliation Action Rules for Target Resource Reconciliation

   
   Description of "Figure 1-5 Reconciliation Action Rules for Target Resource Reconciliation"
   
   

1.8 Roadmap for Deploying and Using the Connector

The following is the organization of information in the rest of this guide:

• Chapter 2, "Deploying the Connector" describes procedures that you must perform on Oracle Identity Manager and the target system during each stage of connector deployment.

• Chapter 3, "Using the Connector" describes guidelines on using the connector and the procedure to configure reconciliation runs and perform provisioning operations.

• Chapter 4, "Extending the Functionality of the Connector" describes procedures that you can perform if you want to extend the functionality of the connector.

• Chapter 5, "Testing and Troubleshooting" describes the procedure to use the connector testing utility for testing the connector.

• Chapter 6, "Known Issues" lists known issues associated with this release of the connector.