1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with external, identity-aware applications. This guide discusses the connector that enables you to use JD Edwards EnterpriseOne either as a managed (target) resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager.

Note:

In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.

At some places in this guide, JD Edwards EnterpriseOne has been referred to as the target system.

In the account management (target resource) mode of the connector, information about users created or modified directly on the target system can be reconciled into Oracle Identity Manager. In addition, you can use Oracle Identity Manager to perform provisioning operations on the target system.

In the identity reconciliation (trusted source) configuration of the connector, users are created or modified only on the target system and information about these users is reconciled into Oracle Identity Manager.

This chapter contains the following sections:

1.1 Certified Components

Table 1-1 lists the certified components for this connector.

Table 1-1 Certified Components

Item Requirement

Oracle Identity Manager

You can use one of the following releases of Oracle Identity Manager:

  • Oracle Identity Manager release 9.0.1 through 9.0.3.2

  • Oracle Identity Manager release 9.1.0.1 or later

    Note: In this guide, Oracle Identity Manager release 9.1.0.x has been used to denote Oracle Identity Manager release 9.1.0.1 and future releases in the 9.1.0.x series that the connector will support.

  • Oracle Identity Manager 11g release 1 (11.1.1)

    Note: In this guide, Oracle Identity Manager release 11.1.1 has been used to denote Oracle Identity Manager 11g release 1 (11.1.1).

The connector does not support Oracle Identity Manager running on Oracle Application Server. For detailed information about certified components of Oracle Identity Manager, see the certification matrix on Oracle Technology Network at

http://www.oracle.com/technetwork/documentation/oim1014-097544.html

Target system

The target system can be any one of the following:

  • JD Edwards EnterpriseOne Tools 8.96 and Application 8.12

  • JD Edwards EnterpriseOne Tools 8.98 and Application 8.12

Target system user account

JD Edwards EnterpriseOne user account to which the SYSADMIN right has been assigned.

You provide the credentials of this user account while configuring the IT resource. The procedure is described later in this guide.

If this user account was not assigned the required rights, then a connection error would be thrown when Oracle Identity Manager tries to communicate with the target system.

JDK

The JDK version can be one of the following:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.2, use JDK 1.4.2 or a later release in the 1.4.2 series.

  • For Oracle Identity Manager release 9.1.0.x, use JDK 1.5 or a later release in the 1.5 series.

  • For Oracle Identity Manager release 11.1.1, use JDK 1.6 update 18 or later, or JRockit JDK 1.6 update 17 or later.

1.2 Certified Languages

The connector supports the following languages:

  • Chinese Simplified

  • Chinese Traditional

  • Danish

  • English

  • French

  • German

  • Italian

  • Japanese

  • Korean

  • Portuguese (Brazilian)

  • Spanish

See Also:

For information about supported special characters supported by Oracle Identity Manager, see one of the following guides:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.2 and release 9.1.0.x:

    Oracle Identity Manager Globalization Guide

  • For Oracle Identity Manager release 11.1.1:

    Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

1.3 Connector Architecture

Figure 1-1 shows the connector integrating JD Edwards EnterpriseOne with Oracle Identity Manager.

Figure 1-1 Connector Architecture

Description of Figure 1-1 follows
Description of "Figure 1-1 Connector Architecture"

The target system, JD Edwards EnterpriseOne, is based on a client-server architecture. The JD Edwards EnterpriseOne User Management connector leverages this architecture to perform connector operations by calling business functions (BSFNs) within the JD Edwards Enterprise server or connecting to the JD Edwards Database, as required.

During provisioning, adapters carry provisioning data submitted through the process form to the target system. The adapters establish a connection with the target system in one of the following ways:

  • If a BSFN for performing the required provisioning operation is available on the target system, then the adapter establishes a connection with the JD Edwards Enterprise Server by using JDB.

  • If there is no BSFN on the target system that can perform the required provisioning operation, then the adapter establishes a connection with the JD Edwards Database by using JDBj.

After the adapters establish a connection with the target system, the required provisioning operation is performed, and then the response from the target system is returned to the adapters.

Note:

In Oracle Identity Manager release 11.1.1, a scheduled job is an instance of a scheduled task. In this guide, the term scheduled task used in the context of Oracle Identity Manager release 9.1.0.x is the same as the term scheduled job in the context of Oracle Identity Manager release 11.1.1.

See Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for more information about scheduled tasks and scheduled jobs.

During reconciliation, a scheduled task establishes a connection with the JD Edwards Database by using JDBj. After the connection with the database is established, the user records that match the reconciliation criteria are retrieved, and passed on to the scheduled task, which brings the records to Oracle Identity Manager.

1.4 Features of the Connector

The following are features of the connector:

1.4.1 Support for Both Target Resource and Trusted Source Reconciliation

You can use the connector to configure JD Edwards EnterpriseOne as either a target resource or trusted source of Oracle Identity Manager.

See Section 3.3, "Configuring Reconciliation" for more information.

1.4.2 Support for Both Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, incremental reconciliation is automatically enabled from the next run of the user reconciliation.

You can perform a full reconciliation run at any time. See Section 3.3.1, "Full Reconciliation" for more information.

1.4.3 Support for Adding New Attributes for Reconciliation and Provisioning

If you want to add to the standard set of single-valued attributes for reconciliation and provisioning, then perform the procedures described in Chapter 4, "Extending the Functionality of the Connector."

1.5 Lookup Definitions Used During Connector Operations

Lookup definitions used during connector operations can be divided into the following categories:

1.5.1 Lookup Definitions Synchronized with the Target System

During a provisioning operation, you use a lookup field on the process form to specify a single value from a set of values. For example, you use the Date Format lookup field to select a date format from the list of supported date formats. When you deploy the connector, lookup definitions corresponding to the lookup fields on the target system are automatically created in Oracle Identity Manager. Lookup field synchronization involves copying additions or changes made to the target system lookup fields into the lookup definitions in Oracle Identity Manager.

The following lookup definitions are populated with values fetched from the target system by the scheduled tasks for lookup field synchronization:

See Also:

Section 3.2, "Scheduled Task for Lookup Field Synchronization" for information about these scheduled tasks

  • Lookup.JDE.DateSeparationCharacter

  • Lookup.JDE.Language

  • Lookup.JDE.Roles

  • Lookup.JDE.LocalizationCountryCode

  • Lookup.JDE.DateFormat

  • Lookup.JDE.UniversalTime

  • Lookup.JDE.TimeFormat

  • Lookup.JDE.DecimalFormatCharacter

1.5.2 Other Lookup Definitions

Table 1-2 describes the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

Table 1-2 Other Lookup Definitions

Lookup Definition Description of Values Method to Specify Values for the Lookup Definition

Lookup.JDE.Configuration

This lookup definition holds connector configuration entries that are used during reconciliation and provisioning.

This lookup definition is preconfigured. You cannot add or modify entries in this lookup definition.

Lookup.JDEReconciliation.FieldMap

This lookup definition holds mappings between the JDE User resource object fields and target system attributes.

This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for user reconciliation. Chapter 4, "Extending the Functionality of the Connector" provides more information.

Lookup.JDE.FastPathCreate

This lookup definition enables you to set the JD Edwards FASTPATH feature for users.

This lookup definition is preconfigured. You need not add entries in this lookup definition.

1.6 Connector Objects Used During Target Resource Reconciliation and Provisioning

The following sections provide information about connector objects used during target resource reconciliation and provisioning:

See Also:

The "Reconciliation" section in Oracle Identity Manager Connector Concepts for conceptual information about reconciliation

The following sections provide information about connector objects used during reconciliation:

1.6.1 User Attributes for Target Resource Reconciliation and Provisioning

Table 1-3 provides information about user attribute mappings for target resource reconciliation and provisioning.

Table 1-3 User Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Target System Attribute Description

User ID

USER

Login ID

Language

LNGP

Language preference

Date Format

FRMT

Date format

Date Separation Character

DSEP

Date separation character

Localization Country Code

CTR

Country Code

Universal Time

UTCTIME

Time zone

Time Format

TIMEFORM

Time format

Decimal Format Character

DECF

Decimal format character

Fast Path Create

FSTP

Fast redirect codes to navigate to frequently used JD Edwards applications such as Batch Versions and Automatic Accounting

Disable User

NA

This is a check box to specify whether you want to enable or disable a user. Select the Disable User check box to disable a user.

1.6.2 Role Attributes for Target Resource Reconciliation and Provisioning

Table 1-4 provides information about role attribute mappings for target resource reconciliation and provisioning.

Table 1-4 Role Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Target System Role Attribute Description

Role

szRole

Role name

Include in *ALL

cIncludedInALL

Specifies whether the search must be performed in all environments or only a particular environment

Effective Start Date

jdEffectiveDate

Date from which the role is effective for the user

End Date

jdExpirationDate

Date from which the role is no longer valid for the user

1.6.3 Reconciliation Rule for Target Resource Reconciliation

See Also:

Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules

The following is the process-matching rule:

Rule name: JDE Recon Rule

Rule element: User Login equals UserID

In this rule:

  • User Login is one of the following:

    • For Oracle Identity Manager release 9.0.1 through 9.0.3.2:

      User ID attribute on the Xellerate User form.

    • For Oracle Identity Manager release 9.1.0.x or release 11.1.1:

      User ID attribute on the OIM User form.

  • User ID is the User field of JD Edwards.

This rule supports the following scenarios:

  • You can provision multiple JD Edwards resources to the same OIM User, either on Oracle Identity Manager or directly on the target system.

  • You can change the user ID of a user on the target system.

This is illustrated by the following use cases:

  • Use case 1: You provision a JD Edwards account for an OIM User, and you also create an account for the user directly on the target system.

    When the first rule condition is applied, no match is found. Then, the second rule condition is applied and it is determined that a second account has been given to the user on the target system. The second account is linked with the OIM User at the end of the reconciliation run.

  • Use case 2: An OIM User has a JD Edwards account. You then change the user ID of the user on the target system.

    During the next reconciliation run, application of the first rule condition helps match the resource with the record.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Development Tools.

  3. Double-click Reconciliation Rules.

  4. Search for JDE Recon Rule. Figure 1-2 shows the reconciliation rule for target resource reconciliation.

    Figure 1-2 Reconciliation Rule for Target Resource Reconciliation

    Description of Figure 1-2 follows
    Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation"

1.6.4 Reconciliation Action Rules for Target Resource Reconciliation

Table 1-5 lists the action rules for target resource reconciliation.

Table 1-5 Action Rules for Target Resource Reconciliation

Rule Condition Action

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. For information about modifying or creating reconciliation action rules, see one of the following guides:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.2 and release 9.1.0.x: Oracle Identity Manager Design Console Guide

  • For Oracle Identity Manager release 11.1.1: Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Resource Management.

  3. Double-click Resource Objects.

  4. Search for and open the JDE Resource Object resource object.

  5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rule for target resource reconciliation.

    Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation

    Description of Figure 1-3 follows
    Description of "Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation"

1.6.5 Provisioning Functions

Table 1-6 lists the provisioning functions that are supported by the connector. The Adapter column gives the name of the adapter that is used when the function is performed.

Table 1-6 Provisioning Functions

Function Adapter

Create User

JDE Create User

Update User

JDE Modify User

Reset Password

Modify Password

Enable User

Enable and Disable User

Disable User

Enable and Disable User

Delete User

JDE Delete User

Add User Role

JDE Add Role

Remove User Role

JDE Remove Role

1.7 Connector Objects Used During Trusted Source Reconciliation

The following sections provide information about connector objects used during trusted source reconciliation:

1.7.1 User Attributes for Trusted Source Reconciliation

Table 1-7 lists user attributes for trusted source reconciliation.

Table 1-7 User Attributes for Trusted Source Reconciliation

OIM User Form Field Target System Attribute Description

User ID

USER

Login ID

First Name

USER

Login ID

Last Name

USER

Login ID

Employee Type

NA

Default value: Consultant

User Type

NA

Default value: End-User Administrator

Organization

NA

Default value: Xellerate Users

1.7.2 Reconciliation Rule for Trusted Source Reconciliation

See Also:

Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules

The following is the process matching rule:

Rule name: Trusted Source recon Rule

Rule element: User Login equals User ID

In this rule element:

  • User Login is one of the following:

    • For Oracle Identity Manager Release 9.0.1 through 9.0.3.x:

      User ID attribute on the Xellerate User form.

    • For Oracle Identity Manager release 9.1.0.x or release 11.1.1:

      User ID attribute on the OIM User form.

  • User ID is the User field of JD Edwards.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Development Tools.

  3. Double-click Reconciliation Rules.

  4. Search for Trusted Source recon Rule. Figure 1-4 shows the reconciliation rule for trusted source reconciliation.

    Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation

    Description of Figure 1-4 follows
    Description of "Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation"

1.7.3 Reconciliation Action Rules for Trusted Source Reconciliation

Table 1-8 lists the action rules for target resource reconciliation.

Table 1-8 Action Rules for Trusted Source Reconciliation

Rule Condition Action

No Matches Found

Create User

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. For information about modifying or creating reconciliation action rules, see one of the following guides:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.2 and release 9.1.0.x: Oracle Identity Manager Design Console Guide

  • For Oracle Identity Manager release 11.1.1: Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Resource Management.

  3. Double-click Resource Objects.

  4. Search for and open the Xellerate User resource object.

  5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rules for trusted source reconciliation.

    Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation

    Description of Figure 1-5 follows
    Description of "Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation"

1.8 Roadmap for Deploying and Using the Connector

The following is the organization of information in the rest of this guide: