3 Configuring Connector Functionality

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

• Configuring Reconciliation

• Configuring Provisioning

• Configuring the Connector for Multiple Installations of the Target System

• Provisioning Provisioning Operations

• Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1

Note:

This chapter provides both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

• Configuring Trusted Source Reconciliation

• Partial Reconciliation

• Batched Reconciliation

• Configuring the Reconciliation Scheduled Tasks

• Adding Custom Attributes for Reconciliation

3.1.1 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or a target resource. If you designate the target system as a trusted source, then both newly created and modified user accounts are reconciled in Oracle Identity Manager. If you designate the target system as a target resource, then only modified user accounts are reconciled in Oracle Identity Manager.

Note:

You can skip this section if you do not want to designate the target system as a trusted source for reconciliation.

To configure trusted source reconciliation:

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

4. Locate and open the xlRWMSTrusted.xml file, which is in the OIM_HOME/xlclient directory. Details of this XML file are shown on the File Preview page.

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click Import.

8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must set the value of the IsTrusted reconciliation scheduled task attribute to Yes. This procedure is described in the "Configuring the Reconciliation Scheduled Tasks" section.

3.1.2 Partial Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

Creating a filter involves specifying a value for a target system attribute, which will be used in the query SELECT criteria to retrieve the records to be reconciled. You can specify values for any one or a combination of the following target system attributes:

Filter Attribute	Oracle Identity Manager Attribute
FacilityID Sample value: 'AY'	Facility ID
DCDept Sample value: 'Accounting'	Department

If you want to use multiple target system attributes to filter records, then you must also specify the logical operator (AND or OR) that you want to apply to the combination of target system attributes that you select.

Suppose you specify the following values for these attributes:

• FacilityID: AY

• DCDept: Accounting

• Operator: OR

Because you are using the OR operator, during reconciliation, user records for which any one of these criteria is met are reconciled. Therefore, users with either FacilityID as AY or DCDept as Accounting are reconciled. If you were to use the AND operator, then only user records for which all of these criteria are met are reconciled.

While deploying the connector, follow the instructions in the "Specifying Values for the Scheduled Task Attributes" section to specify values for these attributes and the logical operator that you want to apply.

3.1.3 Batched Reconciliation

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can configure batched reconciliation to avoid these problems.

To configure batched reconciliation, you must specify values for the following user reconciliation scheduled task attributes:

• BatchSize: Use this attribute to specify the number of records that must be included in each batch. The default value is 1000.

• NumberOfBatches: Use this attribute to specify the total number of batches that must be reconciled. The default value is All.

If you specify a value other than All, then some of the newly added or modified user records may not get modified during the current reconciliation run. The following example illustrates this:

Suppose you specify the following values while configuring the scheduled tasks:

• BatchSize: 20

• NumberOfBatches: 10

Suppose that 314 user records were created or modified after the last reconciliation run. Of these 314 records, only 200 records would be reconciled during the current reconciliation run. The remaining 114 records would be reconciled during the next reconciliation run.

You specify values for the BatchSize and NumberOfBatches attributes by following the instructions described in the "Specifying Values for the Scheduled Task Attributes" section.

3.1.4 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in the "Importing the Connector XML File" section, the scheduled tasks for lookup fields, trusted source user, and target resource user reconciliations are automatically created in Oracle Identity Manager.

Depending on the Oracle Identity Manager release that you are using, perform the procedure described in one of the following sections:

• Configuring Scheduled Tasks on Oracle Identity Manager Release 9.0.1 through 9.0.3.x

• Configuring Scheduled Tasks on Oracle Identity Manager Release 9.1.0.x or Release 11.1.1

3.1.4.1 Configuring Scheduled Tasks on Oracle Identity Manager Release 9.0.1 through 9.0.3.x

To configure a scheduled task:

1. Open the Oracle Identity Manager Design Console.

2. Expand the Xellerate Administration folder.

3. Select Task Scheduler.

4. Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.

5. For the first scheduled task, enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

6. Ensure that the Disabled and Stop Execution check boxes are not selected.

7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

8. In the Interval region, set the following schedule parameters:

   • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

     If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

   • To set the task to run only once, select the Once option.

9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

   See Also:

   Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

11. Repeat Steps 5 through 10 to configure the second scheduled task.

After you configure both scheduled tasks, proceed to the "Configuring Provisioning" section.

3.1.4.2 Configuring Scheduled Tasks on Oracle Identity Manager Release 9.1.0.x or Release 11.1.1

To configure a scheduled task:

1. Log in to the Administrative and User Console.

2. Perform one of the following:

   1. If you are using Oracle Identity Manager release 9.1.0.x, expand Resource Management, and then click Manage Scheduled Task.

   2. If you are using Oracle Identity Manager release 11.1.1, then on the Welcome to Oracle Identity Manager Self Service page, click Advanced in the upper-right corner of the page.

3. Search for and open the scheduled task as follows:

   • If you are using Oracle Identity Manager release 9.1.0.x, then:

     1. On the Scheduled Task Management page, enter the name of the scheduled task as the search criteria and then click Search.

     2. In the search results table, click the edit icon in the Edit column for the scheduled task.

     3. On the Scheduled Task Details page where the details of the scheduled task that you selected is displayed, click Edit.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the Welcome to Oracle Identity Manager Advanced Administration page, in the System Management region, click Search Scheduled Jobs.

     2. On the left pane, in the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.

     3. In the search results table on the left pane, click the scheduled job in the Job Name column.

4. Modify the details of the scheduled task. To do so:

   1. If you are using Oracle Identity Manager release 9.1.0.x, then on the Edit Scheduled Task Details page, modify the following parameters, and then click Continue:

      • Status: Specify whether you want to leave the task in the enabled state. In the enabled state, the task is ready for use.

      • Max Retries: Enter an integer value in this field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the ERROR status to the task. The default value is 1.

      • Next Start: Use the date editor to specify the date when you want the task to run. After you select a date value in the date editor, you can modify the time value that is automatically displayed in the Next Start field.

      • Frequency: Specify the frequency at which you want the task to run.

   2. If you are using Oracle Identity Manager release 11.1.1, then on the Job Details tab, you can modify the following parameters:

      • Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.

      • Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.

      Note:

      See Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for detailed information about schedule types.

      In addition to modifying the job details, you can enable or disable a job.

5. Specify values for the attributes of the scheduled task. To do so:

   Note:

   • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

   • Attributes of the scheduled task are discussed in the "Specifying Values for the Scheduled Task Attributes" section.

   • If you are using Oracle Identity Manager release 9.1.0.x, then on the Attributes page, select the attribute from the Attribute list, specify a value in the field provided, and then click Update.

   • If you are using Oracle Identity Manager release 11.1.1, then on the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

6. After specifying the attributes, perform one of the following:

   • If you are using Oracle Identity Manager release 9.1.0.x, then click Save Changes to save the changes.

     Note:

     The Stop Execution option is not available in the Administrative and User Console. If you want to stop a task, then click Stop Execution on the Task Scheduler form of the Design Console.

   • If you are using Oracle Identity Manager release 11.1.1, then click Apply to save the changes.

     Note:

     The Stop Execution option is available in the Administrative and User Console. You can use the Scheduler Status page to either start, stop, or reinitialize the scheduler.

3.1.4.3 Specifying Values for the Scheduled Task Attributes

See the following sections for information about the attribute values to be specified for the scheduled tasks:

• Lookup Fields Reconciliation Scheduled Task

• User Reconciliation Scheduled Task

3.1.4.3.1 Lookup Fields Reconciliation Scheduled Task

You must specify values for the following attributes of the lookup fields reconciliation scheduled task.

Note:

Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

Attribute	Description	Value
ServerName	Name of the IT resource	RWMS
LookUpName	The type of data that is being looked up in the target system	The value can be any one of the following: FacilityID LanguageCode Department UserClass
LookUpCode	Name of the lookup definition configured in Oracle Identity Manager	The value can be any one of the following: Lookup.RWMS.FacilityID Lookup.RWMS.LanguageCode Lookup.RWMS.Department Lookup.RWMS.UserClass

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.3.2 User Reconciliation Scheduled Task

Depending on whether you want to implement trusted source or target resource reconciliation, you must specify values for the attributes of one of the following user reconciliation scheduled tasks:

• RWMS User Reconciliation (Scheduled task for trusted source reconciliation)

• RWMS User Reconciliation-Non Trusted (Scheduled task for target resource reconciliation)

The following table describes the attributes of both scheduled tasks.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Value
ServerName	Name of the IT resource	RWMS
IsTrusted	Specifies whether or not reconciliation is to be carried out in trusted mode	For the RWMS User Reconciliation scheduled task, the value of this attribute is set to Yes. For the RWMS User Reconciliation-Non Trusted scheduled task, the value of this attribute is set to No. This is the default value. Caution: For each scheduled task, you must not change the default value. If you change the default value, then the scheduled task would not run.
TargetRO	Name of the resource object	RWMSRO
XellerateOrganisation	Default value for the Oracle Identity Manager Organization name This value is used to create the Xellerate User in trusted mode. Note: This attribute is specific to trusted source reconciliation.	Xellerate Users
BatchSize	Number of records in each batch that is reconciled You must specify an integer value greater than zero. See Also: The "Batched Reconciliation" section	The default value is 1000.
NoOfBatches	Number of batches to be reconciled The number of records in each batch is specified by the BatchSize attribute. See Also: The "Batched Reconciliation" section	Specify All if you want to reconcile all the batches. This is the default value. Specify an integer value if you want to reconcile only a fixed number of batches.
Facility ID	This is a filter attribute. Use this attribute to specify the Facility ID of the user whose records you want to reconcile. If you do not want to use this filter attribute, then specify Nodata. See Also: The "Partial Reconciliation" section	The value can be either the Facility ID or Nodata. The default value is Nodata. Sample value: AY
DCDept	This is a filter attribute. Use this attribute to specify the user DCDept for which you want to reconcile user records. If you do not want to use this filter attribute, then specify Nodata. See Also: The "Partial Reconciliation" section	The value can be either the DCDept or Nodata. The default value is Nodata. Sample value: Accounting
Operator	Specifies the logical operator to be applied to the filter attribute If you do not want to use this filter attribute, then specify None. See Also: The "Partial Reconciliation" section	The value can be one of the following: AND OR None The default value is None.

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.5 Adding Custom Attributes for Reconciliation

By default, the attributes listed in the "Reconciliation Module" section are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional attributes for reconciliation as follows:

Note:

You need not perform this procedure if you do not want to add custom attributes for reconciliation.

In this section, the term "attribute" refers to the identity data fields that store user data.

See Also:

Oracle Identity Manager Design Console for detailed instructions on performing the following steps

1. Modify the attributemapping_recon.properties file, which is in the OIM_HOME/xellerate/XLIntegrations/RWMS/config directory.

   Note:

   In this file, some of the attribute definitions are preceded by a comment saying that these attributes must not be changed. You must not change these attribute definitions.

   At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to make it a part of the list of reconciliation attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:

   OimAttributeName=TargetAttributeName
   

   For example:

   Users.LanguageCode=LANGUAGE_CODE
   

   In this example, LanguageCode is the reconciliation field and LANGUAGE_CODE is the equivalent target system attribute. As a standard, the prefix "Users." is added at the start of all reconciliation field names.

2. In the resource object definition, add a reconciliation field corresponding to the new attribute as follows:

   1. Open the Resource Objects form. This form is in the Resource Management folder.

   2. Click Query for Records.

   3. On the Resource Objects Table tab, double-click the RWMSRO resource object to open it for editing.

   4. On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.

   5. Specify a value for the field name.

      You must specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 2.

      For example, if you uncomment the Users.LanguageCode=LANGUAGE_CODE line in Step 2, then you must specify Users.LanguageCode as the attribute name.

   6. From the Field Type list, select a data type for the field.

      For example: String

   7. Save the values that you enter, and then close the dialog box.

   8. If required, repeat Steps d through g to map more fields.

3. Modify the process definition to include the mapping between the newly added attribute and the corresponding reconciliation field as follows:

   1. Open the Process Definition form. This form is in the Process Management folder.

   2. On the Reconciliation Field Mappings tab, click Add Field Map to open the Add Reconciliation Field Mapping dialog box.

   3. Enter the required values, save the values that you enter, and then close the dialog box.

   4. If required, repeat Steps b and c to map more fields.

3.2 Configuring Provisioning

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager. Refer to the "Supported Functionality" section for a listing of the provisioning functions that are available with this connector.

This section discusses the following topics related to configuring provisioning:

• Compiling Adapters

• Adding Custom Attributes for Provisioning

3.2.1 Compiling Adapters

Note:

You must perform this procedure if you want to use the provisioning feature of the connector.

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

• RWMSCreateUser

• RWMSUpdateUser

• RWMSDeleteUser

• RWMSResetPassword

• RWMSPrePopulate User Name

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

1. Open the Adapter Manager form.

2. To compile all the adapters that you import into the current database, select Compile All.

   To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

   Note:

   Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

3. Click Start. Oracle Identity Manager compiles the selected adapters.

4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

1. Highlight the adapter in the Adapter Manager form.

2. Double-click the row header of the adapter, or right-click the adapter.

3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

3.2.2 Adding Custom Attributes for Provisioning

Note:

In this section, the term "attribute" refers to the identity data fields that store user data.

By default, the attributes listed in the "Provisioning Module" section are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning as follows:

See Also:

One of the following guides:

• For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Design Console Guide

• For Oracle Identity Manager release 11.1.1: Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

1. Modify the attributemapping_prov.properties file, which is in the OIM_HOME/xellerate/XLIntegrations/RWMS/config directory.

   Note:

   In this file, some of the attribute definitions are preceded by a comment saying that these attributes must not be changed. You must not change these attribute definitions.

   At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to make it a part of the list of reconciliation attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:

   OimAttributeName=TargetAttributeName
   

   For example:

   LanguageCode=LANGUAGE_CODE
   

   In this example, LanguageCode is the provisioning field and LANGUAGE_CODE is the target system field.

2. Add a new column in the process form.

   1. Open the process form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.

   2. Click Create New Version.

   3. In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.

   4. From the Current Version list, select the newly created version.

   5. On the Additional Columns tab, click Add.

   6. Specify the new field name and other values.

3. Add a new variable in the variable list.

   1. Open the Adapter Factory form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.

   2. Click the Query for Records icon.

   3. On the Adapter Factory Table tab, double-click the adpRWMSCreateUser adapter from the list.

   4. On the Variable List tab, click Add.

   5. In the Add a Variable dialog box, specify the required values and then save and close the dialog box.

4. Define an additional adapter task for the newly added variable in the adpRWMSCreateUser adapter.

   1. On the Adapter Tasks tab of the Adapter Factory form, click Add.

   2. In the Adapter Task Selection dialog box, select Functional Task, select Java from the list of functional task types, and then click Continue.

   3. In the Object Instance Selection dialog box, select Persistent Instance and then click Continue.

   4. In the Add an Adapter Factory Task dialog box, specify the task name, select the setProperty method from the Method list, and then click Save.

   5. Map the application method parameters, and then save and close the dialog box. To map the application method parameters:

      For the "Output: String Return variable (Adapter Variable)" parameter:

      i. From the Map to list, select Literal.

      ii. From the Name list, select Return variable.

      For the "Input: String input (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select Input.

      For the "Input: String Status (Literal)" parameter:

      i. From the Map to list, select Literal.

      ii. From the Name list, select String.

      iii. In the Value field, enter Status.

      For the "Input: String Status (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select Status.

   6. Repeat Steps b through g to create more adapter tasks.

5. Create an additional adapter task to set the input variable.

   1. Open the Adapter Factory form. This form is in the Development Tools folder in the Oracle Identity Manager Design Console.

   2. On the Adapter Tasks tab, click Add.

   3. In the Adapter Task Selection dialog box, select Logic Task, select SET VARIABLE from the list, and then click Continue.

   4. In the Edit Set Variable Task Parameters dialog box, select input from the Variable Name list, select Adapter Task from the Operand Type list, and the Operand Qualifier as the Adapter Task that you have created in the previous step. Then, click Save.

6. Map the process form columns and adapter variables for the Create User process task as follows:

   1. Open the Process Definition form. This form is in the Process Management folder of the Design Console.

   2. Click the Query for Records icon.

   3. On the Process Definition Table tab, double-click the RWMSProcess process.

   4. On the Tasks tab, double-click the Create User task.

   5. In the Closing Form dialog box, click Yes.

   6. On the Integration tab of the Editing Task Columns Create User dialog box, map the unmapped variables, and then save and close the dialog box. To map an unmapped variable:

      i. Double-click the row in which N is displayed in the Status column. The value N signifies that the variable is not mapped.

      ii. From the Map to list in the Edit Data Mapping for Variables dialog box, select Process Data.

      iii. From the Qualifier list, select the name of the variable.

      Repeat Steps i through iii for all unmapped variables.

Repeat Steps 1 through 6 if you want to add more attributes.

3.3 Configuring the Connector for Multiple Installations of the Target System

Note:

Perform this procedure only if you want to configure the connector for multiple installations of Oracle Retail Warehouse Management System.

You may want to configure the connector for multiple installations of Oracle Retail Warehouse Management System. The following example illustrates this requirement:

The Tokyo, London, and New York offices of Example Multinational Inc. have their own installations of Oracle Retail Warehouse Management System. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of Oracle Retail Warehouse Management System.

To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of Oracle Retail Warehouse Management System.

To configure the connector for multiple installations of the target system:

See Also:

One of the following guides for detailed instructions on performing each step of this procedure:

• For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Design Console Guide

• For Oracle Identity Manager release 11.1.1: Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

1. Create and configure one IT resource for each set of Oracle Retail Warehouse Management System.

   The IT Resources form is in the Resource Management folder. The RWMS IT resource is created when you import the connector XML file. You can use this IT resource as the template for creating the remaining IT resources, of the same IT resource type.

2. Configure reconciliation for each set of Oracle Retail Warehouse Management System. See the "Configuring Reconciliation" section for instructions.

When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the Oracle Retail Warehouse Management System installation to which you want to provision the user.

3.4 Provisioning Provisioning Operations

Provisioning a resource for an OIM User involves using Oracle Identity Manager to create a target system account for the user.

When you install the connector on Oracle Identity Manager release 11.1.1, the direct provisioning feature is automatically enabled. This means that the process form is enabled when you install the connector.

If you have configured the connector for request-based provisioning, then the process form is suppressed and the object form is displayed. In other words, direct provisioning is disabled when you configure the connector for request-based provisioning. If you want to revert to direct provisioning, then perform the steps described in the "Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1" section.

This following are types of provisioning operations:

• Direct provisioning

• Request-based provisioning

• Provisioning triggered by policy changes

See Also:

Oracle Identity Manager Connector Concepts for information about the types of provisioning

This section discusses the following topics:

• Direct Provisioning

• Request-Based Provisioning

3.4.1 Direct Provisioning

To provision a resource by using the direct provisioning approach:

1. Log in to the Administrative and User Console.

2. If you want to first create an OIM User and then provision a target system account, then:

   • If you are using Oracle Identity Manager release 9.0.3.x or release 9.1.0.x, then:

     1. From the Users menu, select Create.

     2. On the Create User page, enter values for the OIM User fields and then click Create User.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the Welcome to Identity Administration page, in the Users region, click Create User.

     2. On the Create User page, enter values for the OIM User fields, and then click Save.

3. If you want to provision a target system account to an existing OIM User, then:

   • If you are using Oracle Identity Manager release 9.0.3.x or release 9.1.0.x, then:

     1. From the Users menu, select Manage.

     2. Search for the OIM User and select the link for the user from the list of users displayed in the search results.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the Welcome to Identity Administration page, search for the OIM User by selecting Users from the list on the left pane.

     2. From the list of users displayed in the search results, select the OIM User. The user details page is displayed on the right pane.

4. Depending on the Oracle Identity Manager release you are using, perform one of the following steps:

   • If you are using Oracle Identity Manager release 9.0.3.x or release 9.1.0.x, then:

     1. On the User Detail page, select Resource Profile from the list at the top of the page.

     2. On the Resource Profile page, click Provision New Resource.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the user details page, click the Resources tab.

     2. From the Action menu, select Add Resource. Alternatively, you can click the add resource icon with the plus (+) sign. The Provision Resource to User page is displayed in a new window.

5. On the Step 1: Select a Resource page, select RWMSRO from the list and then click Continue.

6. On the Step 2: Verify Resource Selection page, click Continue.

7. On the Step 5: Provide Process Data for ORWMS Table User Details page, enter the details of the account that you want to create on the target system and then click Continue.

8. On the Step 6: Verify Process Data page, verify the data that you have provided and then click Continue.

9. The "Provisioning has been initiated" message is displayed. Perform one of the following steps:

   • If you are using Oracle Identity Manager release 9.0.3.x or release 9.1.0.x, click Back to User Resource Profile. The Resource Profile page shows that the resource has been provisioned to the user.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. Close the window displaying the "Provisioning has been initiated" message.

     2. On the Resources tab, click Refresh to view the newly provisioned resource.

3.4.2 Request-Based Provisioning

Note:

The information provided in this section is applicable only if you are using Oracle Identity Manager release 11.1.1.

A request-based provisioning operation involves both end users and approvers. Typically, these approvers are in the management chain of the requesters. The following sections discuss the steps to be performed by end users and approvers during a request-based provisioning operation:

Note:

The procedures described in these sections are built on an example in which the end user raises or creates a request for provisioning a target system account. This request is then approved by the approver.

• End User's Role in Request-Based Provisioning

• Approver's Role in Request-Based Provisioning

3.4.2.1 End User's Role in Request-Based Provisioning

The following steps are performed by the end user in a request-based provisioning operation:

See Also:

Oracle Fusion Middleware User's Guide for Oracle Identity Manager for detailed information about these steps

1. Log in to the Administrative and User Console.

2. On the Welcome page, click Advanced in the upper-right corner of the page.

3. On the Welcome to Identity Administration page, click the Administration tab, and then click the Requests tab.

4. From the Actions menu on the left pane, select Create Request.

   The Select Request Template page is displayed.

5. From the Request Template list, select Provision Resource and click Next.

6. On the Select Users page, specify a search criterion in the fields to search for the user that you want to provision the resource, and then click Search. A list of users that match the search criterion you specify is displayed in the Available Users list.

7. From the Available Users list, select the user to whom you want to provision the account..

   If you want to create a provisioning request for more than one user, then from the Available Users list, select users to whom you want to provision the account.

8. Click Move or Move All to include your selection in the Selected Users list, and then click Next.

9. On the Select Resources page, click the arrow button next to the Resource Name field to display the list of all available resources.

10. From the Available Resources list, select RWMSRO, move it to the Selected Resources list, and then click Next.

11. On the Resource Details page, enter details of the account that must be created on the target system, and then click Next.

12. On the Justification page, you can specify values for the following fields, and then click Finish.

    • Effective Date

    • Justification

    On the resulting page, a message confirming that your request has been sent successfully is displayed along with the Request ID.

13. If you click the request ID, then the Request Details page is displayed.

14. To view details of the approval, on the Request Details page, click the Request History tab.

3.4.2.2 Approver's Role in Request-Based Provisioning

The following are steps performed by the approver in a request-based provisioning operation:

The following are steps that the approver can perform:

1. Log in to the Administrative and User Console.

2. On the Welcome page, click Self-Service in the upper-right corner of the page.

3. On the Welcome to Identity Manager Self Service page, click the Tasks tab.

4. On the Approvals tab, in the first section, you can specify a search criterion for request task that is assigned to you.

5. From the search results table, select the row containing the request you want to approve, and then click Approve Task.

   A message confirming that the task was approved is displayed.

3.5 Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1

Note:

It is assumed that you have performed the procedure described in the "Configuring Oracle Identity Manager for Request-Based Provisioning" section.

On Oracle Identity Manager release 11.1.1, if you want to switch from request-based provisioning to direct provisioning, then:

1. Log in to the Design Console.

2. Disable the Auto Save Form feature as follows:

   1. Expand Process Management, and then double-click Process Definition.

   2. Search for and open the RWMSProcess process definition.

   3. Deselect the Auto Save Form check box.

   4. Click the Save icon.

3. If the Self Request Allowed feature is enabled, then:

   1. Expand Resource Management, and then double-click Resource Objects.

   2. Search for and open the RWMSRO resource object.

   3. Deselect the Self Request Allowed check box.

   4. Click the Save icon.

On Oracle Identity Manager release 11.1.1, if you want to switch from direct provisioning back to request-based provisioning, then:

1. Log in to the Design Console.

2. Enable the Auto Save Form feature as follows:

   1. Expand Process Management, and then double-click Process Definition.

   2. Search for and open the RWMSProcess process definition.

   3. Select the Auto Save Form check box.

   4. Click the Save icon.

3. If you want to enable end users to raise requests for themselves, then:

   1. Expand Resource Management, and then double-click Resource Objects.

   2. Search for and open the RWMSRO resource object.

   3. Select the Self Request Allowed check box.

   4. Click the Save icon.