6 Extending the Functionality of the Connector

You can extend the functionality of the connector to address your specific business requirements.

This chapter discusses the following optional procedures that you can perform to extend the functionality of the connector for addressing your business requirements:

• Adding New Attributes for Target Resource Reconciliation

• Adding New Attributes for Provisioning

• Removing Attributes Mapped for Target Resource Reconciliation and Provisioning

• Configuring the Connector for Provisioning to Multiple Installations of the Target System

Adding New Attributes for Target Resource Reconciliation

You can add a new attribute on the process form in the Form Designer section of Oracle Identity Manager System Administration Console.

Note:

You must ensure that new attributes you add for reconciliation contain only string-format data. Binary attributes must not be brought into Oracle Identity Manager natively.

By default, the attributes listed in Table 1-3 are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can add new attributes for target resource reconciliation.

The multiValuedAttributes property should not be included in the SingleValueAttributes property and vice versa. These properties are found in the Reconcile All Users scheduled task.

If you are adding a custom target system attribute, then you must define a new grammar definition in the LDAP gateway for the same. See About Parsing Grammar Protocol 1.0 for more information about new grammar definitions.

To add a custom field for reconciliation, you must first update the connector reconciliation component you are using, and then update Oracle Identity Manager. This section discusses the following topics:

• Adding Custom Fields for Full Reconciliation
• Adding Custom Fields to Oracle Identity Manager

Adding Custom Fields for Full Reconciliation

You can add custom fields for full reconciliation by specifying a value for the SingleValueAttributes attribute of the Acf2 Reconcile All Users scheduled task. See Full and Incremental Reconciliation for more information.

To add a custom field for scheduled task reconciliation:

1. If you are using Oracle Identity Manager 11g R2 PS3 or Oracle Identity Governance 12c, log in to Oracle Identity System Administration.
2. In the left pane, under System Management, click Scheduler.
3. Search for and open the Acf2 Reconcile All Users scheduled task as follows:
   1. In the left pane, in the Search field, enter Acf2 Reconcile All Users as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
   2. In the search results table on the left pane, click the scheduled job in the Job Name column.
4. Add the custom field to the list of attributes in the SingleValueAttributes scheduled task attribute.
5. Click Apply.

Adding Custom Fields to Oracle Identity Manager

After adding the custom field to the ACF2 Reconcile All users scheduled task (if using scheduled task reconciliation), you must add the custom field to the Oracle Identity Manager components.

To update Oracle Identity Manager with the custom field:

1. Log in to the Oracle Identity Manager Design Console.
2. Add the custom field to the list of reconciliation fields in the resource object as follows:
   1. Expand Resource Management and then double-click Resource Objects.
   2. Search for and open the OIMAcf2ResourceObject resource object.
   3. On the Object Reconciliation tab, click Add Field.
   4. In the Add Reconciliation Field dialog box, enter the details of the field.

      For example, if you are adding an ACF2 attribute called "Description", then enter Description in the Field Name field and select String from the Field Type list.

   5. Click Save and close the dialog box.
   6. Click Create Reconciliation Profile. This copies changes made to the resource object into MDS.
   7. Click Save.
3. Add the custom field on the process form as follows:
   1. Expand Development Tools and then double-click Form Designer.
   2. Search for and open the UD_IDF_ACF2 process form.
   3. Click Create New Version, and then click Add.
   4. Enter the details of the field.

      For example, if you are adding the Description field, then enter UD_IDF_ACF2_DESCRIPTION in the Name field, and then enter the rest of the details of this field.

   5. Click Save and then click Make Version Active.
4. Create a reconciliation field mapping for the custom field in the provisioning process as follows:
   1. Expand Process Management and then double-click Process Definition.
   2. Search for and open the OIMAcf2ProvisioningProcess process definition.
   3. On the Reconciliation Field Mappings tab of the provisioning process, click Add Field Map.
   4. In the Add Reconciliation Field Mapping dialog box, from the Field Name field, select the value for the field that you want to add.For example, from the Field Name field, select Description.
   5. Double-click the Process Data field, and then select UD_IDF_ACF2_DESCRIPTION.
   6. Click Save and close the dialog box.
   7. Click Save.
5. If you are using Oracle Identity Manager release 11.1.2.x, then create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form.

Adding New Attributes for Provisioning

You can add a new attribute on the process form in the Form Designer section of Oracle Identity Manager System Administration Console.

By default, the attributes listed in Table 1-3 are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning.

To add a new attribute for provisioning:

See Also:

Oracle Fusion Middleware User's Guide for Oracle Identity Manager for detailed information about these steps

1. Log in to the Oracle Identity Manager System Administration Console.
2. Add the new attribute on the process form as follows:
   1. .Expand Development Tools.
   2. Double-click Form Designer.
   3. Search for and open the UD_IDF_ACF2 process form.
   4. Click Create New Version, and then click Add.
   5. Enter the details of the attribute.
   6. Click Save and then click Make Version Active.
3. Create an entry for the attribute in the lookup definition for provisioning as follows:
   1. Expand Administration.
   2. Double-click Lookup Definition.
   3. Search for and open the AtMap.ACF2 lookup definition.
   4. Click Add and then enter the Code Key and Decode values for the attribute.
      The Code Key value must be the name of the field on the process form. The Decode value is the name of the attribute on the target system.
4. To enable update of the attribute during provisioning operations, create a process task as follows:

   See Also:

   Oracle Fusion Middleware User's Guide for Oracle Identity Manager for detailed information about these steps
   1. Expand Process Management, and double-click Process Definition.
   2. Search for and open the OIMAcf2ProvisioningProcess process definition.
   3. Click Add.
   4. On the General tab of the Creating New Task dialog box, enter a name and description for the task and then select the following:
      Conditional
      Required for Completion
      Allow Cancellation while Pending
      Allow Multiple Instances
   5. Click Save.
   6. On the Integration tab of the Creating New Task dialog box, click Add.
   7. In the Handler Selection dialog box, select Adapter, click adpMODIFYACF2USER, and then click the Save icon.
      The list of adapter variables is displayed on the Integration tab.
   8. To create the mapping for the first adapter variable:

      1. Double-click the number of the first row.

      2. In the Edit Data Mapping for Variable dialog box, enter the following values:

         Variable Name: Adapter return value

         Data Type: Object

         Map To: Response code

         Click the Save icon.

   9. To create mappings for the remaining adapter variables, use the data given in the following table:

      Variable Number	Variable Name	Map To	Qualifier
      Second	idfResource	IT Resource	Not applicable
      Third	uid	Process Data	LoginId
      Fourth	attrName	Literal	cn string
      Fifth	attrValue	Process Data	UD_ACF2_ADV_NAME string

   10. Click the Save icon in the Editing Task dialog box, and then close the dialog box.
   11. Click the Save icon to save changes to the process definition.
5. If you are adding a custom attribute, then add it to the list of attributes specified as the value of the configAttrs property in the Properties in the acf2.properties file. See Installing and Configuring the LDAP Gateway for information about this property.

Removing Attributes Mapped for Target Resource Reconciliation and Provisioning

You can remove attributes mapped for initial reconciliation.

Note:

You must not remove the uid, cn, sn, givenName, or userPassword attribute. These attributes are mandatory on the target system.

The SingleValueAttributes and MultiValuedAttributes attributes contain the list of target system attributes that are mapped for initial reconciliation. These properties are found in the Reconcile All Users scheduled task. If you want to remove an attribute mapped for initial reconciliation, then remove it from the SingleValueAttributes or MultiValuedAttributes property.

Configuring the Connector for Provisioning to Multiple Installations of the Target System

You must create copies of the connector to configure it for multiple installations of the target system.

The following example illustrates this requirement:

The London and New York offices of Example Multinational Inc. have their own installations of the target system. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of the target system.

To meet the requirement posed by such a scenario, you must create copies of the connector. See Cloning Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager for more information.