3 Configuring the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

• Configuring Reconciliation

• Configuring Provisioning

• Activating and Deactivating Employee Accounts

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

• Partial Reconciliation

• Reconciliation Based on User Type

• Configuring Trusted Source Reconciliation

• Configuring the Reconciliation Scheduled Tasks

3.1.1 Partial Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

For this connector, you create a filter by specifying values for the CustomizedReconQuery IT resource parameter while configuring the IT resource.

The following table lists the target system attributes, and the corresponding Oracle Identity Manager attributes, that you can use to build the query condition. You specify this query condition as the value of the CustomizedReconQuery parameter.

Oracle Identity Manager Attribute	Target System Attribute
User ID	Login Name
First Name	First Name
Last Name	Last Name
Email	EMail Addr
Job Title	Job Title
Middle Name	Middle Name
Organization	Organization
Responsibility	Responsibility
Position	Position
Employee Type	Employee Type
Alias	Alias

The following are sample query conditions:

• First Name=John&Last Name=Doe

  With this query condition, records of users whose first name is John and last name is Doe are reconciled.

• First Name=John&Last Name=Doe|group=contractors

  With this query condition, records of users who meet either of the following conditions are reconciled:

  • The user's first name is John or last name is Doe.

  • The user belongs to the contractors group.

If you do not specify values for the CustomizedReconQuery parameter, then all the records in the target system are compared with existing Oracle Identity Manager records during reconciliation.

The following are guidelines to be followed while specifying a value for the CustomizedReconQuery parameter:

• For the target system attributes, you must use the same case (uppercase or lowercase) as given in the table shown earlier in this section. This is because the attribute names are case-sensitive.

• You must not include unnecessary blank spaces between operators and values in the query condition.

  A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators. For example, the output of the following query conditions would be different:

  First Name=John&Last Name=Doe

  First Name= John&Last Name= Doe

  In the second query condition, the reconciliation engine would look for first name and last name values that contain a space at the start.

• You must not include special characters other than the equal sign (=), ampersand (&), and vertical bar (|) in the query condition.

  Note:

  An exception is thrown if you include special characters other than the equal sign (=), ampersand (&), and vertical bar (|).

• The query condition must be an expression without any braces.

• Searching users based on multiple value roles and groups are not supported. Only one value for roles and profiles can be queried at a time. For example, if the query condition is Usergroup=a,b,c, then the query generates an error.

• Searching users based on more than three user attributes are not supported. For example, if the query condition is userid=JOHN&firstname=John&lastname=Doe&country=US, then the query generates an error.

You specify a value for the CustomizedReconQuery parameter while configuring the IT resource.

3.1.2 Reconciliation Based on User Type

Siebel supports the definition of the following user types:

• Employee

• Partner User

• Customer

You can specify the user type for which reconciliation must be performed.

To specify the user type for which reconciliation must be performed, you use the UserType scheduled task attribute. This attribute is discussed in the "Specifying Values for the Scheduled Task Attributes" section.

3.1.3 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or target resource. If you designate the target system as a trusted source, then during a reconciliation run:

• For each newly created user on the target system, an OIM User is created.

• Updates made to each user on the target system are propagated to the corresponding OIM User.

If you designate the target system as a target resource, then during a reconciliation run:

• For each account created on the target system, a resource is assigned to the corresponding OIM User.

• Updates made to each account on the target system are propagated to the corresponding resource.

Note:

Skip this section if you do not want to designate the target system as a trusted source for reconciliation.

Configuring trusted source reconciliation involves the following steps:

1. Import the XML file for trusted source reconciliation, SiebelEmpXLResourceObject.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

2. Set the IsTrusted scheduled task attribute to True. You specify a value for this attribute while configuring the user reconciliation scheduled task, which is described later in this guide.

To import the XML file for trusted source reconciliation:

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

4. Locate and open the SiebelEmpXLResourceObject.xml file, which is in the OIM_HOME/xellerate/Siebel/xml directory. Details of this XML file are shown on the File Preview page.

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click Import.

8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must set the value of the IsTrusted reconciliation scheduled task attribute to True. This procedure is described in the "Configuring the Reconciliation Scheduled Tasks" section.

3.1.4 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in the "Importing the Connector XML Files" section, the scheduled tasks for lookup fields and user reconciliations are automatically created in Oracle Identity Manager. To configure the scheduled task:

1. Open the Oracle Identity Manager Design Console.

2. Expand the Xellerate Administration folder.

3. Select Task Scheduler.

4. Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.

5. For the first scheduled task, enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

6. Ensure that the Disabled and Stop Execution check boxes are not selected.

7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

8. In the Interval region, set the following schedule parameters:

   • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

     If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

   • To set the task to run only once, select the Once option.

9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

   See Also:

   Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

11. Repeat Steps 5 through 10 to create the second scheduled task.

After you create both scheduled tasks, proceed to the "Configuring Provisioning" section.

3.1.4.1 Specifying Values for the Scheduled Task Attributes

This section provides information about the attribute values to be specified for the following scheduled tasks:

• Lookup Fields Reconciliation Scheduled Task

• User Reconciliation Scheduled Task

3.1.4.1.1 Lookup Fields Reconciliation Scheduled Task

You must specify values for the following attributes of the Siebel LookupRecon lookup fields reconciliation scheduled task.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Default/Sample Value
ITResource	Name of the IT resource	SIEBEL IT Resource

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.1.2 User Reconciliation Scheduled Task

You must specify values for the following attributes of the Siebel Recon user reconciliation scheduled task.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Default/Sample Value
Organization	Oracle Identity Manager users	OIM Users
Xellerate Type	Type of Oracle Identity Manager user	End user Administrator
Role	Default employee type	Consultant
ITResource	Name of the IT resource	SIEBEL IT Resource
ResourceObject	Resource object name	SIEBEL Resource Object
IsTrusted	Specifies whether or not trusted source reconciliation must be performed This parameter is set to True for trusted source reconciliation. It is set to False for target resource reconciliation.	False (target resource reconciliation) True (trusted source reconciliation)
isDeleteRecon	Specifies whether or not delete users reconciliation must be performed If this parameter is set to True, then the users that are deleted from the target system are deleted from Oracle Identity Manager. If this parameter is set to False, then the users that are deleted from the target system are not deleted from Oracle Identity Manager. Note: This parameter is provided only for optimization, because the target system does not maintain records of deleted users.	True or False
UserType	Specifies the type of user that must be reconciled The Siebel user types are: Employee: This user is an internal employee and user who is associated with a position in a division within your company. Partner User: This user is an employee at a partner company (external organization) and is associated with a position in a division within that company. Therefore, a Partner User is also an Employee, but not an internal one. Customer: This user is a self-registered partner having no position in your company. However, this user has a responsibility that defines what application views the user can access. For information about testing reconciliation based on user type, refer to the "Testing Reconciliation Based on User Type" section.	Employee
SiebelServerTimeZone	Specifies the time zone of the target system database The connector uses this information to identify records that must be reconciled during incremental reconciliation.	GMT+10:00
DayLightSaving	Specifies the time (in minutes) that must be added to the time stamp Sample value: 60 With this sample value, 60 minutes are added to the time stamp stored in the TimeStamp parameter, and the new time stamp is used to identify records that have been created or modified after the last reconciliation run.	Default value: 0

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.2 Configuring Provisioning

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

Note:

Skip this section if either of the following conditions is true:

• You performed the procedure described in "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later".

• You do not want to use the provisioning features of Oracle Identity Manager for this target system.

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

• PrePopulate SIEBEL Form

• Siebel Delete User

• Siebel Modify User

• Siebel Add Position

• Siebel Add Primary Responsibility

• Siebel Create User

• Siebel Remove Position

  Note:

  A user must have at least one position in Siebel. Therefore, if a user is in the last position, then the position cannot be deleted.

• Siebel Add Responsibility

• Siebel Remove Responsibility

• Siebel Add Primary Position

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

1. Open the Adapter Manager form.

2. To compile all the adapters that you import into the current database, select Compile All.

   To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

   Note:

   Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

3. Click Start. Oracle Identity Manager compiles the selected adapters.

4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

1. Highlight the adapter in the Adapter Manager form.

2. Double-click the row header of the adapter, or right-click the adapter.

3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

3.3 Activating and Deactivating Employee Accounts

Note:

This is not part of the deployment procedure.

To activate an employee account in the target system, assign any responsibility from Oracle Identity Manager.

To deactivate an employee account in the target system, delete all responsibilities of the employee from Oracle Identity Manager.