Oracle® Identity Manager Connector Guide for Oracle E-Business User Management Release 9.1.0 Part Number E11203-03 |
|
|
View PDF |
This chapter provides an overview of the updates made to the software and documentation for the Oracle E-Business User Management connector in release 9.1.0.
See Also:
The earlier release of this guide for information about updates that were new for that releaseThe updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss updates made in release 9.1.0 of the connector:
Support for SSO-Enabled Oracle E-Business Suite Installations
Support for Oracle E-Business Suite Role and Responsibility Navigation Catalog
Support for Target System Account with Minimum Permissions for Connector Operations
Support for the Multiple Trusted Source Reconciliation Feature of Oracle Identity Manager
From this release onward, the connector supports the following target system versions:
Oracle E-Business Suite 11.5.10, 12.0.1 through 12.0.6 running on Oracle Real Application Clusters 10g and 11g
These target systems are listed in the Section 1.1, "Certified Components" section.
The connector provides all the features required for setting up Oracle E-Business Suite as a managed (target) resource of Oracle Identity Manager. If you want to use Oracle E-Business Suite as a trusted source of identity data for Oracle Identity Manager, then use the Oracle E-Business Employee Reconciliation connector.
Along with creation of a user record in Oracle E-Business Suite, the connector can be used to create a basic person record in Oracle E-Business HRMS. This feature enables access to Oracle E-Business Suite applications that require a user to have an account in Oracle E-Business HRMS.
In addition, the connector can be used to create a basic person-type party record in Oracle E-Business TCA. This feature enables access to Oracle E-Business Suite applications that require a user to have an account in Oracle E-Business TCA.
See Section 1.4.1, "Oracle E-Business User Management Connectors" for more information.
UMX role assignments can now be managed during reconciliation and provisioning.
From this release onward, the connector supports the Segregation of Duties (SoD) feature introduced in Oracle Identity Manager release 9.1.0.2. Requests for Oracle E-Business Suite role and responsibility entitlements can be validated with Oracle Application Access Controls Governor. Entitlements are provisioned into Oracle E-Business Suite only if the request passes the SoD validation process. This preventive simulation approach helps identify and correct potentially conflicting assignment of entitlements to a user, before the requested entitlements are granted to users.
See Section 1.4.3, "SoD Validation of Entitlement Provisioning" for more information.
The connector can be used to integrate Oracle Identity Manager with an SSO-enabled Oracle E-Business Suite installation.
See Section 1.4.4, "Support for an SSO-Enabled Target System Installation" for more information.
You can use the connector to fetch data about responsibilities and roles definitions from each target system application and store this data in lookup definitions on Oracle Identity Manager. During a provisioning operation, these lookup definitions are populated with responsibilities and roles that are specific to the Oracle E-Business Suite application you select for the operation. This feature leverages the dependent lookup capability of Oracle Identity Manager.
See Section 1.7, "Lookup Definitions Used During Connector Operations" for more information.
Oracle E-Business Suite allows future-dating (effective-dating) of account disable and account enable operations. The connector can detect and respond to these effective-dated lifecycle events.
Similarly, the connector can also respond to effective-dated operations in which roles and responsibilities are granted or revoked.
See Section 1.4.5, "Reconciliation of Effective-Dated Events" for an overview of the process.
The connector can now be used for reconciliation and provisioning account status data. During reconciliation, changes to the Effective Date From and Effective Date To fields on the target system are duplicated in Oracle Identity Manager. The same effect can be achieved through provisioning operations performed on Oracle Identity Manager.
See Section 1.4.6, "Account Status Reconciliation and Provisioning" for more information.
Reconciliation involves running a SQL query on the target system database to fetch the required user account records to Oracle Identity Manager. From this release onward, predefined SQL queries are stored in a file in the connector deployment package. You can modify these SQL queries or add your own SQL queries for reconciliation.
See Section 1.5.1, "Reconciliation Queries" for information about the reconciliation queries.
To meet the requirements of specific use cases, you might need to create multiple copies of the Oracle Identity Manager objects that constitute the connector. The connector can work with multiple instances of these objects.
See Section 4.6, "Configuring the Connector for Multiple Installations of the Target System" for more information.
In earlier releases, you had to use the APPS user for connector operations. From this release onward, you can create and use an Oracle E-Business Suite user with the minimum permissions required for connector operations.
See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for more information.
The connector supports the connection pooling feature introduced in Oracle Identity Manager release 9.1.0.2. In earlier releases, a connection with the target system was established at the start of a reconciliation run and closed at the end of the reconciliation run. With the introduction of connection pooling, multiple connections are established by Oracle Identity Manager and held in reserve for use by the connector.
See Section 1.4.12, "Connection Pooling" for more information.
From this release onward, you can configure SSL to secure communication between Oracle Identity Manager and the target system.
See Section 2.3.2, "Configuring Secure Communication Between the Target System and Oracle Identity Manager" for more information.
The connector now supports the multiple trusted source reconciliation feature of Oracle Identity Manager. See Oracle Identity Manager Design Console Guide for detailed information about multiple trusted source reconciliation.
To facilitate reuse and customization of some parts of the connector code, Javadocs are included in the connector deployment package.
The following are documentation-specific updates in release 9.1.0:
Major changes have been made in the structure of the guide. The objective of these changes is to synchronize the guide with the changes made to the connector and to improve the usability of information provided by the guide.
See Section 1.8, "Roadmap for Deploying and Using the Connector" for detailed information about the organization of content in this guide.
In the "Certified Components" section, changes have been made in the "Target system" row.