| Oracle® Identity Manager Connector Guide for PeopleSoft Employee Reconciliation Release 9.1.0 Part Number E11205-05 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for PeopleSoft Employee Reconciliation Release 9.1.0 Part Number E11205-05 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, and the security of resources to various target systems. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with target applications. This guide discusses the connector that enables you to use PeopleSoft HRMS and PeopleSoft HCM as an authoritative (trusted) source of identity information for Oracle Identity Manager.
Note:
In this guide, PeopleSoft HRMS and PeopleSoft HCM have been referred to as the target system.Table 1-1 lists the functions that are supported by this connector.
Table 1-1 Functions Supported by this Connector
| Function | Type | Description |
|---|---|---|
|
Create Employee |
Reconciliation |
Creates OIM Users corresponding to newly created employee records in the target system. |
|
Update Employee |
Reconciliation |
Modifies OIM Users corresponding to updates made to existing employees in the target system. |
|
Disable Employee |
Reconciliation |
Performs the global disabling of an OIM User in Oracle Identity Manager. |
|
Enable Employee |
Reconciliation |
Enables a disabled OIM User. |
Note:
- This connector does not support target resource reconciliation or provisioning operations.
- See Oracle Identity Manager Connector Concepts for detailed information about connector deployment configurations.
The connector supports reconciliation in two ways:
Full reconciliation: This involves fetching all existing target system records into Oracle Identity Manager.
Incremental reconciliation: This involves real-time reconciliation of changes in the target system records into Oracle Identity Manager.
The "Connector Architecture" section discusses full and incremental reconciliation in detail.
This chapter contains the following sections:
Table 1-2 lists the certified deployment configurations.
Table 1-2 Certified Deployment Configurations
| Item | Requirement |
|---|---|
|
Oracle Identity Manager release 9.1.0 and later |
|
|
The following are the supported target systems and the PeopleTools versions for each:
|
|
|
You must ensure that the following components are installed and configured in the target system environment:
|
Before you deploy the connector you might want to determine the versions of PeopleTools and the target system you are using to check if this release of the connector supports that combination. To do so, perform the following steps:
Open a Web browser and enter the URL of PeopleSoft Internet Architecture. The URL of PeopleSoft Internet Architecture is in the following format:
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
Click Change My Password. On the page that is displayed, press CTRL+J. The version of the PeopleTools and target system that you are using are displayed.
This section discusses the following topics:
The "Connector Architecture" section describes the architecture of the connector.
The "Trusted Source Reconciliation" section describes the reconciliation features of the connector.
Figure 1-1 shows the architecture of the connector.
This connector supports trusted source reconciliation in two ways.
A full reconciliation run involves fetching all the records in the target system and using them for reconciliation in Oracle Identity Manager by using a flat file. The PeopleSoft Application Engine program populates the flat file that contains all the employee data separated by the specified delimiter (*). The flat file is then read by an Oracle Identity Manager scheduled task that generates reconciliation events.
The PeopleSoft Application Engine program is run using PeopleSoft Internet Architecture.
To reconcile all existing target system records into Oracle Identity Manager, you must run full reconciliation the first time you perform a reconciliation run after deploying the connector. This is to ensure that the target system and Oracle Identity Manager contain the same data. Oracle recommends that you run full reconciliations at periodic intervals to ensure that all the user records are reconciled into Oracle Identity Manager. "Configuring Full Reconciliation" describes the procedure to configure full reconciliation.
Incremental reconciliation involves real-time reconciliation of newly created or modified employee data. You use incremental reconciliation to reconcile individual data changes after an initial, full reconciliation run has been performed. Incremental reconciliation is performed using PeopleSoft application messaging. The "Configuring Incremental Reconciliation" describes the procedure to configure incremental reconciliation.
Incremental reconciliation involves the following steps:
When employee data is added, updated, or deleted in the target system, a PeopleCode event is activated.
The PeopleCode event generates an XML message containing the modified employee data and sends it in real time to the PeopleSoft listener by using HTTP. If SSL is configured, then the PeopleSoft listener can also use HTTPS. The PeopleSoft listener is a Web application that is deployed on an Oracle Identity Manager host computer.
The PeopleSoft listener parses the XML message and sends a reconciliation event to Oracle Identity Manager.
Trusted source reconciliation involves reconciling data about newly created or modified accounts on the target system into Oracle Identity Manager and adding or updating OIM Users.
See Also:
"Trusted Source Reconciliation" in Oracle Identity Manager Connector Concepts for conceptual information about trusted source reconciliationThis section discusses the following topics:
Table 1-3 lists the identity fields whose values are fetched from the target system during reconciliation.
Table 1-3 User Fields for Reconciliation
| OIM User Form Field | PeopleSoft HRMS/HCM Field | Description |
|---|---|---|
|
User ID |
PS_PERSON.EMPLID |
Employee ID of the employee to which the user profile will be assigned This is a mandatory field for the creation of an OIM User. |
|
Last Name |
PS_NAMES.LAST_NAME |
Last name This is a mandatory field for the creation of an OIM User. |
|
First Name |
PS_NAMES.FIRST_NAME |
First name This is a mandatory field for the creation of an OIM User. |
|
Employee Type |
PS_JOB.REG_TEMP PS_JOB.FULL_PART_TIME PS_JOB.PER_ORG |
The Employee Type of the OIM User. The combination of the values of the PS_JOB.REG_TEMP, PS_JOB.FULL_PART_TIME, and the PS_JOB.PER_ORG fields are used to specify the Employee Type of the OIM User. This is a mandatory field for the creation of an OIM User. |
|
Status |
PS_JOB.HR_STATUS |
Specifies whether the employee is active or terminated |
The connector can reconcile all valid person types that are stored in the target system, and all components of the Employee person type. The following example describes how this is done.
The record of a temporary, part-time, Contingent Worker is reconciled from the target system. During reconciliation, you use the Lookup.PSFTER.EmpType.Map.Recon lookup definition to determine the Employee Type field to which the person type is mapped. In this lookup definition, the person type value from the target system is used as the Code key and its corresponding Decode value is used to fill the specific Employee Type field. Therefore, during reconciliation, the value of the temporary, part-time, Contingent Worker person type will be reconciled into the corresponding Employee Type field of Oracle Identity Manager.
The Lookup.PSFTER.EmpType.Map.Recon lookup definition has the following default combinations:
Note:
You can modify the values of the lookup definition based on your requirement.| Code Key | Decode |
|---|---|
| CWR##TEMP##FT | Temp |
| CWR##TEMP##PT | Intern |
| CWR##REG##FT | Consultant |
| CWR##REG##PT | Part-Time |
| EMP##TEMP##FT | Part-Time |
| EMP##TEMP##PT | Temp |
| EMP##REG##FT | Full-Time |
| EMP##REG##PT | Temp |
| For HRMS 8.8 SP1, the following combinations are available in addition to the preceding list: | |
| NON##TEMP##FT | Part-Time |
| NON##TEMP##PT | Consultant |
| NON##REG##FT | Temp |
| NON##REG##PT | Full-Time |
| For all HRMS versions, the following combination is available in addition to the preceding list: | |
| ######
Note: This Code key is for a situation in which the PS_JOB.REG_TEMP, PS_JOB.FULL_PART_TIME, and PS_JOB.PER_ORG fields on the target system are empty. |
Consultant |
Note:
The Decode values are case-sensitive.In the preceding table:
CWR represents Contingent Worker.
EMP represents Employee.
TEMP represents Temporary.
REG represents Regular.
FT represents Full-Time.
PT represents Part-Time.
NON represents employees who do not belong to any of the predefined employee types. This value is applicable only for HRMS 8.8 SP1.
The last row in the table represents a scenario in which no job is assigned to an employee.
The following is the reconciliation rule for trusted source reconciliation:
Rule Name: PSFT ER
Rule Element: User Login Equals Users.EmplId
In this rule:
User Login represents the User ID field on the OIM User form.
Users.EmplId represents the Employee ID field of the employee on the target system.
For trusted source reconciliation, the User ID field of the OIM User form is matched against the Employee ID field on the target system. These are the key fields in Oracle Identity Manager and the target system, respectively.
To access the reconciliation rule:
Note:
Perform the following procedure only after the connector is deployed.Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Locate PSFT ER.
See Also:
Oracle Identity Manager Design Console Guide for information about modifying reconciliation rulesThe following table lists the reconciliation action rules for this connector:
| Rule Condition | Action |
|---|---|
| No Matches Found | Create User |
| One Entity Match Found | Establish Link |
To access the reconciliation action rules for this connector:
Note:
Perform the following procedure only after the connector is deployed.Log in to the Oracle Identity Manager Design Console.
Expand Resource Management.
Double-click Resource Objects.
Locate the PSFT_ER_RO resource object.
Click the Object Reconciliation tab, and then the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector.
See Also:
Oracle Identity Manager Design Console Guide for information about modifying reconciliation action rulesNote:
For any rule condition that is not predefined for this connector, Oracle Identity Manager will neither perform any action nor log an error.The connector reconciles records of terminated employees. If the status of an employee is INACTIVE, then it means that the employee is terminated. The employee account is disabled in the target system, and globally deprovisioned in Oracle Identity Manager through the Disable User function of the connector.
On the target system, you can use the Effective Date feature to assign a future date to changes that you want to make to a user account. The following example illustrates how this feature works:
Suppose the system date is 02-May-2008. On the target system, the current designation of user John Doe is Systems Analyst. You want to change John's designation to Senior Systems Analyst and set 16-May-08 as the date on which the change will take place. To achieve this, you have set 16-May-08 as the effective date for the change in John's account information.
Oracle Identity Manager stores current data. In this context, current data is the most recent data in which the effective date is not later than the current system date. In other words, the date on which data is created or changed cannot be a date in the future.
The connector can recognize and ignore target system records with effective dates that are later than the system date. This feature of the connector is aimed at reconciling only target system changes that are already effective. The following extension to the example illustrates this feature of the connector:
After you set the effective date for John's designation change, suppose a reconciliation run takes place at 11:30 p.m. on 05-May-2008. During this reconciliation run, John's latest record with the effective date set to 16-May-08 is ignored because it is set in the future.
When a reconciliation run takes place on 16-May-08, John's data becomes current. When this happens, the Effective Date feature changes John's data and this change is reconciled into Oracle Identity Manager.
Note:
In the context of the Effective Date feature, records for a particular user on the target system can be categorized into the following types:Current: The record with an effective date that is closest to or equal to, but not greater than, the system date. There can be only one current record.
History: Records with dates that are earlier than the current date.
Future: Records that have effective dates later than the system date.
The connector supports the following languages:
Arabic
Chinese (Simplified)
Chinese (Traditional)
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish
See Also:
Oracle Identity Manager Globalization Guide for information about supported special charactersThe following is the organization of information in the rest of the guide:
Chapter 2, "Deploying the Connector" describes procedures that you must perform on Oracle Identity Manager and the target system during each stage of connector deployment.
Chapter 3, "Extending the Functionality of the Connector" describes the extended functions of the connector.
Chapter 4, "Using the Connector" provides information on the tasks that must be performed each time you want to run reconciliation.
Chapter 5, "Testing the Connector" provides information on testing the connector.
Chapter 6, "Known Issues" lists the known issues that you may encounter while using the connector.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
