The procedure to deploy the connector is divided across three stages namely preinstallation, installation, and postinstallation.
The following topics provide details on these stages:
Note:
Some of the procedures described in this chapter must be performed on the target system. To perform these procedures, you must use a Google Apps account with administrator privileges.
Preinstallation involves copying third-party libraries to the computer hosting Oracle Identity Manager. It also involves registering the connector with Google Apps for accessing user management APIs and creating a target system account for the connector.
The following topics provide details on these preinstallation procedures:
Perform the following steps to download and copy Google Apps third-party libraries:
This section provides a high-level summary about the preinstallation tasks to be performed on the target system.
The preinstallation process involves performing the following tasks:
Note:
The detailed instructions for performing each of these preinstallation tasks are available in the Google Cloud Platform Documentation at https://cloud.google.com/docs/
You must install the connector in Oracle Identity Manager. If necessary, you can also deploy the connector in a Connector Server.
Installation information is divided across the following sections:
Depending on where you want to run the connector code (bundle), the connector provides installation options:
The following are the installation options:
Run the connector code locally in Oracle Identity Manager.
To run the connector code locally in Oracle Identity Manager, perform the procedure described in Installing the Connector in Oracle Identity Manager.
Run the connector code remotely in a Connector Server.
To run the connector code remotely in a Connector Server, perform the procedures described in Installing the Connector in Oracle Identity Manager and Deploying the Connector Bundle in a Connector Server.
Perform this procedure to install the Google Apps connector in Oracle Identity Manager.
Note:
In this guide, the term Connector Installer has been used to refer to the Install Connectors feature of the Administrative and User Console.
To run the Connector Installer:
You can deploy the Google Apps connector bundle into the Java Connector Server by performing the procedure mentioned here.
See Also:
Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about installing and configuring connector server and running the connector server
If you want to deploy the Google Apps connector bundle into the Java Connector Server, then follow these steps:
Postinstallation for the connector involves configuring Oracle Identity Manager, enabling logging to track information about all connector events, and configuring SSL. It also involves performing some optional configurations such as enabling request-based provisioning and localizing the user interface.
Postinstallation steps are divided across the following sections:
If you are using Oracle Identity Manager release 11.1.2.x or later, you must create additional metadata such as a UI form and an application instance. In addition, you must run entitlement and catalog synchronization jobs.
These procedures are described in the following sections:
Create and activate a sandbox as follows. For detailed instructions, see Managing Sandboxes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
Create a new UI form as follows. For detailed instructions, see Managing Forms in Oracle Fusion Middleware Administering Oracle Identity Manager.
Create an application instance as follows. For detailed instructions, see Managing Application Instances in Oracle Fusion Middleware Administering Oracle Identity Manager.
Note:
If you are using access policy-based provisioning, then specify the Active Directory connector application instance as the value for the Parent AppInstance attribute.
To publish the sandbox that you created in Creating and Activating a Sandbox:
You can populate Entitlement schema from child process form table, and harvest roles, application instances, and entitlements into catalog. You can also load catalog metadata.
To harvest entitlements and sync catalog:
For any changes you do in the Form Designer, you must create a new UI form and update the changes in an application instance.
To update an existing application instance with a new form:
In request-based provisioning, an end user creates a request for a resource or entitlement by using the Administrative and User Console.
Note:
Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.1.x.
In request-based provisioning, an end user creates a request for a resource or entitlement by using the Administrative and User Console. Administrators or other users cannot create requests for a particular user. Requests can be viewed and approved by approvers designated in Oracle Identity Manager.
Note:
The direct provisioning feature of the connector is automatically disabled when you enable request-based provisioning. Therefore, do not enable request-based provisioning if you want to use the direct provisioning.
To enable request-based provisioning, perform the following procedures:
There are two ways of importing request datasets:
Note:
Request Datasets imported either into MDS or by using Deployment Manager are same.
To import a request dataset definition into the MDS:
The request datasets (predefined or generated) can also be imported using Deployment Manager (DM), which are stored in xml/GoogleApps-Datasets.xml.
To import a request dataset definition using Deployment Manager:
To enable the Auto Save Form feature:
Run the PurgeCache utility to clear content belonging to the Metadata category from the server cache. See Clearing Content Related to Connector Resource Bundles from the Server Cache for instructions.
The procedure to enable request-based provisioning ends with this step.
Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.
You may require the assistance of the system administrator to change to the required input locale.
When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database.
Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
To clear content related to connector resource bundles from the server cache:
Oracle Identity Governance uses Oracle Java Diagnostic Logging (OJDL) for recording all types of events pertaining to the connector. OJDL is based on java.util.logger.
The following topics provide detailed information about logging:
Note:
In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.
When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations.
To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
SEVERE.intValue()+100
This level enables logging of information about fatal errors.
SEVERE
This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
WARNING
This level enables logging of information about potentially harmful situations.
INFO
This level enables logging of messages that highlight the progress of the application.
CONFIG
This level enables logging of information about fine-grained events that are useful for debugging.
FINE, FINER, FINEST
These levels enable logging of information about fine-grained events, where FINEST logs information about all events.
These message types are mapped to ODL message type and level combinations as shown in Table 2-1.
Table 2-1 Log Levels and ODL Message Type:Level Combinations
Java Level | ODL Message Type:Level |
---|---|
SEVERE.intValue()+100 |
INCIDENT_ERROR:1 |
SEVERE |
ERROR:1 |
WARNING |
WARNING:1 |
INFO |
NOTIFICATION:1 |
CONFIG |
NOTIFICATION:16 |
FINE |
TRACE:1 |
FINER |
TRACE:16 |
FINEST |
TRACE:32 |
The configuration file for OJDL is logging.xml, which is located at the following path:
DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
Here, DOMAIN_HOME and OIM_SEVER are the domain name and server name specified during the installation of Oracle Identity Manager.
The GoogleApps IT resource is automatically created when you run the Connector Installer. You must specify values for the parameters of the IT resource.
The following section describes the parameters of the IT resource:
To specify values for the parameters of the IT resource:
Perform the procedure described in this section only if you have deployed the connector bundle remotely in a Connector Server.
Note:
Before you deploy the connector bundle remotely in a Connector Server, you must deploy the connector in Oracle Identity Manager by performing the procedures described in Installation.
To create the IT resource for the Connector Server:
You can localize UI form field labels by using the resource bundle corresponding to the language you want to use. The resource bundles are available in the connector installation media.
Note:
Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.2.x or later and you want to localize UI form field labels.
If you have already deployed the Google Apps Connector versions 11.1.1.5.0 or 11.1.1.6.0, then you can upgrade the connector to version 11.1.1.7.0. The following sections discuss the procedure to upgrade the connector:
The following sections discuss the procedure to upgrade the connector:
Note:
Before you perform the upgrade procedure:
Preupgrade steps for the connector involves performing a reconciliation run to fetch records from the target system, defining the source connector in Oracle Identity Manager, creating copies of the connector if you want to configure it for multiple installations of the target system, and disabling all the scheduled jobs.
Perform the following preupgrade steps:
This is a summary of the procedure to upgrade the connector for both staging and production environments.
Staging Environment
Perform the upgrade procedure by using the wizard mode.
Note:
Do not upgrade IT resource type definition. In order to retain the default setting, you must map the IT resource definition to "None".
Production Environment
Perform the upgrade procedure by using the silent mode.
See Managing Connector Lifecycle in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about the wizard and silent modes.
Postupgrade steps involve uploading new connector jars, running the Form Version Control (FVC) utility to manage data changes on a form, running the PostUpgradeScript.sql script to upgrade the IT resource, configuring the upgraded IT resource of the source connector, and so on.
Perform the following procedure: