What's New In Oracle Identity Manager Connector for SAP User Management?

This chapter provides an overview of the updates made to the software and documentation for release 11.1.1.7.0 of the SAP User Management connector.

The updates discussed in this chapter are divided into the following categories:

• Software Updates

  This section describes updates made to the connector software. This section also points out the sections of this guide that have been changed in response to each software update.

• Documentation-Specific Updates

  This section describes major changes made to this guide. For example, the relocation of a section from the second chapter to the third chapter is a documentation-specific update. These changes are not related to software updates.

Software Updates

The following section discusses software updates:

• Software Updates in Release 11.1.1.7.0

• Software Updates in Release 11.1.1.6.0

• Software Updates in Release 11.1.1.5.0

Software Updates in Release 11.1.1.7.0

There are no software updates in this release of the connector.

Software Updates in Release 11.1.1.6.0

The following are issues resolved in release 11.1.1.6.0:

Bug Number	Issue	Resolution
17388531	Account and role provisioning works fine without configuring the connector server.However, provisioning a role fails when the connector server is configured.	This issue has been resolved.
17575026	Failure of child data reconciliation during a reconciliation operation.	This issue has been resolved.
17581363	Failure in updation of the SAP User Management Unique ID in the process form.	This issue has been resolved.
17642440	Missing few Users created during different times of the same day during reconciliation operation.	This issue has been resolved.
17911657	In non CUA mode, SAP role reconciliation is omitting composite roles.	This issue has been resolved.
17288932	SSL support for SAP GRC 5.3	This issue has been resolved.
18461406	When the CUA mode is enabled and a role lookup reconciliation is performed, roles are reconciled with English labels instead of French labels.	This issue has been resolved.
19078269	Unable to connect to SAP in load balance scenario. However, connection to concrete SAP is successful.	This issue has been resolved.
16506322	The task responses are displayed only in English even when the connector is configured for any other native language.	This issue has been resolved.
18815353	"Display" and "Help" label descriptions are not displayed appropriately.	This issue has been resolved.
17748964	AC: SAP User Management unique Id does not get updated in the process form.	This issue has been resolved.
17668632	Failure in updation of SoDCheckResult due to an issue with field label mapping.	This issue has been resolved.
17401315	During user reconciliation in SAP User Management, two resource objects are created for the same account in Oracle Identity Manager.	This issue has been resolved.
19620263	Performing a Remove Role operation on Oracle Identity Manager does not remove simple roles associated to composite roles.	This issue has been resolved.
18342752	When a User from CUA is disabled and re-enabled in Oracle Identity Manager, the User is still displayed as disabled in SAP.	This issue has been resolved.
19551686	SAP User Management reconciliation finds modified Users only once in every three reconciliation operations.	This issue has been resolved.

Software Updates in Release 11.1.1.5.0

This is the first release of the Oracle Identity Manager Connector for SAP User Management based on Identity Connector Framework (ICF). The following are the software updates in release 11.1.1.5.0:

• Support for SAP BusinessObjects Access Control Version 10

• ICF Based Connector

• Support for Connector Server

• Support for Connection Pooling

• Support for Transformation and Validation

• Support for Resource Exclusion Lists

Support for SAP BusinessObjects Access Control Version 10

From this release onward, the connector supports the following new components:

• Risk Analysis and Remediation, also known as Analyze and Manage Access Risk (AMAR)

• Compliant User Provisioning, also known as Provision and Manage Users (PMU)

Throughout this guide, SAP BusinessObjects AC Access Risk Analysis refers to Risk Analysis and Remediation and SAP BusinessObjects AC Access Request Management refers to Compliant User Provisioning.

ICF Based Connector

The Identity Connector Framework (ICF) is a component that provides basic provisioning, reconciliation, and other functions that all Oracle Identity Manager and Oracle Waveset connectors require.

The Oracle Identity Manager Connector for SAP User Management is an ICF-based connector. The ICF uses classpath isolation, which allows the SAP User Management connector to co-exist with legacy versions of the connector.

For more information about the ICF, see Understanding the Identity Connector Framework in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

Support for Connector Server

Connector Server is a component provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally-deployed bundles. In other words, a connector server enables remote execution of an Oracle Identity Manager connector.

See the following sections for more information:

• Installing and Configuring the Connector Server

• Installing the Connector in the Connector Server

Support for Connection Pooling

A connection pool is a cache of objects that represent physical connections to the target. Oracle Identity Manager connectors can use these connections to communicate with target systems. At run time, the application requests a connection from the pool. If a connection is available, then the connector uses it and then returns it to the pool. A connection returned to the pool can again be requested for and used by the connector for another operation. By enabling the reuse of connections, the connection pool helps reduce connection creation overheads like network latency, memory allocation, and authentication.

One connection pool is created for each IT resource. For example, if you have three IT resources for three installations of the target system, then three connection pools will be created, one for each target system installation.

See Setting up the Lookup Definition for Connection Pooling for more information.

Support for Transformation and Validation

You can configure transformation of data, such as process form field data or any other object, that is brought into Oracle Identity Manager during reconciliation. In addition, you can configure validation of data that is brought into or sent from Oracle Identity Manager during reconciliation and provisioning.

See the following sections for more information:

• Configuring Validation of Data During Reconciliation and Provisioning

• Configuring Transformation of Data During User Reconciliation

Support for Resource Exclusion Lists

From this release onward, you can specify a list of accounts that must be excluded from reconciliation and provisioning operations. Accounts whose user IDs you specify in the exclusion list are not affected by reconciliation and provisioning operations.

See Validation Groovy Script for Resource Exclusion in Oracle Fusion Middleware Performing Self Service Tasks for Oracle Identity Manager for more information.

Documentation-Specific Updates

The following section discusses documentation-specific updates:

• Documentation-Specific Updates in Release 11.1.1.7.0

• Documentation-Specific Updates in Release 11.1.1.6.0

• Documentation-Specific Updates in Release 11.1.1.5.0

Documentation-Specific Updates in Release 11.1.1.7.0

The following documentation-specific updates have been made in revision "20" of the guide:

The "Target systems" and "SAP Governance, Risk and Compliance Access Control (GRC AC)" rows of Table 1-1 have been updated.

The following documentation-specific updates have been made in revision "19" of the guide:

• Information about Oracle Identity Governance cluster has been added to Table 1-2, Table 1-6, and Enabling Logging.

• Configuring SNC to Secure Communication Between Oracle Identity Manager and the Target System has been updated.

• Postcloning Steps has been added.

The following documentation-specific update has been made in revision "18" of the guide:

The "Target systems" and "SAP Governance, Risk and Compliance Access Control (GRC AC)" rows of Table 1-1 have been updated.

The following documentation-specific updates have been made in revision "17" of the guide:

• Creating a Target System User Account for the SAP HR Target has been updated.
• Assigning Roles to a User Account in a SAP Business Objects Access Control System for Connector Operations has been updated.
• The FAQs section under Known Issues has been updated to include information about the SoD Check Tracking ID field.

The following documentation-specific updates have been made in revision "16" of the guide:

• The following updates have been made to Table 1-1:

  • The "Oracle Identity Governance or Oracle Identity Manager" row has been updated to include support for Oracle Identity Governance 12c (12.2.1.4.0).
  • The "Target Systems" row has been modified to include support for SAP S/4HANA 1809 with component S4CORE 103 SP 0000.
  • The "SAP Governance, Risk and Compliance Access Control (GRC AC)" row has been modified to include support for the following installations:
    • SAP BusinessObjects Access Control 12.0 on SAP NetWeaver 7.52 for S/4 HANA 1610 with SAPBASIS 752 with component GRCFND_A V1200 SP 03 NetWeaver 7.52 with plugin GRCPINWV1100_731 SP 20
    • SAP BusinessObjects Access Control 10.1 on SAP NetWeaver 7.52 for S/4 HANA 1610 with SAPBASIS 7.52 with component GRCFND_A V1100 SP 19 NetWeaver 7.52 with plugin GRCPINWV1100_731 SP 20
• Usage Recommendation has been modified to include support for Oracle Identity Governance 12c (12.2.1.4.0).
• The following steps have been modified:

  • Step 3 of Creating a Target System User Account for the SAP UM (SAP ERP or SAP CUA) Target
  • Step 1 of Installing the Security Package
  • Step 3.b of Configuring SNC
  • Step 4 of Downloading and Installing the SAP JCo
  • Step 2 of Installing the Connector in the Connector Server
• A "Note" regarding entitlements has been added to SoD Validation of Entitlement Requests.
• Information pertaining to 12c has been modified in Usage Recommendation.
• Title for Support for SAP Governance, Risk, and Compliance Version 10 or Later has been updated.
• The Description column for the wsdlFilePath row of Table 1-2 and Table 1-6 have been modified.
• A "Note" regarding cluster setup has been added to Step 6 of Downloading and Installing the SAP JCo.
• Installing the Connector in Oracle Identity Manager has been modified.
• Information pertaining to the Filter attribute has been removed from Table 3-4.
• A guideline regarding the SAP BusinessObjects Access version has been added to Frequently Asked Questions (FAQs).
• Table 3-5, Table 3-6, and Table 3-7 have been modified.

The following documentation-specific updates have been made in revision "15" of the guide:

• The "Oracle Identity Governance or Oracle Identity Manager" row of Table 1-1 has been modified to include support for Oracle Identity Governance 12c Release BP02 (12.2.1.3.2).
• The "Target Systems" row of Table 1-1 has been modified to include support for NetWeaver 7.51 and S/4 HANA.
• The "Connector Server" row of Table 1-1 has been modified to include support for 11.2.1.0 and 12.2.1.3.0.
• The "SAP Governance, Risk and Compliance Access Control (GRC AC)" row of Table 1-1 has been modified to include support for the following:
  • SAP BusinessObjects Access Control 10 on SAP NetWeaver 7.4 with SAP BASIS 7.40
  • SAP BusinessObjects Access Control 10 on SAP NetWeaver AS ABAP 7.02 Support Pack 7
• Usage Recommendation has been modified to include information about 12c.
• Support for SAP Governance, Risk, and Compliance Version 10 or Later has been modified to include connector support for new components.
• Code Key "ReportFormat" has been added to Table 1-6.
• Summary of the account management process has been added to User Management with SoD.
• Creating a Target System User Account for the SAP UM (SAP ERP or SAP CUA) Target has been modified.
• Step 2 has been added to Performing the Postupgrade Steps.
• Postupgrade Steps While Upgrading the SAP BusinessObjects AC Access Request Management from Release 11.1.1.6.0 to Release 11.1.1.7.0 has been added.
• A known issue and a workaround about an application server error whenever any jar is updated or modified is added to Known Issues.
• Troubleshooting the Connector has been added.

The following documentation-specific update has been made in revision "14" of the guide:

• The "Oracle Identity Manger" row of Table 1-1 has been renamed as "Oracle Identity Governance or Oracle Identity Manager" and also updated for Oracle Identity Governance 12c (12.2.1.3.0) certification.

The following documentation-specific updates have been made in revision "13" of the guide:

• OIM interface names have been corrected throughout the guide.

• Information pertaining to procedures performed on the target system has been replaced with a high-level summary in the following sections:

  • Creating a Target System User Account for the SAP UM (SAP ERP or SAP CUA) Target

  • Creating a Target System User Account for the SAP HR Target

  • Creating an Entry in the BAPIF4T Table

  • Configuring Request Types and Workflows on SAP BusinessObjects AC Access Request Management

  • Downloading WSDL files from SAP BusinessObjects AC

  • Determining the Names of Target System Attributes

The following documentation-specific update has been made in revision "12" of the guide:

The "Oracle Identity Manager" row of Table 1-1 has been updated.

The following documentation-specific updates have been made in revision "10" of the guide:

• The "JDK" and "SAP Governance, Risk and Compliance Access Control (GRC AC)" rows of Table 1-1 have been updated.

• Information pertaining to SAP BusinessObjects Access Control 5.3 has been removed throughout the guide.

• Information pertaining to SAP BusinessObjects Access Control 10 artifacts has been added throughout the guide.

• Known Issues and FAQs has been modified to remove all bugs that are no longer issues.

• Standard BAPIs Used During Connector Operations has been added.

Documentation-Specific Updates in Release 11.1.1.6.0

The following documentation-specific updates have been made in revision "8" of release 11.1.1.6.0:

• The "Oracle Identity Manager" row of Table 1-1 has been updated.

• Information specific to Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0) has been added to Usage Recommendation.

The following documentation-specific updates have been made in revision "7" of release 11.1.1.6.0:

• The "Target systems" row of Table 1-1 has been updated.

• A "Note" has been added at the beginning of Extending the Functionality of the Connector.

• A "Note" regarding field length has been added to Postinstallation.

• Step 5 of Performing the Postupgrade Steps has been removed.

• An issue regarding connector upgrade has been added to Known Issues.

The following documentation-specific updates have been made in revision "6" of release 11.1.1.6.0:

• A "Note" on SAP NetWeaver 7.31 certified connector version has been modified in Table 1-1.

• The "Connector Server" row has been added to Table 1-1.

• In Table 1-2, the following rows have been added:

  • singleRoles

  • compositeRoles

  • disableLockStatus

  • roles

• In Table 1-8, the following rows have been modified:

  • AC Request

  • Unique ID

• In Table 1-10, the "Unique ID" row has been added.

• The connector version has been modified from "11.1.1.5.0" to "11.1.1.6.0" in the following Sections:

  • Steps 3 and 4 of Downloading and Installing the SAP JCo

  • Steps 2 and 3 of Installing the Connector in Oracle Identity Manager

  • Upgrading the Connector

• Synchronizing the SAPUM Process Form Field Length Needs with the Target Field Length has been added.

• Step 3 has been added to Installing the Connector in the Connector Server.

• Steps 1 and 2 have been added to Performing the Postupgrade Steps.

Documentation-Specific Updates in Release 11.1.1.5.0

• The following documentation-specific update has been made in the revision "5" of release 11.1.1.5.0:

  Configuring Password Changes for Newly Created Accounts has been modified.

• The following documentation-specific update has been made in the revision "4" of release 11.1.1.5.0:

  has been modified.

• The following documentation-specific update has been made in the revision "3" of release 11.1.1.5.0:

  The "Target System" and "GRC AC" rows of Table 1-1 have been updated.

• The following documentation-specific updates have been made in the revision "2" of release 11.1.1.5.0:

  • The "destination" and "masterSystem" rows of Table 2-5 have been updated.

  • The "Oracle Identity Manager" row of Table 1-1 has been modified to include Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0).

  • Information specific to Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) has been added to Step 5 of Localizing Field Labels in UI Forms.