This chapter discusses the following connector configuration procedures:
Note:
From Oracle Identity Manager Release 11.1.2 onward, lookup queries are not supported. See Managing Lookups in Oracle Fusion Middleware Administering Oracle Identity Manager guide for information about managing lookups by using the Form Designer in the Oracle Identity Manager System Administration console.
Note:
In this section, the term "attribute" refers to the identity data fields that store user data.
To add a custom attribute, you must ensure that the corresponding attribute exists on the target system. If it does not exist, then you must first add the custom attribute on the target system. Contact an administrator for information about adding a custom attribute on the target system.
By default, the attributes listed in User Attributes for Target Resource Reconciliation and Provisioning are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can also configure the connector to reconcile custom attributes or other user attributes that are not available out of the box (OOTB) with the connector.For example, if Legal Entity is a custom attribute added to the user profile on the target system, then you can configure the connector to reconcile this attribute by performing the following steps:
For the custom attribute, Legal Entity, determine the corresponding attribute name in User Generic WSDL.
You can invoke the FieldManagementRead Admin Web Service API and get the value of Generic Integration Tag for the Legal Entity user attribute.
For example, Generic Integration Tag = CustomText2
Log in to the Oracle Identity Manager Design Console.
Create a new version of the process form as follows:
Expand Development Tools.
Double-click Form Designer.
Search for and open the UD_CRMOD_U process form.
Click Create New Version.
On the Create a new version dialog box, enter a new version in the Label field, and then click the save icon.
Add the new field on the process form as follows:
Click Add.
A field is added to the list. Enter the details of the field.
For example, if you are adding the Legal Entity field, enter UD_CRMOD_U_LEGALENTITY
in the Name field and the remaining details of this field.
To add boolean attributes, select ComboBox from the Field Type list and select String as the Variant Type.
If you are adding boolean attributes, create a new lookup definition, for example, Lookup.CRMOD.AttributeName. Then, add the following entries to the lookup definition:
Code Key | Decode |
---|---|
Y |
Y |
N |
N |
Open the UD_CRMOD_U process form and click Properties. Select the newly added property and click Add Property. Select Property Name as Lookup Code, and then enter the newly created lookup, Lookup.CRMOD.AttributeName
as the property value.
Click the save icon.
To activate the newly created form, click Make Version Active.
Figure 4-1 is a sample screenshot of the new version of process form.
Figure 4-1 Adding a New Version of Process Form
Add the new field to the list of reconciliation fields in the resource object as follows:
Expand Resource Management.
Double-click Resource Objects.
Search for and open the CRM On Demand resource object.
On the Object Reconciliation tab, click Add Field.
In the Add Reconciliation Field dialog box, enter the details of this field.
For example, enter Legal Entity
in the Field Name field and select String from the Field Type list.
Click the save icon.
On the Resource Objects form, click Create Reconciliation Profile to create reconciliation profile that would include the newly added reconciliation field.
Figure 4-2 is a sample screenshot of the newly added reconciliation field.
Figure 4-2 Adding a New Reconciliation Field
Create an entry for the field in the lookup definition for reconciliation as follows:
Expand Administration.
Double-click Lookup Definition.
Search for and open the Lookup.CRMOD.UM.ReconAttrMap lookup definition.
Click Add and enter the Code Key and Decode values for the field.
The Code Key value must be the Recon Field label name. The Decode value must be the name of the attribute in the User Generic WSDL.
For example, enter Legal Entity
in the Code Key field and then enter CustomText2
in the Decode field.
Click the save icon.
Figure 4-3 is a sample screenshot of the new entry added to the reconciliation lookup definition.
Figure 4-3 Adding an Entry to Reconciliation Lookup
Create a reconciliation field mapping for the new field on the process form as follows:
Expand Process Management.
Double-click Process Definition.
From the Process Definition table, select and open the CRM On Demand resource object.
Click Reconciliation Field Mappings and then click Add Field Map.
In the Field Name field, select the value for the field that you want to add.
For example, select Legal Entity.
In the Field Type field, select the type of the field that is prepopulated.
Double-click the Process Data Field field.
A list of process data columns is displayed. From the list, select the process data column corresponding to the process data field.
For example, select Legal Entity [String] = UD_CRMOD_U_LEGALENTITY.
Click the save icon.
If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.
Note:
In this section, the term "attribute" refers to the identity data fields that store user data.
To add a custom attribute, you must ensure that the corresponding attribute exists on the target system. If it does not exist, then you must first add the custom attribute on the target system. Contact an administrator for information about adding a custom attribute on the target system.
By default, the attributes listed in User Attributes for Target Resource Reconciliation and Provisioning are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can also configure the connector for provisioning after adding custom attributes or other user attributes that are not available out of the box (OOTB) with the connector.For example, if Legal Entity is a custom attribute added to the user profile on the target system, then you can configure the connector to provision this attribute by performing the following steps:
For the custom attribute, Legal Entity, determine the corresponding attribute name in User Generic WSDL.
You can invoke the FieldManagementRead Admin Web Service API and get the value of Generic Integration Tag for the Legal Entity user attribute.
For example, Generic Integration Tag = CustomText2
Log in to the Oracle Identity Manager Design Console.
Create a new version of the process form as follows:
Expand Development Tools.
Double-click Form Designer.
Search for and open the UD_CRMOD_U process form.
Click Create New Version.
On the Create a new version dialog box, enter a new version in the Label field, and then click the save icon.
Add the new field on the process form as follows:
Click Add.
A field is added to the list. Enter the details of the field.
For example, if you are adding the Legal Entity field, enter UD_CRMOD_U_LEGALENTITY
in the Name field, Legal Entity
in the Label Name field, and the remaining details of this field.
If you are adding boolean attributes, select ComboBox from the Field Type list and select String as the Variant Type.
Then, create a new lookup definition, for example, Lookup.CRMOD.AttributeName. Then, add the following entries to the lookup definition:
Code Key | Decode |
---|---|
Y |
Y |
N |
N |
Open the UD_CRMOD_U process form and click Properties. Select the newly added property and click Add Property. Select Property Name as Lookup Code, and then enter the newly created lookup, Lookup.CRMOD.AttributeName
as the property value.
Click the save icon.
To activate the newly created form, click Make Version Active.
Figure 4-4 is a sample screenshot of the new version of process form.
Figure 4-4 Adding a New Version of Process Form
Create an entry for the field in the lookup definition for provisioning as follows:
Expand Administration.
Double-click Lookup Definition.
Search for and open the Lookup.CRMOD.UM.ProvAttrMap lookup definition.
Click Add and enter the Code Key and Decode values for the field.
The Code Key value must be the form field label name. The Decode value must be the attribute name in the User Generic WSDL.
For example, enter Legal Entity
in the Code Key field and then enter CustomText2
in the Decode field.
Click the save icon.
Figure 4-5 is a sample screenshot of the new entry added to the provisioning lookup definition.
Figure 4-5 Adding an Entry to Provisioning Lookup
If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.
The Lookup.CRMOD.UM.ProvValidations and Lookup.CRMOD.UM.ReconValidations lookup definitions hold single-valued data to be validated during provisioning and reconciliation operations, respectively.
For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.
Note:
The Lookup.CRMOD.UM.ProvValidations and Lookup.CRMOD.UM.ReconValidations lookup definitions are optional and do not exist by default.
You must add these lookups as decode values to the Lookup.CRMOD.UM.Configuration lookup definition to enable exclusions during provisioning and reconciliation operations. See Setting up the Lookup Definition for User Operations for more information.
To configure validation of data:
The Lookup.CRMOD.UM.ReconTransformations lookup definition holds single-valued user data to be transformed during reconciliation operations. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Manager.
Note:
The Lookup.CRMOD.UM.ReconTransformations lookup definition is optional and does not exist by default.
You must add this lookup as decode value to the Lookup.CRMOD.UM.Configuration lookup definition to enable exclusions during provisioning and reconciliation operations. See Setting up the Lookup Definition for User Operations for more information.
To configure transformation of single-valued user data fetched during reconciliation:
The Lookup.CRMOD.UM.ProvExclusionList and Lookup.CRMOD.UM.ReconExclusionList lookup definitions hold user IDs of target system accounts for which you do not want to perform provisioning and reconciliation operations, respectively.
Note:
The Lookup.CRMOD.UM.ProvExclusionList and Lookup.CRMOD.UM.ReconExclusionList lookup definitions are optional and do not exist by default.
You must add these lookups as decode values to the Lookup.CRMOD.UM.Configuration lookup definition to enable exclusions during provisioning and reconciliation operations. See Setting up the Lookup Definition for User Operations for more information.
The following is the format of the values stored in these lookups:
Code Key | Decode | Sample Values |
---|---|---|
User Login Id resource object field name |
User ID of a user |
Code Key: User Login Id Decode: User001 |
User Login Id resource object field name with the [PATTERN] suffix |
A regular expression supported by the representation in the |
Code Key: User Login Id[PATTERN] To exclude users matching any of the user ID 's User001, User002, User088, then: Decode: User001|User002|User088 To exclude users whose user ID 's start with 00012, then: Decode: 00012* See Also: For information about the supported patterns, visit |
To add entries in the lookup for exclusions during provisioning operations: