Go to main content
1/13
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Documentation Updates
Conventions
What's New in This Guide?
Software Updates
Software Updates in Release 11.1.1.9.0
Software Updates in Release 11.1.1.8.0
Software Updates in Release 11.1.1.7.0
Support for SAP BusinessObjects Access Control Versions 5.3 and 10
Software Updates in Release 11.1.1.6.0
Software Updates in Release 11.1.1.5.0
Support for Identity Connector Framework
Support for Deployment Using Connector Server
Support for Multiple Data Sources
Support for Remote Role Assignment in Federated Portal Network
Support for Dependent Lookup Fields
Transformation and Validation of Account Data
Reconciliation of Deleted User Records
Documentation-Specific Updates
Documentation-Specific Updates in Release 11.1.1.9.0
Documentation-Specific Updates in Release 11.1.1.8.0
Documentation-Specific Updates in Release 11.1.1.7.0
Documentation-Specific Updates in Release 11.1.1.6.0
Documentation-Specific Updates in Release 11.1.1.5.0
1
About the Connector
1.1
Certified Components
1.2
Usage Recommendation
1.3
Certified Languages
1.4
Connector Architecture and Supported Deployment Configurations
1.4.1
User Management with Access Request Management
1.4.2
Audit Trail Details in Connector Logs
1.4.3
User Management with SoD
1.4.4
User Management with Both SoD and Access Request Management
1.4.5
Guidelines on Using a Deployment Configuration
1.4.5.1
User Management Engine with SoD and Access Request Management
1.4.5.2
Summary of Account Management Process when SAP BusinessObjects AC Access Risk Analysis and SAP BusinessObjects AC Access Request Management are Enabled
1.4.5.3
User Management with Access Request Management
1.4.5.4
Summary of Account Request Management when SAP BusinessObjects AC Access Request Management is Configured and Enabled in your SAP Operating Environment
1.4.6
Considerations to Be Addressed When You Enable Access Request Management
1.5
Features of the Connector
1.5.1
Routing of Provisioning Requests Through SAP BusinessObjects AC Access Request Management
1.5.2
SoD Validation of Entitlement Requests
1.5.3
Full Reconciliation
1.5.4
Limited (Filtered) Reconciliation
1.5.5
Enabling and Disabling Accounts
1.5.6
Support for Multiple Data Sources
1.5.7
Support for Remote Role Assignment in Federated Portal Network
1.5.8
Transformation and Validation of Account Data
1.5.9
Specifying Accounts to Be Excluded from Reconciliation and Provisioning Operations
1.5.10
Support for Bulk Update of Attributes
1.6
Lookup Definitions Used During Connector Operations
1.6.1
Lookup Definitions Synchronized with the Target System
1.6.2
Preconfigured Lookup Definitions
1.6.2.1
Lookup.SAPUME.Configuration
1.6.2.2
Lookup.SAPUME.UM.Configuration
1.6.2.3
Lookup.SAPUME.UM.ProvAttrMap
1.6.2.4
Lookup.SAPUME.UM.ReconAttrMap
1.6.2.5
Lookup.SAPUME.UM.ReconValidation
1.6.2.6
Lookup.SAPUME.UM.ReconTransformation
1.6.2.7
Lookup.SAPUME.UM.ProvValidation
1.6.2.8
Lookup.SAPUME.UM.SecurityPolicy
1.6.2.9
Lookup.SAPUME.UM.RoleChildformMappings
1.6.2.10
Lookup.SAPUME.UM.RoleDatasource
1.6.2.11
Lookup.SAPUME.UM.GroupDatasource
1.6.2.12
Lookup.SAPUME.UM.TimeZone
1.6.2.13
Lookup.SAPUME.UM.Lock
1.6.2.14
Lookup.SAPUME.UM.Locale
1.6.2.15
Lookup.SAPUME.UM.Country
1.6.2.16
Lookup.SAPUME.UM.Group
1.6.2.17
Lookup.SAPUME.UM.Role
1.6.2.18
Lookup Definitions for Exclusion Lists
1.6.3
Preconfigured Lookup Definitions for SAP BusinessObjects AC 10
1.6.3.1
Lookup.SAPAC10UME.Configuration
1.6.3.2
Lookup.SAPAC10UME.UM.Configuration
1.6.3.3
Lookup.SAPAC10UME.UM.ProvAttrMap
1.6.3.4
Lookup.SAPAC10UME.UM.ReconAttrMap
1.6.3.5
Lookup.SAPAC10UME.UM.ProvValidation
1.6.3.6
Lookup.SAPAC10UME.UM.ReconTransformation
1.6.3.7
Lookup.SAPAC10UME.UM.ReconValidation
1.6.3.8
Lookup.Lookup.SAPAC10UME.ItemProvAction
1.6.3.9
Lookup.SAPAC10UME.RequestType
1.7
Connector Objects Used During Reconciliation
1.7.1
User Attributes for Reconciliation
1.7.2
Reconciliation Rules
1.7.2.1
Reconciliation Rule
1.7.2.2
Viewing Reconciliation Rules in the Design Console
1.7.3
Reconciliation Action Rules
1.7.3.1
Reconciliation Action Rules for Reconciliation
1.7.3.2
Viewing Reconciliation Action Rules in the Design Console
1.8
Connector Objects Used During Provisioning
1.8.1
User Provisioning Functions
1.8.2
User Attributes for Provisioning
1.9
Roadmap for Deploying and Using the Connector
2
Deploying the Connector
2.1
Preinstallation
2.1.1
Creating a Target System User Account for Connector Operations
2.1.2
Installing and Configuring the Connector Server
2.1.3
Running the Connector Server
2.2
Installation
2.2.1
Installing the Connector in Oracle Identity Manager
2.2.2
Deploying the Connector Bundle in a Connector Server
2.3
Postinstallation
2.3.1
Configuring Oracle Identity Manager 11.1.2 or Later
2.3.1.1
Creating and Activating a Sandbox
2.3.1.2
Creating a New UI Form
2.3.1.3
Creating an Application Instance
2.3.1.4
Publishing a Sandbox
2.3.1.5
Harvesting Entitlements and Sync Catalog
2.3.1.6
Updating an Existing Application Instance with a New Form
2.3.2
Enabling the Reset Password Option in Oracle Identity Manager 11.1.2.1.0 or Later
2.3.3
Configuring Password Changes for Newly Created Accounts
2.3.4
Changing to the Required Input Locale
2.3.5
Clearing Content Related to Connector Resource Bundles from the Server Cache
2.3.6
Managing Logging
2.3.6.1
Understanding Log Levels
2.3.6.2
Enabling Logging
2.3.7
Setting Up the Lookup.SAPUME.UM.RoleDataSource Lookup Definition
2.3.7.1
Adding Role Data Source Names to the Lookup.SAPUME.UM.RoleDataSource lookup definition in Oracle Identity Manager Release 11.1.1.
x
2.3.7.2
Adding Role Data Source Names to the Lookup.SAPUME.UM.RoleDataSource lookup definition in Oracle Identity Manager Release 11.1.2.
x
2.3.8
Setting Up the Lookup.SAPUME.UM.GroupDataSource Lookup Definition
2.3.8.1
Adding Group Data Source Names to the Lookup.SAPUME.UM.GroupDataSource lookup definition in Oracle Identity Manager Release 11.1.1.
x
2.3.8.2
Adding Group Data Source Names to the Lookup.SAPUME.UM.GroupDataSource lookup definition in Oracle Identity Manager Release 11.1.1.
x
2.3.9
Setting Up the Lookup Definitions for Exclusion Lists
2.3.10
Configuring Oracle Identity Manager for Request-Based Provisioning
2.3.10.1
Importing Request Datasets Using Deployment Manager
2.3.10.2
Enabling the Auto Save Form Feature
2.3.10.3
Running the PurgeCache Utility
2.3.11
Configuring SSL to Secure Communication Between the Target System and Oracle Identity Manager
2.3.12
Configuring the IT Resource for the Target System
2.3.13
Configuring the IT Resource for the Connector Server
2.3.14
Configuring the Access Request Management Feature of the Connector
2.3.14.1
Specifying Values for the GRC UME-ITRes IT Resource
2.3.14.2
Configuring Request Types and Workflows on SAP BusinessObjects AC Access Request Management
2.3.15
Configuring SoD (Segregation of Duties)
2.3.15.1
Configuring SAP GRC to Act As the SoD Engine
2.3.15.2
Specifying Values for the GRC UME-ITRes IT Resource
2.3.15.3
Specifying a Value for the TopologyName IT Resource Parameter
2.3.15.4
Disabling and Enabling SoD
2.3.15.4.1
Disabling SoD on Oracle Identity Manager
2.3.15.4.2
Enabling SoD on Oracle Identity Manager
2.3.16
Downloading WSDL files from SAP BusinessObjects AC
2.3.17
Localizing Field Labels in UI Forms
2.3.18
Synchronizing the SAPUME Process Form and SAP AC UME Process Form with Target System Field Lengths
2.4
Upgrading the Connector
2.4.1
Prerequisites for Upgrading the Connector
2.4.2
Upgrading the Connector
2.4.3
Performing the Postupgrade Steps
2.4.3.1
Performing the Postupgrade Steps for Releases 9.
x
, 11.1.1.5.0, and 11.1.1.6.0 of the SAP User Management Engine Connector
2.4.3.2
Perform the Postupgrade Steps for Release 11.1.1.8.0 or later of the SAP User Management Engine Connector
2.4.3.2.1
Postupgrade Steps While Upgrading the Basic User Management Engine configuration from Release 11.1.1.8.0 to Release 11.1.1.9.0
2.4.3.2.2
Postupgrade Steps While Upgrading the SoD validation of SAP BusinessObjects AC Access Risk Analysis from Release 11.1.1.8.0 to Release 11.1.1.9.0
2.4.3.2.3
Postupgrade Steps While Upgrading the SAP BusinessObjects AC Access Request Management from Release 11.1.1.8.0 to Release 11.1.1.9.0
3
Using the Connector
3.1
Performing Full Reconciliation
3.2
Scheduled Job for Lookup Field Synchronization
3.3
Scheduled Jobs for SAP BusinessObjects AC Lookup Field Synchronization
3.4
Configuring Reconciliation
3.4.1
Full Reconciliation
3.4.2
Limited Reconciliation
3.4.3
Reconciliation Scheduled Jobs
3.4.3.1
SAP UME Target User Reconciliation and SAP AC UME Target User Reconciliation
3.4.3.2
SAP UME Target User Delete Reconciliation and SAP AC UME Target User Delete Reconciliation
3.4.3.3
SAP AC Request Status
3.5
Configuring Scheduled Jobs
3.6
Guidelines on Performing Provisioning
3.6.1
Guidelines While Performing Provisioning Operations in any of the supported deployment configurations
3.6.2
Guidelines While Performing Provisioning Operations After Configuring the Access Request Management Feature of the Connector
3.7
Configuring Provisioning in Oracle Identity Manager Release 11.1.1.
x
3.7.1
Overview of the Provisioning Process in an SoD-Enabled Environment
3.7.2
Direct Provisioning
3.7.3
Direct Provisioning in an SoD-Enabled Environment
3.7.3.1
Prerequisites
3.7.3.2
Performing Direct Provisioning
3.7.4
Request-Based Provisioning
3.7.4.1
Creating of Request-Based Provisioning by the End User
3.7.4.2
Approving Request-Based Provisioning
3.7.5
Request-Based Provisioning in an SoD-Enabled Environment
3.7.5.1
Creating of Request-Based Provisioning by End-Users
3.7.5.2
Approving Request-Based Provisioning
3.7.6
Switching Between Request-Based Provisioning and Direct Provisioning
3.7.6.1
Switching from Request-Based Provisioning to Direct Provisioning
3.7.6.2
Switching from Direct Provisioning to Request-Based Provisioning
3.8
Configuring Provisioning in Oracle Identity Manager Release 11.1.2.
x
3.9
Uninstalling the Connector
4
Extending the Functionality of the Connector
4.1
Determining the Names of Target System Attributes
4.2
Adding New Attributes for Reconciliation
4.2.1
Creating a New Version of the Process Form
4.2.2
Adding the New Attribute to the List of Reconciliation Field in the Resource Object
4.2.3
Creating a Reconciliation Field Mapping for the New Attribute
4.2.4
Creating an Entry for the Attribute in the Lookup Definition for Reconciliation
4.2.5
Defining the Connector
4.2.6
Creating a New UI Form to make the New Attribute Visible
4.3
Adding New Attributes for Provisioning
4.3.1
Creating a New Version of the Process Form
4.3.2
Creating an Entry for the Attribute in the Lookup Definition for Provisioning
4.3.3
Updating the Request Dataset
4.3.4
Running the PurgeCache Utility to Clear Content Related to Request Datasets
4.3.5
Importing the Modified Request Datasets Using the Deployment Manager
4.3.6
Updating the New Attribute for Provisioning a User
4.3.7
Defining the Connector
4.3.8
Creating a New UI Form to the Make the New Attribute Visible
4.4
Adding New Standard SAP BusinessObjects AC Access Request Management Attributes for Provisioning
4.4.1
Creating a New Version of the Process Form
4.4.2
Creating an Entry for the Attribute in the Lookup Definition
4.4.3
Creating a Process Task to Update the Attribtue During Provisioning Operations
4.4.4
Creating a New UI Form and attaching it to the Application Instance to make the New Attribute Visible
4.5
Removing SAP BusinessObjects AC Access Request Management Attributes from Process Form
4.5.1
SAP BusinessObjects AC Access Request Management Attributes
4.6
Configuring Validation of Data During Reconciliation and Provisioning
4.7
Configuring Transformation of Data During User Reconciliation
4.8
Modifying Field Lengths on the Process Form
4.9
Configuring the Connector for Multiple Installations of the Target System
4.10
Defining the Connector
5
Known Issues, Limitations, and FAQs
5.1
Known Issues
5.2
Connector Limitations Related to Features of the Target System
5.2.1
Limitations for AS ABAP Data Source for the Connector
5.2.2
Limitations for Groups That Represent AS ABAP Roles
5.2.3
Limitations for Role Management with the Connector
5.3
Frequently Asked Questions (FAQs)
A
Files and Directories in the Installation Package
B
Scheduled Jobs for Lookup Field Synchronization and Reconciliation
Scripting on this page enhances content navigation, but does not change the content in any way.