1 About the Connector

This chapter introduces the BMC Remedy User Management connector.

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with external, identity-aware applications. This guide discusses the connector that enables you to use BMC Remedy AR System either as a managed (target) resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager.

Note:

At some places in this guide, BMC Remedy System has been referred to as the target system. It is used interchangeably with BMC Remedy User Management.

The BMC Remedy User Management connector is also referred to as the user management connector.

In the account management (target resource) mode of the connector, information about users created or modified directly on BMC Remedy System can be reconciled into Oracle Identity Manager. This data is used to provision (assign) resources to or update resources already assigned to OIM Users. In addition, you can use Oracle Identity Manager to provision or update resources assigned to OIM Users. These provisioning operations performed on Oracle Identity Manager translate into the creation of or updates to the corresponding target system accounts.

In the identity reconciliation (trusted source) configuration of the connector, users are created or modified only on the target system and information about these users is reconciled into Oracle Identity Manager.

Note:

It is recommended that you do not configure the target system as both an authoritative (trusted) source and a managed (target) resource.

This chapter contains the following sections:

• Certified Components

• Usage Recommendation

• Certified Languages

• Connector Architecture

• Features of the Connector

• Lookup Definitions Used During Reconciliation and Provisioning

• Connector Objects Used During Target Resource Reconciliation

• Connector Objects Used During Provisioning

• Connector Objects Used During Trusted Source Reconciliation

1.1 Certified Components

These are the software components and their versions required for installing and using the BMC Remedy User Management connector.

Table 1-1 lists the certified components for all target systems.

Table 1-1 Certified Components

Item	Requirement
Oracle Identity Governance or Oracle Identity Manager	You can use one of the following releases of Oracle Identity Manager: Oracle Identity Governance release 12c (12.2.1.4.0) Oracle Identity Governance release 12c (12.2.1.3.0) Oracle Identity Manager 11g Release 1 PS1 BP07 (11.1.1.5.7) and any later BP in this release track Oracle Identity Manager 11g Release 2 BP04 (11.1.2.0.4) and any later BP in this release track Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0)
Target system	The target system can be any one of the following: BMC Remedy AR System 7.1 through 9.1 BMC Remedy AR System 9.1.07 Note: The target system does not support SSL communication. Remedy 9.1 target needs JDK 1.8u45 or later.
Connector Server	11.1.2.0.0
Connector Server JDK	JDK 1.6 update 24 or later, or JRockit JDK 1.6 update 17 or later

1.2 Usage Recommendation

These are the recommendations for the connector versions that you can deploy and use depending on the Oracle Identity Manager version that you are using.

• If you are using a release that is earlier than Oracle Identity Manager 11g Release 1 (11.1.1) (for example, Oracle Identity Manager 9.0.1 through 9.0.3.x or release 9.1.0.1), then you must use the 9.0.4.x version of this connector.

• If you are using Oracle Identity Manager 11g Release 1 (11.1.1.5.7) or later, Oracle Identity Manager 11g Release 2 (11.1.2.0.4) or later, or Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0), then use the latest 11.1.1.x version of this connector.

• If you are using BMC Remedy AR System 7.0 as the target system, then you must use the 9.0.4.x version of this connector.

1.3 Certified Languages

These are the languages that the connector supports.

• Arabic

• Chinese (Simplified)

• Chinese (Traditional)

• Czech

• Danish

• Dutch

• English (US)

• Finnish

• French

• German

• Greek

• Hebrew

• Hungarian

• Italian

• Japanese

• Korean

• Norwegian

• Polish

• Portuguese

• Portuguese (Brazilian)

• Romanian

• Russian

• Slovak

• Spanish

• Swedish

• Thai

• Turkish

1.4 Connector Architecture

You can configure the BMC Remedy User Management connector to either run the Identity Reconciliation mode or Account Management mode. This connector is implemented using the Integrated Common Framework (ICF) component.

Figure 1-1 shows the architecture of the connector.

Figure 1-1 Connector Architecture

Description of "Figure 1-1 Connector Architecture"

The BMC Remedy User Management connector is implemented by using the Identity Connector Framework (ICF). The ICF is a component that provides basic reconciliation and provisioning operations that are common to all Oracle Identity Manager connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as connection pooling, buffering, time outs, and filtering. The ICF is shipped along with Oracle Identity Manager. Therefore, you need not configure or modify the ICF.

The primary function of this connector is to create Users in the BMC Remedy IT Service Management (ITSM) application through Oracle Identity Manager. The BMC Remedy ITSM Suite consists of a core system called the Action Request System (AR System). This connector integrates Oracle Identity Manager with the BMC Remedy System (target system) with the help of a Java API that is exposed by the AR System.

The target system can be configured to run in one of the following modes:

• Identity reconciliation

  Identity reconciliation is also known as authoritative or trusted source reconciliation. In this mode, the target system is used as the trusted source and users are directly created and modified on it. During reconciliation from the trusted source, the user management connector fetches data (using scheduled jobs) about these target system users into Oracle Identity Manager. This data is used to create or update the corresponding OIM Users.

• Account Management

  Account management is also known as target resource management. In this mode, the target system is used as a target resource and the connector enables the following operations:

  • Provisioning

    Provisioning involves creating, updating, or deleting users on the target system through Oracle Identity Manager. Users are created during provisioning in the People form of the target system. The connector makes use of the Java API to connect to the Remedy Server, and in turn provision the account.

  • Target resource reconciliation

    During reconciliation, the user management connector fetches data (using scheduled jobs) about users created or modified directly on the target system into Oracle Identity Manager. This data is used to add or modify resources allocated to OIM Users.

    During reconciliation, scheduled tasks retrieve user records from the People form.

For provisioning operations such as Create, Update, and Delete, and reconciliation operations such as Search, Oracle Identity Manager makes SPI calls to ICF, which triggers corresponding operations on the connector bundle. The connector bundle invokes the AR System API to connect to the target system by using information about the BMC Remedy server name, AR System user and password from the IT resource.

During reconciliation, a schedule task is run which calls the SearchOp operation of the connector bundle. Like provisioning, the connector invokes the AR System API to get the list of entries from the respective form (for Users or Lookup) by passing the batching and filter parameters. This result is then passed to Oracle Identity Manager.

1.5 Features of the Connector

The features of the connector include support for full and incremental reconciliation, limited reconciliation, batched reconciliation, transformation and validation of account data and so on.

This connector supports the following features:

• Support for Both Target Resource and Trusted Source Reconciliation

• Full and Incremental Reconciliation

• Limited Reconciliation

• Batched Reconciliation

• Reconciliation of Deleted User Records

• Transformation and Validation of Account Data

• Support for Connector Server

• Connection Pooling

1.5.1 Support for Both Target Resource and Trusted Source Reconciliation

You can use the connector to configure target system as either a target resource or trusted source of Oracle Identity Manager.

See Configuring Reconciliation.

1.5.2 Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, incremental reconciliation is automatically enabled. In incremental reconciliation, user accounts that have been added or modified since the last reconciliation run are fetched into Oracle Identity Manager.

You can perform a full reconciliation run at any time as described in Performing Full Reconciliation.

1.5.3 Limited Reconciliation

You can set a reconciliation filter as the value of the Filter attribute of the user reconciliation scheduled job. This filter specifies the subset of added and modified target system records that must be reconciled.

See Performing Limited Reconciliation.

1.5.4 Batched Reconciliation

You can break down a reconciliation run into batches by specifying the number of records that must be included in each batch.

See Performing Batched Reconciliation.

1.5.5 Reconciliation of Deleted User Records

You can configure the connector for reconciliation of deleted user records. In target resource mode, if a user record is deleted on the target system, then the corresponding BMC user resource is revoked from the OIM User. In trusted source mode, if a user record is deleted on the target system, then the corresponding OIM User is deleted.

See Scheduled Job for Reconciliation of Deleted Users Records for more information about scheduled jobs used for reconciling deleted user records

1.5.6 Transformation and Validation of Account Data

You can configure validation of account data that is brought into or sent from Oracle Identity Manager during reconciliation and provisioning. In addition, you can configure transformation of account data that is brought into Oracle Identity Manager during reconciliation.

The following sections provide more information:

• Configuring Validation of Data During Reconciliation and Provisioning

• Configuring Transformation of Data During Reconciliation

1.5.7 Support for Connector Server

Connector Server is a component provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles. In other words, a connector server enables remote execution of an Oracle Identity Manager connector.

A Java connector server is useful when you do not wish to execute a Java connector bundle in the same VM as your application. It can be beneficial to run a Java connector on a different host for performance improvements.

See Deploying the Connector in a Connector Server.

1.5.8 Connection Pooling

A connection pool is a cache of objects that represent physical connections to the target. Oracle Identity Manager connectors can use these connections to communicate with target systems. At run time, the application requests a connection from the pool. If a connection is available, then the connector uses it and then returns it to the pool. A connection returned to the pool can again be requested for and used by the connector for another operation. By enabling the reuse of connections, the connection pool helps reduce connection creation overheads like network latency, memory allocation, and authentication.

One connection pool is created for each IT resource. For example, if you have three IT resources for three installations of the target system, then three connection pools will be created, one for each target system installation.

See Setting up the Lookup Definition for Connection Pooling.

1.6 Lookup Definitions Used During Reconciliation and Provisioning

Lookup definitions used during reconciliation and provisioning can be divided into the following categories:

• Lookup Definitions Synchronized with the Target System

• Preconfigured Lookup Definitions

1.6.1 Lookup Definitions Synchronized with the Target System

Lookup field synchronization involves copying additions or changes made to the target system lookup fields into the lookup definitions in Oracle Identity Manager.

During a provisioning operation, you use a lookup field on the process form to specify a single value from a set of values. For example, you use the Organizational Unit lookup field to select an organizational unit from the list of organizational units in the lookup field. When you deploy the connector, lookup definitions corresponding to the lookup fields on the target system are created in Oracle Identity Manager.

The following lookup definitions are populated with values fetched from the target system by the scheduled jobs for lookup field synchronization:

• Lookup.BMC.Company

• Lookup.BMC.Department

• Lookup.BMC.Organization

• Lookup.BMC.PrimaryCenterCode

• Lookup.BMC.Region

• Lookup.BMC.Site

• Lookup.BMC.SiteGroup

• Lookup.BMC.SiteID

• Lookup.BMC.SupportGroupID

1.6.2 Preconfigured Lookup Definitions

This section discusses the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

The other lookup definitions are as follows:

• Lookup.BMC.Configuration

• Lookup.BMC.Configuration.Trusted

• Lookup.BMC.UM.Configuration

• Lookup.BMC.UM.Configuration.Trusted

• Lookup.BMC.UM.ProvAttrMap

• Lookup.BMC.UM.ReconAttrMap

• Lookup.BMC.UM.ReconAttrMap.Trusted

• Lookup.BMC.UM.ReconDefaults.Trusted

• Lookup.BMC.ARLicenseType

• Lookup.BMC.ClientType

• Lookup.BMC.SupportStaff

• Lookup.BMC.VIP

• Lookup.BMC.ClientSensitivity

• Lookup.BMC.ProfileStatus

• Lookup.BMC.HourlyRate

1.6.2.1 Lookup.BMC.Configuration

The Lookup.BMC.Configuration lookup definition holds connector configuration entries that are used during target resource reconciliation and provisioning operations.

Table 1-2 lists the default entries in this lookup definition.

Table 1-2 Entries in the Lookup.BMC.Configuration Lookup Definition

Code Key	Decode	Description
Bundle Name	org.identityconnectors.bmc	This entry holds the name of the connector bundle package. Do not modify this entry.
Bundle Version	1.0.1115	This entry holds the version of the connector bundle class. Do not modify this entry.
Connector Name	org.identityconnectors.bmc.BMCConnector	This entry holds the name of the connector class. Do not modify this entry.
defaultBatchSize	1000	This entry holds the number of records that must be included in each batch during batched reconciliation. This entry is used only when the Batch Size attribute of the user reconciliation scheduled jobs is either empty or set to 0. See Performing Batched Reconciliation for more information about the Batch Size attribute.
User Configuration Lookup	Lookup.BMC.UM.Configuration	This entry holds the name of the lookup definition that contains user-specific configuration properties. Do not modify this entry.

1.6.2.2 Lookup.BMC.Configuration.Trusted

The Lookup.BMC.Configuration.Trusted lookup definition holds connector configuration entries that are used during trusted source reconciliation.

Table 1-3 lists the default entries in this lookup definition.

Table 1-3 Entries in the Lookup.BMC.Configuration.Trusted Lookup Definition

Code Key	Decode	Description
Bundle Name	org.identityconnectors.bmc	This entry holds the name of the connector bundle package. Do not modify this entry.
Bundle Version	1.0.1115	This entry holds the version of the connector bundle class. Do not modify this entry.
Connector Name	org.identityconnectors.bmc.BMCConnector	This entry holds the name of the connector class. Do not modify this entry.
defaultBatchSize	1000	This entry holds the number of records that must be included in each batch during batched reconciliation. This entry is used only when the there is no value specified for the Batch Size attribute of the user reconciliation scheduled jobs. See Performing Batched Reconciliation for more information about the Batch Size attribute.
User Configuration Lookup	Lookup.BMC.UM.Configuration.Trusted	This entry holds the name of the lookup definition that contains user-specific configuration properties. Do not modify this entry.

1.6.2.3 Lookup.BMC.UM.Configuration

The Lookup.BMC.UM.Configuration lookup definition holds configuration entries that are specific to the user object type. This lookup definition is used during user management operations when your target system is configured as a target resource.

Table 1-4 lists the default entries in this lookup definition.

Table 1-4 Entries in the Lookup.BMC.UM.Configuration Lookup Definition

Code Key	Decode	Description
Provisioning Attribute Map	Lookup.BMC.UM.ProvAttrMap	This entry holds the name of the lookup definition that maps process form fields and target system attributes. See Lookup.BMC.UM.ProvAttrMap for more information about this lookup definition.
Recon Attribute Map	Lookup.BMC.UM.ReconAttrMap	This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup.BMC.UM.ReconAttrMap for more information about this lookup definition.

1.6.2.4 Lookup.BMC.UM.Configuration.Trusted

The Lookup.BMC.UM.Configuration.Trusted lookup definition holds configuration entries that are specific to the user object type. This lookup definition is used during user management operations when your target system is configured as a trusted source.

Table 1-5 lists the default entries in this lookup definition.

Table 1-5 Entries in the Lookup.BMC.UM.Configuration.Trusted Lookup Definition

Code Key	Decode	Description
Recon Attribute Defaults	Lookup.BMC.UM.ReconDefaults.Trusted	This entry holds the name of the lookup definition that maps reconciliation fields and their default values. See Lookup.BMC.UM.ReconDefaults.Trusted for more information about this lookup definition.
Recon Attribute Map	Lookup.BMC.UM.ReconAttrMap.Trusted	This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup.BMC.UM.ReconAttrMap.Trusted for more information about this lookup definition.

1.6.2.5 Lookup.BMC.UM.ProvAttrMap

The Lookup.BMC.UM.ProvAttrMap lookup definition holds mappings between process form fields and target system attributes. This lookup definitions is used during provisioning. This lookup definition is preconfigured. Table 1-17 lists the default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for provisioning. See Adding New Attributes for Provisioning.

1.6.2.6 Lookup.BMC.UM.ReconAttrMap

The Lookup.BMC.UM.ReconAttrMap lookup definition holds mappings between resource object fields and target system attributes. This lookup definition is used during reconciliation. This lookup definition is preconfigured. Table 1-14 lists the default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for reconciliation. See Adding New Attributes for Target Resource Reconciliation.

1.6.2.7 Lookup.BMC.UM.ReconAttrMap.Trusted

The Lookup.BMC.UM.ReconAttrMap.Trusted lookup definition holds mappings between resource object fields and target system attributes. This lookup definitions is used during trusted source user reconciliation runs. This lookup definition is preconfigured. Table 1-18 lists the default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for reconciliation. See Adding New Attributes for Target Resource Reconciliation.

1.6.2.8 Lookup.BMC.UM.ReconDefaults.Trusted

The Lookup.BMC.UM.ReconDefaults.Trusted lookup definition holds mappings between reconciliation fields and their default values. This lookup definition is used when there is a mandatory field on the OIM User form, but no corresponding field in the target system from which values can be fetched during trusted source reconciliation.

Table 1-6 lists the default entries in this lookup definition.

Table 1-6 Entries in the Lookup.BMC.UM.ReconDefaults.Trusted Lookup Definition

Code Key	Decode
Employee Type	Full-Time
Organization	Xellerate Users
User Type	End-User

You add entries to this lookup definition in the following format, if required:

• Code Key: Name of the reconciliation field of the BMC user resource object

• Decode: Corresponding default value to be displayed

For example, assume a field named Preferred Language is a mandatory field on the OIM User form. Suppose the target system contains no field that stores information about the preferred language of a user account. During reconciliation, no value for the Preferred Language field is fetched from the target system. However, as the Preferred Language field cannot be left empty, you must specify a value for this field. Therefore, create an entry in this lookup definition with the Code Key value set to Preferred Language and Decode value set to English. This implies that the value of the Preferred Language field on the OIM User form displays English for all user accounts reconciled from the target system.

1.6.2.9 Lookup.BMC.ARLicenseType

The Lookup.BMC.ARLicenseType lookup definition maps possible values for the License Type attribute of the target system with the corresponding values to be displayed in the License Type field of the OIM User form.

Table 1-7 lists the default entries in this lookup definition.

Table 1-7 Entries in the Lookup.BMC.ARLicenseType Lookup Definition

Code Key	Decode
0	Read
1	Fixed
2	Floating

1.6.2.10 Lookup.BMC.ClientType

The Lookup.BMC.ClientType lookup definition maps possible values for the Client Type attribute of the target system with the corresponding values to be displayed in the Client Type field of the OIM User form.

Table 1-8 lists the default entries in this lookup definition.

Table 1-8 Entries in the Lookup.BMC.ClientType Lookup Definition

Code Key	Decode
10000	Vendor
2000	Office-Based Employee
3000	Field-Based Employee
4000	Home-Based Employee
5000	Contractor
7000	Customer
8000	Prospect

1.6.2.11 Lookup.BMC.SupportStaff

The Lookup.BMC.SupportStaff lookup definition maps possible values for the Support Staff attribute of the target system with the corresponding values to be displayed in the Support Staff field of the OIM User form.

Table 1-9 lists the default entries in this lookup definition.

Table 1-9 Entries in the Lookup.BMC.SupportStaff Lookup Definition

Code Key	Decode
0	Yes
1	No

1.6.2.12 Lookup.BMC.VIP

The Lookup.BMC.VIP lookup definition maps possible values for the VIP attribute of the target system with the corresponding values to be displayed in the VIP field of the OIM User form.

Table 1-10 lists the default entries in this lookup definition.

Table 1-10 Entries in the Lookup.BMC.VIP Lookup Definition

Code Key	Decode
0	Yes
1	No

1.6.2.13 Lookup.BMC.ClientSensitivity

The Lookup.BMC.ClientSensitivity lookup definition maps possible values for the Client Sensitivity attribute of the target system with the corresponding values to be displayed in the Client Sensitivity field of the OIM User form.

Table 1-11 lists the default entries in this lookup definition.

Table 1-11 Entries in the Lookup.BMC.ClientSensitivity Lookup Definition

Code Key	Decode
0	Sensitive
1	Standard

1.6.2.14 Lookup.BMC.ProfileStatus

The Lookup.BMC.ProfileStatus lookup definition maps possible values for the Profile Status attribute of the target system with the corresponding values to be displayed in the Profile Status field of the OIM User form.

Table 1-12 lists the default entries in this lookup definition.

Table 1-12 Entries in the Lookup.BMC.ProfileStatus Lookup Definition

Code Key	Decode
0	Proposed
1	Enabled
2	Offline
3	Obsolete
4	Archive
5	Delete

1.6.2.15 Lookup.BMC.HourlyRate

The Lookup.BMC.HourlyRate lookup definition maps possible values for the Hourly Rate attribute of the target system with the corresponding values to be displayed in the Hourly Rate Currency field of the OIM User form.

The following is the format of the Code Key and Decode values in this lookup definition:

• Code: Currency code

• Decode: Corresponding value to be displayed on the OIM User form

Table 1-13 lists the default entries in this lookup definition.

Note:

The entries listed in this lookup definition are entries for predefined currency codes available in the target system during installation. If the currency code list in the target system has been modified, then you must make the same changes to the entries in this lookup definition.

Table 1-13 Entries in the Lookup.BMC.HourlyRate Lookup Definition

Code Key	Decode
EUR	EUR - Euro
GBP	GBP -UK Pound Sterling
JPY	JPY - Japanese Yen
USD	USD -United States Dollar

1.7 Connector Objects Used During Target Resource Reconciliation

Target resource reconciliation involves fetching data about newly created or modified accounts on the target system and using this data to add or modify resources assigned to OIM Users.

The BMC User Target Reconciliation scheduled job is used to initiate a target resource reconciliation run. This scheduled job is discussed in Scheduled Jobs for Reconciliation of User Records.

See Also:

Managing Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for conceptual information about reconciliation

The following sections provide information about connector objects used during target resource reconciliation:

• User Fields for Target Resource Reconciliation

• Reconciliation Rule for Target Resource Reconciliation

• Reconciliation Action Rules for Target Resource Reconciliation

1.7.1 User Fields for Target Resource Reconciliation

The Lookup.BMC.UM.ReconAttrMap lookup definition maps resource object fields and target system attributes. This lookup definition is used for performing target resource user reconciliation runs.

In this lookup definition, entries are in the following format:

• Code Key: Reconciliation field of the resource object

• Decode: Name or ID of the target system attribute.

Table 1-14 provides information about user attribute mappings for target resource reconciliation.

Table 1-14 User Attributes for Target Resource Reconciliation

Resource Object Field	Target System Field
ARLicenseType	109
AssignmentAvailability	1000000346
ClientSensitivity	1000000027
ClientType	1000000022
Company[LOOKUP]	1000000001
Department[LOOKUP]	200000006
EmailAddress	1000000048
FirstName	1000000019
HourlyRateCurrency	hourlyRateCurrency
HourlyRateValue	hourlyRateValue
LastName	1000000018
LoginName	__NAME__
Organization[LOOKUP]	1000000010
PersonID	__UID__
PhoneNumber	1000000056
PrimaryCenterCode[LOOKUP]	300469300
ProfileStatus	7
Region[LOOKUP]	200000012
Site[LOOKUP]	260000001
SiteGroup[LOOKUP]	200000007
SiteID[LOOKUP]	1000000074
SupportGroup~SupportGroupID[LOOKUP]	supportGroup
SupportStaff	1000000025
Vip	1000000026

1.7.2 Reconciliation Rule for Target Resource Reconciliation

Learn about the reconciliation rule for this connector and how to view it.

• Target Resource Reconciliation Rule

• Viewing Target Resource Reconciliation Rules

1.7.2.1 Target Resource Reconciliation Rule

The following is the process-matching rule for this connector:

Rule name: BMC User Recon Rule

Rule element: User Login Equals LoginName

In this rule:

• User Login is the User ID attribute on the OIM User form.

• LoginName is the Login ID field of BMC.

See Also:

Reconciliation Metadata in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for generic information about reconciliation matching and action rules

1.7.2.2 Viewing Target Resource Reconciliation Rules

You can view the reconciliation rule for target resource reconciliation by performing the following steps after you deploy the connector:

1. Log in to the Oracle Identity Manager Design Console.
2. Expand Development Tools.
3. Double-click Reconciliation Rules.
4. Search for BMC User Recon Rule. Figure 1-2 shows the reconciliation rule for target resource reconciliation.

   Figure 1-2 Reconciliation Rule for Target Resource Reconciliation

   
   Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation"

1.7.3 Reconciliation Action Rules for Target Resource Reconciliation

Learn about the reconciliation action rules for this connector and how to view them.

• Target Resource Reconciliation Action Rules

• Viewing Target Resource Reconciliation Action Rules

1.7.3.1 Target Resource Reconciliation Action Rules

Table 1-15 lists the action rules for target resource reconciliation.

Table 1-15 Action Rules for Target Resource Reconciliation

Rule Condition	Action
No Matches Found	Assign To Administrator With Least Load
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. For information about modifying or creating reconciliation action rules, see Defining Reconciliation Rules in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

1.7.3.2 Viewing Target Resource Reconciliation Action Rules

You can view the reconciliation action rules for target resource reconciliation by performing the following steps, after you deploy the connector:

1. Log in to the Oracle Identity Manager Design Console.
2. Expand Resource Management.
3. Double-click Resource Objects.
4. Search for and open the BMCRO resource object.
5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rule for target resource reconciliation.

   Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation

   
   Description of "Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation"

1.8 Connector Objects Used During Provisioning

Provisioning involves creating or modifying user data on the target system through Oracle Identity Manager.

This section discusses the following topics:

• Provisioning Functions

• User Fields for Provisioning

1.8.1 Provisioning Functions

Table 1-16 lists the provisioning functions that are supported by the connector. The Adapter column gives the name of the adapter that is used when the function is performed.

Table 1-16 Provisioning Functions

Function	Adapter
Create User	CreateBMCUser
Delete User	DeleteBMCUser
Update User	UpdateBMCUser
Reset User Password	UpdateBMCUser
Add Support Group	BMCAddGroup
Delete Support Group	RemoveBMCSupportGroup
Update Support Group	BMCUpdateSupportGroup

1.8.2 User Fields for Provisioning

The Lookup.BMC.UM.ProvAttrMap lookup definition maps process form fields with target system attributes. This lookup definition is used for performing user provisioning operations.

Note:

The HourlyRateCurrency and HourlyRateValue fields on the OIM User process form have default values which are same as the values in the target system. During a Create User provisioning operation, you can modify the values for these fields. If the value in these fields are cleared and no new values are provided, then the default values will be honored while creating a new user on the target system. Note that you can clear the value in these fields only during an update provisioning operation.

Table 1-17 lists the user identity fields of the target system for which you can specify or modify values during provisioning operations.

Table 1-17 Entries in the Lookup.BMC.UM.ProvAttrMap Lookup Definition

Process Form Field	Target System Field
ARLicenseType	109
BusinessPhone	1000000056
ClientSensitivity	1000000027
ClientType	1000000022
Company[LOOKUP]	1000000001
Department[LOOKUP]	200000006
Email	1000000048
FirstName	1000000019
HourlyRateCurrency[IGNORE]	IGNORE
HourlyRateValue	240000040=(HourlyRateValue !=null && HourlyRateCurrency != null) ?(HourlyRateValue+" "+HourlyRateCurrency):null
LastName	1000000018
LoginName	__NAME__
Organization[LOOKUP]	1000000010
Password	__PASSWORD__
PersonID	__UID__
PrimaryCenterCode[LOOKUP]	300469300
ProfileStatus	7
Region[LOOKUP]	200000012
Site[LOOKUP]	260000001
SiteGroup[LOOKUP]	200000007
SiteID[LOOKUP]	1000000074
SupportStaff	1000000025
UD_BMC_GRP~SupportGroupID[LOOKUP]	1000000079
VIP	1000000026

1.9 Connector Objects Used During Trusted Source Reconciliation

Trusted source reconciliation involves fetching data about newly created or modified accounts on the target system and using that data to create or update OIM Users.

See Also:

Trusted Source Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for conceptual information about trusted source reconciliation

The following sections provide information about connector objects used during trusted source reconciliation:

• User Fields for Trusted Source Reconciliation

• Reconciliation Rule for Trusted Source Reconciliation

• Reconciliation Action Rules for Trusted Source Reconciliation

1.9.1 User Fields for Trusted Source Reconciliation

The Lookup.BMC.UM.ReconAttrMap.Trusted lookup definition maps user fields of the OIM User form with corresponding field names in the target system. This lookup definition is used for performing trusted source reconciliation runs.

Table 1-18 lists user attributes for trusted source reconciliation.

Table 1-18 Entries in the Lookup.BMC.UM.ReconAttrMap.Trusted Lookup Definition

OIM User Form Field	Target System Field
Last Name	1000000018
User ID	__NAME__

1.9.2 Reconciliation Rule for Trusted Source Reconciliation

Learn about the reconciliation rule for trusted source reconciliation and how to view it.

• Trusted Source Reconciliation Rule

• Viewing Trusted Source Reconciliation Rule

1.9.2.1 Trusted Source Reconciliation Rule

See Also:

Managing Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for generic information about reconciliation matching and action rules

The following is the process matching rule:

Rule name: BMC User Trusted Recon Rule

Rule element: User Login Equals User ID

In this rule element:

• User Login is the User ID field on the OIM User form.

• User ID is the Login ID field of BMC.

1.9.2.2 Viewing Trusted Source Reconciliation Rule

You can view the reconciliation rule for trusted source reconciliation by performing the following steps after you deploy the connector:

1. Log in to the Oracle Identity Manager Design Console.
2. Expand Development Tools.
3. Double-click Reconciliation Rules.
4. Search for BMC User Trusted Recon Rule. Figure 1-4 shows the reconciliation rule for trusted source reconciliation.

   Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation

   
   Description of "Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation"

1.9.3 Reconciliation Action Rules for Trusted Source Reconciliation

Learn about the reconciliation action rules for trusted source reconciliation and how to view them.

• Trusted Source Reconciliation Action Rules

• Viewing Trusted Source Reconciliation Action Rules

1.9.3.1 Trusted Source Reconciliation Action Rules

Table 1-19 lists the action rules for target resource reconciliation.

Table 1-19 Action Rules for Trusted Source Reconciliation

Rule Condition	Action
No Matches Found	Create User
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Defining Reconciliation Rules in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about modifying or creating reconciliation action rules.

1.9.3.2 Viewing Trusted Source Reconciliation Action Rules

You can view the reconciliation action rules for trusted source reconciliation by performing the following steps after you deploy the connector:

1. Log in to the Oracle Identity Manager Design Console.
2. Expand Resource Management.
3. Double-click Resource Objects.
4. Search for and open the BMCRO Trusted resource object.
5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rules for trusted source reconciliation.

   Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation

   
   Description of "Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation"