3 Using the Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

The following topics discuss information related to using the connector for performing reconciliation and provisioning operations:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

3.1 Performing First-Time Reconciliation

First-time reconciliation involves synchronizing lookup definitions in Oracle Identity Manager with the lookup fields of the flat file, and performing full reconciliation. In full reconciliation, all existing user records from the flat file are brought into Oracle Identity Manager.

The following is the sequence of steps involved in reconciling all existing user records:

Perform lookup fields and entitlements synchronization by running the scheduled jobs provided for this operation.

See Scheduled Jobs for Lookup Field and Entitlement Synchronization for information about the attributes of the scheduled jobs for lookup field synchronization.

See Configuring Scheduled Jobs for information about running scheduled jobs.
Perform user reconciliation by running the scheduled jobs for user reconciliation.

See Attributes of the Scheduled Jobs for information about the attributes of this scheduled task.

See Configuring Scheduled Jobs for information about running scheduled jobs.

3.2 Scheduled Jobs for Lookup Field and Entitlement Synchronization

The Flat File Entitlements Loader scheduled job is a specialized lookup field synchronization job which reconciles both lookup values and entitlements from a flat file.

In addition to reconciling the lookups from a flat file, this scheduled job also adds the entitlements for lookups that are associated with an Entitlement, and synchronizes the catalog with the entitlements automatically. The Flat File Entitlements Loader scheduled job also supports full and incremental reconciliation of lookup values and entitlements.

If you have configured your flat file as a target resource or disconnected resource by using the metadata generation utility, then the following scheduled jobs are created:

IT_RES_NAME FIELD_NAME Loader

This scheduled job is used to load lookup values from the flat file.

For every attribute specified in the lookupAttributeList entry of the FlatFileConfiguration.groovy file, a corresponding scheduled job for loading or reconciling lookup values from the flat file is created. This is illustrated by the following example:

Suppose the value of the itResourceDefName entry is ACME. If the value of the lookupAttributeList entry is ['Roles', 'Groups'], then the connector creates the following scheduled jobs:
- ACME Roles Loader
- ACME Groups Loader
These scheduled jobs are used to load lookup values corresponding to roles and groups from the flat file into Oracle Identity Manager.
IT_RES FIELD_NAME Entitlement Loader

This scheduled job adds the entitlements for lookups and synchronizes the catalog with the entitlements automatically.

For every attribute specified in the entitlementAttributeList entry of the FlatFileConfiguration.groovy file, a corresponding scheduled job for synchronizing the entitlement that is created with the catalog is created. This is illustrated by the following example:

Suppose the value of the itResourceDefName entry is ACME. If the value of the entitlementAttributeList entry is ["Roles.RoleID", "Groups.GroupName"], then the connector creates the following scheduled jobs:
- ACME RoleID Entitlement Loader
- ACME GroupName Entitlement Loader
These scheduled jobs are used to synchronize the entitlements RoleID and GroupName with the catalog.

To perform lookup fields and entitlement synchronization, you must specify values for the attributes of this scheduled job. The attributes for the Flat File Entitlements Loader, IT_RES FIELD_NAME Loader, and IT_RES FIELD_NAME Entitlement Loader scheduled jobs are the same. Table 3-1 describes the attributes of all the three scheduled jobs. Configuring Scheduled Jobs describes the procedure to configure scheduled jobs.

Table 3-1 Attributes of the Scheduled Jobs for Lookup Fields and Entitlement Synchronization

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location Note: The OIM administrator must have read and write permissions on this directory.
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the Flat File IT Resource.
Is Entitlement	Enter `True` if the lookup definition is linked to an Entitlement field (for example, Roles). Enter `False` if the lookup name in the flat file is a plain lookup field (for example, Languages). This flag will decide if the ENT_LIST and Catalog should be updated with the lookup values.
Mapping Lookup Name	Name of the lookup definition that holds mapping of enterprise target system attribute names in the flat file and the Code Key and Decode columns of the lookup. See Lookup.FlatFile.EntFieldMap for more information about this lookup definition.
Mode	Enter `Full` if you want to clear the existing entries in the lookup definition and add new entries. Enter `Incremental` if you want to append the values to the existing lookup definition. Note: If the value is already present, this entire lookup entry will be replaced.
Target Application Instance Name	Target Application Instance Name to which the data is to be loaded.
Target Lookup Name	Lookup definition name into which the values returned by the connector are loaded. Sample value: `Lookup.ACME.Languages`

Figure 3-1 shows the Job Details page of the Flat File Entitlements Loader scheduled job.

Figure 3-1 Job Details Page of the Flat File Entitlements Loader Scheduled Job

Description of "Figure 3-1 Job Details Page of the Flat File Entitlements Loader Scheduled Job"

3.3 Configuring Reconciliation

Reconciliation involves replicating in Oracle Identity Manager the creation of and modifications to user accounts in the flat file.

This section provides information about the following topics related to configuring reconciliation:

3.3.1 Reconciliation Scheduled Jobs

When you run the Connector Installer, the scheduled jobs for reconciliation of user records and accounts are created.

Depending on whether you have installed only the ready-to-use Flat File connector that is shipped with the connector installation media, or created the connector using the metadata generation utility, a set of scheduled jobs are created.

If you have installed only the ready-to-use Flat File connector, then the following scheduled jobs are created:

Flat File User Loader
Flat File Users Diff Sync Reconciliation
Flat File Users Delete Reconciliation
Flat File Users Delete Sync Reconciliation
Flat File Accounts Loader
Flat File Accounts Diff Sync Reconciliation
Flat File Accounts Delete Reconciliation
Flat File Accounts Delete Sync Reconciliation

If you have created the Flat File connector using the metadata generation utility, then depending on whether you have configured the flat file as a trusted source, target resource, or disconnected resource, the following scheduled jobs are created, in addition to the scheduled jobs listed earlier:

For trusted source configuration:
- IT_RES_NAME Flat File User Loaders
- IT_RES_NAME Flat File Users Delete Diff Reconciliation
- IT_RES_NAME Flat File Users Delete Reconciliation
- IT_RES_NAME Flat File Users Delete Sync Reconciliation
For target resource and disconnected resource configuration:
- IT_RES_NAME Flat File Accounts Loader
- IT_RES_NAME Flat File Accounts Delete Diff Reconciliation
- IT_RES_NAME Flat File Accounts Delete Reconciliation
- IT_RES_NAME Flat File Accounts Delete Sync Reconciliation

In these scheduled job names, IT_RES_NAME is replaced with the value of the itResourceDefName entry in the FlatFileConfiguration.groovy file. For example, while configuring the FlatFileConfiguration.groovy file, if you have set the value of the itResourceDefName entry to ACME, then the scheduled jobs are created with names such as ACME Flat File User Loaders, ACME Flat File Users Delete Reconciliation, ACME Flat File Account Delete Diff Reconciliation and so on.

It is recommended that you use the scheduled jobs prefixed with IT_RES_NAME, if you have created the connector using the metadata generation utility. While configuring a scheduled job, except for the attribute related to the flat file location, the connector automatically populates values for all other attributes.

The following scheduled jobs are used to retrieve data directly from your enterprise application. These scheduled jobs are created in addition to all the scheduled jobs listed earlier, when you use metadata generation utility:

For trusted source configuration
- IT_RES_NAME Trusted Incremental User Reconciliation
- IT_RES_NAME Trusted Resource User Delete Reconciliation
- IT_RES_NAME Trusted Resource User Reconciliation
For target resource configuration
- IT_RES_NAME Target Incremental User Reconciliation
- IT_RES_NAME Target Resource User Delete Reconciliation
- IT_RES_NAME Target Resource User Reconciliation

In order to use these scheduled jobs, you must implement the ICF-based bundle JAR that can handle Search and Sync operations.

3.3.2 Attributes of the Scheduled Jobs

Learn about the attributes of the scheduled jobs for reconciliation of user records and accounts.

3.3.2.1 Scheduled Jobs for Reconciliation of User Records

Use the scheduled jobs described in this section if you have configured the enterprise target system as a trusted source.

3.3.2.1.1 Flat File Users Loader and IT_RES_NAME Flat File Users Loader

The Flat File Users Loader or IT_RES_NAME Flat File Users Loader scheduled job is used for reconciling users from a flat file and creating corresponding users in Oracle Identity Manager.

Table 3-2 lists the attributes of both these schedule jobs.

Table 3-2 Attributes of the Flat File Users Loader and IT_RES_NAME Flat File Users Loader Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIM administrator must have read and write permissions on this directory.
Filter	Expression for filtering records that must be reconciled by the scheduled job. Sample value: `startsWith('email','john')` Default value: None See Limited Reconciliation for the syntax of this expression.
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Default value: For the Flat File Users Loader scheduled job : `Flat File Users` For IT_RES_NAME Flat File Users Loader scheduled job: `IT_RES_NAME`
Incremental Recon Attribute	Enter the name of the flat file column that holds the time stamp at which the record was last modified. The value in this attribute is used during incremental reconciliation to determine the newest or latest record reconciled from the flat file. Sample value: `ModifiedDate` Default value: None
Latest Token	This attribute holds the value of the column specified as the value of the Incremental Recon Attribute. Note: The reconciliation engine automatically enters a value for this attribute after execution. It is recommended that you do not change the value of this attribute. If you manually specify a value for this attribute, then only user accounts that have been modified after the time stamp specified as the value of this attribute are reconciled. If you want to perform a full reconciliation, clear the value in this field. Default value: None
Scheduled Task Name	This attribute holds the name of the scheduled task. Default value: For the Flat File Users Loader scheduled job: `Flat File Users Loader` For the IT_RES_NAME Flat File Users Loader scheduled job: `IT_RES_NAME` `Flat File Users Loader`
Target IT Resource Name	Name of the IT Resource with which the users are associated. Sample value: `ACME`
Target Resource Object Name	The name of the resource object with which the returned users are associated. Sample value: `ACME User Trusted`

Figure 3-2 shows the Job Details page of the Flat File Users Loader scheduled job.

Figure 3-2 Job Details Page of the Flat File Users Loader Scheduled Job

Description of "Figure 3-2 Job Details Page of the Flat File Users Loader Scheduled Job"

3.3.2.1.2 Flat File Users Diff Sync Reconciliation and IT_RES_NAME Flat File Users Delete Diff Reconciliation

The Flat File Users Diff Sync Reconciliation or IT_RES_NAME Flat File Users Delete Diff Reconciliation scheduled job is used for performing diff-based reconciliation.

Note:

These scheduled jobs only support the reconciliation of deleted users. Users that were added or modified cannot be reconciled using these scheduled jobs.

These scheduled jobs compare the two flat files and return the deleted users alone. It is used to detect deleted users from flat files for enterprise target systems that do not support the export of only the deleted users. The following are the two flat file directories that are the input for these scheduled jobs:

Previous Flat File directory

This is the flat file containing all the users before delete.
Current Flat File directory

This is the flat file that is exported from the enterprise target system after users have been deleted in the enterprise target system.

While running these scheduled jobs, the connector will detect the users that are missing in the current flat file by comparing them with the users in the previous flat file, and will generate delete reconciliation events only for the missing users.

Table 3-3 lists the attributes of both these schedule jobs.

Table 3-3 Attributes of the Flat File Users Diff Sync Reconciliation and IT_RES_NAME Flat File Users Delete Diff Reconciliation Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location.
Current Flat File directory	The flat file directory which contains the current records from the enterprise target system. Default value: None
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Sample value: `Flat File Users`
Previous Flat File directory	The flat file directory which contains the records from the enterprise target system that were present previously. Default value: None
Scheduled Task Name	This attribute holds the name of the scheduled task. Default value: For the Flat File Users Diff Sync Reconciliation scheduled job: `Flat File Users Diff Sync Reconciliation` For the IT_RES_NAME Flat File Users Delete Diff Reconciliation scheduled job: `IT_RES_NAME` `Flat File Users Delete Diff Reconciliation`
Sync Token	If you are using this schedule job for the first time, do not specify a value for this attribute. For subsequent runs, the reconciliation engine automatically enters a value for this attribute. Sample value: `<String>123454502019<String>`
Target IT Resource Name	IT Resource with which the users are associated. Sample value: `ACME`
Target Resource Object Name	The name of the Resource Object with which the returned users are associated. Sample value: `ACME User Trusted`

3.3.2.1.3 Flat File Users Delete Reconciliation and IT_RES_NAME Flat File Users Delete Reconciliation

The Flat File Users Delete Reconciliation or IT_RES_NAME Flat File Users Delete Reconciliation scheduled job is used to reconcile data about deleted users in the trusted source (identity management) mode of the connector. During a reconciliation run, for each user account deleted from the enterprise target system, the corresponding OIM User is deleted.

Use these scheduled job if you cannot export flat files containing only a list of deleted users, but can periodically export flat files containing all users in the enterprise target system.

Note:

This process is resource consuming as Oracle Identity Manager has to verify all the records from the flat file and compare it with existing records to identify if each record has been deleted or not.

Table 3-4 lists the attributes of both these schedule jobs.

Table 3-4 Attributes of the Flat File Users Delete Reconciliation and IT_RES_NAME Flat File Users Delete Reconciliation Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIM administrator must have read and write permissions on this directory.
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Default value: For the Flat File Users Delete Reconciliation scheduled job: `Flat File Users` For the IT_RES_NAME Flat File Users Delete Reconciliation scheduled job: `IT_RES_NAME`
Target IT Resource Name	IT Resource with which the users are associated. Sample value: `ACME`
Target Resource Object Name	The name of the Resource Object with which the returned users are associated. Sample value: `ACME User Trusted`

3.3.2.1.4 Flat File Users Delete Sync Reconciliation and IT_RES_NAME Flat File Users Delete Sync Reconciliation

The Flat File Users Delete Sync Reconciliation or IT_RES_NAME Flat File Users Delete Sync Reconciliation scheduled job is used to perform a delete reconciliation run.

If you want to perform a filtered delete reconciliation run based on any field in the flat file, then specify a value for the following attributes of the scheduled job:

Delete Attribute
Delete Attribute Value

If you do not specify a value for the preceding attributes, then all the records in the flat file are considered as deleted records.

Table 3-5 lists the attributes of both these schedule jobs.

Table 3-5 Attributes of the Flat File Users Delete Sync Reconciliation and IT_RES_NAME Flat File Users Delete Sync Reconciliation Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIM administrator must have read and write permissions on this directory.
Delete Attribute	Enter the name of the column in the flat file that represents whether a user is deleted or not. Enter a value for this attribute if you want to perform filtered delete reconciliation. Default value: None Sample value: `isDeleted`
Delete Attribute Value	Enter the value that is mentioned in the column, which specifies whether a user has been deleted. This column is the value that you specified as the value of the Delete Attribute attribute. Sample value: `Yes`
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Sample value: `Flat File Users`
Scheduled Task Name	This attribute holds the name of the scheduled task. Default value: For the Flat File Users Delete Sync Reconciliation scheduled job: `Flat File Users Delete Sync Reconciliation` For the IT_RES_NAME Flat File Users Delete Sync Reconciliation scheduled job: `IT_RES_NAME` `Flat File Users Delete Sync Reconciliation`
Sync Token	If you are using this schedule job for the first time, do not specify a value for this attribute. For subsequent runs, the reconciliation engine automatically enters a value for this attribute. Sample value: `<String>123454502019<String>`
Target IT Resource Name	IT Resource with which the users are associated. Sample value: `ACME`
Target Resource Object Name	The name of the Resource Object with which the returned users are associated. Sample value: `ACME User Trusted`

3.3.2.2 Scheduled Jobs for Reconciliation of Accounts

Use the scheduled jobs described in this section if you have configured the enterprise target system as a target resource.

3.3.2.2.1 Flat File Accounts Loader and IT_RES_NAME Flat File Accounts Loader

The Flat File Accounts Loader or IT_RES_NAME Flat File Accounts Loader scheduled job is used for reconciling accounts from a flat file and creating corresponding accounts in Oracle Identity Manager.

Table 3-6 lists the attributes of both these schedule jobs.

Table 3-6 Attributes of the Flat File Accounts Loader and IT_RES_NAME Flat File Accounts Loader Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIM administrator must have read and write permissions on this directory.
Filter	Expression for filtering records that must be reconciled by the scheduled job. Sample value: `startsWith('email','john')` Default value: None See Limited Reconciliation for the syntax of this expression.
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Default value: For the Flat File Accounts Loader scheduled job: `Flat File Accounts` For the IT_RES_NAME Flat File Accounts Loader scheduled job: `IT_RES_NAME`
Incremental Recon Attribute	Enter the name of the flat file column that holds the time stamp at which the record was last modified. The value in this attribute is used during incremental reconciliation to determine the newest or latest record reconciled from the flat file. Sample value: `LastUpdated` Default value: None
Latest Token	This attribute holds the value of the Incremental Recon Attribute. Note: The reconciliation engine automatically enters a value for this attribute after execution. It is recommended that you do not change the value of this attribute. If you manually specify a value for this attribute, then only user accounts that have been modified after the time stamp specified as the value of this attribute are reconciled. If you want to perform a full reconciliation, clear the value in this field. Default value: None
Scheduled Task Name	This attribute holds the name of the scheduled task. Default value: For the Flat File Accounts Loader scheduled job: `Flat File Accounts Loader` For the IT_RES_NAME Flat File Accounts Loader scheduled job: `IT_RES_NAME` `Flat File Accounts Loader`
Target Application Instance Name	Target Application Instance Name to which the data is to be loaded. Sample value: `ACMEApp`

3.3.2.2.2 Flat File Accounts Diff Sync Reconciliation and IT_RES_NAME Flat File Accounts Delete Diff Reconciliation

The Flat File Accounts Diff Sync Reconciliation or IT_RES_NAME Flat File Accounts Delete Diff Reconciliation scheduled job is used for performing diff-based reconciliation.

Note:

These scheduled jobs only support the reconciliation of deleted accounts. Accounts that were added or modified cannot be reconciled using these scheduled jobs.

These scheduled jobs compare the two flat files and return the deleted accounts alone. They are used to detect deleted accounts from flat files for enterprise target systems that do not support the export of only the deleted accounts. The following are the two flat file directories that are the input for these scheduled jobs:

Previous Flat File directory

This is the flat file containing all the accounts before delete.
Current Flat File directory

This is the flat file that is exported from the enterprise target system after accounts have been deleted in the enterprise target system.

While running these scheduled jobs, the connector will detect the accounts that are missing in the current flat file by comparing them with the accounts in the previous flat file, and will generate delete reconciliation events only for the missing accounts.

Table 3-7 lists the attributes of both these schedule jobs.

Table 3-7 Attributes of the Flat File Accounts Diff Sync Reconciliation and IT_RES_NAME Flat File Accounts Delete Diff Reconciliation Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location.
Filter	Expression for filtering records that must be reconciled by the scheduled job. Sample value: `startsWith('email','john')` Default value: None See Limited Reconciliation for the syntax of this expression.
Current Flat File directory	The flat file directory which contains the current records from the enterprise target system. Default value: None
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Default value: None
Previous Flat File directory	The flat file directory which contains the records from the enterprise target system that were present previously. Default value: None
Scheduled Task Name	This attribute holds the name of the scheduled task. Default value: For the Flat File Accounts Diff Sync Reconciliation scheduled job: `Flat File Accounts Diff Sync Reconciliation` For the IT_RES_NAME Flat File Accounts Delete Diff Reconciliation scheduled job: `IT_RES_NAME` `Flat File Accounts Delete Diff Reconciliation`
Sync Token	If you are using this schedule job for the first time, do not specify a value for this attribute. For subsequent runs, the reconciliation engine automatically enters a value for this attribute. Sample value: `<String>123454502019<String>`
Target Application Instance Name	Target Application Instance Name to which the data is to be loaded. Sample value: `ACMEApp`

3.3.2.2.3 Flat File Accounts Delete Reconciliation and IT_RES_NAME Flat File Accounts Delete Reconciliation

The Flat File Accounts Delete Reconciliation or IT_RES_NAME Flat File Accounts Delete Reconciliation scheduled job is used to reconcile data about deleted accounts in the target resource (account management) mode of the connector. During a reconciliation run, for each account deleted on the enterprise target system, the corresponding OIM account is deleted.

Use these schedule jobs if you cannot export flat files containing only a list of deleted accounts, but can periodically export flat files containing all accounts in the enterprise target system.

Note:

This process is resource consuming as Oracle Identity Manager has to verify all the records from the flat file and compare it with existing records to identify if each record has been deleted or not.

Table 3-8 lists the attributes of both these schedule jobs.

Table 3-8 Attributes of the Flat File Accounts Delete Reconciliation and IT_RES_NAME Flat File Accounts Delete Reconciliation Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archive" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIM administrator must have read and write permissions on this directory.
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Default value: For the Flat File Accounts Delete Reconciliation scheduled job: `Flat File Accounts` For the IT_RES_NAME Flat File Accounts Delete Reconciliation scheduled job: `IT_RES_NAME`
Target Application Instance Name	Target Application Instance Name to which the data is to be loaded. Sample value: `ACMEApp`

3.3.2.2.4 Flat File Accounts Delete Sync Reconciliation and IT_RES_NAME Flat File Accounts Delete Sync Reconciliation

The Flat File Accounts Delete Sync Reconciliation or IT_RES_NAME Flat File Accounts Delete Sync Reconciliation scheduled job is used to perform a delete reconciliation run.

If you want to perform a filtered delete reconciliation run based on any field in the flat file, then specify a value for the following attributes of the scheduled job:

Delete Attribute
Delete Attribute Value

If you do not specify a value for the preceding attributes, then all the records in the flat file are considered as deleted records.

Table 3-9 lists the attributes of both these schedule jobs.

Table 3-9 Attributes of the Flat File Accounts Delete Sync Reconciliation and IT_RES_NAME Flat File Accounts Delete Sync Reconciliation Scheduled Jobs

Attribute	Description
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIM administrator must have read and write permissions on this directory.
Delete Attribute	Enter the name of the column in the flat file that represents whether an account is deleted or not. Enter a value for this attribute if you want to perform filtered delete reconciliation. Default value: None Sample value: `isDeleted`
Delete Attribute Value	Enter the value that is mentioned in the column, which specifies whether an account has been deleted. This column is the value that you specified as the value of the Delete Attribute attribute. Sample value: `Yes`
Flat File directory	Name and complete path to the directory containing flat files to be parsed. Default value: None Note: The OIM administrator must have read and write permissions on this directory.
Flat File IT Resource Name	The name of the IT resource instance that the connector must use to reconcile user data. Default value: For the Flat File Accounts Delete Sync Reconciliation scheduled job: `Flat File Accounts` For the IT_RES_NAME Flat File Accounts Delete Sync Reconciliation: `IT_RES_NAME`
Scheduled Task Name	This attribute holds the name of the scheduled task. Default value: For the Flat File Accounts Delete Sync Reconciliation scheduled job: `Flat File Accounts Delete Sync Reconciliation` For the IT_RES_NAME Flat File Accounts Delete Sync Reconciliation scheduled job: `IT_RES_NAME` `Flat File Accounts Delete Sync Reconciliation`
Sync Token	If you are using this schedule job for the first time, do not specify a value for this attribute. For subsequent runs, the reconciliation engine automatically enters a value for this attribute. Sample value: `<String>123454502019<String>`
Target Application Instance Name	Target Application Instance Name to which the data is to be loaded. Sample value: `ACMEApp`

3.3.3 Performing Full and Incremental Reconciliation

The connector supports full as well as incremental reconciliation of users, accounts, and entitlements.

For users and accounts, any newly added file will be considered as a source for incremental data.
For deleted users and accounts, if the enterprise target system does not support exporting only the deleted users, then you may use a diff-based approach to reconcile the deleted records into Oracle Identity Manager.
For entitlements reconciliation, the scheduled job for loading entitlements can be run in an incremental or full mode. See Scheduled Jobs for Lookup Field and Entitlement Synchronization for more information about the scheduled jobs available for entitlement loading and the attributes.

Full reconciliation involves reconciling all existing user records or accounts from the flat file into Oracle Identity Manager. Incremental reconciliation involves reconciling only user records or accounts that are added or modified after the time-stamp stored in the Latest Token attribute of the scheduled job.

After you deploy the connector, you must first perform full reconciliation. In addition, you can switch from incremental reconciliation to full reconciliation whenever you want to ensure that all enterprise target system records are reconciled in Oracle Identity Manager.

To perform a full reconciliation run, ensure that no values are specified for the Latest Token, Incremental Recon Attribute, and Filter attributes of the scheduled jobs for Users Loader or Accounts Loader for reconciling user records or accounts respectively.

At the end of the reconciliation run, the Latest Token attribute of the scheduled job for user record or account reconciliation is automatically set to the most recent value obtained from the attribute (for incremental recon) of the flat file. This happens only if you have configured the connector for incremental reconciliation as discussed in Configuring the Connector for Incremental Reconciliation. From the next reconciliation run onward, only records created or modified after this most recent value are considered for reconciliation. If you have not configured your connector for incremental reconciliation, then the Latest Token attribute remains blank and the connector continues to perform full reconciliation runs.

3.3.4 Limited Reconciliation

By default, all enterprise target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified enterprise target system records that must be reconciled.

You do this by creating filters for the reconciliation module. The connector supports filters in the reconciliation scheduled jobs to fetch those records which match the filter criteria. The filter expression is also passed to custom parsers so that the records can be filtered at the parser level.

You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter attribute (a scheduled task attribute) that allows you to use any of the Flat File resource attributes to filter the target system records.

See About Filters for information about implementing filters in the custom parser.

For detailed information about ICF Filters, see ICF Filter Syntax of Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

Note:

The __UID__ attribute name can only be used with the equalTo filter.

While deploying the connector, follow the instructions in Configuring Scheduled Jobs to specify attribute values.

3.4 Configuring Scheduled Jobs

Configure scheduled jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Manager.

You can apply this procedure to configure the scheduled jobs for lookup field synchronization and reconciliation.

To configure a scheduled job:

Log in to Oracle Identity System Administration.
In the left pane, under System Management, click Scheduler.
Search for and open the scheduled job as follows:
1. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
2. In the search results table on the left pane, click the scheduled job in the Job Name column.
On the Job Details tab, you can modify the following parameters:
- Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
- Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.
Note:

See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about schedule types.

In addition to modifying the job details, you can enable or disable a job.
On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.
Note:
- Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.
- Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.
Click Apply to save the changes.

Note:

The Stop Execution option is available in the Administrative and User Console. You can use the Scheduler Status page to start, stop, or reinitialize the scheduler.

3.5 Reconciling Complex Multivalued Data

The Flat File connector supports the reconciliation of complex multivalued data in the form of child forms containing single and multiple fields.

The child form data must be in the same file as the parent form data. In other words, every line in the flat file must represent a single record which includes the parent and the child form data. The child form values are separated by customizable delimiters.

In the following example, the sample multivalued data has been presented in the following format:

AccountID,FirstName,LastName,Email,Languages,Roles

"111","John","Doe","john.doe@acme.com","English;French;Spanish","Administrator#6-Dec-2013;Backup Operator#7-Nov-2013"

Here, Languages and Roles are multivalued data. Languages is a multivalued field without subfields. Roles is a complex multivalued field with subfields like ROLENAME#STARTDATE.

3.6 Configuring Fault Handling

Record level errors while parsing the file are logged in a separate file and will be saved in a directory named "failed" that the connector creates, within the flat file directory.

The processed flat file will be saved in the following format:

FILENAME_dd-MM-yyyy_HH-mm-ss.EXT

In this format, FILENAME is the name of the flat file being archived. dd-MM-yyyy_HH-mm-ss is the date and time at which the connector started processing the file. EXT is the extension of the file.

For example, the filename will be saved in the following format:

acmeusers_29-08-2013_22-44-12.csv

The error file will contain all those records that were not processed due to validation or data errors. The connector will also append the reason for failure as a separate attribute in the error file for future reference. Since the error file contains the existing attributes of the failed record, the same file can be modified to fix the data errors and loaded back using the connector to reconcile the failed records alone. The Oracle Identity Manager Administrator must have read and write permissions on the Flat File directory and Archive directory locations.

3.7 Configuring Archival

The connector supports archival of the processed flat files.

The archive directory location can be specified in the Archive directory attribute while configuring the scheduled jobs, and the connector will move the files from the source directory to the specified location, once each file is processed. If the value for this attribute is not specified, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. The Oracle Identity Manager Administrator must have read and write permissions on Archive directory location. The processed flat file will be saved in the following format:

FILENAME_dd-MM-yyyy_HH-mm-ss.zip

In this format:

FILENAME

This is the name of the flat file being archived. If the directory with the flat file that is being processed contains more than one flat file, then FILENAME is the name of the first flat file from the alpha-numerically sorted list of flat files in the directory.
dd-MM-yyyy_HH-mm-ss

This is the date and time at which the flat file was archived.

For example, if the flat file has been exported from an enterprise target system, the filename will be saved in the following format:

acmeusers_29-08-2013_22-44-12.zip

If the archive location is specified, all the files from the source directory will be moved irrespective of whether the file processing was successful or not. In case of errors, the connector will write the failed records to a separate file and this file will be saved in the "failed" directory under the Flat File directory.

See the following sections for more information about the Archive directory attribute:

3.8 Understanding and Configuring Delimiters

Learn about the delimiters that the connector supports and its configuration.

3.8.1 About Delimiters Supported By the Connector

The connector supports the use of single character delimiters that can be used to separate values in a record.

The Space or tab characters have to be entered as space or tab respectively. Other multibyte characters (characters in different locale) can be directly entered in the lookup definition in the respective locale.

Note:

The connector does not support multicharacter delimiters. For example, the use of characters $# together as a delimiter is not supported.

By default, the connector supports comma (,) as a fieldDelimiter, semicolon (;) as a multiValueDelimiter, and number sign (#) as a subFieldDelimiter. If the exported flat file uses other characters as delimiters, they must be specified in the Lookup.FlatFile.Configuration lookup definition if you have configured your flat file as a target resource, and in the Lookup.FlatFile.Configuration.Trusted if you have configured your flat file as a trusted source.

See the fieldDelimiter, multiValueDelimiter, and subFieldDelimiter entries in Table 1-2 and Table 1-3 for more information about delimiters.

In the following sample multivalued data, the data has been presented in the following format, separated by delimiters:

AccountID,FirstName,LastName,Email,Languages,Roles

"111","John","Doe","john.doe@acme.com","English;French;Spanish","Administrator#6-Dec-2013;Backup Operator#7-Nov-2013"

Here, comma (,) is a fieldDelimiter, semicolon (;) is a multiValueDelimiter, and number sign (#) is a subFieldDelimiter.

Figure 3-3 shows sample multivalued data separated by delimiters.

Figure 3-3 Sample Multivalued Data Separated by Delimiters

Description of "Figure 3-3 Sample Multivalued Data Separated by Delimiters"

3.8.2 Configuring Delimiters

Perform this procedure to configure delimiters.

Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
Depending on how you have configured your flat file, perform one of the following steps:
- If you have configured your flat file as a target resource:
  
  Search for and open the Lookup.FlatFile.Configuration lookup definition.
- If you have configured your flat file as a trusted source:
  
  Search for and open the Lookup.FlatFile.Configuration.Trusted lookup definition
Depending on the entries that you want to configure, perform the following steps:
- To configure the fieldDelimiter entry:
  
  If your flat file uses the slash symbol (/) as a field delimiter, specify it in the Decode column, as the value of this entry.
  
  Default value: ,
  
  Sample value: /
- To configure the multiValueDelimiter entry:
  
  If your flat file uses the vertical bar (|) as a delimiter for each multivalued data, specify it in the Decode column, as the value of this entry.
  
  Default value: ;
  
  Sample value: |
- To configure the subFieldDelimiter entry:
  
  If your flat file uses the dollar sign ($) as a delimiter for each subfield within a multivalued field, specify it in the Decode column, as the value of this entry.
  
  Default value: #
  
  Sample value: $
Click Save.

3.9 Uninstalling the Connector

Uninstalling the connector deletes all the account related data associated with resource objects of the connector.

If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.