Go to main content
|
|
This chapter contains the following sections:
Note:
In this guide, Oracle E-Business HRMS Connector is referred to as the EBS HRMS connector.
Oracle Identity Manager (OIM) platform automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connects users to resources, and revokes and restricts unauthorized access to protect sensitive corporate information. This guide discusses the connector that enables you to use Oracle E-Business HRMS as a target resource or trusted source of identity data for Oracle Identity Manager.
The connector can be used to manage HRMS records. You can use this connector to integrate Oracle E-Business HRMS either as a trusted source or target resource of Oracle Identity Manager. Two separate versions of the connector are provided for this purpose. The following sections provide information about these connectors:
You can use the HRMS Trusted connector to integrate Oracle E-Business HRMS as a trusted source of Oracle Identity Manager. In other words, the target system is the authoritative source of identity data for Oracle Identity Manager. This identity data is used to create or update OIM Users. The HRMS Trusted connector can also be configured for use in scenarios in which Oracle E-Business HRMS is one of the trusted sources in the operating environment of the organization.
You use the HRMS Trusted connector to reconcile all the person types that are supported by the Oracle E-Business Suite HRMS store. The PER_ALL_PEOPLE_F table represents the Oracle E-Business Suite HRMS store. You can also use this connector to reconcile new, modified, terminated, and deleted person type records.
The following are the person types (HRMS or Person record) supported by the Oracle E-Business Suite HR store:
Employee
Contingent workers/ Part-time workers
Contractors
You can use the HRMS Target connector to provision and reconcile HRMS person records (PER_ALL_PEOPLE_F records) to and from Oracle E-Business Suite HRMS. In other words, you use this connector to create PER_ALL_PEOPLE_F records for OIM Users and grant assignments and addresses to these accounts. You can also reconcile newly created and modified PER_ALL_PEOPLE_F records from the target system.
The object class used for HR management is __PERSON__.
When you provision an account, an HRMS person record is created and stored in the PER_ALL_PEOPLE_F table. It can be of the following types:
Employee
Contingent workers/ Part-time workers
Contractors
This section lists the supported certified components for the HRMS connector.
Table 1-1 lists the certified components for the connector.
Table 1-1 Certified Components
Component | Requirement |
---|---|
Oracle Identtiy Governance or Oracle Identity Manager |
You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager:
Note: You must download and apply the patch 21687999. To download a patch, sign in to My Oracle Support and search for the patch number on the Patches and Updates page at: |
Target system |
The target system can be any one of the following:
These applications may run on Oracle Database 10g, 11g, 12c, or 19c as either single database or Oracle RAC implementation. Note:
|
Connector server |
11.1.2.1.0 Note: The JDBC driver ojdbcx.jar is supported with character sets such as US7ASCII, WE8DEC, WE8ISO8859P1, WE8MSWIN1252, and UTF8. To use any other character sets and ensure all connector operations work successfully with the Connector Server, download the orai18n.jar file from the Oracle JDBC drivers OTN page and copy it to the lib directory of Connector Server. |
Connector Server JDK |
JDK 1.6 or later |
Depending on the Oracle Identity Manager version that you are using, you must deploy and use one of the following connectors:
If you are using an Oracle Identity Manager release that is earlier than Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0) and you want to configure the connector to use the target system as a trusted source, then use the 9.1.x version of the Oracle E-Business Employee Reconciliation connector.
Note that in the 9.1.x version, there is no connector for configuring the HRMS target system as a target resource.
If you are using any of the Oracle Identity Manager release listed in Table 1-1 then you must use the latest 11.1.1.x version of this connector.
These are the languages that the connector supports.
Arabic
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
English (US)
Finnish
French
French (Canadian)
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Portuguese (Brazilian)
Romanian
Russian
Slovak
Spanish
Swedish
Thai
Turkish
The HRMS connector is implemented using the Integrated Common Framework (ICF) component.
The Oracle E-Business HRMS connector is implemented by using the Identity Connector Framework (ICF). The ICF is a component that provides basic reconciliation and provisioning operations that are common to all Oracle Identity Manager connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as connection pooling, buffering, time outs, and filtering. The ICF is shipped along with Oracle Identity Manager. Therefore, you need not configure or modify the ICF.
During connector operations, Oracle Identity Manager interacts with a layer called Glue. Glue is specific for each of the applications and uses ICF API to invoke operations on the Identity Connector (IC). The connector then calls the target system APIs to perform operations on the resource.
As discussed in one of the earlier sections, there are two versions of the Oracle E-Business HRMS connector as follows:
HRMS Target Connector
The basic function of this connector is to enable management of employee data on Oracle E-Business Suite HRMS through Oracle Identity Manager. You can create and manage employee records for OIM Users through provisioning. In addition, data related to newly created and modified employee records can be reconciled (using scheduled tasks) and linked with existing OIM Users and provisioned resources.
Figure 1-1 shows the architecture of the HRMS Target connector.
Figure 1-1 Connector Architecture of the HRMS Target Connector
HRMS Trusted Connector
The basic function of this connector is to perform identity (trusted source) reconciliation with the target system. In this form of reconciliation, identity data is fetched to Oracle Identity Manager and this data is used to create or update OIM Users.
Figure 1-1 shows the architecture of the HRMS Trusted connector.
Figure 1-2 Connector Architecture of the HRMS Trusted Connector
The features of the connector include support for connector server, full reconciliation, and limited reconciliation.
The following are the features of the connector:
Reconciliation involves running a SQL query on the target system database to fetch the required Person records to Oracle Identity Manager. Predefined SQL queries are stored in the search.properties file in the connector bundle JAR package. You can modify these SQL queries or add your own SQL queries for reconciliation.
Similarly, provisioning involves running stored procedures on the target system database to create or update the required Person records. Information about the stored procedures related to performing provisioning operations are stored in the Procedures.properties file in the connector bundle JAR. You can modify these stored procedures or add your own stored procedures for provisioning.
See the following sections for more information about these SQL queries and stored procedures:
In full reconciliation, all records are fetched from the target system to Oracle Identity Manager. In incremental reconciliation, only records that are added or modified after the last reconciliation run are fetched into Oracle Identity Manager.
You can switch from incremental to full reconciliation at any time after you deploy the connector. See section Performing Full Reconciliation and Incremental Reconciliation Using the HRMS Target Connector for more information on performing full and incremental reconciliation runs.
You can break down a reconciliation run into batches by specifying the number of records that must be included in each batch.
See section Performing Batched Reconciliation Using the HRMS Target Connector for more information on performing batched reconciliation.
To limit or filter the records that are fetched into Oracle Identity Manager during a reconciliation run, you can specify the subset of added or modified target system records that must be reconciled.
See section Performing Limited Reconciliation Using the HRMS Target Connector for more information on performing limited reconciliation.
A connection pool is a cache of objects that represent physical connections to the target. Oracle Identity Manager connectors can use these connections to communicate with target systems. At run time, the application requests a connection from the pool. If a connection is available, then the connector uses it and then returns it to the pool. A connection returned to the pool can again be requested for and used by the connector for another operation. By enabling the reuse of connections, the connection pool helps reduce connection creation overheads like network latency, memory allocation, and authentication.
One connection pool is created for each IT resource. For example, if you have three IT resources for three installations of the target system, then three connection pools will be created, one for each target system installation.
See Setting Up the Lookup Definition for Connection Pooling for more information about setting up the Configuration lookup definitions for connection pooling.
You can configure SSL to secure communication between Oracle Identity Manager and the target system.
See Configuring Secure Communication Between the Target System and Oracle Identity Manager for information about configuring secure communication.