 Home |  Book List |  Contents |  Contact Us |
Go to main content
|
|
This chapter contains the following topics:
Note:
These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.
This section discusses the lookup definitions that are created in Oracle Identity Manager when you deploy the HRMS Trusted connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed. The other lookup definitions are as follows:
The Lookup.EBSHRMS.Configuration.Trusted holds connector configuration entries that are used during target resource reconciliation and provisioning operations.
Table 4-1 lists the default entries in this lookup definition.
Table 4-1 Entries in the Lookup.EBSHRMS.Configuration.Trusted Lookup Definition
| Code Key | Decode | Description |
|---|---|---|
|
__PERSON__ Configuration Lookup |
Lookup.EBSHRMS.Person.Configuration.Trusted |
This entry holds the name of the lookup definition that contains configuration information specific to the __PERSON__ object type. See Lookup.EBSHRMS.Person.Configuration.Trusted for more information about this lookup definition. |
|
Bundle Name |
org.identityconnectors.ebs |
This entry holds the name of the connector bundle class. Do not modify this entry. |
|
Bundle Version |
1.0.11150 |
This entry holds the version of the connector bundle class. Do not modify this entry. |
|
Connector Name |
org.identityconnectors.ebs.EBSConnector |
This entry holds the name of the connector class. Do not modify this entry. |
The Lookup.EBSHRMS.Person.Configuration.Trusted lookup definition holds configuration entries that are specific to the __PERSON__ object type. This lookup definition is used during __PERSON__ management operations when your target system is configured as a target resource.
Table 4-2 lists the default entries in this lookup definition.
Table 4-2 Entries in the Lookup.EBSHRMS.Person.Configuration.Trusted Lookup Definition
| Code Key | Decode | Description |
|---|---|---|
|
Recon Attribute Defaults |
Lookup.EBSHRMS.ReconAttrMap.Trusted.Defaults |
This entry holds the name of the lookup definition that maps reconciliation fields to their default values. See Lookup.EBSHRMS.ReconAttrMap.Trusted.Defaults for more information about this lookup definition. |
|
Recon Attribute Map |
Lookup.EBSHRMS.ReconAttrMap.Trusted |
This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup.EBSHRMS.ReconAttrMap.Trusted for more information about this lookup definition. |
The Lookup.EBSHRMS.ReconAttrMap.Trusted.Defaults lookup definition holds mappings between reconciliation fields and their default values. This lookup definition is used when there is a mandatory field on the OIM User form, but no corresponding field in the target system from which values can be fetched during trusted source reconciliation.
Table 4-3 lists the default entries in this lookup definition.
Table 4-3 Entries in the Lookup.EBSHRMS.ReconAttrMap.Trusted.Defaults Lookup Definition
| Code Key | Decode |
|---|---|
|
Organization Name |
Xellerate Users |
|
Role |
Full-Time |
|
User Type |
End-User |
You can add entries to this lookup definition in the following format:
Code Key: Name of the reconciliation field on the Oracle EBS HRMS Trusted User resource object
Decode: Corresponding default value to be displayed
For example, assume a field named Preferred Language is a mandatory field on the OIM User form. Suppose the target system contains no field that stores information about the preferred language of communication for a user account. During reconciliation, no value for the Preferred Language field is fetched from the target system. However, as the Preferred Language field cannot be left empty, you must specify a value for this field. Therefore, create an entry in this lookup definition with the Code Key value set to Preferred Language and Decode value set to English. This implies that the value of the Preferred Language field on the OIM User form displays English for all user accounts reconciled from the target system.
The Lookup.EBSHRMS.ReconAttrMap.Trusted lookup definition holds mappings between resource object fields (Code Key) and target system attributes (Decode). This lookup definition is used during reconciliation. This lookup definition is preconfigured.
Table 4-4 lists the default entries in this lookup definition.
Table 4-4 Entries in the Lookup.EBSHRMS.ReconAttrMap.Trusted Lookup Definition
| Code Key | Decode |
|---|---|
|
Business Group ID |
BUSINESS_GROUP_ID |
|
Department |
DEPARTMENT |
|
DOB[DATE] |
DATE_OF_BIRTH |
|
Effective End Date[DATE] |
ACTUAL_TERMINATION_DATE |
|
Effective Start Date[DATE] |
HIRE_DATE |
|
Email Address |
EMAIL_ADDRESS |
|
Employee Number |
PERSON_ID |
|
Employee Type |
PERSON_TYPE_ID |
|
First Name |
FIRST_NAME |
|
Grade |
GRADE |
|
Job |
JOB |
|
Last Name |
LAST_NAME |
|
Marital Status |
MARITAL_STATUS |
|
National Identifier |
NATIONAL_IDENTIFIER |
|
Nationality |
NATIONALITY |
|
Status[TRUSTED] |
__ENABLE__ |
|
Supervisor Id |
SUPERVISOR_ID |
|
Supervisor Name |
SUPERVISOR_NAME |
|
Title |
TITLE |
|
User ID |
__UID__ |
When you run the Connector Installer, scheduled jobs are automatically created in Oracle Identity Manager.
This section discusses the attributes of the following scheduled jobs:
The Oracle EBS HRMS Trusted User Reconciliation scheduled job is used for reconciliation of person records.
You must specify values for the attributes of the person record reconciliation scheduled job. Table 4-5 describes the attributes of this scheduled job.
Table 4-5 Attributes of the Oracle EBS HRMS Trusted User Reconciliation Scheduled Job
| Attribute | Description |
|---|---|
|
Filter |
Enter the search filter for fetching records from the target system during a reconciliation run. See Performing Limited Reconciliation Using the HRMS Trusted Connector for more information. |
|
Incremental Recon Attribute |
Enter the name of the target system attribute that holds the timestamp at which the person record was modified. Sample value: |
|
ITResource Name |
Name of the IT resource for the target system installation that the connector must use to reconcile person records. Default value: |
|
Latest Token |
This attribute holds the value of the attribute that is specified as the value of the Incremental Recon Attribute attribute. The Latest Token attribute is used for internal purposes. By default, this value is empty. Note: Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: |
|
Object Type |
Type of object you want to reconcile. Default value: |
|
Resource Object Name |
Name of the resource object that is used for reconciliation. Default value: |
|
Scheduled Task Name |
Name of the scheduled task that is used for reconciliation. Sample value: |
The Oracle EBS HRMS Trusted User Delete Reconciliation scheduled job is used to reconcile data about deleted person records in the target system. During a reconciliation run, for each deleted user account on the target system, the corresponding OIM User is deleted.
You must specify values for the attributes of the user reconciliation scheduled job. Table 4-6 describes the attributes of this scheduled job.
Table 4-6 Attributes of the Oracle EBS HRMS Trusted User Delete Reconciliation Scheduled Job
| Attribute | Description |
|---|---|
|
ITResource Name |
Name of the IT resource for the target system installation that the connector must use to reconcile person records. Default value: |
|
Object Type |
Type of object you want to reconcile. Default value: |
|
Resource Object Name |
Name of the resource object that is used for reconciliation. Default value: |
The Oracle EBS HRMS Trusted Incremental User Reconciliation scheduled job is used for performing incremental reconciliation.
Table 4-7 describes the attributes of this scheduled job.
Table 4-7 Attributes of the Oracle EBS HRMS Trusted Incremental User Reconciliation Scheduled Job
| Attribute | Description |
|---|---|
|
ITResource Name |
Name of the IT resource for the target system installation that the connector must use to reconcile person records. Default value: |
|
Object Type |
Type of object you want to reconcile. Default value: |
|
Resource Object Name |
Name of the resource object that is used for reconciliation. Default value: |
|
Scheduled Task Name |
Name of the scheduled task that is used for reconciliation. Default value: |
|
Sync Token |
This attribute must be left blank when you run incremental reconciliation for the first time. This ensures that data about all records from the target system are fetched into Oracle Identity Manager. After the first reconciliation run, the connector automatically enters a value for this attribute in an XML serialized format. From the next reconciliation run onward, only data about records that are modified since the last reconciliation run ended are fetched into Oracle Identity Manager. Sample value: |
This section describes the procedure to configure scheduled jobs. You can apply this procedure to configure the scheduled jobs for lookup field synchronization and reconciliation.
See Scheduled Job for Reconciliation of Person Records through Scheduled Job for Incremental Reconciliation for the scheduled jobs that are part of the connector and for information about their attributes
To configure a scheduled job:
Log in to Oracle Identity System Administration.
In the left pane, under System Management, click Scheduler.
Search for and open the scheduled task as follows:
On the left pane, in the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
In the search results table on the left pane, click the scheduled job in the Job Name column.
On the Job Details tab, you can modify the following parameters:
Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.
Note:
See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about schedule types.
In addition to modifying the job details, you can enable or disable a job.
On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.
Note:
Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.
Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.
Click Apply to save the changes.
Note:
You can use the Scheduler Status page in Identity System Administration to either start, stop, or reinitialize the scheduler.
Reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system.
This section discusses the following topics related to configuring reconciliation:
The HRMS Trusted connector is configured to perform trusted source reconciliation with the target system. The target system is used as the trusted source and users are directly created and modified on it. During reconciliation, the HRMS Trusted connector fetches data (using scheduled jobs) about these target system users into Oracle Identity Manager. This data is used to create or update the corresponding OIM Users.
A SQL query is used to fetch target system records during reconciliation. All predefined SQL queries that are required to perform reconciliation are stored in the search.properties file. The search.properties file is a common file for all EBS Suite connectors. In other words, the search.properties file contains the queries for the EBS UM, HRMS Target, and HRMS Trusted connectors.
When you run a scheduled job, the connector locates the corresponding SQL query in the search.properties file and then runs it on the target system database. Target system records that meet the query criteria are returned to Oracle Identity Manager.
Depending on your requirements, you can modify existing queries or add your own query in the search.properties. This is discussed later in this guide.
Information in the search.properties file is virtually divided into two parts. The first part lists entries containing the SQL query names in the following format:
OBJ_CLASS.OP_NAME.MODE=QUERY_NAME
In this format:
OBJ_CLASS is the name of the object class on which the reconciliation operation is to be performed.
OP_NAME is the type of reconciliation operation to be performed. A reconciliation operation can be a search op, sync op, or lookup op.
MODE is the name of the mode in which the connector is expected to perform reconciliation. For example, trusted. Note that this value is optional.
QUERY_NAME is the name of the SQL query that is to be run on the target system database.
The second part lists the SQL query names and the corresponding SQL queries.
The following are the entries corresponding to the HRMS Target connector in the search.properties file:
__PERSON__.search.trusted=HRMS_CURRENT_EMPLOYEE_RECON_QUERY
The HRMS_CURRENT_EMPLOYEE_RECON_QUERY query is used to reconcile all employee records that are currently active from the target system. The reconciliation operation that is performed is search based.
__PERSON__.search.future_trusted=HRMS_CURRENT_FUTURE_EMPLOYEE_RECON_QUERY
The HRMS_CURRENT_FUTURE_EMPLOYEE_RECON_QUERY query is used to reconcile all future-dated employee records from the target system. The reconciliation operation that is performed is search based.
__PERSON__.sync.trusted=HRMS_CURRENT_EMPLOYEE_RECON_QUERY
The HRMS_CURRENT_EMPLOYEE_RECON_QUERY query is used to reconcile all employee records that are currently active from the target system. The reconciliation operation that is performed is sync based.
__PERSON__.sync.future_trusted=HRMS_CURRENT_FUTURE_EMPLOYEE_RECON_QUERY
The HRMS_CURRENT_FUTURE_EMPLOYEE_RECON_QUERY query is used to reconcile all future-dated employee records from the target system.The reconciliation operation that is performed is sync based.
The following sections provide information about the reconciliation rules for this connector:
The following is the process-matching rule:
Rule name: EBS HRMS Trusted
Rule element: User Login Equals User ID
In the rule element:
User Login represents the User Login field on the OIM User form.
User ID represents the Person ID field of the employee on the target system.
After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:
Note:
Perform the following procedure only after the connector is deployed.
Figure 4-1 shows the reconciliation rule for target resource reconciliation.
Figure 4-1 Reconciliation Rule for Trusted Source Reconciliation
The following sections provide information about the reconciliation rules for this connector:
Table 4-8 lists the action rules for trusted source reconciliation.
Table 4-8 Action Rules for Trusted Source Reconciliation
| Rule Condition | Action |
|---|---|
|
No Matches Found |
Create User |
|
One Entity Match Found |
Establish Link |
|
One Process Match Found |
Establish Link |
Note:
No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See the following sections in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about setting or modifying a reconciliation action rule:
After you deploy the connector, you can view the reconciliation action rules for trusted source reconciliation by performing the following steps:
Figure 4-2 Reconciliation Action Rules for Trusted Source Reconciliation
Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Manager. After you deploy the connector, you must first perform full reconciliation. In addition, you can switch from incremental reconciliation to full reconciliation whenever you want to ensure that all target system records are reconciled in Oracle Identity Manager.
To perform full reconciliation, ensure that no values are specified for the Latest Token and Filter attributes of the scheduled jobs for reconciling user records.
In incremental reconciliation, only records created or modified after the latest date/ timestamp the last reconciliation was run are considered for reconciliation. To perform incremental reconciliation, configure and run the scheduled job for incremental reconciliation. The first time you run the scheduled job for incremental reconciliation, note that a full reconciliation is performed.
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled.
You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter attribute (a scheduled job attribute) that allows you to use any of the Oracle EBS HRMS Trusted User resource attributes to filter the target system records.
When you specify a value for the Filter attribute, only the target system records that match the filter criterion are reconciled into Oracle Identity Manager. If you do not specify a value for the Filter attribute, then all the records in the target system are reconciled into Oracle Identity Manager. For example, specifying the following as the value of the Filter attribute returns all records that belong to the 202 business group ID:
equalTo('BUSINESS_GROUP_ID','202')
You specify a value for the Filter attribute while configuring the user reconciliation scheduled job.
For detailed information about ICF Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.
You can configure batched reconciliation to avoid these problems.
To configure batched reconciliation, you must specify value for the batchSize parameter of the IT resource. Use this parameter to specify the number of records that must be included in each batch. By default, this value is set to 1000.
If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.
