3 Using the Office 365 Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

This chapter is discusses the following topics:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

• Scheduled Jobs for Lookup Field Synchronization for Office 365 Connector

• Configuring Reconciliation for Office 365 Connector

• Configuring Scheduled Jobs

• Guidelines on Performing Provisioning Operations

• Performing Provisioning Operations

• Uninstalling the Connector

3.1 Scheduled Jobs for Lookup Field Synchronization for Office 365 Connector

Scheduled jobs for lookup field synchronization fetch the most recent values from specific fields in the target system to lookup definitions in Oracle Identity Manager. These lookup definitions are used as an input source for lookup fields in Oracle Identity Manager.

The following scheduled jobs are used for lookup fields synchronization:

• Office365 Group Lookup Reconciliation

• Office365 Licenses Lookup Reconciliation

• Office365 Roles Lookup Reconciliation

• Office365 Manager Lookup Reconciliation

The following scheduled jobs are used for lookup fields synchronization:

Values fetched by these scheduled jobs from the target system are populated in the Lookup.Office365.Groups, Lookup.Office365.Licenses, Lookup.Office365.Roles and Lookup.Office365.Manager lookup definitions, respectively..

The attributes for all the scheduled jobs for lookup field synchronization are the same. Table 3-1describes the attributes of the scheduled jobs. The procedure to configure scheduled jobs is described later in this guide.

Table 3-1 Attributes of the Scheduled Jobs for Lookup Field Synchronization

Attribute	Description
Code Key Attribute	Name of the connector attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). . Default value: __UID__
Decode Attribute	Name of the connector attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: __NAME__
IT Resource Name	Name of the IT resource for the target system installation from which you want reconcile user records. Default value: Office365
Lookup Name	Enter the name of the lookup definition in Oracle Identity Manager that must be populated with values fetched from the target system. Depending on the scheduled job that you are using, the default values are as follows: For Office365 Group Lookup Reconciliation: Lookup.Office365.Groups For Office365 Licenses Lookup Reconciliation: Lookup.Office365.Licenses For Office365 Roles Lookup Reconciliation: Lookup.Office365.Roles For Office365 Manager Lookup Reconciliation: Lookup.Office365.Manager If you create a copy of any of these lookup definitions, then enter the name of that new lookup definition as the value of the Lookup Name attribute.
Object Type	Enter the type of object you want to reconcile. Depending on the scheduled job that you are using, the default values are as follows: For Office365 Group Lookup Reconciliation: __GROUP__ For Office365 Licenses Lookup Reconciliation: __LICENSE__ For Office365 Roles Lookup Reconciliation: __ROLE__ For Office365 Manager Lookup Reconciliation: User

3.2 Configuring Reconciliation for Office 365 Connector

You can configure the connector to specify the type of reconciliation and its schedule.

This section discusses the following topics related to configuring reconciliation:

• Full Reconciliation for Office 365 Connector

• Limited Reconciliation for Office 365 Connector

• Reconciling Large Number of Records

• Reconciliation Scheduled Jobs for Office 365 Connector

3.2.1 Full Reconciliation for Office 365 Connector

Full reconciliation involves reconciling all existing user or group records from the target system into Oracle Identity Manager.

After you deploy the connector, you must first perform full reconciliation. To perform a full reconciliation run, ensure that no value is specified for the Filter attribute of the scheduled job for reconciling users and groups. If the target system contains more number of records than what it can return in a single response, then use the Flat File connector to perform full reconciliation. See Reconciling Large Number of Records.

3.2.2 Limited Reconciliation for Office 365 Connector

Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter Suffix attribute (a scheduled task attribute) that allows you to use any of the attributes of the target system to filter target system records. You specify a value for the Filter Suffix attribute while configuring the user reconciliation scheduled job.

Note:

If the target system contains more number of records than what it can return in a single response, then use the Flat File connector to perform limited reconciliation. See Reconciling Large Number of Records.

For information about Office 365 filters, visit the following Microsoft Developer Network page: https://msdn.microsoft.com/library/azure/ad/graph/howto/azure-ad-graph-api-supported-queries-filters-and-paging-options.

3.2.3 Reconciling Large Number of Records

During a reconciliation run, if the target system contains more number of records than what it can return in a single response, then you must use the Flat File connector to fetch all the records into Oracle Identity Manager.

To reconcile a large number of records from the target system into Oracle Identity Manager:

1. Export all users in the target system to a flat file.
2. Copy the flat file to a location that is accessible from Oracle Identity Manager.
3. Create a schema file representing the structure of the flat file. See Creating a Schema File in Oracle Identity Manager Connector Guide for Flat File.
4. Install the Flat File connector. See Running the Connector Installer in Oracle Identity Manager Connector Guide for Flat File.
5. Configure the Flat File IT resource. See Configuring the IT Resource in Oracle Identity Manager Connector Guide for Flat File.
6. If you want to perform trusted source reconciliation, then configure and run the Flat File Users Loader scheduled job.
   While configuring this scheduled job, ensure that you set the value of the Target IT Resource Name attribute to Office365 and Target Resource Object Name to Office365 User Trusted.
   See Flat File Users Loader and IT_RES_NAME Flat File Users Loader in Oracle Identity Manager Connector Guide for Flat File for information about the attributes of the Flat File Users Loader scheduled job.
7. If you want to perform target resource reconciliation, then configure and run the Flat File Accounts Loader scheduled job.
   While configuring this scheduled job, ensure that you set the value of the Target IT Resource Name attribute to Office365 and Target Resource Object Name to Office365 User.
   See Flat File Accounts Loader and IT_RES_NAME Flat File Accounts Loader in Oracle Identity Manager Connector Guide for Flat File for information about the attributes of the Flat File Accounts Loader scheduled job.

3.2.4 Reconciliation Scheduled Jobs for Office 365 Connector

When you run the Connector Installer, reconciliation scheduled jobs are automatically created in Oracle Identity Manager: You must configure these scheduled jobs to suit your requirements by specifying values for its attributes.

This section discusses the following scheduled jobs that you can configure for reconciliation:

• Office365 User Reconciliation

• Office365 Group Recon

• Office365 Trusted User Reconciliation

3.2.4.1 Office365 User Reconciliation

You use the Office365 Target Resource User Reconciliation scheduled job to reconcile user account data from the target system in the target resource (account management) mode of the connector.

Table 3-2 Attributes of the Office365 User Reconciliation Scheduled Task

Attribute	Description
Filter Suffix	Enter the search filter for fetching user records from the target system during a reconciliation run. See Limited Reconciliation for Office 365 Connector.
IT Resource Name	Enter the name of the IT resource for the target system installation from which you want to reconcile user records. Default value: Office365
Object Type	This attribute holds the name of the object type for the reconciliation run. Default value: User Do not change the default value.
Resource Object Name	Name of the resource object against which reconciliation runs are performed. Default value: Office365 User Do not change the default value.
Incremental Recon Attribute	Attribute that holds the timestamp at which the token record was modified.
Latest Token	This attribute holds the value of the attribute that is specified as the value of the Incremental Recon Attribute attribute. The Latest Token attribute is used for internal purposes. By default, this value is empty. Note: Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: 1354753427000

3.2.4.2 Office365 Group Recon

You use the Office365 Group Recon scheduled job to reconcile group data from the target system in target resource (account management) mode of the connector.

Table 3-3 Attributes of the Office365 Group Recon Scheduled Job

Attribute	Description
Filter Suffix	Enter the search filter for fetching user records from the target system during a reconciliation run. See Limited Reconciliation for Office 365 Connector for more information about this attribute.
IT Resource Name	Enter the name of the IT resource for the target system installation from which you want to reconcile user records. Default value: Office365
Object Type	This attribute holds the name of the object type for the reconciliation run. Default value: Group Note: Do not change the default value.
Organization Name	Enter the name of the Oracle Identity Manager organization in which reconciled groups must be created or updated.
Resource Object Name	This attribute holds the name of the resource object used for reconciliation. Default value: Office365 Group Note: Do not change the default value.
Scheduled Task Name	Name of the scheduled task used for reconciliation. Default value: Office365 Group Recon
Incremental Recon Attribute	Attribute that holds the timestamp at which the token record was modified.
Latest Token	This attribute holds the value of the attribute that is specified as the value of the Incremental Recon Attribute attribute. The Latest Token attribute is used for internal purposes. By default, this value is empty. Note: Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: 1354753427000

3.2.4.3 Office365 Trusted User Reconciliation

You use the Office365 Trusted User Reconciliation scheduled job to reconcile user account data in the trusted source (identity management) mode of the connector.

Table 3-4 Attributes of the Office365 User Reconciliation Scheduled Job

Attribute	Description
Filter Suffix	Enter the search filter for fetching user records from the target system during a reconciliation run. See Limited Reconciliation for Office 365 Connector.
IT Resource Name	Enter the name of the IT resource for the system installation from which you want to reconcile user records. Default value: Office365
Object Type	This attribute holds the name of the object type for the reconciliation run. Default value: User Note: Do not change the default value.
Resource Object Name	This attribute holds the name of the resource object used for reconciliation. Default value: Office365 User Trusted Note: Do not change the default value.
Incremental Recon Attribute	Attribute that holds the timestamp at which the token record was modified.
Latest Token	This attribute holds the value of the attribute that is specified as the value of the Incremental Recon Attribute attribute. The Latest Token attribute is used for internal purposes. By default, this value is empty. Note: Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: 1354753427000

3.3 Configuring Scheduled Jobs

Configure scheduled jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Manager.

You can apply this procedure to configure the scheduled jobs for lookup field synchronization and reconciliation.

To configure a scheduled job:

1. Log in to Oracle Identity System Administration.
2. In the left pane, under System Management, click Scheduler.
3. Search for and open the scheduled job as follows:
   1. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
   2. In the search results table on the left pane, click the scheduled job in the Job Name column.
4. On the Job Details tab, you can modify the parameters of the scheduled task:
   • Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
   • Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type. See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager.

   In addition to modifying the job details, you can enable or disable a job.

5. On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

   Note:

   • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

   • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.

   • See Reconciliation Scheduled Jobs for Office 365 Connector for the list of scheduled tasks and their attributes.

6. Click Apply to save the changes.

   Note:

   The Stop Execution option is available in the Administrative and User Console. You can use the Scheduler Status page to either start, stop, or reinitialize the scheduler.

3.4 Guidelines on Performing Provisioning Operations

These guidelines provide information on what to do when performing provisioning operations.

The following are guidelines that you must apply while performing a provisioning operation:

• For a Create User provisioning operation, you must specify a value for the User Principal Name field along with the domain name. For example, jdoe@example.com, it is mandatory field, other mandatory fields are Display Name, Password, MailNickname, and Usage Location.

• During a group provisioning operation you must enter a value for the DisplayName and MailNickname fields. The value in the MailNickname field should not include spaces.

3.5 Performing Provisioning Operations

You create a new user in Oracle Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Manager:

1. Log in to Oracle Identity Self Service.
2. Create a user as follows:
   1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
   2. From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
   3. Enter details of the user in the Create User page.
3. On the Account tab, click Request Accounts.
4. In the Catalog page, search for and add to cart the application instance created in Creating an Application Instance, and then click Checkout.
5. Specify value for fields in the application form and then click Ready to Submit.
6. Click Submit.
7. If you want to provision entitlements, then:
   1. On the Entitlements tab, click Request Entitlements.
   2. In the Catalog page, search for and add to cart the entitlement, and then click Checkout.
   3. Click Submit.

See Also:

Creating a User in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager for details about the fields on the Create User page

3.6 Uninstalling the Connector

Uninstalling the connector deletes all the account related data associated with resource objects of the connector.

If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.