3 Using the ServiceNow Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

This section discusses the following topics:

• Scheduled Job for Lookup Field Synchronization

• Configuring Reconciliation for ServiceNow Connector

• Configuring Scheduled Jobs

• Guidelines on Performing Provisioning Operations

• Performing Provisioning Operations

• Uninstalling the Connector

3.1 Scheduled Job for Lookup Field Synchronization

Scheduled jobs for lookup field synchronization fetch the most recent values from specific fields in the target system to lookup definitions in Oracle Identity Manager. These lookup definitions are used as an input source for lookup fields in Oracle Identity Manager.

The following scheduled jobs are used for lookup fields synchronization:

• ServiceNow Group Lookup Recon

• ServiceNow Role Lookup Recon

• ServiceNow Department Lookup Recon

Values fetched by these scheduled jobs from the target system are populated in the Lookup.ServiceNow.Groups, Lookup.ServiceNow.Roles and Lookup.ServiceNow.Departments respectively. The attributes for all the scheduled jobs for lookup field synchronization are the same.Table 3-1 describes the attributes of the scheduled jobs. The procedure to configure scheduled jobs is described later in this guide.

Table 3-1 Attributes of the Scheduled Job for Lookup Field Synchronization

Attribute	Description
Code Key Attribute	Enter the name of the attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: __UID__
Decode Attribute	Enter the name of the attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: __NAME__
IT Resource Name	Name of the IT resource for the target system installation from which you reconcile user records. Default value: ServiceNow
Lookup Name	Name of the lookup definition in Oracle Identity Manager that must be populated with values fetched from the target system. Depending on the scheduled job you are using, the default values are as follows: For ServiceNow Group Lookup Recon Scheduled Job: Lookup.ServiceNow.Groups For ServiceNow Department Lookup Recon Scheduled Job: Lookup.ServiceNow.Department For ServiceNow Role Lookup Recon Scheduled Job: Lookup.ServiceNow.Roles
Object Type	Name of the type of object you want to reconcile. Depending on the scheduled job you are using, the default values are as follows: For ServiceNow Group Lookup Recon Scheduled Job: _GROUP_ For ServiceNow Department Lookup Recon Scheduled Job: Department For ServiceNow Role Lookup Recon Scheduled Job: _ROLE_

3.2 Configuring Reconciliation for ServiceNow Connector

You can configure the connector to specify the type of reconciliation and its schedule.

This section discusses the following topics related to configuring reconciliation:

• Full Reconciliation

• Limited (Filtered) Reconciliation

• Reconciling Large Number of Records

• Reconciliation Scheduled Jobs

3.2.1 Full Reconciliation

Full reconciliation involves reconciling all existing user or group records from the target system into Oracle Identity Manager.

After you deploy the connector, you must first perform full reconciliation. To perform a full reconciliation run, ensure that no value is specified for the Filter Suffix attribute of the scheduled job for reconciling users and groups. If the target system contains more number of records than what it can return in a single response, then use the Flat File connector to perform full reconciliation. See Reconciling Large Number of Records.

3.2.2 Limited (Filtered) Reconciliation

Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

All users are associated with a unique system ID, also known as sys_id. The sys_id attribute is present in the target system and OIM. Filtered reconciliation is performed using the sys_id as a filter suffix attribute.

Note:

In the current connector release, the sys_id attribute is the only filter suffix supported for filtering records.

You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter Suffix attribute (a scheduled task attribute) that allows you to use the sys_id attribute of the target system to filter target system records. The sys_id is appended to the endpoint URL. When this endpoint URL is reconciled, all record reconciliation is limited to this filter suffix attribute. A sample filter suffix value is /0e220301db039a00b88df7a0cf9619. The value provided in the filter suffix parameter varies in accordance with the target system. See Reconciliation Scheduled Jobs.

3.2.3 Reconciling Large Number of Records

During a reconciliation run, if the target system contains more number of records than what it can return in a single response, then you must use the Flat File connector to fetch all the records into Oracle Identity Manager.

To reconcile a large number of records from the target system into Oracle Identity Manager:

1. Export all users in the target system to a flat file.
2. Copy the flat file to a location that is accessible from Oracle Identity Manager.
3. Create a schema file representing the structure of the flat file.
4. Install the Flat File connector.
5. Configure the Flat File IT resource.
6. If you want to perform trusted source reconciliation, then configure and run the Flat File Users Loader scheduled job.
   While configuring this scheduled job, ensure that you set the value of the Target IT Resource Name attribute to ServiceNow and Target Resource Object Name to ServiceNow User.
7. If you want to perform target resource reconciliation, then configure and run the Flat File Accounts Loader scheduled job.
   While configuring this scheduled job, ensure that you set the value of the Target IT Resource Name attribute to ServiceNow and Target Resource Object Name to ServiceNow User .

3.2.4 Reconciliation Scheduled Jobs

When you run the Connector Installer, reconciliation scheduled jobs are automatically created in Oracle Identity Manager. You must configure these scheduled jobs to suit your requirements by specifying values for its attributes.

In ServiceNow connector, the Scheduled Job for Reconciliation of User Records is automatically created in the Oracle Identity Manager. The Scheduled Job for Reconciliation of User Records is used to reconcile user data in the target resource (account management) mode of the connector.

Table 3-2 describes the attributes of the scheduled job.

Table 3-2 Attributes of the User Reconciliation Scheduled Job

Attribute	Description
Filter Suffix	Enter the search filter for fetching records from the target system during a reconciliation run. Sample value: /0e220301db039a00b88df7a0cf9619 See Limited (Filtered) Reconciliation.
Latest Token	The Latest Token attribute is used for internal purposes. By default, this value is empty. Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: 1354753427000
IT Resource Name	Name of the IT resource for the target system installation from which you want to reconcile user records. Default value: ServiceNow
Object Type	Type of object you want to reconcile. Default value: User Note: User is the only object that is supported. Therefore, do not change the value of this attribute.
Resource Object Name	Name of the resource object that is used for reconciliation. Default value: ServiceNow User Note: Do not change the value of this attribute
Scheduled Task Name	Name of the scheduled task that is used for reconciliation. Default value: ServiceNow User Reconciliation Test

3.3 Configuring Scheduled Jobs

You must configure and run scheduled jobs to perform a reconciliation run.

To configure a scheduled job:

1. Log in to Oracle Identity System Administration.
2. In the left pane, under System Management, click Scheduler.
3. Search for and open the scheduled task as follows:
   1. On the left pane, in the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
   2. In the search results table on the left pane, click the scheduled job in the Job Name column.
4. On the Job Details tab, you can modify the following parameters:
   • Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
   • Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.

   Note:

   See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about schedule types.

   In addition to modifying the job details, you can enable or disable a job.
5. On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

   Note:

   • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

   • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.

   • Attributes of the scheduled job are discussed in Reconciliation Scheduled Jobs.

6. Click Apply to save the changes.

   Note:

   The Stop Execution option is available in the Oracle Identity System Administration. You can use the Scheduler Status page to either start, stop, or reinitialize the scheduler.

3.4 Guidelines on Performing Provisioning Operations

You must apply the below guideline while performing a provisioning operation:

For a Create User provisioning operation, you must specify a value for the User Name field. For example, John Doe. It is a mandatory field, other mandatory fields are Display Name, Password, MailNickname, and Usage Location.

3.5 Performing Provisioning Operations

You create a new user in Oracle Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Manager:

1. Log in to Oracle Identity Self Service.
2. Create a user. See Managing Users in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager for more information about creating a user.
3. On the Account tab, click Request Accounts.
4. In the Catalog page, search for and add to cart the application instance created for the IT resource (in Associating the Form with the Application Instance), and then click Checkout.

   Note:

   Ensure to select proper values for lookup type fields as there are a few dependent fields. Selecting a wrong value for such fields may result in provisioning failure.
5. Click Ready to Submit.
6. Click Submit.
7. If you want to provision entitlements, then:
   1. On the Entitlements tab, click Request Entitlements.
   2. In the Catalog page, search for and add to cart the entitlement, and then click Checkout.
   3. Click Submit.

3.6 Uninstalling the Connector

Uninstalling the connector involves deleting data related to the connector from Oracle Identity Manager Database. You use the Uninstall Connectors utility to uninstall a connector.

If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.