3 Using the Salesforce Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

This chapter discusses the following topics:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

3.1 Scheduled Jobs for Lookup Field Synchronization

Scheduled jobs for lookup field synchronization fetch the most recent values from specific fields in the target system to lookup definitions in Oracle Identity Manager. These lookup definitions are used as an input source for lookup fields in Oracle Identity Manager.

The following scheduled jobs are used for lookup field synchronization:

Salesforce Group Lookup Reconciliation Scheduled Job
Salesforce Profile Lookup Reconciliation Scheduled Job

Table 3-1 describes the attributes of both scheduled jobs. The procedure to configure scheduled tasks is described later in this guide.

Note:

The target system allows you to use special characters in lookup fields. However, in Oracle Identity Manager, special characters are not supported in lookup definitions.

Table 3-1 Attributes of the Scheduled Jobs for Lookup Field Synchronization

Attribute	Description
Code Key Attribute	Enter the name of the attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). Default Value: `__UID__`
Decode Attribute	Enter the name of the attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default Value: `__NAME__`
IT Resource Name	Name of the IT resource for the target system installation from which you reconcile user records. Default value: `Salesforce`
Lookup Name	Name of the lookup definition in Oracle Identity Manager that must be populated with values fetched from the target system. Depending on the scheduled job you are using, the default values are as follows: For Salesforce Group Lookup Reconciliation Scheduled Job: `Lookup.Salesforce.Groups` For Salesforce Profile Lookup Reconciliation Scheduled Job: `Lookup.Salesforce.Profiles`
Object Type	Name of the type of object you want to reconcile. Depending on the scheduled job you are using, the default values are as follows: For Salesforce Group Lookup Reconciliation Scheduled Job: `Group` For Salesforce Profile Lookup Reconciliation Scheduled Job: `Entitlement`

3.2 Configuring Reconciliation for Salesforce Connector

You can configure the connector to specify the type of reconciliation and its schedule.

This section discusses the following topics related to configuring reconciliation:

3.2.1 Full Reconciliation

Full reconciliation involves reconciling all active user records from the target system into Oracle Identity Manager.

Note:

To eliminate the Automated Process User that the Salesforce sandbox has and to get all the users successfully during full reconciliation, you must add the following filter, greaterThan('userType','AutomatedProcest')|lessThan('userType','AutomatedProcess')

To perform a full reconciliation run, remove or delete any value assigned to the Filter and run the scheduled job for user reconciliation.

Note:

The connector cannot support incremental reconciliation because the target system does not provide a way for tracking the time at which account data is created or modified.
If the target system contains more than 2200 records, then use the Flat File connector to perform full reconciliation as Salesforce.com does not allow you to reconcile more than 2200 users even after pagination. See Reconciling Large Number of Records.

3.2.2 Limited Reconciliation

Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a filter attribute that allows you to use any of the attributes of the target system to filter target system records.

You specify a value for the filter attribute while configuring the user reconciliation scheduled job.

Note:

If the target system contains more than 2200 records, then use the Flat File connector to perform limited reconciliation as Salesforce does not allow you to reconcile more than 2200 users even after pagination. Otherwise, use appropriate filters to reduce the records count. See Reconciling Large Number of Records.

For detailed information about Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

3.2.3 Reconciling Large Number of Records

During a reconciliation run, if the target system contains more than 2200 records, then you must use the Flat File connector to fetch all the records into Oracle Identity Manager.

To reconcile a large number of records from the target system into Oracle Identity Manager:

Export all users in the target system to a flat file.
Copy the flat file to a location that is accessible from Oracle Identity Manager.
Create a schema file representing the structure of the flat file.
Install the Flat File connector.
Configure the Flat File IT resource.
If you want to perform trusted source reconciliation, then configure and run the Flat File Users Loader scheduled job.
While configuring this scheduled job, ensure that you set the value of the Target IT Resource Name attribute to Salesforce and Target Resource Object Name to Salesforce User Trusted.
If you want to perform target resource reconciliation, then configure and run the Flat File Accounts Loader scheduled job.
While configuring this scheduled job, ensure that you set the value of the Target IT Resource Name attribute to Salesforce and Target Resource Object Name to Salesforce User.

3.2.4 Reconciliation Scheduled Jobs

When you run the Connector Installer, reconciliation scheduled jobs are automatically created in Oracle Identity Manager. You must configure these scheduled jobs to suit your requirements by specifying values for its attributes.

This section discusses the following scheduled jobs that you can configure for reconciliation:

3.2.4.1 Scheduled Jobs for Reconciliation of User Records

The scheduled jobs for user reconciliation include Salesforce Target Resource User Reconciliation and Salesforce Trusted User Reconciliation that are used when you want to run the connector in the target resource and trusted source modes respectively.

Depending on whether you want to implement trusted source or target resource reconciliation, you must specify values for the attributes of one of the following user reconciliation scheduled jobs:

Salesforce Target Resource User Reconciliation

This scheduled job is used to reconcile user data in the target resource (account management) mode of the connector.
Salesforce Trusted User Reconciliation

This scheduled job is used to reconcile user data in the trusted source (identity management) mode of the connector.

Table 3-2 describes the attributes of both scheduled jobs.

Table 3-2 Attributes of the Scheduled Job for User Reconciliation

Attribute	Description
Filter	Enter the search filter for fetching user records from the target system during a reconciliation run. See ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for sample values.
IT Resource Name	Enter the name of the IT resource for the target system installation from which you want to reconcile user records. The default value of this attribute in the Salesforce Target Resource User Reconciliation scheduled job is `Salesforce`. The default value of this attribute in the Salesforce Trusted User Reconciliation scheduled job is `Salesforce Trusted`.
Object Type	Type of object you want to reconcile. Default value: `User` Do not change the value of the attribute.
Resource Object Name	Name of the resource object against which reconciliation runs must be performed. The default value of this attribute in the Salesforce Target Resource User Reconciliation scheduled job is `Salesforce User`. The default value of this attribute in the Salesforce Trusted User Reconciliation scheduled job is `Salesforce User Trusted`. Do not change the value of this attribute.

3.2.4.2 Scheduled Job for Reconciliation of Groups

The Salesforce Group Recon scheduled job is used to reconcile group data from the target system.

Table 3-3 Attributes of the Salesforce Group Recon Scheduled Job

Attribute	Description
Filter	Enter the search filter for fetching group records from the target system during a reconciliation run. See ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for sample values.
IT Resource Name	Enter the name of the IT resource for the target system installation from which you want to reconcile group data. Default value: `Salesforce`
Object Type	Type of object you want to reconcile. Default value: `Group` Do not change the value of the attribute.
OIM Organization Name	Enter the name of the Oracle Identity Manager organization in which reconciled groups must be created or updated. Sample Value: Xellerate Users.
Resource Object Name	Name of the resource object against which reconciliation runs must be performed. Default value: `Salesforce Group` Do not change the value of this attribute.
Scheduled Task Name	Name of the scheduled task used for reconciliation. Default value: `Salesforce Group Recon`

3.3 Configuring Scheduled Jobs

Configure scheduled jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Manager.

You can apply this procedure to configure the scheduled jobs for lookup field synchronization and reconciliation.

To configure a scheduled job:

Log in to Oracle Identity System Administration.
In the left pane, under System Management, click Scheduler.
Search for and open the scheduled task as follows:
1. On the left pane, in the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
2. In the search results table on the left pane, click the scheduled job in the Job Name column.
On the Job Details tab, you can modify the parameters of the scheduled task:
Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.

Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.

Note:
See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about schedule types.

In addition to modifying the job details, you can enable or disable a job.
On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.
Note:
- Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.
- Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.
- See Reconciliation Scheduled Jobs for the list of scheduled tasks and their attributes.
Click Apply to save the changes.

Note:
The Stop Execution option is available in the Identity System Administration. You can use the Scheduler Status page to either start, stop, or reinitialize the scheduler.

3.4 Guidelines on Performing Provisioning Operations

These guidelines provide information on what to do when performing provisioning operations.

You must apply the following guideline while performing a provisioning operation:

For a Create User provisioning operation, you must specify a value for the User Name field along with the domain name. For example, jdoe@example.com.
During a group provisioning operation you must give a value for DisplayName.
While assigning multiple groups with the same name, the target system appends a number to the group name. Therefore, you must execute Group target reconciliation job every time multiple groups with the same name are provisioned on the target system to bring the target system and Oracle Identity Manager in synchronization.

3.5 Performing Provisioning Operations

You create a new user in Oracle Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Manager:

Log in to Oracle Identity Self Service.
Create a user. See Managing Users in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager for more information about creating a user.
On the Account tab, click Request Accounts.
In the Catalog page, search for and add to cart the application instance created in Step 3, and then click Checkout.
Specify value for fields in the application form and then click Ready to Submit.
Click Submit.
If you want to provision entitlements, then:
- On the Entitlements tab, click Request Entitlements.
- In the Catalog page, search for and add to cart the entitlement, and then click Checkout.
- Click Submit.

3.6 Uninstalling the Salesforce Connector

Uninstalling the connector deletes all the account related data associated with resource objects of the connector.

If you want to uninstall the connector for any reason, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager.