1 About the WebEx Connector

The WebEx connector integrates Oracle Identity Manager with WebEx.

The following topics provide a high-level overview of the WebEx connector:

• Introduction to the WebEx Connector

• Certified Components for the WebEx Connector

• Certified Languages for the WebEx Connector

• Architecture of the WebEx Connector

• Use Cases Supported by the WebEx Connector

• Features of the WebEx Connector

• Lookup Definitions Used During Connector Operations

• Connector Objects Used During Target Resource Reconciliation

• Connector Objects Used During Provisioning

• Roadmap for Deploying and Using the Connector

1.1 Introduction to the WebEx Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. The WebEx connector enables you to use WebEx as a managed (target) resource for Oracle Identity Manager.

The WebEx connector is used to integrate Oracle Identity Manager with a WebEx instance. WebEx connector ensures that all WebEx accounts are created, updated, and deactivated on an integrated cycle with the rest of the identity-aware applications in your enterprise.

Note:

At some places in this guide, the term target system has been used to refer to WebEx.

In the account management (target resource) mode of the connector, information about users created or modified directly on the target system can be reconciled into Oracle Identity Manager. This data is used to add or modify resources (that is, accounts) allocated to Oracle Identity Manager Users. In addition, you can use Oracle Identity Manager to provision or update WebEx resources (accounts) assigned to Oracle Identity Manager Users. These provisioning operations performed on Oracle Identity Manager translate into the creation or updates to target system accounts.

1.2 Certified Components for the WebEx Connector

These are the software components and their versions required for installing and using the WebEx connector.

Table 1-1 Certified Components

Component	Requirement
Oracle Identity Governance or Oracle Identity Manager	You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager: Oracle Identity Governance 12c (12.2.1.4.0) Oracle Identity Governance 12c (12.2.1.3.0) Oracle Identity Manager 11g Release 2 PS2 BP09 (11.1.2.2.9) Oracle Identity Manager 11g Release 2 PS3 BP06 (11.1.2.3.6)
Target System	Cisco WebEx
Connector Server	11.1.2.1.0
Connector Server JDK	JDK 1.6 or later

1.3 Certified Languages for the WebEx Connector

These are the languages that the connector supports.

• Arabic

• Chinese (Simplified)

• Chinese (Traditional)

• Czech

• Danish

• Dutch

• English (US)

• Finnish

• French

• French (Canadian)

• German

• Greek

• Hebrew

• Hungarian

• Italian

• Japanese

• Korean

• Norwegian

• Polish

• Portuguese

• Portuguese (Brazilian)

• Romanian

• Russian

• Slovak

• Spanish

• Swedish

• Thai

• Turkish

1.4 Architecture of the WebEx Connector

The WebEx connector is implemented by using the Identity Connector Framework (ICF).

The ICF is a component that is required in order to use Identity Connector. ICF provides basic reconciliation and provisioning operations that are common to all Oracle Identity Manager connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as, buffering, time outs, and filtering. ICF is distributed together with Oracle Identity Manager. Therefore, you do not need to configure or modify ICF.

Figure 1-1 shows the architecture of the WebEx connector.

Figure 1-1 Connector Architecture

Description of "Figure 1-1 Connector Architecture"

The connector can be configured to run in the Account Management mode. Account management is also known as target resource management. In this mode, the target system is used as a target resource and the connector enables the following operations:

• Provisioning

  Provisioning involves creating, updating, enabling, disabling or deleting users on the target system through Oracle Identity Manager. During provisioning, the Adapters invoke ICF operation, ICF inturn invokes create operation on the WebEx Connector Bundle and then the bundle calls the target system API for provisioning operations. The WebEx XML API on the target system accepts provisioning data from the bundle, carries out the required operation on the target system, and returns the response from the target system back to the bundle, which passes it to the adapters.

• Target Resource Reconciliation

  During reconciliation, a scheduled task invokes an ICF operation. ICF in turn invokes a search operation on the WebEx Connector Bundle and then the bundle calls WebEx XML API for reconciliation operation. The API extracts user records that match the reconciliation criteria and hands them over through the bundle and ICF back to the scheduled task, which brings the records to Oracle Identity Manager.

  Each record fetched from the target system is compared with WebEx resources that are already provisioned to Oracle Identity Manager Users. If a match is found, then the update made to the WebEx record from the target system is copied to the WebEx resource in Oracle Identity Manager. If no match is found, then the user ID of the record is compared with the user ID of each Oracle Identity Manager User. If a match is found, then data in the target system record is used to provision a WebEx resource to the Oracle Identity Manager User.

The WebEx Identity Connector Bundle communicates with the WebEx XML API using the HTTPS protocol. The WebEx XML API provides programmatic access through REST API endpoints. Apps can use the WebEx API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users.

1.5 Use Cases Supported by the WebEx Connector

WebEx provides on-demand collaboration, online meeting, web conferencing, and video conferencing applications. Each user should have a valid subscription for using the WebEx services. The WebEx connector is used to integrate Oracle Identity Manager with WebEx to ensure that all WebEx accounts are created, updated, and deactivated on an integrated cycle with the rest of the identity-aware applications in your enterprise.

While most of the organizations are leveraging WebEx services, a vital drawback is that an Admin user needs to manage all user identities and subscriptions manually. Since it is a time and effort consuming process for an administrator, it is advisable to use the WebEx connector. The connector automates the process of managing user identities and subscriptions and additionally reduces the burden of managing the whole life cycle of a WebEx user manually. The WebEx connector automates the process of user account provisioning, de-provisioning and subscription without any Admin intervention. Another important challenge faced is that all users are placed at a central location where the Admin can apply various organizational policies for WebEx users and generate an audit report for the same. This process is also automatically managed by the WebEx connector. To overcome these challenges, a quick and easy solution is to install the WebEx connector and configure it with your target system by providing connection information in the IT resource.

The WebEx Connector enables Oracle Identity Manager to manage all WebEx users at a single place where WebEx accounts are automatically provisioned or de-provisioned based upon the defined policies in Oracle Identity Manager respective to account users. With the help of Oracle Identity Manager, the WebEx connector Admin can perform all operations in Oracle Identity Manager and apply all Identity and Access Management features accordingly. The WebEx connector provides the ability to manage accounts and related operations across all applications without spending additional resources and time.

1.6 Features of the WebEx Connector

The features of the connector include support for connector server, full reconciliation, and limited reconciliation.

• Full Reconciliation

• Limited (Filtered) Reconciliation

• Support for the Connector Server

• Transformation and Validation of Account Data

1.6.1 Full Reconciliation

In full reconciliation, all records are fetched from the target system to Oracle Identity Manager.

You can perform a full reconciliation any time. See Full Reconciliation for the WebEx Connector.

1.6.2 Limited (Filtered) Reconciliation

You can reconcile records from the target system based on a specified filter criterion.

You can set a reconciliation filter as the value of the Filter attribute of the user reconciliation scheduled job. This filter specifies the subset of newly added and modified target system records that must be reconciled. The Filter attribute helps you to assign filters to the API based on which you will get a filtered response from target.

See Limited Reconciliation for WebEx Connector.

1.6.3 Support for the Connector Server

Connector Server is one of the features provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles.

A Java connector server is useful when you do not want to execute a Java connector bundle in the same VM as your application. It can be beneficial to run a Java connector on a different host for performance improvements if the bundle works faster when deployed on the same host as the native managed resource.

See Also:

Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for more information about installation options for this connector.

1.6.4 Transformation and Validation of Account Data

You can configure validation of account data that is brought into or sent from Oracle Identity Manager during reconciliation and provisioning.

In addition, you can configure transformation of account data that is brought into Oracle Identity Manager during reconciliation. The following sections provide more information:

• Configuring Transformation of Data During User Reconciliation

• Configuring Validation of Data During Reconciliation and Provisioning

1.7 Lookup Definitions Used During Connector Operations

Lookup definitions used during reconciliation and provisioning are either preconfigured or can be synchronized with the target system.

Lookup definitions used during connector operations can be categorized as follows:

• Lookup Definition Synchronized with the Target System

• Preconfigured Lookup Definitions for the WebEx Connector

1.7.1 Lookup Definition Synchronized with the Target System

During a provisioning operation, you use a lookup field on the process form to select a single value from a set of values. For example, you may want to select a timezone from the Time Zone lookup field to specify the timezone preference for a user. Lookup field synchronization of the Lookup.Webex.TimeZones lookup definition involves copying additions or changes made to specific fields in the target system to lookup definitions in Oracle Identity Manager.

When you deploy the connector, lookup definitions corresponding to the lookup fields on the target system are created in Oracle Identity Manager. Lookup field synchronization populates these lookup fields with values from the corresponding lookup definitions.

After you deploy the connector, the Lookup.Webex.TimeZones lookup definition, which is used as an input source for a lookup field, is automatically created in Oracle Identity Manager.

This lookup definition is empty by default and is populated with values fetched from the target system when you run the scheduled job for lookup field synchronization. For example, when you run the scheduled job for time zones lookup field synchronization, all time zones on the target system are fetched to Oracle Identity Manager and populated in the Lookup.Webex.TimeZones lookup definition.

The following is the format in which data is stored in the Lookup.Webex.TimeZones lookup definition after lookup field synchronization:

• Code Key:

  <IT_RESOURCE_KEY>~<FIELD_VALUE_ID>

  In this format:

  • IT_RESOURCE_KEY is the numeric code assigned to an IT resource in Oracle Identity Manager.

  • FIELD_VALUE_ID is the ID of the timezone in the target system.

  Sample value: 188~21

  In this sample value, 188 is the numeric code assigned to the IT resource associated with the target system and 21 is the ID of the timezone in the target system.

• Decode:

  <IT_RESOURCE_NAME>~<LOOKUP_FIELD_VALUE>

  In this format:

  • IT_RESOURCE_NAME is the name assigned to an IT resource in Oracle Identity Manager.

  • LOOKUP_FIELD_VALUE is the value of the timezone in the target system.

  Sample value: Webex~GMT+02:00,Central European(Paris)

  In this sample value, Webex is the name assigned to the IT resource in Oracle Identity Manager and GMT+02:00,Central European(Paris) is the value of the timezone in the target system

Table 1-2 shows sample entries in the Lookup.Webex.TimeZones lookup definition.

Table 1-2 Sample Entries in the Lookup.Webex.TimeZones Lookup Definition.

Code Key	Decode
44~22	Webex~GMT+01:00, GMT(London)
44~128	Webex~GMT+02:00, Central European (Paris)
44~4	Webex~GMT-07:00, Pacific(San Francisco)

1.7.2 Preconfigured Lookup Definitions for the WebEx Connector

Preconfigured lookup definitions are the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

The other lookup definitions are as follows:

• Lookup.Webex.Configuration

• Lookup.Webex.UM.Configuration

• Lookup.Webex.UM.ProvAttrMap

• Lookup.Webex.UM.ReconAttrMap

1.7.2.1 Lookup.Webex.Configuration

The Lookup.Webex.Configuration lookup definition holds connector configuration entries that are used during target resource reconciliation and provisioning operations.

Table 1-3 lists the default entries in the Lookup.Webex.Configuration values lookup definition.

Note:

Do not modify the entries in this lookup definition

Table 1-3 Entries in the Lookup.Webex.Configuration Definition

Code Key	Decode	Description
Bundle Name	org.identityconnectors.webex	This entry holds the name of the connector bundle.
Bundle Version	1.0.11150	This entry holds the version of the connector bundle.
Connector Name	org.identityconnectors.webex.WebexConnector	This entry holds the name of the connector class.
User Configuration Lookup	Lookup.Webex.UM.Configuration	This entry holds the name of the lookup definition that contains user-specific configuration properties.
startFrom	1	This entry holds the number of already retrieved users to be skipped before the next user matches the query criteria in the database which is retrieved. Default value: 1
maximumNum	100	This entry holds the integer value for the maximum number of records to return from a search. Default value: 100

1.7.2.2 Lookup.Webex.UM.Configuration

The Lookup.Webex.UM.Configuration lookup definition contains entries specific to the user object type. This lookup definition is preconfigured and is used during user management operations.

Table 1-4 Entries in the Lookup.Webex.UM.Configuration Definition

Code Key	Decode	Description
Provisioning Attribute Map	Lookup.Webex.UM.ProvAttrMap	This entry holds the name of the lookup definition that stores attribute mappings between Oracle Identity Manager and the target system. This lookup definition is used during user provisioning operations.
Recon Attribute Map	Lookup.Webex.UM.ReconAttrMap	This entry holds the name of the lookup definition that stores attribute mappings between Oracle Identity Manager and the target system. This lookup definition is used during user reconciliation.

1.7.2.3 Lookup.Webex.UM.ProvAttrMap

The Lookup.Webex.UM.ProvAttrMap lookup definition holds mappings between process form fields and target system attribute names.

This lookup definition is preconfigured and used during target resource provisioning. Table 1-8 lists the default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for target resource provisioning. See Adding New User Attributes for Provisioning.

1.7.2.4 Lookup.Webex.UM.ReconAttrMap

This lookup definition is preconfigured and used during target resource reconciliation.

The Lookup.Webex.UM.ReconAttrMap lookup definition holds mappings between resource object fields and target system attributes. Table 1-5 lists default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for target resource reconciliation. See Adding New User Attributes for Provisioning.

1.8 Connector Objects Used During Target Resource Reconciliation

Target resource reconciliation involves fetching data about newly created or modified accounts on the target system and using this data to add or modify resources assigned to Oracle Identity Manager Users.

The WebEx Resource User Reconciliation scheduled job is used to initiate a reconciliation run. This scheduled job is discussed in Reconciliation Scheduled Job.

See Also:

Managing Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for generic information about connector reconciliation

This section contains the following topics related to connector objects:

• User Fields for Target Resource Reconciliation

• Reconciliation Rule for User Target Resource Reconciliation

• Reconciliation Action Rules for Target Resource Reconciliation

1.8.1 User Fields for Target Resource Reconciliation

The Lookup.Webex.UM.ReconAttrMap lookup definition maps resource object fields with target system attributes. This lookup definition is used for performing target resource user reconciliation runs.

In this lookup definition, entries are in the following format:

• Code Key: Reconciliation field of the resource object

• Decode: Name of the target system attribute

Table 1-5 lists the entries in this lookup definition.

Table 1-5 Entries in the Lookup.Webex.UM.ReconAttrMap Definition

Code Key (Resource Object Field)	Decode (Webex Field)
Return Id	__UID__
User Name	__NAME__
First Name	FirstName
Last Name	LastName
Email	Email
TimeZone[LOOKUP]	TimeZoneID
Status	__ENABLE__

1.8.2 Reconciliation Rule for User Target Resource Reconciliation

Reconciliation rules for user target resource reconciliation are used by the reconciliation engine to determine the identity to which Oracle Identity Manager must assign a newly discovered account on the target system.

This section contains the following topics related to user reconciliation rule for target resource reconciliation:

• Target Resource Reconciliation Rule for Users

• Viewing Reconciliation Rules for Target Resource Reconciliation

1.8.2.1 Target Resource Reconciliation Rule for Users

The following is the process-matching rule for users:

Rule name: Webex User Recon Rule

Rule element: User Login Equals User Name

In this rule:

• User Login is the User ID field of the Oracle Identity Manager User form.

• User Name is the unique login name for user in target system.

1.8.2.2 Viewing Reconciliation Rules for Target Resource Reconciliation

After you deploy the connector, you can view the reconciliation rules on the Reconciliation Rule Builder form in Oracle Identity Manager Design Console. To view reconciliation rules for target resource reconciliation:

1. Log in to the Oracle Identity Manager Design Console.
2. Expand Development Tools.
3. Double-click Reconciliation Rules.
4. Search for and open the Webex User reconciliation rule.

   Figure 1-2 Reconciliation Rule for Target Resource Reconciliation of Users

   
   Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation of Users"

1.8.3 Reconciliation Action Rules for Target Resource Reconciliation

Reconciliation action rules define that actions the connector must perform based on the reconciliation rules defined for users.

This section provides information related to reconciliation action rules for target resource reconciliation:

• Target Resource Reconciliation Action Rules for Users

• Viewing Reconciliation Action Rules for Target Resource Reconciliation

1.8.3.1 Target Resource Reconciliation Action Rules for Users

Table 1-6 lists the action rules for target resource reconciliation.

Table 1-6 Action Rules for Reconciliation for Target System

Rule Condition	Action
No Matches Found	None
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

1.8.3.2 Viewing Reconciliation Action Rules for Target Resource Reconciliation

You can view reconciliation action rules on the Object Reconciliation tab of a resource object in Oracle Identity Manager Design Console. To view reconciliation action rules for target resource reconciliation:

1. Log in to the Oracle Identity Manager Design Console.
2. Expand Resource Management.
3. Double-click Resource Objects.
4. Search for and open the Webex User resource object.
5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab.
   The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rule for target resource reconciliation.

   Figure 1-3 Reconciliation Action Rule for Target Resource Reconciliation

   
   Description of "Figure 1-3 Reconciliation Action Rule for Target Resource Reconciliation"

1.9 Connector Objects Used During Provisioning

Provisioning involves creating or modifying user data on the target system through Oracle Identity Manager.

This section provides information related to connector objects used during a provisioning operation:

• Provisioning Functions

• User Fields for Provisioning

1.9.1 Provisioning Functions

These are the supported provisioning functions and the adapters that perform these functions for the WebEx connector.

The Adapter column in Table 1-7 provides the name of the adapter that is used when the function is performed.

See Also:

Types of Adapters in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for generic information about process tasks and adapters for generic information about process tasks and adapters

Table 1-7 User Provisioning Functions

Function	Adapter
Create User	adpWEBEXCREATEUSER
Update User	adpWEBEXUPDATEUSER
Delete user	adpWEBEXDELETEUSER
Enable user	adpWEBEXENABLETASK
Disable user	adpWEBEXDISABLETASK

1.9.2 User Fields for Provisioning

The Lookup.Webex.UM.ProvAttrMap lookup definition maps process form fields with WebEx fields. This lookup definition is used for performing user provisioning operations.

In this lookup definition, entries are in the following format:

Code Key: Name of the process form field.

Decode: Name of the target system attribute.

Table 1-8 lists the default entries in this lookup definition.

Table 1-8 Entries in the Lookup.Webex.UM.ProvAttrMap Lookup Definition

Code Key	Decode
Email	Email
First Name	FirstName
Last Name	LastName
Password	__PASSWORD__
Return Id	__UID__
Status	__ENABLE__
TimeZone[LOOKUP]	TimeZoneID
User Name	__NAME__

1.10 Roadmap for Deploying and Using the Connector

The following is the organization of information in the rest of this guide:

• Deploying the WebEx Connector describes procedures that you must perform on Oracle Identity Manager and the target system during each stage of connector deployment.

• Using the WebEx Connector describes guidelines on using the connector and the procedure to configure reconciliation runs and perform provisioning operations.

• Extending the Functionality of the WebEx Connector describes procedures that you can perform if you want to extend the functionality of the connector.

• Known Issues and Workarounds for the WebEx Connector lists known issues and limitations associated with this release of the connector.

• Files and Directories on the WebEx Connector Installation Media lists the files and directories that comprise the connector installation media.