2. Oracle FLEXCUBE - Oracle Identity Manager Inter­face

The Oracle FLEXCUBE - Oracle Identity Manager Interface helps in integrating the two systems for user provisioning and de-provisioning services.

Oracle Identity Manager (OIM) automates user provisioning, identity administration, and password management. OIM manages the entire life cycle of user identities and entitlements and helps to control user access across all resources in the organization.

This chapter contains the following sections:

• Section 2.1, "Oracle FLEXCUBE - Oracle Identity Manager Integration"
• Section 2.2, "Integration Deployment Configuration"
• Section 2.3, "Operations for Identity Management "
• Section 2.4, "Interface Attributes"
• Section 2.5, "Interface Maintenances "

2.1 Oracle FLEXCUBE - Oracle Identity Manager Integra­tion

The integration between Oracle FLEXCUBE and Oracle Identity Manager is done via a Generic Technology Connector (GTC). The GTC provides for provisioning and reconciliation tasks via the following components:

• For Reconciliation
  • Reconciliation Transport Provider moves the reconciled data from Oracle FLEXCUBE into OIM.
  • Reconciliation Format Provider converts the message received from Oracle FLEXCUBE into a format understandable by OIM.
  • Validation Provider validates data received from Oracle FLEXCUBE before passing it on to OIM.

• For Provisioning
  • Provisioning Format Provider (Service Provisioning Markup Language) converts the provisioning data from OIM into a format understood by Oracle FLEXCUBE.
  • Provisioning Transport Provider (web service) carries the provisioning message received from the Provisioning Format Provider to the Oracle FLEXCUBE.

For sample GTC configurations refer Annexure A.

2.2 Integration Deployment Configuration

The OIM- Oracle FLEXCUBE integration is designed to follow a Provisioning and Reconciliation deployment configuration. In this kind of deployment configuration the Oracle Identity Manager performs both provisioning and reconciliation tasks.

The tasks performed by OIM in this deployment configuration are as follows:

• Provisioning tasks of OIM are the creation, maintenance, and deletion of accounts on the Oracle FLEXCUBE system.
• Reconciliation task of OIM is to periodically update the data it maintains with regard to Oracle FLEXCUBE using the data from Oracle FLEXCUBE.

 

2.3 Operations for Identity Management

You can have certain operations regarding User Identity Management using the OIM GTC. The requests for these operations are sent from OIM GTC and are as follows:

• Add request – For creating a New User Record in Oracle FLEXCUBE
• Modify request – For modifying the existing User Record in Oracle FLEXCUBE
• Suspend request - For closing the respective User record in Oracle FLEXCUBE
• Resume request – For Reopening the Respective User record in Oracle FLEXCUBE
• Delete request – For closing the Respective User record in Oracle FLEXCUBE
• Set Password Request – For changing the Password of the respective user in Oracle FLEXCUBE

2.4 Interface Attributes

This section contains the following topics:

• Section 2.4.1, "Data for User Provisioning"
• Section 2.4.2, "Data for Reconciliation"

OIM GTC is used for both user provisioning/de-provisioning services and for reconciliation in Oracle FLEXCUBE.

For user provisioning and de-provisioning services the Oracle FLEXCUBE Gateway user upload services is used. Reconciliation is done using the ‘SMBOIMHF’ EOD activity in Oracle FLEXCUBE.

Note

If the Logging Enable property has been selected, then a log file containing OIM request and response with corresponding message id will be maintained in location defined by you.

Note

OIM- Oracle FLEXCUBE integration will remain functional with or without the Oracle FL­EXCUBE Single Sign on mode.

For sample GTC configurations refer to Annexure A.

2.4.1 Data for User Provisioning

The data sent from OIM to Oracle FLEXCUBE for user provisioning will contain only the following:

• Mandatory fields for the creation of users in Oracle FLEXCUBE
• External user reference identification containing the OIM id for a user

The data sent from OIM to Oracle FLEXCUBE for user provisioning is illustrated below.

2.4.1.1 Collecting Data for User Provisioning

The data for provisioning is collected from the OIM user creation form. The fields to be collected - such as User ID, User Name and User Password – are defined in the ‘Provisioning form for Oracle FLEXCUBE GTC’.

 

The ‘Provisioning form for Oracle FLEXCUBE GTC’ is filled up by the OIM Administrator. OIM Administrator uses Direct Provisioning to provision Oracle FLEXCUBE to any OIM user.

The Field values like Name, Password, and User Id in the provisioning data form shall be pre-populated from the OIM user maintenance form.

2.4.1.2 Provisioning Process Flow

The Provisioning process flow is illustrated in the diagram shown below.

2.4.2 Data for Reconciliation

The data for reconciliation contains the same set of mandatory fields used for user provisioning.

2.4.2.1 Reconciliation File Handoff

The EOD activity ‘SMBOIMHF’ creates the handoff file for reconciliation. The handoff file will be in CSV (Comma Separated Values) format.

Handoff File Name

The Handoff file name has two parts which are:

• Prefix – SMOIMHOFF
• Suffix – the current date in rrrr-MM-dd format

Handoff File Format

The Handoff file will be in Comma Separated Values (CSV) format and will contain the following:

• First Line - ##FC UBS user data rrrr-MM-dd
• Second line contains comma separated column names
• Third line onwards has the corresponding column values

Sample Handoff file

##FC UBS user data 2008-05-06

USERID,USERNAME,USERPASSWORD,TIMELEVEL,HOMEBRANCH,STARTDATE,USERLANGUAGE

TESTUSER1,TEST USER, 56A04A86FADBA54D2AD649D98E3FB63F,9,CHO,31-DEC-07,ENG

TESTUSER2,TEST USER, 3FE06AFE34C9A53E0320E74E43FB3F45,9,CHO,31-DEC-07,ENG

:

2.4.2.2 Reconciliation Process Flow

The Reconciliation process flow is illustrated in the diagram shown below.

2.5 Interface Maintenances

You have to perform the following maintenances for the OIM – Oracle FLEXCUBE Interface.

This section contains the following topics:

• Section 2.5.1, "Maintaining an External Source"
• Section 2.5.2, "Maintaining OIM Admin User"

2.5.1 Maintaining an External Source

For processing OIM requests, a source named IDM is maintained in Oracle FLEXCUBE. This source has access to Oracle FLEXCUBE Gateway user upload services.

The external source can be maintained in the ‘External System Detailed’ screen. Invoke this screen from under Gateway – External System in the Application Browser.

2.5.2 Maintaining OIM Admin User

You must maintain an ‘OIM Admin User’ in Oracle FLEXCUBE to serve as Maker Id for user provisioning and de-provision. You can maintain the OIM Admin User reference in the ‘External Identifier’ field.

The ‘External Identifier’ field is available in the ‘User Maintenance’ screen where you can maintain other details of the Oracle FLEXCUBE User as well.