1. Administration Guide
  2. Manage sites, groups, and users
  3. Manage users
  4. User migration in Oracle Identity Cloud Service (IDCS)
  5. Validation, comparison reports and how to take corrective action

Validation, comparison reports and how to take corrective action

The validation report is run before and after import. This is done to help understand and mitigate if there are any issues with the CSV files, for example if any mandatory fields are missing.

In the case of a new migration, the Source represents the .CSV files that are prepared by the user and the Target is represented by the IDCS users and groups. In case of upgrade, the Source is the IDM users and groups and the Target is the IDCS users and groups.

The validation and comparison of users .CSV and groups .CSV files provides the following information:

User Summary

In the User Summary section of the report, you can find the following information:

The total number of:
  • Users
  • Active users
  • In-active users
  • Federated users
  • Non-federated users
  • Admin users
  • Deleted users

User Mandatory Check

If there are any mandatory fields missing, the User Mandatory check section provides the following information:
Mandatory Checks
==========================================
Missing Work Email for User ID <username1>, at row 3
Missing User Last name for User ID <username2>, at row 4

Note:

If the above errors are not resolved, then the import fails for the specified users.
If all user entries from the CSV files have all the mandatory fields populated, then the below message is displayed in the Mandatory Checks section: 
Mandatory Checks
==========================================
All mandatory columns are present in Groups.csv. NO ACTION REQUIRED

Validating User Type

IDCS supports specified user types only. If any of the user employee type is not set as per the IDCS standards, then the Validating User Type section displays the following warning message:

Validating User Type
======================
User Type "Consultant" is not supported by IDCS. User ID xxx, Row 1 
User Type "CWK" is not supported by IDCS. User ID xxxxxx , Row 3 
User Type "NONW" is not supported by IDCS. User ID xxxxxxxxx , Row 4 
User Type "OTHER" is not supported by IDCS. User ID xxxxxxxx , Row 5

Note:

If the above errors are not resolved, then the import fails for the specified users.
If all user entries from the CSV files match the IDCS standards, then the following message is displayed:
All User Type are supported by IDCS. NO ACTION REQUIRED.

Validate Bypass Notification

This section features details for the following scenarios:
  • When an inactive user's bypass notification is set to False.
  • When a federated user's bypass notification is set to False.

The following message is displayed:

Validate Bypass Notification
=============================
At row 4, for User ID xxxxxxxxx, ACTIVE is FALSE but BYPASS NOTIFICATION is TRUE
If there are no issues with the bypass notification, then the following message is displayed:
Bypass notification is correctly marked. NO ACTION REQUIRED.

Validate User ID

The user ID is required to adhere to the IDCS standards. If all users are compliant, then the following message is displayed:
Validate User ID
================
User ID conforms with IDCS User ID standards. NO ACTION REQUIRED.

Validate Active/Federated/Bypass Notification

If the active, federated and bypass notifications have any other value other than True or False set, then the following message is displayed in this section:
Validate Active/Federated/Bypass Notification  
==============================================
Column Active/Federated/Bypass only has 'true/false' value. NO ACTION REQUIRED.

Admin users

This section displays the CDA Admin users from IDM in case of upgrade.

Note:

In case of upgrade, the user assigns the relevant groups to the Admin users listed in this section. 
Admin users
============
User_test3@gmail.com
custuser3@abc.com
custuser4@abc.com

Note:

Post-import, you are required to assign appropriate admin groups to the above users.

Deleted users

In case of upgrade, this section displays the deleted users from the IDM Source as follows:
Deleted users
==============
deleteduser2@gmail.com
Note: Deleted users will not be imported in IDCS.

IDM Source/IDCS Target User Difference Report

This section displays the difference between the Source and Target Users, together with the difference in their attributes:
+-----------+-------------+--------------------+-------------------+
| User Name | Field       | Source Value       | Target Value      |                                    
+-----------+-------------+--------------------+-------------------+
|user_dev1  | User Type   | OTHER              | Employee          |
|user_val20 | Display Name| custuser4@abc.com  | cust user4        |   
|user_prod4 | Mobile No   |                    | xxxxxxxxx         |
+-----------+-------------+--------------------+-------------------+

User available in Source but missing in Target

This section displays the users that are available in Source but not in Target:

+---------------------------------------+
| User Name                             |
+---------------------------------------+
| a6888@abc.com                         |
| buser_perf_test100                    |
| john.smith@abc.com                    |
+---------------------------------------+

User available in Target but missing in Source

This section displays the users that are available in Target but not in Source:

+---------------------------------------+
| User Name                             |
+---------------------------------------+
| dikffj@abc.com                        |
| perf_user1                            |
| tech_user@edrg.com                    |
+---------------------------------------+

Actions users can perfom

The user is required to update the mandatory fields wuth the required information. Similarly, various other fields require validation and the report marks the fields that don't comply.

The reports also provides prompts so that the user knows what corrective action is needed. The same corrective method is followed for group associations.

In the validation report, the following columns are mandatory:
  • User ID
  • Last Name
  • First Name
  • Work Email
  • Primary email Type
  • User Type
  • Active
  • Bypass Notification
  • Federated

The user updated the .CSV as per the corrective action displayed in the report and then send the files back to AMS for import.

Once the user confirms the report, then the user approves the import of .CSV files and AMS imports the .CSV files into IDCS.

Comparison report

In this report, you can see a comparison between the information from the already imported users and groups in IDCS. This comparison reports contains the following sections:
  • Source / Target User Difference Report
  • Users available in Source, but missing in Target
  • Users available in Target, but missing in Source
  • User Role Association Difference Report
  • Admin User Role Association Difference Report
  • Deleted Users in the Target

    Note:

    Source refers to IDCS and Target refers to the CSV files.

Parent topic: User migration in Oracle Identity Cloud Service (IDCS)