Validation, comparison reports and how to take corrective action
The validation report is run before and after import. This is done to help understand and mitigate if there are any issues with the CSV files, for example if any mandatory fields are missing.
In the case of a new migration, the Source represents the .CSV files that are prepared by the user and the Target is represented by the IDCS users and groups. In case of upgrade, the Source is the IDM users and groups and the Target is the IDCS users and groups.
The validation and comparison of users .CSV and groups .CSV files provides the following information:
User Summary
In the User Summary section of the report, you can find the following information:
- Users
- Active users
- In-active users
- Federated users
- Non-federated users
- Admin users
- Deleted users
User Mandatory Check
Mandatory Checks
==========================================
Missing Work Email for User ID <username1>, at row 3
Missing User Last name for User ID <username2>, at row 4
Note:
If the above errors are not resolved, then the import fails for the specified users.Mandatory Checks
==========================================
All mandatory columns are present in Groups.csv. NO ACTION REQUIRED
Validating User Type
IDCS supports specified user types only. If any of the user employee type is not set as per the IDCS standards, then the Validating User Type section displays the following warning message:
Validating User Type
======================
User Type "Consultant" is not supported by IDCS. User ID xxx, Row 1
User Type "CWK" is not supported by IDCS. User ID xxxxxx , Row 3
User Type "NONW" is not supported by IDCS. User ID xxxxxxxxx , Row 4
User Type "OTHER" is not supported by IDCS. User ID xxxxxxxx , Row 5
Note:
If the above errors are not resolved, then the import fails for the specified users.All User Type are supported by IDCS. NO ACTION REQUIRED.
Validate Bypass Notification
- When an inactive user's bypass notification is set to False.
- When a federated user's bypass notification is set to False.
The following message is displayed:
Validate Bypass Notification
=============================
At row 4, for User ID xxxxxxxxx, ACTIVE is FALSE but BYPASS NOTIFICATION is TRUE
Bypass notification is correctly marked. NO ACTION REQUIRED.
Validate User ID
Validate User ID
================
User ID conforms with IDCS User ID standards. NO ACTION REQUIRED.
Validate Active/Federated/Bypass Notification
Validate Active/Federated/Bypass Notification
==============================================
Column Active/Federated/Bypass only has 'true/false' value. NO ACTION REQUIRED.
Admin users
Note:
In case of upgrade, the user assigns the relevant groups to the Admin users listed in this section.Admin users
============
User_test3@gmail.com
custuser3@abc.com
custuser4@abc.com
Note:
Post-import, you are required to assign appropriate admin groups to the above users.Deleted users
Deleted users
==============
deleteduser2@gmail.com
Note: Deleted users will not be imported in IDCS.
IDM Source/IDCS Target User Difference Report
+-----------+-------------+--------------------+-------------------+
| User Name | Field | Source Value | Target Value |
+-----------+-------------+--------------------+-------------------+
|user_dev1 | User Type | OTHER | Employee |
|user_val20 | Display Name| custuser4@abc.com | cust user4 |
|user_prod4 | Mobile No | | xxxxxxxxx |
+-----------+-------------+--------------------+-------------------+
User available in Source but missing in Target
This section displays the users that are available in Source but not in Target:
+---------------------------------------+
| User Name |
+---------------------------------------+
| a6888@abc.com |
| buser_perf_test100 |
| john.smith@abc.com |
+---------------------------------------+
User available in Target but missing in Source
This section displays the users that are available in Target but not in Source:
+---------------------------------------+
| User Name |
+---------------------------------------+
| dikffj@abc.com |
| perf_user1 |
| tech_user@edrg.com |
+---------------------------------------+
Actions users can perfom
The user is required to update the mandatory fields wuth the required information. Similarly, various other fields require validation and the report marks the fields that don't comply.
The reports also provides prompts so that the user knows what corrective action is needed. The same corrective method is followed for group associations.
- User ID
- Last Name
- First Name
- Work Email
- Primary email Type
- User Type
- Active
- Bypass Notification
- Federated
The user updated the .CSV as per the corrective action displayed in the report and then send the files back to AMS for import.
Once the user confirms the report, then the user approves the import of .CSV files and AMS imports the .CSV files into IDCS.
Comparison report
- Source / Target User Difference Report
- Users available in Source, but missing in Target
- Users available in Target, but missing in Source
- User Role Association Difference Report
- Admin User Role Association Difference Report
- Deleted Users in the Target
Note:
Source refers to IDCS and Target refers to the CSV files.
Parent topic: User migration in Oracle Identity Cloud Service (IDCS)