Note:

Transform Inbound Data Ingested from an Authoritative Source into Oracle Access Governance Cloud Service

Introduction

In today’s dynamic business environment, organizations often rely on multiple systems to manage employee information. Consider a scenario where a company uses an external human resources (HR) system as its authoritative source for employee data, while leveraging Oracle Access Governance Cloud Service to manage access controls across various applications. To ensure seamless integration between these systems, it is crucial to transform and map data from the HR system to align with your business requirements.

For example, an organization may have multiple job roles defined in its HR system, such as Software Engineer III or For example, an organization may have multiple job roles defined in its HR system, such as Software Engineer III or Senior Analyst - Finance. However, downstream systems might require standardized role mappings like L3_Engineer or Sr_Finance_Analyst to enforce access policies. Additionally, the HR system might store employment types as FTE (Full-Time Employee) and CWR (Contingent Worker), while Oracle Access Governance expects Full-Time and Contractor. Through data transformation rules, businesses can apply logic to normalize job roles, convert employment types, and even concatenate multiple attributes (e.g., department + role) to create custom access profiles that drive automated provisioning.

In this tutorial, we will apply similar transformation rules to compute an attribute ldapdn based on a user’s name, employment type, department, location, and the domain name. This will ensure a structured and standardized format for identity records, enabling seamless integration with directory services and access management policies.

Audience

Oracle Access Governance Cloud Service Administrators and Application Developers.

Objectives

Prerequisites

Task 1: Upload an Identity File to OCI Object Storage

In this task, we will upload a CSV file to OCI Object Storage to onboard a few users in Oracle Access Governance Cloud Service.

  1. Log in to the OCI Console, navigate to Storage, Buckets and click Object Storage & Archive Storage.

  2. Ensure to select the bucket where your files are located and expand the folder to view files.

  3. Download the identity file : IDENTITY-transform.csv and upload it to the bucket folder : <ServiceInstanceName/OrchestratedSystemName/inbox/IDENTITY>.

    Note:

    • Since the data synchronization process is a full data load, existing files in the inbox folder must remain unchanged.
    • The CSV file above contains four users with sample username and email values. If you have existing users with these username and email values, you can update the values to something that does not already exist.

Task 2: Perform a Data Load in Oracle Access Governance Cloud Service

In this task, we will perform a data load in Oracle Access Governance Cloud Service to onboard users from the flat file.

  1. Log in to Oracle Access Governance Cloud Service, navigate to Service Administration and click Orchestrated Systems.

  2. Locate the orchestrated system for flat file, click the three-dots (⋮) icon and select Manage Integration.

  3. Click Load data now and wait for the data load to complete. Click Show me the activity logs to validate the data load status.

    Perform data load

Task 3: Activate Users in Oracle Access Governance Cloud Service

In this task, we will activate the users in Oracle Access Governance Cloud Service.

  1. Go to Oracle Access Governance Cloud Service, navigate to Service Administration and click Manage Identities.

  2. Click Active and Included named identities.

  3. Click on each user to activate them. Click Save and Confirm.

    Note: If you have a long list of users, you can search for the user by providing username in the search bar, say, ACLARK. From the search results, select the user and click Save. Repeat the process for the other users.

    Activate Identities

  4. At this point, you have synced the users without any data transformation. To view a user’s complete profile, navigate to Service Administration and click Identities. Click the three-dots (⋮) icon and View details for a user and then click Identity attributes to view the user’s profile attributes.

    User profile - Alice Clark

    User profile - Diana Price

Task 4: Add a Custom Attribute in the Schema File

In this task, we will add a custom attribute in the identity schema file.

  1. Go to the OCI Console and navigate to the bucket for the flat file.

  2. Download the identity schema file IDENTITY.json residing in the folder <ServiceInstanceName/OrchestratedSystemName/schema>. If not customized previously, the default schema file should have the following content:

    Identity Schema file

  3. Download the file and add a new row for a custom attribute ldapdn. The modified schema file should have the following content:

    Customized Identity Schema file

  4. Re-upload the file. DO NOT rename the schema file; ensure it remains as IDENTITY.json.

Task 5: Fetch the Custom Attribute in Oracle Access Governance Cloud Service

In this task, we will fetch the custom attribute added in Task 4.

  1. Go to Oracle Access Governance Cloud Service, navigate to Service Administration and click Identity Attributes.

  2. Click Custom and Fetch attributes. Ensure to select the Flat file orchestrated system, if not populated automatically and click Fetch. It might take a couple of minutes for the attribute to be synchronized.

    Fetch Attribute - I

  3. Once the ldapdn attribute is synchronized, click the three dots (:) icon and click Edit.

  4. Select Include in Identity Details, click Apply and Save.

    Fetch Attribute - II

    If you view a user’s profile, you should see the ldapdn attribute. At this stage, the attribute appears but remains unpopulated since no transformation rule has been applied.

    User profile - Alice Clark

Task 6: Apply the Transformation Rule in Oracle Access Governance Cloud Service

In this task, we will apply the transformation logic to the custom attribute in Oracle Access Governance Cloud Service.

  1. Go to Oracle Access Governance Cloud Service, navigate to Service Administration and click Orchestrated Systems.

  2. Locate the orchestrated system for flat file, click the three-dots (⋮) icon and select Manage Integration.

  3. Under Inbound data transformations, click Manage and Add attribute rule.

  4. Select Authoritative source as Configuration mode and select ldapdn as the attribute. Enter the following rule in the rule window.

    if (user.getFullName() != null) {
   if (user.getFullName().getFamilyName() != null &&
      user.getFullName().getGivenName() != null &&
      user.getUserType() != null &&
      user.getAddresses()[0].getCountry() != null &&
      user.getDepartment() != null) {

      if (user.getUserType().toUpperCase() == "FULL-TIME") {
            "CN=" + user.getFullName().getGivenName() + " " + user.getFullName().getFamilyName() +
            ", OU=Employees, OU=" + user.getAddresses()[0].getCountry() +
            ", OU=" + user.getDepartment() +
            ", DC=example, DC=com";
      } else {
            "CN=" + user.getFullName().getGivenName() + " " + user.getFullName().getFamilyName() +
            ", OU=Non-Employees, OU=" + user.getAddresses()[0].getCountry() +
            ", OU=" + user.getDepartment() +
            ", DC=example, DC=com";
      }
   }
}

  5. Click Validate. Upon successful validation, click Add.

    Apply transformation rule

Task 7: Validate the Data Transformation by Running the Data Load

In this task, we will run the data load and validate the transformed attribute value.

  1. Go to Oracle Access Governance Cloud Service, navigate to Service Administration and under Who has access to what, click Enterprise-wide browser.

  2. Select Identities.

  3. Click View details for any of the previous users and then click Identity attributes.

  4. Notice that the attribute ldapdn is populated based on the transformation logic supplied.

    Diana Price - with 'ldapdn' populated

  5. Optionally, validate ldapdn value for other users.

In this tutorial, we learned how to add custom attributes from a flat file authoritative source in Oracle Access Governance Cloud Service. We explored how to retrieve the custom attribute definition seamlessly within the platform and configured a data transformation rule to standardize attribute values. Finally, we validated the transformed attribute values to ensure accuracy and compliance with business requirements.

Next Steps

Following this tutorial, you can extend your implementation by defining additional transformation rules tailored to your organization’s data policies. You can configure both inbound and outbound rules for validation, enrichment, and formatting to align identity attributes with downstream systems. This flexibility ensures data consistency and compliance, even when direct modifications to the source data are not feasible.

For further refinement, consider integrating advanced transformation logic, implementing conditional rules, or automating workflows to enhance efficiency and governance.

Acknowledgments

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.