2 Creating an Application By Using the Database User Management Connector

Learn about onboarding applications using the connector and the prerequisites for doing so.

• Process Flow for Creating an Application By Using the Connector

• Prerequisites for Creating an Application Database User Management Connector

• Creating an Application By Using the Connector

2.1 Process Flow for Creating an Application By Using the Connector

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.

Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.

Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector

Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"

2.2 Prerequisites for Creating an Application Database User Management Connector

Learn about the tasks that you must complete before you create the application.

• Downloading the Connector Installation Package

• Copying Third-Party JAR Files

• Creating a Target System User Account for Database User Management Connector Operations

2.2.1 Downloading the Connector Installation Package

You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.

To download the connector installation package:

1. Navigate to the OTN website at http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html.
2. Click OTN License Agreement and read the license agreement.
3. Select the Accept License Agreement option.
   You must accept the license agreement before you can download the installation package.
4. Download and save the installation package to any directory on the computer hosting Oracle Identity Governance.
5. Extract the contents of the installation package to any directory on the computer hosting Oracle Identity Governance. This creates a directory named CONNECTOR_NAME-RELEASE_NUMBER.
6. Copy the CONNECTOR_NAME-RELEASE_NUMBER directory to the OIG_HOME/server/ConnectorDefaultDirectory directory.

2.2.2 Creating a Target System User Account for Database User Management Connector Operations

Oracle Identity Governance requires a target system user account to access the target system during reconciliation and provisioning operations. Depending on the target system you are using, you can create the user in your target system and assign specific permissions and roles to the user.

You provide the credentials of this user account as part of Basic Configuration Parameters for Oracle Database or Basic Configuration Parameters for MySQL while creating an application.

See Also:

Target system documentation for detailed information about creating the user

• For Oracle Database:

  1. Create Login using the following query:

     CREATE USER serviceuser IDENTIFIED BY password 
     DEFAULT TABLESPACE users
     TEMPORARY TABLESPACE temp QUOTA UNLIMITED ON users;
     

  2. Assign the following permissions and roles to the created user:

     • GRANT CONNECT TO serviceuser;

     • GRANT SELECT on dba_role_privs TO serviceuser;

     • GRANT SELECT on dba_sys_privs TO serviceuser;

     • GRANT SELECT on dba_ts_quotas TO serviceuser;

     • GRANT SELECT on dba_tablespaces TO serviceuser;

     • GRANT SELECT on dba_users TO serviceuser;

     • GRANT CREATE USER TO serviceuser;

     • GRANT ALTER ANY TABLE TO serviceuser;

     • GRANT GRANT ANY PRIVILEGE TO serviceuser;

     • GRANT GRANT ANY ROLE TO serviceuser;

     • GRANT DROP USER TO serviceuser;

     • GRANT SELECT on dba_roles TO serviceuser;

     • GRANT SELECT ON dba_profiles TO serviceuser;

     • GRANT ALTER USER TO serviceuser;

     • GRANT CREATE ANY TABLE TO serviceuser;

     • GRANT DROP ANY TABLE TO serviceuser;

     • GRANT CREATE ANY PROCEDURE TO serviceuser;

     • GRANT DROP ANY PROCEDURE TO serviceuser;

• For MySQL:

  1. Create a user using the following query:

     CREATE USER serviceuser IDENTIFIED BY 'password';

  2. Assign the following permissions and roles to the created user using the following query:

     GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER ON *.* TO 'serviceuser';

2.2.3 Copying Third-Party JAR Files

These are the drivers that the connector requires to establish a connection with the target system.

• If you are using Oracle database as the target system, then there is no need to copy any JAR files.
• If you are using MySQL as the target system, then copy the mysql-connector-java-5.1.20-bin.jar file to the /ConnectorDefaultDirectory/targetsystems-lib/DBUM-RELEASE_NUMBER. directory.

2.3 Creating an Application By Using the Connector

You can onboard an application into Oracle Identity Governance from the connector package by creating a Target application or Authoritative applictaion. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

The following is the high-level procedure to create an application by using the connector:

Note:

For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

1. Create an application in Identity Self Service. The high-level steps are as follows:
   1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
   2. Ensure that the Connector Package option is selected when creating an application.
   3. Update the basic configuration parameters to include connectivity-related information.
   4. If required, update the advanced setting parameters to update configuration entries related to connector operations.
   5. Review the default user account attribute mappings. If required, add new attributes or you can edit or delete existing attributes.
   6. Review the provisioning, reconciliation, organization, and catalog settings for your application and customize them if required. For example, you can customize the default correlation rules for your application if required.
   7. Review the details of the application and click Finish to submit the application details.
      The application is created in Oracle Identity Governance.
   8. When you are prompted whether you want to create a default request form, click Yes or No.
      If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. The default form cannot be modified later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.
2. Verify reconciliation and provisioning operations on the newly created application.

See Also:

• Configuring the Database User Management Connector for Oracle Database or Configuring the Database User Management Connector for MySQL for details on basic configuration and advanced settings parameters, default user account attribute mappings, default correlation rules, and reconciliation jobs that are predefined for this connector

• Configuring Oracle Identity Governance for details on creating a new form and associating it with your application, if you chose not to create the default form.