4 Configuring an Application for a Connected Resource By Using the Flat File Connector

Learn about configuring and managing flat files for a connected resource by using the connector.

• Configuring an Application for a Connected Resource

• Managing Flat File Configurations for a Connected Application

4.1 Configuring an Application for a Connected Resource

You can configure a flat file application for a connected resource and load entities into Oracle Identity Governance from the connector package by navigating to the Configure Application screen.

• Navigating to the Configure Application Screen

• Providing Basic Information for a Connected Resource

• Providing Settings Information for a Connected Resource

4.1.1 Navigating to the Configure Application Screen

To navigate to the Configure Application screen, you must log in to Identity Self Service and then choose the Applications box on the Manage tab. Then, on the Applications page, search for and configure the application into which you want to load entities.

1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
2. On the Applications page, search for and select the application into which you want to load entities as follows: For example, search for and select an application named SFApp for the Salesforce connector.
   1. In the Search field, select the Name attribute from the drop-down list and then enter the search criterion.
   2. From the results that are returned in the table, select the application.
3. Click Flat File on the toolbar, and then select Configure.

The Configure Application APP_NAME using Flat File screen with the Basic Information page is displayed. Here, APP_NAME is the name of the application into which you want to load entities.

4.1.2 Providing Basic Information for a Connected Resource

You must provide configuration-related details on the Basic Information page. The connector uses these details while performing reconciliation.

On the Basic Information page, you provide the configuration name, display name and its description, and info that the connector uses during reconciliation. In addition, you can mark an attribute from your flat file as multivalued, add child attributes, and set data types if required.

1. On the Basic Information page, enter values for the following:
   • Configuration Name: Enter a unique name for an application that you want to configure. This is a mandatory field.
   • Display Name: Enter the display name for the application that you are creating. This is a mandatory field.
   • Description: Enter text that describes the application being created. This is an optional field.
   • Parent Application Name: Select the name of the application on which the current application for which you are configuring the flat file has a dependency on. For example, if you are configuring a flat file application for a Microsoft Exchange application, then you must select the Microsoft Active Directory application. This is because the Microsoft Exchange application has a dependency on Microsoft Active Directory application.
2. If you are using a Connector Server, then in the Basic Configuration section, select the name of your connector server.
3. In the Advanced Settings section, enter values for the parameters as required.

   Table 4-1 describes each parameter in the Advanced Settings section.

   Table 4-1 Advanced Settings Parameters for a Connected Resource

   Parameter	Mandatory?	Description
   Connector Name	Yes	This parameter holds the name of the connector class. Default value: org.identityconnectors.flatfile.FlatFileConnector
   Bundle Name	Yes	This parameter holds the name of the connector bundle package. Default value: org.identityconnectors.flatfile
   Bundle Version	Yes	This parameter hods the version of the connector bundle class. Default value: 12.3.0
   textQualifier	Yes	Enter the character which determines the start and end of text in a value. The connector ignores any delimiter within the value qualified by the textQualifier parameter. Default value: "
   fieldDelimiter	Yes	Enter the delimiter for each field in a row. Default value: ,
   subFieldDelimiter	Yes, if your flat file contains complex multivalued fields.	Enter the delimiter that separates each subfield within a multivalued field. Default value: #
   multiValueDelimiter	Yes, if your flat file contains complex multivalued fields.	Enter the delimiter that separates each value in a multivalued field. Default value: ;
   status Enable Mapping	No	Enter the boolean value which denotes that the account is in the enabled status. Oracle Identity Governance requires the status value to be either True or False. If the boolean value you specify for this parameter is anything other than True or False, then the connector internally maps it to True or False. Default value: Enabled
   status Disable Mapping	No	Enter the boolean value which denotes that the account is in the disabled status. Oracle Identity Governance requires the status value to be either True or False. If the boolean value you specify for this parameter is anything other than True or False, then the connector internally maps it to True or False. Default value: Disabled
   System Date Format	No	Enter the format in which date type fields are included in the flat file. Default value: ddmmyy
   flatFileLocation	Yes	Enter the absolute path of the flat file. Sample value: D:\data\ffc\users.csv

   You can also add the following additional attributes depending on your requirement:

   • commentCharacter: Use this to ignore the processing of lines within the flat file that begin with certain characters such as #, $, and so on as described in Configuring the Connector to Ignore Comment Characters.
   • headerRowPresent: Use this to parse CSV files without a header row and set the value of this attribute to false.
4. Click Parse Headers to parse the headers of your flat file.
   The Flat File Schema Properties table is displayed. This table lists all the attributes present in your flat file and their details such as data type, single-valued or multivalued, mandatory and so on.
5. In the Flat File Schema Properties table, select attributes to designate them as Name and UID attributes as follows:
   1. Select the Name column for an attribute that corresponds to a descriptive name of the account in the flat file that the connector uses for performing reconciliation and update provisioning operations. This value corresponds to the __NAME__ attribute of the connector and is used to generate the reconciliation rule.
   2. Select the UID column for an attribute that corresponds to the unique ID of the account. The connector uses this value to uniquely identify user accounts that it needs to fetch during reconciliation. The connector also uses this value to uniquely identify user accounts during update and delete provisioning operations. This value corresponds to the __UID__ attribute of the connector.
   3. (Optional) Select the Status column for an attribute that denotes the status of the account. The connector uses this attribute during provisioning operations to enable or disable user accounts. In addition, the connector uses this attribute to fetch the status of an account during Status reconciliation. This attribute corresponds to the __ENABLE__ attribute of the connector.
6. If required, change the datatype of an attribute by selecting the required value from the Data Type column. By default, the data type of all attributes (including attributes that hold date information) displayed in the Flat File Schema Properties table is String.
7. If you are configuring the flat file for a Target application, then you can mark any attribute as multivalued by selecting the corresponding checkbox in the MVA column, if required.
8. If you are configuring the flat file for a Target application and your flat file contains complex multivalued attributes, then you must add all its child attributes. For example, if the Department attribute is a complex multivalued attribute, then you must add all its child attributes such as Department Name, Department ID, and so on. To do so:
   1. In the MVA column, select the checkbox corresponding to the complex multivalued attribute.
      The corresponding Add Attribute button in the Complex MVA column is enabled.
   2. Click Add Attribute to add its child attributes.
   3. In the text field, enter the child attribute name and then select its datatype from the adjacent drop-down list.
   4. Repeat Steps 8.b and 8.c for adding the rest of the child attributes.
9. Repeat Step 8 for the remaining multivalued attributes in your flat file.
10. Click Apply to apply all the information provided so far.

4.1.3 Providing Settings Information for a Connected Resource

Apart from reviewing the provisioning, reconciliation, and organization settings for your application and customizing them if required, you must specify values for the mandatory parameters of the reconciliation jobs.

The Settings page provides a preview of all settings related to provisioning, reconciliation, and organizations. You can review these settings and customize them if required. On the Reconciliation tab of the Settings page, expand the Reconciliation Jobs section to view the reconciliation jobs that the connector automatically creates after you create a Target or an Authoritative application. At this point, you can delete any reconciliation jobs that you do not want to use. If required, you can also add new reconciliation jobs to meet your requirements.

Ensure that you enter values for the mandatory parameters (marked by the asterisk (*) symbol) of all the reconciliation jobs and then click Apply. A message stating that the flat file configuration was created successfully is displayed.

The following are the reconciliation jobs that will be available for use after the application is created:

• Flat File Full
• Flat File Diff Sync
• Flat File Delete Sync
• Flat File Entitlement
• Flat File Delete

Flat File Full

The Flat File Accounts Loader reconciliation job is used for reconciling accounts from a flat file and creating corresponding accounts in Oracle Identity Governance. Use this reconciliation job for performing a full or incremental reconciliation run.

Table 4-2 describes the parameters of the Flat File Accounts Loader reconciliation job.

Table 4-2 Parameters of the Flat File Accounts Loader Job

Parameter	Description
FlatFile Instance Name	This parameter holds the connector display name that is displayed on the Basic Information page. Default value: Flat File Connector
Flat File directory	Enter the name and complete path to the directory containing the flat file that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Filter	Enter the expression for filtering records that the reconciliation job must retrieve. Sample value: startsWith('email','john') For information about the filters expressions that you can create and use, see ICF Filter Syntax in Developing and Customizing Applications for Oracle Identity Governance.
Incremental Recon Attribute	Enter the name of the flat file column that holds the time stamp at which the record was last modified. The value in this attribute is used during incremental reconciliation to determine the newest or latest record reconciled from the flat file. Sample value: LastUpdated
Latest Token	This parameter holds the value of the Incremental Recon Attribute. Note: The reconciliation engine automatically enters a value for this attribute after execution. It is recommended that you do not change the value of this attribute. If you manually specify a value for this attribute, then the connector reconciles only user accounts that have been modified after the time stamp specified as the value of this parameter. If you want to perform a full reconciliation run, then clear the value in this field.
Scheduled Task Name	This parameter holds the name of the scheduled job. Default value: Flat File Accounts Loader

Flat File Diff Sync

The Flat File Accounts Diff Sync Reconciliation job is used for performing diff-based reconciliation.

This reconciliation job compares the two flat files and returns the deleted accounts alone. This reconciliation job is used to detect deleted accounts from flat files for enterprise target systems that do not support the export of only the deleted accounts. The following are the two flat file directories that are the input for these scheduled jobs:

• Previous Flat File directory

  This is the flat file containing all the accounts before delete.

• Current Flat File directory

  This is the flat file that is exported from the enterprise target system after accounts have been deleted in the enterprise target system.

When you run this reconciliation job, the connector will detect the accounts that are missing in the current flat file by comparing them with the accounts in the previous flat file, and will generate delete reconciliation events only for the missing accounts.

Table 4-3 describes the parameters of the Flat File Accounts Diff Sync Reconciliation job.

Table 4-3 Parameters of the Flat File Accounts Diff Sync Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the connector display name that is displayed on the Basic Information page. Default value: Flat File Connector
Previous Flat File directory	Enter the name and complete path of the flat file directory that contains the records from the enterprise target system that were present previously.
Current Flat File directory	Enter the name and complete path of the flat file directory that contains the current records from the enterprise target system.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Sync Token	If you are using this reconciliation job for the first time, do not specify a value for this parameter. For subsequent runs, the reconciliation engine automatically enters a value for this parameter. Sample value: <String>123454502019<String>
Scheduled Task Name	This parameter holds the name of the scheduled job. Default value: Flat File Accounts Diff Sync Reconciliation

Flat File Delete Sync

The Flat File Accounts Delete Sync Reconciliation job is used to perform a delete reconciliation run.

If you want to perform a filtered delete reconciliation run based on any field in the flat file, then specify a value for the following attributes of the scheduled job:

• Delete Attribute

• Delete Attribute Value

If you do not specify a value for the preceding attributes, then all the records in the flat file are considered as deleted records.

Table 4-4 describes the parameters of the Flat File Accounts Delete Sync Reconciliation job.

Table 4-4 Parameters of the Flat File Accounts Delete Sync Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the connector display name that is displayed on the Basic Information page. Default value: Flat File Connector
Flat File directory	Enter the name and complete path to the directory containing the flat file that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Delete Attribute	Enter the name of the column in the flat file that represents whether an account is deleted or not. Enter a value for this attribute if you want to perform filtered delete reconciliation. Default value: None Sample value: isDeleted
Delete Attribute Value	Enter the value that is mentioned in the column that specifies whether an account is deleted. This column is the value that you specified as the value of the Delete Attribute parameter. Sample value: Yes
Sync Token	If you are using this schedule job for the first time, do not specify a value for this attribute. For subsequent runs, the reconciliation engine automatically enters a value for this attribute. Sample value: <String>123454502019<String>
Scheduled Task Name	This parameter holds the name of the scheduled job. Default value: Flat File Accounts Delete Sync Reconciliation

Flat File Entitlement

The Flat File Entitlements Loader reconciliation job is used to reconcile both lookup values and entitlements from a flat file.

In addition to reconciling the lookups from a flat file, this reconciliation job also adds the entitlements for lookups that are associated with an Entitlement, and synchronizes the catalog with the entitlements automatically. The Flat File Entitlements Loader reconciliation job also supports full and incremental reconciliation of lookup values and entitlements.

Table 4-5 describes the parameters of the Flat File Entitlements Loader reconciliation job.

Table 4-5 Parameters of the Flat File Entitlements Loader Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the connector display name that is displayed on the Basic Information page. Default value: Flat File Connector
Flat File directory	Enter the name and complete path to the directory containing the flat file for your entitlements that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Lookup Name	Enter the name of the lookup definition into which the connector must load all the values fetched from the flat file for entitlements. Note: The name of this lookup definition must be the same as the one that you specified on the Schema page for Entitlement lookup. Sample value: Lookup.FlatFile.Entitlements
Code Key Attribute	Enter the name of the flat file attribute whose values you want to populate into the Code Key column the of lookup definition specified as the value of the Lookup Name parameter.
Decode Attribute	Enter the name of the flat file attribute whose values you want to populate into the Decode column of the lookup definition specified as the value of the Lookup Name parameter.
Mode	Enter the mode in which the job must run. The possible value for this parameter are: Entitlement - Use this value to perform entitlement lookup reconciliation. For example, to perform group or roles lookup field synchronization. Full - Use this value to reconcile all user accounts from your flat file. In other words, use this to perform a full reconciliation. Delete - Use this value to delete all revoked user accounts. Default value: Full
Is Entitlement?	Enter true if the lookup definition is linked to an Entitlement field (for example, Roles). Enter false if the lookup name in the flat file is a plain lookup field (for example, Languages). This flag will decide if the ENT_LIST and Catalog should be updated with the lookup values. Default value: true

Flat File Delete

The Flat File Accounts Delete Reconciliation job is used to reconcile data about deleted accounts. During a reconciliation run, for each account deleted on the enterprise target system, the corresponding OIG account is deleted.

Use this reconciliation job if you cannot export flat files containing only a list of deleted accounts, but can periodically export flat files containing all accounts in the enterprise target system.

Note:

This process is resource consuming as Oracle Identity Governance has to verify all the records from the flat file and compare it with existing records to identify whether each record has been deleted or not.

Table 4-6 describes the parameters of the Flat File Accounts Delete Reconciliation job.

Table 4-6 Parameters of the Flat File Accounts Delete Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the connector display name that is displayed on the Basic Information page. Default value: Flat File Connector
Flat File directory	Enter the name and complete path to the directory containing the flat file that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.

4.2 Managing Flat File Configurations for a Connected Application

You can edit any flat file configuration that you have created for a connected application by using the Manage option for Flat Files.

See Managing Flat File Configurations in Performing Self Service Tasks with Oracle Identity Governance for more information.