Creating an Application for a Disconnected Resource By Using the Flat File Connector

3 Creating an Application for a Disconnected Resource By Using the Flat File Connector

Learn about onboarding applications for a disconnected resource by using the connector.

You can onboard an application for a disconnected resource into Oracle Identity Governance from the connector package by creating a Target application or an Authoritative application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

3.1 Navigating to the Create Application Screen for a Disconnected Resource

To navigate to the Create Application screen, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
On the Applications page, click the Create menu on the toolbar, and then select one of the following options:
- Target - to create a Target application.
- Authoritative - to create an Authoritative application.

The Create Application screen with the Basic Information page is displayed .

3.2 Providing Basic Information for a Disconnected Resource

You must provide configuration-related details on the Basic Information page. The connector uses these details while performing reconciliation.

On the Basic Information page, you provide the application details and configuration info that the connector uses during reconciliation. In addition, you can mark an attribute from your flat file as multivalued, add child attributes, and set data types if required.

On the Basic Information page, ensure that the Connector Package option is selected.
From the Select Bundle drop-down list, select Flat File Connector 12.2.1.3.0.
Enter the Application Name, Display Name, and Description for the application.
If you are using a Connector Server, then in the Basic Configuration section, select the name of your connector server.

In the Advanced Settings section, enter values for the parameters as required.

Table 3-1 describes each parameter in the Advanced Settings section.

Table 3-1 Advanced Settings Parameters for a Disconnected Resource

Parameter	Mandatory?	Description
Connector Name	Yes	This parameter holds the name of the connector class. Default value: `org.identityconnectors.flatfile.FlatFileConnector`
Bundle Name	Yes	This parameter holds the name of the connector bundle package. Default value: `org.identityconnectors.flatfile`
Bundle Version	Yes	This parameter hods the version of the connector bundle class. Default value: `12.3.0`
textQualifier	Yes	Enter the character which determines the start and end of text in a value. The connector ignores any delimiter within the value qualified by the textQualifier parameter. Default value: `"`
fieldDelimiter	Yes	Enter the delimiter for each field in a row. Default value: `,`
subFieldDelimiter	Yes, if you are creating a Target application and your flat file contains complex multivalued fields.	Enter the delimiter that separates each subfield within a multivalued field. Default value: `#`
multiValueDelimiter	Yes, if you are creating a Target application and your flat file contains complex multivalued fields.	Enter the delimiter that separates each value in a multivalued field. Default value: `;`
status Enable Mapping	No	Enter the boolean value which denotes that the account is in the enabled status. Oracle Identity Governance requires the status value to be either True or False. If the boolean value you specify for this parameter is anything other than True or False, then the connector internally maps it to True or False. Default value: `Enabled`
status Disable Mapping	No	Enter the boolean value which denotes that the account is in the disabled status. Oracle Identity Governance requires the status value to be either True or False. If the boolean value you specify for this parameter is anything other than True or False, then the connector internally maps it to True or False. Default value: `Disabled`
System Date Format	No	Enter the format in which date type fields are included in the flat file. Default value: `ddmmyy`
flatFileLocation	Yes	Enter the absolute path of the flat file. Sample value: `D:\data\ffc\users.csv`

You can also add the following additional attributes depending on your requirement:

commentCharacter: Use this to ignore the processing of lines within the flat file that begin with certain characters such as #, $, and so on as described in Configuring the Connector to Ignore Comment Characters.
headerRowPresent: Use this to parse CSV files without a header row and set the value of this attribute to false.

Click Parse Headers to parse the headers of your flat file.
The Flat File Schema Properties table is displayed. This table lists all the attributes present in your flat file and their details such as data type, single-valued or multivalued, mandatory and so on.
In the Flat File Schema Properties table, select attributes to designate them as Name and UID attributes as follows:
1. Select the Name column for an attribute that corresponds to a descriptive name of the account in the flat file that the connector uses for performing reconciliation and update provisioning operations. This value corresponds to the __NAME__ attribute of the connector and is used to generate the reconciliation rule.
2. Select the UID column for an attribute that corresponds to the unique ID of the account. The connector uses this value to uniquely identify user accounts that it needs to fetch during reconciliation. The connector also uses this value to uniquely identify user accounts during update and delete provisioning operations. This value corresponds to the __UID__ attribute of the connector.
3. (Optional) Select the Status column for an attribute that denotes the status of the account. The connector uses this attribute during provisioning operations to enable or disable user accounts. In addition, the connector uses this attribute to fetch the status of an account during Status reconciliation. This attribute corresponds to the __ENABLE__ attribute of the connector.
If required, change the datatype of an attribute by selecting the required value from the Data Type column. For example, for a date attribute, select the Date data type. By default, the data type of all attributes (including attributes that hold date information) displayed in the Flat File Schema Properties table is String.
If you are creating a Target application, you can mark any attribute as multivalued by selecting the corresponding checkbox in the MVA column.
If you are creating a Target application and your flat file contains complex multivalued attributes, then you must add all its child attributes. For example, if the Department attribute is a complex multivalued attribute, then you must add all its child attributes such as Department Name, Department ID, and so on. To do so:
1. In the MVA column, select the checkbox corresponding to the complex multivalued attribute.
  The corresponding Add Attribute button in the Complex MVA column is enabled.
2. Click Add Attribute to add its child attributes.
3. In the text field, enter the child attribute name and then select its datatype from the adjacent drop-down list.
4. Repeat Steps 8.b and 8.c for adding the rest of the child attributes.
Repeat Step 8 for the remaining multivalued attributes in your flat file.
Click Next to proceed to the Schema page.

3.3 Updating Schema Information for a Disconnected Resource

The Schema page for a Target or an Authoritative application displays the schema of your flat file with mappings with Oracle Identity Governance attributes and flat file attributes. The connector uses these mappings during reconciliation.

If you are creating a Target application, then the table on the Schema page lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and your flat file attributes. The table also lists the data type for a given attribute and specifies whether it is mandatory for reconciliation and whether it is a matching key field for fetching records during reconciliation. By default, the flat file attributes that were designated as Name and UID attributes in the Flat File Schema Properties table on the Basic Information page are marked as the matching key in the Key Field column on the Schema page.

The Schema page also displays the child attribute mappings for any complex multivalued attributes that you may have added to the Flat File Schema Properties table on the Basic Information page. You must ensure that you designate an attribute as the key field to be used for entity matching during reconciliation.

If you are creating an Authoritative application, then the table on the Schema page lists all the flat file attributes and their data types, and specifies whether a given attribute is a mandatory attribute for reconciliation. Note that this page does not list the user attribute mapping between the flat file attributes and reconciliation fields in Oracle Identity Governance. Therefore, you must map each flat file attribute listed in the Target Attribute column with the corresponding Oracle Identity Governance field in the Identity Display Name column.

Perform the following procedure on the Schema page:

Review the user-specific attribute mappings and then in the Mandatory column, select or deselect the checkbox corresponding to an attribute to specify whether it is mandatory for reconciliation, if required.
For any target system attribute of the Date data type that must be mapped to a String type attribute in Oracle Identity Governance, click the icon and select the Date checkbox.
If you are creating a Target application, then in the child attribute mapping table:
1. Select the Key Field column for an attribute that the connector must use for entity matching during reconciliation.
2. If required, click the icon to add additional properties to the child attribute such as Lookup, Date, or Entitlements.
  
  Note:
  If you have provided additional properties such as Lookup and Entitlements, then ensure that you note the name of the lookup. You must provide this lookup name in the reconciliation job for Entitlements.
If you are creating an Authoritative application, then in the Identity Display Name column, enter the name of the OIG User form field to which a given flat file attribute in the Target Attribute column must be mapped to. Repeat this for all the attributes in the table.
Click Next to proceed to the Settings page.

3.4 Providing Settings Information for a Disconnected Resource

Apart from reviewing the provisioning, reconciliation, and organization settings for your application and customizing them if required, you must specify values for the mandatory parameters of the reconciliation jobs.

The Settings page provides a preview of all settings related to provisioning, reconciliation, and organizations. You can review these settings and customize them if required. On the Reconciliation tab of the Settings page, expand the Reconciliation Jobs section to view the reconciliation jobs that the connector automatically creates after you create a Target or an Authoritative application. Ensure that you enter values for the mandatory parameters (marked by the asterisk (*) symbol) of all the reconciliation jobs and then click Next to proceed to the Finish page.

The following are the reconciliation jobs that will be available for use after the application is created:

Flat File Full
Flat File Diff Sync
Flat File Delete Sync
Flat File Entitlement

Note:
The Flat File Entitlement reconciliation job is available if you are creating a Target application.
Flat File Delete

Flat File Full

The Flat File Accounts Loader reconciliation job is used for reconciling accounts from a flat file and creating corresponding accounts in Oracle Identity Governance.

Table 3-2 describes the parameters of the Flat File Accounts Loader reconciliation job.

Table 3-2 Parameters of the Flat File Accounts Loader

Parameter	Description
FlatFile Instance Name	This parameter holds the name of the application for your flat file. This value is the same as the value that you provided for the Application Name field while creating the flat file application.
Flat File directory	Enter the name and complete path to the directory containing the flat file that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Filter	Enter the expression for filtering records that the scheduled job must reconcile. Sample value: `startsWith('email','john')` For information about the filters expressions that you can create and use, see ICF Filter Syntax in Developing and Customizing Applications for Oracle Identity Governance.
Incremental Recon Attribute	Enter the name of the flat file column that holds the time stamp at which the record was last modified. The value in this attribute is used during incremental reconciliation to determine the newest or latest record reconciled from the flat file. Sample value: `LastUpdated`
Latest Token	This parameter holds the value of the Incremental Recon Attribute. Note: The reconciliation engine automatically enters a value for this attribute after execution. It is recommended that you do not change the value of this attribute. If you manually specify a value for this attribute, then the connector reconciles only user accounts that have been modified after the time stamp specified as the value of this parameter. If you want to perform a full reconciliation run, then clear the value in this field.
Scheduled Task Name	This parameter holds the name of the scheduled job. Default value: APP_NAME Flat File Accounts Loader Here, APP_NAME is the Application Name you provided while creating the application.

Flat File Diff Sync

The Flat File Accounts Diff Sync Reconciliation job is used for performing diff-based reconciliation.

This reconciliation job compares the two flat files and returns the deleted accounts alone. This reconciliation job is used to detect deleted accounts from flat files for enterprise target systems that do not support the export of only the deleted accounts. The following are the two flat file directories that are the input for these scheduled jobs:

Previous Flat File directory

This is the flat file containing all the accounts before delete.
Current Flat File directory

This is the flat file that is exported from the enterprise target system after accounts have been deleted in the enterprise target system.

When you run this reconciliation job, the connector will detect the accounts that are missing in the current flat file by comparing them with the accounts in the previous flat file, and will generate delete reconciliation events only for the missing accounts.

Table 3-3 describes the parameters of the Flat File Accounts Diff Sync Reconciliation job.

Table 3-3 Parameters of the Flat File Accounts Diff Sync Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the name of the application for your flat file. This value is the same as the value that you provided for the Application Name field while creating the flat file application.
Previous Flat File directory	Enter the name and complete path of the flat file directory that contains the records from the enterprise target system that were present previously.
Current Flat File directory	Enter the name and complete path of the flat file directory that contains the current records from the enterprise target system.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Sync Token	If you are using this reconciliation job for the first time, do not specify a value for this parameter. For subsequent runs, the reconciliation engine automatically enters a value for this parameter. Sample value: `<String>123454502019<String>`
Scheduled Task Name	This parameter holds the name of the scheduled job. Default value: APP_NAME Flat File Accounts Diff Sync Reconciliation Here, APP_NAME is the Application Name you provided while creating the application.

Flat File Delete Sync

The Flat File Accounts Delete Sync Reconciliation job is used to perform a delete reconciliation run.

If you want to perform a filtered delete reconciliation run based on any field in the flat file, then specify a value for the following attributes of the scheduled job:

Delete Attribute
Delete Attribute Value

If you do not specify a value for the preceding attributes, then all the records in the flat file are considered as deleted records.

Table 3-4 describes the parameters of the Flat File Accounts Delete Sync Reconciliation job.

Table 3-4 Parameters of the Flat File Accounts Delete Sync Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the name of the application for your flat file. This value is the same as the value that you provided for the Application Name field while creating the flat file application.
Flat File directory	Enter the name and complete path to the directory containing the flat file that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Delete Attribute	Enter the name of the column in the flat file that represents whether an account is deleted or not. Enter a value for this attribute if you want to perform filtered delete reconciliation. Default value: None Sample value: `isDeleted`
Delete Attribute Value	Enter the value that is mentioned in the column that specifies whether an account is deleted. This column is the value that you specified as the value of the Delete Attribute parameter. Sample value: `Yes`
Sync Token	If you are using this schedule job for the first time, do not specify a value for this attribute. For subsequent runs, the reconciliation engine automatically enters a value for this attribute. Sample value: `<String>123454502019<String>`
Scheduled Task Name	This parameter holds the name of the scheduled job. Default value: APP_NAME Flat File Accounts Delete Sync Reconciliation Here, APP_NAME is the Application Name you provided while creating the application.

Flat File Entitlement

The Flat File Entitlements Loader reconciliation job is used to reconcile both lookup values and entitlements from a flat file.

In addition to reconciling the lookups from a flat file, this reconciliation job also adds the entitlements for lookups that are associated with an Entitlement, and synchronizes the catalog with the entitlements automatically. The Flat File Entitlements Loader reconciliation job also supports full and incremental reconciliation of lookup values and entitlements.

Table 3-5 describes the parameters of the Flat File Entitlements Loader reconciliation job.

Table 3-5 Parameters of the Flat File Entitlements Loader Reconciliation Job

Parameter	Description
FlatFile Instance Name	This parameter holds the name of the application for your flat file. This value is the same as the value that you provided for the Application Name field while creating the flat file application.
Flat File directory	Enter the name and complete path to the directory containing the flat file for your entitlements that the connector needs to parse. Note: The OIG administrator must have read and write permissions on this directory.
Archive directory	Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location. Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.
Lookup Name	Enter the name of the lookup definition into which the connector must load all the values fetched from the flat file for entitlements. Note: The name of this lookup definition must be the same as the one that you specified on the Schema page for Entitlement lookup. Sample value: `Lookup.FlatFile.Entitlements`
Code Key Attribute	Enter the name of the flat file attribute whose values you want to populate into the Code Key column the of lookup definition specified as the value of the Lookup Name parameter. Default value: `__NAME__`
Decode Attribute	Enter the name of the flat file attribute whose values you want to populate into the Decode column of the lookup definition specified as the value of the Lookup Name parameter. Default value: `__NAME__`
Mode	Enter the mode in which the job must run. The possible value for this parameter are: `Entitlement` - Use this value to perform entitlement lookup reconciliation. For example, to perform group or roles lookup field synchronization. `Full` - Use this value to reconcile all user accounts from your flat file. In other words, use this to perform a full reconciliation. `Delete` - Use this value to delete all revoked user accounts. Default value: `Full`
Is Entitlement?	Enter `true` if the lookup definition is linked to an Entitlement field (for example, Roles). Enter `false` if the lookup name in the flat file is a plain lookup field (for example, Languages). This flag will decide if the ENT_LIST and Catalog should be updated with the lookup values. Default value: `true`

Flat File Delete

The Flat File Accounts Delete Reconciliation job is used to reconcile data about deleted accounts. During a reconciliation run, for each account deleted on the enterprise target system, the corresponding OIG account is deleted.

Use this reconciliation job if you cannot export flat files containing only a list of deleted accounts, but can periodically export flat files containing all accounts in the enterprise target system.

Note:

This process is resource consuming as Oracle Identity Governance has to verify all the records from the flat file and compare it with existing records to identify whether each record has been deleted or not.

Table 3-6 describes the parameters of the Flat File Accounts Delete Reconciliation job.

Table 3-6 Parameters of the Flat File Accounts Delete Reconciliation Job

Parameter

Description

FlatFile Instance Name

This parameter holds the name of the application for your flat file. This value is the same as the value that you provided for the Application Name field while creating the flat file application.

Flat File directory

Enter the name and complete path to the directory containing the flat file that the connector needs to parse.

Note: The OIG administrator must have read and write permissions on this directory.

Archive directory

Enter the name of the directory in which the processed flat files must be saved. If you do not specify a value for this attribute, the connector creates a directory named "archived" within the directory containing the flat file, and the processed files are saved in this location.

Note: The OIG administrator must have read and write permissions on this directory to enable adding of the processed flat files to the archive directory.

3.5 Reviewing and Submitting the Application Details for a Disconnected Resource

On the Finish page, review your application summary and click Finish to submit the application.

On the Finish page, review the summary of the Target or Authoritative application you are creating. If required, click Back to make any changes to the application details. If no changes are required, click Finish to submit the application details. The application is created in Oracle Identity Governance.

When you are prompted whether you want to create a default request form, click Yes or No. If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. You cannot modify the default form later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.