3.3.1 Attribute Mappings for the Target Application
The Schema page for a target application displays the default schema (provided by the connector) that maps Oracle Identity Governance attributes to target system attributes. The connector uses these mappings during reconciliation and provisioning operations.
The following table lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes The table also lists whether a specific attribute is used during provisioning or reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-3 Default Attribute for ARCON Privileged Access Management Target Application
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Provision Field? | Recon Field? | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|---|
| User ID | __UID__ | String | No | No | Yes | Yes | Yes |
| User Name | __NAME__ | String | No | Yes | Yes | No | Not applicable |
| Display Name | displayName | String | No | Yes | Yes | No | Not applicable |
| ValidTillDate | ValidTillDate | String | No | Yes | Yes | No | Not applicable |
| Status | __ENABLE__ | String | No | No | Yes | No | Not applicable |
| emails.value | String | No | Yes | Yes | No | Not applicable | |
| Domain Name | domainName | String | No | Yes | Yes | No | Not applicable |
| Phone Number | phoneNumbers.value | String | No | Yes | Yes | No | Not applicable |
| User Type ID | userTypeId | String | No | Yes | Yes | No | Not applicable |
| Full Name | name.formatted | String | No | No | Yes | No | Not applicable |
| Last Name | name.familyName | String | No | No | Yes | No | Not applicable |
| First Name | name.givenName | String | No | No | Yes | No | Not applicable |
| Middle Name | name.middleName | String | No | No | Yes | No | Not applicable |
| Password | __PASSWORD__ | String | No | Yes | No | No | Not applicable |
| LOB | LobPrimary | String | No | Yes | No | No | Not applicable |
| IT Resource Name | Long | No | No | Yes | No | Not applicable |
The following figure shows the default User account attribute mappings.
Figure 3-1 Default Attribute Mappings for ARCON Privileged Access Management User Account
ARCON Privileged Access Management Roles Entitlement
The following table lists the roles forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-4 Default Attribute Mappings for Roles
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| Roles | RoleId | String | No | Yes | Yes | No |
The following figure shows the default Roles Entitlement mapping.
Figure 3-2 Default Attribute Mappings for ARCON Privileged Access Management
ARCON Privileged Access Management Groups Entitlement
The following table lists the group forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-5 Default Attribute Mappings for Groups
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| Groups | GroupID~GroupID~id | String | No | Yes | Yes | No |
The following figure shows the default Groups Entitlement mapping.
Figure 3-3 Default Attribute Mappings for ARCON Privileged Access Management Groups
ARCON Privileged Access Management LOBs
The following table lists the LOB forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-6 Default Attribute Mappings for LOBs
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| LOBS | LobId | String | No | Yes | Yes | No |
The following figure shows the default LOBs mapping.
Figure 3-4 Default Attribute Mappings for LOBs
ARCON Privileged Access Management Multi-factor Authentication
The following table lists the Multi-factor Authentication forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-7 Default Attribute Mappings for Multi-factor Authentication
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| MFA | UserDualAuthFactType~UserDualAuthFactType~id | String | No | Yes | Yes | No |
The following figure shows the default Multi-factor Authentication mapping.
Figure 3-5 Default Attribute Mappings for ARCON Privileged Access Management Multi-factor Authentication
ARCON Privileged Access Management PermanentServices Entitlement
The following table lists the PermanentService forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-8 Default Attribute Mappings for PermanentServices
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| Services | __USERSERVICE__~__USERSERVICE__~ServiceId | String | No | Yes | Yes | No |
| Access Type | __USERSERVICE__~__USERSERVICE__~AccessTypeId | String | No | Yes | No | Not Applicable |
The following figure shows the default PermanentService mapping.
Figure 3-6 Default Attribute Mappings for ARCON Privileged Access Management PermanentServices
ARCON Privileged Access Management OneTimeServices Entitlement
The following table lists the OneTimeService forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-9 Default Attribute Mappings for OneTimeServices
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| Services | __ONETIMEUSERSERVICE__~__ONETIMEUSERSERVICE__~ServiceId | String | No | Yes | Yes | No |
| Access Type | __ONETIMEUSERSERVICE__~__ONETIMEUSERSERVICE__~AccessTypeId | String | No | Yes | No | Not Applicable |
| StartDateTime | __ONETIMEUSERSERVICE__~__ONETIMEUSERSERVICE__~StartDateTime | String | No | Yes | No | Not Applicable |
| EndDateTime | __ONETIMEUSERSERVICE__~__ONETIMEUSERSERVICE__~EndDateTime | String | No | Yes | No | Not Applicable |
The following figure shows the default OneTimeService Entitlement mapping.
Figure 3-7 Default Attribute Mappings for ARCON Privileged Access Management OneTimeServices
ARCON Privileged Access Management TimeBasedServices Entitlement
The following table lists the TimeBasedService forms attribute mappings between the process form fields in Oracle Identity Governance and ARCON Privileged Access Management target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-10 Default Attribute Mappings for TimeBasedService
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
| Services | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~ServiceId | String | No | Yes | Yes | No |
| Access Type | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~AccessTypeId | String | No | Yes | No | Not Applicable |
| Start Date | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~StartDate | String | No | Yes | No | Not Applicable |
| End Date | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~EndDate | String | No | Yes | No | Not Applicable |
| Start Time | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~StartTime | String | No | Yes | No | Not Applicable |
| End Time | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~EndTime | String | No | Yes | No | Not Applicable |
| Hours | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~hours | String | No | Yes | No | Not Applicable |
| Minutes | __TIMEBASEDUSERSERVICE__~__TIMEBASEDUSERSERVICE__~minutes | String | No | Yes | No | Not Applicable |
The following figure shows the default TimeBasedService Entitlement mapping.
Figure 3-8 Default Attribute Mappings for ARCON Privileged Access Management TimeBasedService
