3 Configure the SAP Concur Connector
Configure connection-related parameters while creating a target application.
The configuration parameter values will be used to connect Oracle Identity Governance with your target system and perform connector operations. In addition, you can view and edit attribute mappings between the process form fields in Oracle Identity Governance and target system columns, predefined correlation rules, situations and responses, and reconciliation jobs
3.1 Basic Configuration Parameters
These are the connection-related parameters that Oracle Identity Governance requires to connect to SAP Concur Application.
Note:
Unless specified, do not modify entries in the table below.Table 3-1 Basic Configuration Parameters for Concur
| Parameter | Mandatory? | Description |
|---|---|---|
|
grantType |
No |
Type of authentication that is used by your target system. This connector supports the OAuth 2.0 grant type. Default value: refresh_token |
|
host |
Yes |
Enter the host name of the computer hosting your target system. Default value: |
|
authenticationServerUrl |
Yes |
Enter the URL of the authentication server that validates the consumer key for your target system. Sample value: |
|
clientId |
Yes |
Enter the client identifier (a unique string) issued by the authorization server to your client application during the registration process. This client ID is obtained while performing the procedure described in Configuring the Newly Added Application. Sample value: |
|
clientSecret |
Yes |
Enter the secret key used to authenticate the identity of your client application. You obtained the secret key while performing the procedure described in Configuring the Newly Added Application. Sample value: |
|
username |
No |
Enter the user name for connecting to the SAP Concur platform. This is the email address that you specified while registering for the SAP Concur developer sandbox |
|
Password |
No |
Enter the password for connecting to the Connector platform. This is the password that you specified while registering for the SAP Concur developer sandbox |
|
customAuthHeaders |
Yes |
Enter the consumer key in the following format: Sample value: |
|
baseURI |
Yes |
This is a mandatory attribute while creating an application. Do not modify the value of the parameter. Default value: |
|
checkAliveURI |
Yes |
This entry stores the URL used to test whether a connection or service is still active or not. Default value: |
|
useVersionForResourceType |
Yes |
This entry tells the system which version of a resource type the API should use for handling request. Default value: V4 |
|
acceptType |
Yes |
This is a mandatory attribute while creating an application. Do not modify the value of the parameter. Default value: |
|
contentType |
Yes |
This entry holds the type of the body of the request .This is a mandatory attribute while creating an application. Do not modify the value of the parameter. Default value: |
|
Connector Server Name |
No |
If you have deployed the SAP Concur connector in the Connector Server, then enter the name of the IT resource for the Connector Server. Sample value: |
|
proxyHost |
No |
Enter the name of the proxy host used to connect to an external target. Default value: null |
|
proxyPassword |
No |
Enter the password of the proxy user ID of the target system user account that Oracle Identity Governance uses to connect to the target system |
|
proxyPort |
No |
Enter the proxy port number. Sample value: |
|
proxyUser |
No |
Enter the name of the proxy host used to connect to an external target. Default value: null |
|
sslEnabled |
No |
If the target system requires SSL connectivity, then set the value of this parameter to true. Otherwise set the value to false. Default value: |
3.2 Advanced Settings Parameters
These are the configuration-related entries that the connector uses during reconciliation and provisioning operations.
Note:
- Unless specified, do not modify entries in the table below.
- All parameters in the table below are mandatory.
Table 3-2 Advanced Settings Parameters for Concur
| Parameter | Mandatory? | Description |
|---|---|---|
|
Connector Name |
Yes |
This entry holds the name of the connector class. Default value: |
|
Bundle Name |
Yes |
This entry holds the name of the connector bundle. Default value: |
|
Bundle Version |
Yes |
This entry holds the version of the connector bundle. Default value: |
|
defaultBatchSize |
Yes |
This entry holds the value of the number of records that can be retrieved from the target system in one go. Default value: |
|
relURLs |
Yes |
This entry holds the relative URL of every object class supported by this connector and the connector operations that can be performed on these object classes. Default value:
|
|
customPayload |
Yes |
This entry provides the custom format of request payload. Default value:
|
|
nameAttributes |
Yes |
This is the __NAME__ attribute mapping of Oracle Identity Governance to the relevant attribute on target system. Default value:
|
|
jsonResourcesTag |
Yes |
This JSON tag value is used during reconciliation for parsing multiple entries in a single response payload. Default value: |
|
scimVersion |
Yes |
This entry specifies the SCIM version. Default value: |
|
statusAttributes |
Yes |
This entry lists the name of the target system attribute that holds the status of an account, that is __ENABLE__ field on the target system for each object class. Default value: |
|
uidAttributes |
Yes |
This is the __UID__ attribute mapping of Oracle Identity Governance to the GUID attribute on target system. Default value: |
|
extensionSchemaTags |
Yes |
This entry holds extension schema tags. Default value:
|
|
schemaBuildingOption |
Yes |
This value indicates that the schema definition will be derived from entity metadata rather than from an external schema URL. Default value: |
|
managedObjectClasses |
Yes |
This entry define object types of target system that the connector is allowed to manage. Default value: |
|
delayTime |
Yes |
This value specifies the waiting time (in milliseconds) before retrying a connector operation. Default value: |
3.3 Attribute Mappings for the Target Application
The Schema page for a target application displays the default schema (provided by the connector) that maps Oracle Identity Governance attributes to target system attributes. The connector uses these mappings during reconciliation and provisioning operations.
The following table lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and Oracle Primavera target application attributes. The table also lists whether a specific attribute is used during provisioning or reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-3 Default Attribute for SAP Concur Target Application
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Provision Field? | Recon Field? | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|---|
|
Object Id |
__UID__ |
String |
No |
Yes |
Yes |
Yes |
No |
|
User Name |
__NAME__ |
String |
Yes |
Yes |
Yes |
No |
Not Applicable |
|
Active |
active |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Status |
__ENABLE__ |
String |
No |
No |
Yes |
No |
Not Applicable |
|
First Name |
name.givenName |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Last Name |
name.familyName |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Formatted Name |
name.formatted |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
|
__ACCOUNT__.emails.value,type:work |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Display Name |
displayName |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Nickname |
nickName |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Reimbursement Currency |
urn:ietf:params:scim:schemas:extension:spend:2.0:User;reimbursementCurrency |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Locale |
urn:ietf:params:scim:schemas:extension:spend:2.0:User;locale |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Ledger Code |
urn:ietf:params:scim:schemas:extension:spend:2.0:User;ledgerCode |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Country |
urn:ietf:params:scim:schemas:extension:spend:2.0:User;country |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Cash Advance Account Code |
urn:ietf:params:scim:schemas:extension:spend:2.0:User;cashAdvanceAccountCode |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Test Employee |
urn:ietf:params:scim:schemas:extension:spend:2.0:User;testEmployee |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Company ID |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User;companyId |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Employee Number |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User;employeeNumber |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
IT Resource Name |
resourceName |
Long |
No |
No |
Yes |
No |
Not Applicable |
Figure 3-1 shows the default user account attribute mappings.
Figure 3-1 Default Attribute Mappings for Concur User Account
Description of "Figure 3-1 Default Attribute Mappings for Concur User Account"
SAP Concur Spend Role
The following table lists the Spend Role forms attribute mappings between the process form fields in Oracle Identity Governance and SAP Concur target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-4 Default Attribute for SAP Concur Target Application
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field? | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
|
Role Code |
urn:ietf:params:scim:schemas:extension:spend:2.0:Role:roles~roles~roleName |
String |
No |
Yes |
Yes |
No |
The following figure shows the default Spend Roles mapping.
Figure 3-2 Default Attribute Mappings for SAP Concur Spend Roles
SAP Concur Custom Data
The following table lists the Custom Data forms attribute mappings between the process form fields in Oracle Identity Governance and SAP Concur target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-5 Default Attribute Mappings for Custom Data
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field? | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|
|
CustomData Id |
urn:ietf:params:scim:schemas:extension:spend:2.0:User:customData~customData~id |
String |
No |
Yes |
Yes |
No |
|
CustomData Value |
urn:ietf:params:scim:schemas:extension:spend:2.0:User:customData~customData~value |
String |
No |
Yes |
No |
Not applicable |
The following figure shows the default Custom Data mapping.
Figure 3-3 Default Attribute Mappings for SAP Concur Custom Data
3.4 Correlation Rules for the Target Application
Learn about the predefined rules, responses, and situations for Target applications. The connector uses these rules and responses for performing reconciliation.
When you create a target application, the connector uses correlation rules to determine the identity to which Oracle Identity Governance must assign a resource.
Predefined Identity Correlation Rule SAP Concur Connector
By default, the SAP Concur connector provides a simple correlation rule when you create a target application. The connector uses this correlation rule to compare the entries in Oracle Identity Governance repository and the target system repository, determine the difference between the two repositories, and apply the latest changes to Oracle Identity Governance.
The following table lists the default simple correlation rule for a SAP Concur connector. If required, you can edit the default correlation rule or add new rules. You can create simple correlation rules also. For more information about adding or editing simple or complex correlation rules, see Updating Identity Correlation Rules in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance
Table 3-6 Predefined Identity Correlation Rule for an SAP Concur Connector
| Target Attribute | Element Operator | Identity Attribute | Case Sensitive? |
|---|---|---|---|
|
__NAME__ |
Equals |
User Login |
No |
-
__NAME__ is a single-valued attribute on the target system that identifies the user account
-
User Login is the field on the OIG User form
The following figure shows the Simple Correlation Rule for SAP Concur Target Application
Figure 3-4 shows the simple correlation rule for the Concur connector.
Figure 3-4 Predefined Identity Correlation Rules
Description of "Figure 3-4 Predefined Identity Correlation Rules"
Predefined Situations and Responses
The SAP Concur connector provides a default set of situations and responses when you create a target application. These situations and responses specify the action that Oracle Identity Governance must take based on the result of a reconciliation event.
The following table lists the default situations and responses for a SAP Concur Target application. If required, you can edit these default situations and responses or add new ones. For more information about adding or editing situations and responses, see Updating Situations and Responses in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-7 Predefined Situations and Responses for a SAP Concur Target Application
| Situation | Response |
|---|---|
|
No Matches Found |
None |
|
One Entity Match Found |
Establish Link |
|
One Process Match Found |
Establish Link |
The following figure shows the situations and responses for a SAP Concur that the connector provides by default.
Figure 3-5 Predefined Situations and Responses for a SAP Concur Target Application
Description of "Figure 3-5 Predefined Situations and Responses for a SAP Concur Target Application"
3.5 Reconciliation Jobs
These are the reconciliation jobs that are automatically created in Oracle Identity Governance after you create the application.
User Reconciliation Jobs
You can either use these predefined jobs or edit them to meet your requirements. Alternatively, you can create custom reconciliation jobs. For information about editing these predefined jobs or creating new ones, see Updating Reconciliation Jobs in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
- Concur User Target Reconciliation: Use this reconciliation job to reconcile user data from a target application.
The following table describes the parameters of the SAP Concur Full User Reconciliation job.
Table 3-8 Parameters of the Concur Target Resource User Reconciliation Job
| Parameter | Description |
|---|---|
|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Do not modify this value. |
|
Filter |
Enter the search filter for fetching user records from the target system during a reconciliation run. Filter: equalTo('userName','Alex@bcone.uat') In this example, the record whose user Name value is Alex is reconciled. |
|
Object Type |
This attribute holds the name of the object type for the reconciliation run. Default value: Do not modify this attribute. |
|
Scheduled Task Name |
Name of the scheduled job. Do not modify this value. |
Reconciliation Jobs for Entitlements
- Concur Roles Lookup Reconciliation
Table 3-9 Parameters of the Concur Role Reconciliation Jobs for Entitlements
| Parameter | Description |
|---|---|
|
Application Name |
Current AOB application name with which the reconciliation job is associated. Do not modify this value. Do not modify this value. |
|
Code Key Attribute |
Name of the connector attribute that is used to populate the Code Key column of the lookup definition. (Specified as the value of the Lookup Name attribute). Default value: Concur Roles Lookup Reconciliation: __UID__ |
|
Decode Attribute |
Name of the connector attribute that is used to populate the Decode column of the lookup definition. (Specified as the value of the Lookup Name attribute). Default value: __NAME__ |
|
Lookup Name |
Enter the name of the lookup definition in Oracle Identity Governance that must be populated with values fetched from the target system. Default value: Concur Roles Lookup Reconciliation: Lookup.Concur.RoleNameLookup |
|
Object Type |
Enter the type of object you want to reconcile. Default value: Concur Roles Lookup Reconciliation: roles Do not modify this value. |
Custom Job for SAP Concur
- Concur UpdateAccountStatus
Create a scheduled job to resolve accounts that remain in the Provisioning state in Oracle Identity Governance (OIG) during high-volume (bulk) user creation. While creating this custom job use template as CheckProvisioningStatus.
Table 3-10 Parameters of the Concur UpdateAccountStatus Job
| Parameter | Description |
|---|---|
|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. This value can be modified based on your Application Name. |
See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Governance.