3 Configuring the Concur Connector
While creating an application, you must configure connection-related parameters that the connector uses to connect Oracle Identity Governance with your target system and perform connector operations. In addition, you can view and edit attribute mappings between the process form fields in Oracle Identity Governance and target system columns, predefined correlation rules, situations and responses, and reconciliation jobs.
3.1 Basic Configuration Parameters
These are the connection-related parameters that Oracle Identity Governance requires to connect to Concur.
Table 3-1 Basic Configuration Parameters for Concur
| Parameter | Mandatory? | Description |
|---|---|---|
|
authenticationServerUrl |
No |
Enter the URL of the authentication server that validates the consumer key for your target system. Sample value: |
|
authenticationType |
Yes |
Type of authentication that is used by your target system. This connector supports the OAuth 2.0 custom authentication type. Default value: Note: Do not modify the value of the parameter. |
|
customAuthHeaders |
No |
Enter the consumer key in the following format: “X-ConsumerKey=CONSUMER_KEY”In this format, replace CONSUMER_KEY with the consumer key that is assigned to you after you register for the Concur developer sandbox in Configuring the Concur Connector. Sample value: |
|
host |
Yes |
Enter the host name of the computer hosting your target system. Sample value: |
|
password |
No |
Enter the password for connecting to the Connector platform. This is the password that you specified while registering for the Concur developer sandbox in Configuring the Concur Connector. |
|
port |
No |
Enter the port number at which the target system is listening. Sample value: |
|
proxyHost |
No |
Enter the name of the proxy host that is used to connect to an external target. Sample value: |
|
proxyPassword |
No |
Enter the password of the proxy user ID of the target system user account that Oracle Identity Governance uses to connect to the target system. |
|
proxyPort |
No |
Enter the proxy port number. Sample value: |
|
proxyUser |
No |
Enter the proxy user name of the target system user account that Oracle Identity Governance uses to connect to the target system. Sample value: |
|
sslEnabled |
No |
If the target system requires SSL connectivity, then set the value of this parameter to Default value: |
|
username |
No |
Enter the user name for connecting to the Concur platform. This is the email address that you specified while registering for the Concur developer sandbox in Configuring the Target System. |
|
Connector Server Name |
No |
If you have deployed the Concur connector in the Connector Server, then enter the name of the IT resource for the Connector Server. Sample value: |
3.2 Advanced Settings Parameters
These are the configuration-related entries that the connector uses during reconciliation and provisioning operations.
Table 3-2 Advanced Settings Parameters for Concur
| Parameter | Mandatory? | Description |
|---|---|---|
|
relURIs |
Yes |
This entry holds the relative URL of every object class supported by this connector and the connector operations that can be performed on these object classes. Default value:
|
|
nameAttributes |
Yes |
This entry indicates the attributes that need to be treated as the __NAME__ attribute for an Object class. Default value: |
|
uidAttributes |
Yes |
This entry holds the UID attribute for objects that are handled by the connector. For example, the UID attribute is LoginID for the Account class. Default value: |
|
pageTokenRegex |
No |
This entry provides the number of resources that appear on a page for a search operation. Default value: |
|
pageSize |
No |
This entry provides the number of resources that appear on a page for a search operation. Default value: |
|
pageTokenAttribute |
No |
This entry provides the name of the target attribute for the Pagination token. This token is an opaque string that identifies a page and provides permissions to APIs that read, write, or modify the data on that page. Default value: |
|
Bundle Version |
No |
This entry holds the version of the connector bundle. Default value: |
|
Connector Name |
No |
This entry holds the name of the connector class. Default value: |
|
opTypes |
No |
This entry determines the target supported HTTP operation for each attribute in each object class. Default value:
|
|
jsonResourcesTag |
No |
This JSON tag value is used during reconciliation for parsing multiple entries in a single response payload. Default value: |
|
httpHeaderContentType |
No |
This entry indicates the type of the body of the request. Default value: |
|
httpHeaderAccept |
No |
The Accept request-header field can be used to specify certain media types that are acceptable for the response. Default value: |
|
enableEmptyString |
No |
This entry converts empty or null value to an empty string. Default value: |
|
customPayload |
No |
This entry provides the custom format of request payload. |
|
customAuthClassName |
No |
This entry provides the class name of Custom Auth implementation. Default value: |
|
customParserClassName |
No |
This entry provides the class name of custom parser implementation. Default value: |
|
statusAttributes |
No |
This entry lists the name of the target system attribute that holds the status of an account, that is __ENABLE__ field on the target system for each object class. Default value: |
|
passwordAttribute |
No |
This entry provides the target attribute for user password. Default value: |
|
Bundle Name |
No |
This entry holds the name of the connector bundle package. Default value: |
|
statusDisableValue |
No |
Enter the boolean value that indicates the value that must be sent to the target system during a Disable operation. Note: You must enter a value for this parameter only if the target system expects a different value for a Disable operation, from what Oracle Identity Governance sends by default. Default value: |
|
statusEnableValue |
No |
Enter the boolean value that indicates the value that must be sent to the target system during an Enable operation. Note: You must enter a value for this parameter only if the target system expects a different value for an Enable operation from the one that Oracle Identity Governance sends by default. Default value: |
3.3 Attribute Mappings
The Schema page for a Target application displays the default schema (provided by the connector) that maps Oracle Identity Governance attributes to target system attributes. The connector uses these mappings during reconciliation and provisioning operations.
Concur User Account Attributes
Table 3-3 lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and Concur attributes. The table also lists whether a specific attribute is used during provisioning or reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-3 Default Attribute Mappings for Concur User Account
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Provision Field? | Recon Field? | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|---|
|
Email Address |
PrimaryEmail |
String |
Yes |
Yes |
Yes |
No |
Not Applicable |
|
Active |
IsActive |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Id |
__UID__ |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Middle Name |
MiddleName |
String |
No |
Yes |
Yes |
No |
Not Applicable |
|
Login ID |
__NAME__ |
String |
Yes |
Yes |
Yes |
Yes |
Not Applicable |
|
Employee ID |
EmployeeID |
String |
Yes |
Yes |
Yes |
No |
Not Applicable |
|
First Name |
FirstName |
String |
Yes |
Yes |
Yes |
No |
Not Applicable |
|
Last Name |
LastName |
String |
Yes |
Yes |
Yes |
No |
Not Applicable |
|
Status |
__ENABLE__ |
String |
No |
No |
Yes |
No |
Not Applicable |
|
Country of Residence |
CountryofResidence |
String |
Yes |
Yes |
No |
No |
Not Applicable |
|
Locale |
Locale |
String |
Yes |
Yes |
No |
No |
Not Applicable |
|
Reimbursement Currency |
ReimbursementCurrency |
String |
Yes |
Yes |
No |
No |
Not Applicable |
|
Employee Administration Country |
EmployeeAdministrationCountry |
String |
Yes |
Yes |
No |
No |
Not Applicable |
|
Ledger |
Ledger |
String |
Yes |
Yes |
No |
No |
Not Applicable |
|
Manager |
ExpenseApproverEmployeeID |
String |
No |
Yes |
No |
No |
Not Applicable |
|
Password |
__PASSWORD__ |
String |
No |
Yes |
No |
No |
Not Applicable |
Figure 3-1 shows the default user account attribute mappings.
Figure 3-1 Default Attribute Mappings for Concur User Account
Description of "Figure 3-1 Default Attribute Mappings for Concur User Account"
3.4 Correlation Rules, Situations, and Responses
Learn about the predefined rules, responses and situations for the Concur application. The connector use these rules and responses for performing reconciliation.
Predefined Identity Correlation Rules
By default, the Concur connector provides a simple correlation rule when you create a Target application. The connector uses this correlation rule to compare the entries in Oracle Identity Governance repository and the target system repository, determine the difference between the two repositories, and apply the latest changes to Oracle Identity Governance.
Table 3-4 Predefined Identity Correlation Rule for a Concur Target Application
| Target Attribute | Element Operator | Identity Attribute | Case Sensitive? |
|---|---|---|---|
|
__NAME__ |
Equals |
|
No |
-
__NAME__ is a single-valued attribute on the target system that identifies the user account.
-
Email is the field on the OIG User form.
- Rule operator is AND.
Figure 3-2 shows the simple correlation rule for the Concur connector.
Figure 3-2 Predefined Identity Correlation Rules
Description of "Figure 3-2 Predefined Identity Correlation Rules"
Predefined Situations and Responses
The Concur connector provides a default set of situations and responses when you create a Target application. These situations and responses specify the action that Oracle Identity Governance must take based on the result of a reconciliation event.
The following table lists the default situations and responses for the Concur connector. If required, you can edit these default situations and responses or add new ones. For more information about adding or editing situations and responses, see Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-5 Predefined Situations and Responses for a Concur Target Application
| Situation | Response |
|---|---|
|
No Matches Found |
None |
|
One Entity Match Found |
Establish Link |
|
One Process Match Found |
Establish Link |
Figure 3-3 shows the default situations and responses for the Concur connector.
Figure 3-3 Default Situations and Responses
Description of "Figure 3-3 Default Situations and Responses"
3.5 Reconciliation Jobs
Learn about the reconciliation jobs that are automatically created in Oracle Identity Governance after you create the application for your target system.
You can either use these predefined jobs or edit them to meet your requirements. Alternatively, you can create custom reconciliation jobs. For information about editing these predefined jobs or creating new ones, see Updating Reconciliation Jobs in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Concur Target Resource User Reconciliation Job
You use the Concur Target Resource User Reconciliation job to perform full reconciliation, which involves reconciling all user records from a target application into Oracle Identity Governance.
Table 3-6 Parameters of the Concur Target Resource User Reconciliation Job
| Parameter | Description |
|---|---|
|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Note: Do not modify this value. |
|
Filter Suffix |
Enter the search filter for fetching user records from the target system during a reconciliation run. See Performing Limited Reconciliation. |
|
Object Type |
This attribute holds the name of the object type for the reconciliation run. Default value: Note: Do not change the value of this attribute. |
|
Scheduled Task Name |
Name of the scheduled job. Note: For the scheduled job included with this connector, you must not change the value of this attribute. However, if you create a new job or create a copy of the job, then enter the unique name for that scheduled job as the value of this attribute. |