1. Configuring the Oracle E-Business Suite User Management Application
  2. Configuring the EBS User Management Connector

3 Configuring the EBS User Management Connector

While creating an application, you must configure connection-related parameters that the connector uses to connect Oracle Identity Governance with your target system and perform connector operations. In addition, you can view and edit attribute mappings between the process form fields in Oracle Identity Governance and target system columns, predefined correlation rules, situations and responses, and reconciliation jobs.

3.1 Basic Configuration Parameters

These are the connection-related parameters that Oracle Identity Governance requires to connect to the EBS User Management connector.

Table 3-1 Basic Configuration Parameters for the Connector

Parameter Mandatory? Description

Connection URL

Yes

Enter the database connection string using the host:post:sid syntax format.

Sample value: jdbc:oracle:thin:@%host:%port:%sid

See Determining Values for the JDBC URL and Connection Properties Parameters for information about JDBC URL formats.

User

Yes

Enter the user ID of the database user account that Oracle Identity Governance uses to connect to the target system.

Sample value: sys as sysdba

Password

Yes

Enter the password for the user name of the target system account to be used for connector operations.

Connector Server Name

No

If you created an IT resource of the type “Connector Server”, then enter its name.

Topology Name

No

Enter the name of the SoD topology, if any SoD integration exists.

The value must be the same as the value of the topologyName element in the SILConfig.xml file. If you are using default SIL registration, then specify sodoaacg as the value.

Default value: None

Note: The Topology Name parameter is deprecated as SoD violations are detected using the Identity Audit feature. For more information about enabling and configuring the Identity Audit feature, see Managing Identity Audit in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Batch Size

No

Enter the number of records that must be included in each batch fetched from the target system during reconciliation.

Default value: 1000

Context App ID

No

An application context is a set of elements associated with an artifact in Oracle E-Business Suite. The context implements user preferences and access control on the artifact. The Context App ID, Context Resp ID, and Context User ID parameters define the context that is used for connector operations.

Enter the name of the application to which the user belongs.

Default value: 0

Context Resp ID

No

Enter the responsibility assigned to the user in whose context connector operations are performed on the target system.

Default value: 0

Context User ID

No

Enter the user ID of the user in whose context connector operations are performed on the target system.

Default value: 0

Database

No

Enter the name of the target system database.

Host

No

Enter the host name or IP address of the computer hosting the target system.

Port

No

Enter the number of the port at which the target system database is listening.

3.2 Advanced Settings Parameters

These are the configuration-related entries that the connector uses during reconciliation and provisioning operations.

Table 3-2 Advanced Settings Parameters for the Connector

Parameter Mandatory? Description

Connector Name

Yes

This parameter holds the name of the connector class.

Default Value: org.identityconnectors.ebs.EBSConnector

Bundle Name

Yes

This parameter holds the name of the connector bundle package.

Default Value: org.identityconnectors.ebs

Bundle Version

Yes

This parameter holds the version of the connector bundle class.

Default Value: 12.3.0

Pool Max Idle

No

Maximum number of idle objects in a pool.

Default value: 10

Pool Max Size

No

Maximum number of connections that the pool can create.

Default value: 10

Pool Max Wait

No

Maximum time, in milliseconds, the pool must wait for a free object to make itself available to be consumed for an operation.

Default value: 150000

Pool Min Evict Idle Time

No

Minimum time, in milliseconds, the connector must wait before evicting an idle object.

Default value: 120000

Pool Min Idle

No

Minimum number of idle objects in a pool.

Default value: 1

FilterDateAttributes

No

Date attributes used for filtering the user. If you want to add more date fields, then you need to provide all those date field names with comma separator in decode value.

Default value: START_DATE

FilterDateAttributeFormat

No

Date attribute value format.

Default value: dd-MMM-yyyy

3.3 Attribute Mappings

The Schema page for a target application displays the default schema (provided by the connector) that maps Oracle Identity Governance attributes to target system columns. The connector uses these mappings during reconciliation and provisioning operations.

Oracle EBS UM User Account Attributes

Table 3-3 lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and EBS User Management columns. The table also lists whether a specific attribute is used during provisioning or reconciliation and whether it is a matching key field for fetching records during reconciliation.

If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Table 3-3 Default Attribute Mappings for Oracle EBS UM User Account

Display Name Target Attribute Data Type Mandatory Provisioning Property? Provision Field? Recon Field Key Field? Case Insensitive?

Party Last Name

PARTY_LAST_NAME

String

No

Yes

Yes

No

Not applicable

Description

DESCRIPTION

String

No

Yes

Yes

No

Not applicable

Person Id

EMPLOYEE_ID

String

No

Yes

Yes

No

Not applicable

Effective Start Date

START_DATE

Date

No

Yes

Yes

No

Not applicable

Supplier Name

SUPPLIER_NAME

String

No

Yes

Yes

No

Not applicable

Fax

FAX

String

No

Yes

Yes

No

Not applicable

Effective End Date

END_DATE

Date

No

Yes

Yes

No

Not applicable

Password Expiration Type

PASSWORD_EXP_TYPE

String

No

Yes

Yes

No

Not applicable

Party Type

PARTY_TYPE

String

No

Yes

Yes

No

Not applicable

Party Id

PARTY_ID

String

No

Yes

Yes

No

Not applicable

User Name

__NAME__

String

Yes

Yes

Yes

No

Not applicable

Party First Name

PARTY_FIRST_NAME

String

No

Yes

Yes

No

Not applicable

Email

EMAIL_ADDRESS

String

No

Yes

Yes

No

Not applicable

SSO GUID

USER_GUID

String

No

Yes

Yes

No

Not applicable

Password Expiration Interval

PASSWORD_LIFESPAN

Long

No

Yes

Yes

No

Not applicable

Supplier Party Id

SUPPLIER_PARTY_ID

String

No

No

Yes

No

Not applicable

User Id

__UID__

String

No

No

Yes

Yes

No

Status

__ENABLE__

String

No

No

Yes

No

Not applicable

IT Resource Name

NA

Long

No

No

Yes

No

Not applicable

Password

__PASSWORD__

String

No

Yes

No

No

Not applicable

SoDCheckTrackingID

NA

String

No

No

No

No

Not applicable

SoDCheckTimestamp

NA

String

No

No

No

No

Not applicable

SoDCheckEntitlementViolation

NA

String

No

No

No

No

Not applicable

SoDCheckStatus

NA

Date

No

No

No

No

Not applicable

SoDCheckResult

NA

String

No

No

No

No

Not applicable

Figure 3-1 shows the default User account attribute mappings.

Figure 3-1 Default Attribute Mappings for Oracle EBS UM User Account

Description of Figure 3-1 follows
Description of "Figure 3-1 Default Attribute Mappings for Oracle EBS UM User Account"

Responsibilities Entitlement Attributes

Table 3-4 lists the responsibilities-specific attribute mappings between the process form fields in Oracle Identity Governance and Oracle EBS User Management columns. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.

If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Table 3-4 Default Attribute Mappings for Responsibilities Entitlement

Display Name Target Attribute Data Type Mandatory Provisioning Property? Recon Field Key Field? Case Insensitive?

Application Name

__RESPONSIBILITY__~__RESPONSIBILITY__~RESPONSIBILITY_APP_ID

String

Yes

Yes

No

Not applicable

Security Group

__RESPONSIBILITY__~__RESPONSIBILITY__~SECURITY_GROUP_ID

String

Yes

Yes

No

Not applicable

Responsibility Name

__RESPONSIBILITY__~__RESPONSIBILITY__~RESPONSIBILITY_ID

String

Yes

Yes

Yes

No

Responsibility Description

__RESPONSIBILITY__~__RESPONSIBILITY__~RESP_DESCRIPTION

String

No

Yes

No

Not applicable

Responsibility Start Date

__RESPONSIBILITY__~__RESPONSIBILITY__~RESP_START_DATE

Date

No

Yes

No

Not applicable

Responsibility End Date

__RESPONSIBILITY__~__RESPONSIBILITY__~RESP_END_DATE

Date

No

Yes

No

Not applicable

Figure 3-2 shows the default Responsibilities entitlement mapping.

Figure 3-2 Default Attribute Mappings for Responsibilities Entitlement

Description of Figure 3-2 follows
Description of "Figure 3-2 Default Attribute Mappings for Responsibilities Entitlement"

Roles Entitlement Attributes

Table 3-5 lists the roles-specific attribute mappings between the process form fields in Oracle Identity Governance and Oracle EBS User Management columns. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.

If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Table 3-5 Default Attribute Mappings for Roles Entitlement

Display Name Target Attribute Data Type Mandatory Provisioning Property? Recon Field Key Field? Case Insensitive?

Role Name

__ROLE__~__ROLE__~ROLE_ID

String

Yes

Yes

Yes

No

Role Expiration Date

__ROLE__~__ROLE__~EXPIRATION_DATE

Date

No

Yes

No

Not applicable

Role Start Date

__ROLE__~__ROLE__~ROLE_START_DATE

Date

No

Yes

No

Not applicable

Application Name

__ROLE__~__ROLE__~ROLE_APP_ID

String

No

Yes

No

Not applicable

Figure 3-3 shows the default Roles entitlement mapping.

Figure 3-3 Default Attribute Mappings for Roles Entitlement

Description of Figure 3-3 follows
Description of "Figure 3-3 Default Attribute Mappings for Roles Entitlement"

3.4 Rules, Situations, and Responses

Learn about the predefined rules, responses and situations for a Target application. The connector use these rules and responses for performing reconciliation.

Predefined Identity Correlation Rules

By default, the EBS User Management connector provides a simple correlation rule when you create a Target application. The connector uses this correlation rule to compare the entries in Oracle Identity Governance repository and the target system repository, determine the difference between the two repositories, and apply the latest changes to Oracle Identity Governance.

Table 3-6 lists the default simple correlation rule for the EBS User Management connector. If required, you can edit the default correlation rule or add new rules. You can create complex correlation rules also. For more information about adding or editing simple or complex correlation rules, see Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Table 3-6 Predefined Identity Correlation Rule for the EBS User Management Connector

Target Attribute Element Operator Identity Attribute Case Sensitive?

__NAME__

Equals

User Login

No
In this identity rule:

  • __NAME__ is a single-valued attribute on the target system that identifies the user account.

  • User Login is the field on the OIG User form.

Figure 3-4 shows the simple correlation rule for the EBS User Management Connector.

Figure 3-4 Simple Correlation Rule for the EBS User Management Connector

Description of Figure 3-4 follows
Description of "Figure 3-4 Simple Correlation Rule for the EBS User Management Connector"

Predefined Situations and Responses

The EBS User Management connector provides a default set of situations and responses when you create a Target application. These situations and responses specify the action that Oracle Identity Governance must take based on the result of a reconciliation event.

Table 3-7 lists the default situations and responses for the EBS User Management connector. If required, you can edit these default situations and responses or add new ones. For more information about adding or editing situations and responses, see Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance

Table 3-7 Predefined Situations and Responses for the EBS User Management Connector

Situation Response

No Matches Found

None

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Figure 3-5 shows the situations and responses that the connector provides by default.

Figure 3-5 Predefined Situations and Responses for the EBS User Management Connector

Description of Figure 3-5 follows
Description of "Figure 3-5 Predefined Situations and Responses for the EBS User Management Connector"

3.5 Reconciliation Jobs

These are the reconciliation jobs that are automatically created in Oracle Identity Governance after you create the application for your target system.

You can either use these predefined jobs or edit them to meet your requirements. Alternatively, you can create custom reconciliation jobs. For information about editing these predefined jobs or creating new ones, see Updating Reconciliation Jobs in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Full User Reconciliation Job

The Oracle EBS UM Target User Reconciliation job is used to fetch all user records from the target system.

Table 3-8 Parameters of the Oracle EBS UM Target User Reconciliation Job

Parameter Description

Application Name

Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application.

Do not modify this value.

Filter

Enter the expression for filtering records that the scheduled job must reconcile.

Sample value: equalTo('__UID__','SEPT12USER1')

For information about the filters expressions that you can create and use, see ICF Filter Syntax in Developing and Customizing Applications for Oracle Identity Governance.

Incremental Recon Attribute

Name of the target system column that holds holds the timestamp at which the user record was modified.

Sample value: lastModified

Object Type

Type of object you want to reconcile.

Default value: User

Latest Token

The parameter holds the value of the target system column that is specified as the value of the Incremental Recon Attribute parameter. The Latest Token parameter is used for internal purposes. By default, this value is empty.

Note: Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute.

Scheduled Task Name

Name of the scheduled job.

Note: For the scheduled job included with this connector, you must not change the value of this attribute. However, if you create a new job or create a copy of the job, then enter the unique name for that scheduled job as the value of this attribute.

Incremental User Reconciliation Job

The Oracle EBS UM Target Incremental User Reconciliation job is used to fetch the records that are added or modified after the last reconciliation run.

Table 3-9 Parameters of the Oracle EBS UM Target Incremental User Reconciliation Job

Parameter Description

Application Name

Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application.

Do not modify this value.

Sync Token

Enter the expression for filtering records that the scheduled job must reconcile.

Sample value: equalTo('__UID__','SEPT12USER1')

For information about the filters expressions that you can create and use, see ICF Filter Syntax in Developing and Customizing Applications for Oracle Identity Governance.

Object Type

Type of object you want to reconcile.

Default value: User

Scheduled Task Name

Name of the scheduled job.

Note: For the scheduled job included with this connector, you must not change the value of this attribute. However, if you create a new job or create a copy of the job, then enter the unique name for that scheduled job as the value of this attribute.

Delete User Reconciliation Job

The Oracle EBS UM Target User Delete Reconciliation job is used to reconcile user data when for target application.

Table 3-10 Parameters of the Oracle EBS UM Target User Delete Reconciliation Job

Parameter Description

Application Name

Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application.

Do not modify this value.

Object Type

Type of object you want to reconcile.

Default value: User

Reconciliation Jobs for Entitlements

The following jobs are available for reconciling entitlements:

  • Oracle EBS UM Target Roles Lookup Reconciliation

  • Oracle EBS UM Target Responsibilities Lookup Reconciliation

  • Oracle EBS UM Target Applications Lookup Reconciliation

  • Oracle EBS UM Target Security Groups Lookup Reconciliation

The parameters for all the reconciliation jobs are the same.

Table 3-11 Parameters of the Reconciliation Jobs for Entitlements

Parameter Description

Application Name

Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application.

Do not modify this value.

Lookup Name

This parameter holds the name of the lookup definition that maps each lookup definition with the data source from which values must be fetched.

Depending on the reconciliation job you are using, the default values are as follows:

  • For Oracle EBS UM Target Roles Lookup Reconciliation: Lookup.Oracle EBS UM.Roles

  • For Oracle EBS UM Target Responsibilities Lookup Reconciliation: Lookup.Oracle EBS UM.Responsibilities

  • For Oracle EBS UM Target Applications Lookup Reconciliation: Lookup.Oracle EBS UM.Applications

  • For Oracle EBS UM Target Security Groups Lookup Reconciliation: Lookup.Oracle EBS UM.SecurityGroups

Object Type

Enter the type of object whose values must be synchronized.

Depending on the scheduled job you are using, the default values are as follows:

  • For Oracle EBS UM Target Roles Lookup Reconciliation: __ROLES__

  • For Oracle EBS UM Target Responsibilities Lookup Reconciliation: __RESPONSIBILITIES__

  • For Oracle EBS UM Target Applications Lookup Reconciliation: __APPLICATIONS__

  • For Oracle EBS UM Target Security Groups Lookup Reconciliation: __SECURITY_GROUPS__

Note: Do not change the value of this attribute.

Code Key Attribute

Enter the name of the connector or target system attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute).

Default value: Code

Note: Do not change the value of this attribute.

Decode Attribute

Enter the name of the connector or target system attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute).

Default value: Decode