3 Configuring the EBS User Management Connector
While creating an application, you must configure connection-related parameters that the connector uses to connect Oracle Identity Governance with your target system and perform connector operations. In addition, you can view and edit attribute mappings between the process form fields in Oracle Identity Governance and target system columns, predefined correlation rules, situations and responses, and reconciliation jobs.
3.1 Basic Configuration Parameters
These are the connection-related parameters that Oracle Identity Governance requires to connect to the EBS User Management connector.
Table 3-1 Basic Configuration Parameters for the Connector
Parameter | Mandatory? | Description |
---|---|---|
Connection URL |
Yes |
Enter the database connection string using the Sample value: See Determining Values for the JDBC URL and Connection Properties Parameters for information about JDBC URL formats. |
User |
Yes |
Enter the user ID of the database user account that Oracle Identity Governance uses to connect to the target system. Sample value: |
Password |
Yes |
Enter the password for the user name of the target system account to be used for connector operations. |
Connector Server Name |
No |
If you created an IT resource of the type “Connector Server”, then enter its name. |
Topology Name |
No |
Enter the name of the SoD topology, if any SoD integration exists. The value must be the same as the value of the topologyName element in the SILConfig.xml file. If you are using default SIL registration, then specify Default value: Note: The Topology Name parameter is deprecated as SoD violations are detected using the Identity Audit feature. For more information about enabling and configuring the Identity Audit feature, see Managing Identity Audit in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance. |
Batch Size |
No |
Enter the number of records that must be included in each batch fetched from the target system during reconciliation. Default value: |
Context App ID |
No |
An application context is a set of elements associated with an artifact in Oracle E-Business Suite. The context implements user preferences and access control on the artifact. The Context App ID, Context Resp ID, and Context User ID parameters define the context that is used for connector operations. Enter the name of the application to which the user belongs. Default value: |
Context Resp ID |
No |
Enter the responsibility assigned to the user in whose context connector operations are performed on the target system. Default value: |
Context User ID |
No |
Enter the user ID of the user in whose context connector operations are performed on the target system. Default value: |
Database |
No |
Enter the name of the target system database. |
Host |
No |
Enter the host name or IP address of the computer hosting the target system. |
Port |
No |
Enter the number of the port at which the target system database is listening. |
3.2 Advanced Settings Parameters
These are the configuration-related entries that the connector uses during reconciliation and provisioning operations.
Table 3-2 Advanced Settings Parameters for the Connector
Parameter | Mandatory? | Description |
---|---|---|
Connector Name |
Yes |
This parameter holds the name of the connector class. Default Value: |
Bundle Name |
Yes |
This parameter holds the name of the connector bundle package. Default Value: |
Bundle Version |
Yes |
This parameter holds the version of the connector bundle class. Default Value: |
Pool Max Idle |
No |
Maximum number of idle objects in a pool. Default value: 10 |
Pool Max Size |
No |
Maximum number of connections that the pool can create. Default value: 10 |
Pool Max Wait |
No |
Maximum time, in milliseconds, the pool must wait for a free object to make itself available to be consumed for an operation. Default value: 150000 |
Pool Min Evict Idle Time |
No |
Minimum time, in milliseconds, the connector must wait before evicting an idle object. Default value: 120000 |
Pool Min Idle |
No |
Minimum number of idle objects in a pool. Default value: 1 |
FilterDateAttributes |
No |
Date attributes used for filtering the user. If you want to add more date fields, then you need to provide all those date field names with comma separator in decode value. Default value: |
FilterDateAttributeFormat |
No |
Date attribute value format. Default value: |
3.3 Attribute Mappings
The Schema page for a target application displays the default schema (provided by the connector) that maps Oracle Identity Governance attributes to target system columns. The connector uses these mappings during reconciliation and provisioning operations.
Oracle EBS UM User Account Attributes
Table 3-3 lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and EBS User Management columns. The table also lists whether a specific attribute is used during provisioning or reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-3 Default Attribute Mappings for Oracle EBS UM User Account
Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Provision Field? | Recon Field | Key Field? | Case Insensitive? |
---|---|---|---|---|---|---|---|
Party Last Name |
PARTY_LAST_NAME |
String |
No |
Yes |
Yes |
No |
Not applicable |
Description |
DESCRIPTION |
String |
No |
Yes |
Yes |
No |
Not applicable |
Person Id |
EMPLOYEE_ID |
String |
No |
Yes |
Yes |
No |
Not applicable |
Effective Start Date |
START_DATE |
Date |
No |
Yes |
Yes |
No |
Not applicable |
Supplier Name |
SUPPLIER_NAME |
String |
No |
Yes |
Yes |
No |
Not applicable |
Fax |
FAX |
String |
No |
Yes |
Yes |
No |
Not applicable |
Effective End Date |
END_DATE |
Date |
No |
Yes |
Yes |
No |
Not applicable |
Password Expiration Type |
PASSWORD_EXP_TYPE |
String |
No |
Yes |
Yes |
No |
Not applicable |
Party Type |
PARTY_TYPE |
String |
No |
Yes |
Yes |
No |
Not applicable |
Party Id |
PARTY_ID |
String |
No |
Yes |
Yes |
No |
Not applicable |
User Name |
__NAME__ |
String |
Yes |
Yes |
Yes |
No |
Not applicable |
Party First Name |
PARTY_FIRST_NAME |
String |
No |
Yes |
Yes |
No |
Not applicable |
|
EMAIL_ADDRESS |
String |
No |
Yes |
Yes |
No |
Not applicable |
SSO GUID |
USER_GUID |
String |
No |
Yes |
Yes |
No |
Not applicable |
Password Expiration Interval |
PASSWORD_LIFESPAN |
Long |
No |
Yes |
Yes |
No |
Not applicable |
Supplier Party Id |
SUPPLIER_PARTY_ID |
String |
No |
No |
Yes |
No |
Not applicable |
User Id |
__UID__ |
String |
No |
No |
Yes |
Yes |
No |
Status |
__ENABLE__ |
String |
No |
No |
Yes |
No |
Not applicable |
IT Resource Name |
NA |
Long |
No |
No |
Yes |
No |
Not applicable |
Password |
__PASSWORD__ |
String |
No |
Yes |
No |
No |
Not applicable |
SoDCheckTrackingID |
NA |
String |
No |
No |
No |
No |
Not applicable |
SoDCheckTimestamp |
NA |
String |
No |
No |
No |
No |
Not applicable |
SoDCheckEntitlementViolation |
NA |
String |
No |
No |
No |
No |
Not applicable |
SoDCheckStatus |
NA |
Date |
No |
No |
No |
No |
Not applicable |
SoDCheckResult |
NA |
String |
No |
No |
No |
No |
Not applicable |
Figure 3-1 shows the default User account attribute mappings.
Figure 3-1 Default Attribute Mappings for Oracle EBS UM User Account
Description of "Figure 3-1 Default Attribute Mappings for Oracle EBS UM User Account"
Responsibilities Entitlement Attributes
Table 3-4 lists the responsibilities-specific attribute mappings between the process form fields in Oracle Identity Governance and Oracle EBS User Management columns. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-4 Default Attribute Mappings for Responsibilities Entitlement
Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
---|---|---|---|---|---|---|
Application Name |
__RESPONSIBILITY__~__RESPONSIBILITY__~RESPONSIBILITY_APP_ID |
String |
Yes |
Yes |
No |
Not applicable |
Security Group |
__RESPONSIBILITY__~__RESPONSIBILITY__~SECURITY_GROUP_ID |
String |
Yes |
Yes |
No |
Not applicable |
Responsibility Name |
__RESPONSIBILITY__~__RESPONSIBILITY__~RESPONSIBILITY_ID |
String |
Yes |
Yes |
Yes |
No |
Responsibility Description |
__RESPONSIBILITY__~__RESPONSIBILITY__~RESP_DESCRIPTION |
String |
No |
Yes |
No |
Not applicable |
Responsibility Start Date |
__RESPONSIBILITY__~__RESPONSIBILITY__~RESP_START_DATE |
Date |
No |
Yes |
No |
Not applicable |
Responsibility End Date |
__RESPONSIBILITY__~__RESPONSIBILITY__~RESP_END_DATE |
Date |
No |
Yes |
No |
Not applicable |
Figure 3-2 shows the default Responsibilities entitlement mapping.
Figure 3-2 Default Attribute Mappings for Responsibilities Entitlement
Description of "Figure 3-2 Default Attribute Mappings for Responsibilities Entitlement"
Roles Entitlement Attributes
Table 3-5 lists the roles-specific attribute mappings between the process form fields in Oracle Identity Governance and Oracle EBS User Management columns. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-5 Default Attribute Mappings for Roles Entitlement
Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field | Key Field? | Case Insensitive? |
---|---|---|---|---|---|---|
Role Name |
__ROLE__~__ROLE__~ROLE_ID |
String |
Yes |
Yes |
Yes |
No |
Role Expiration Date |
__ROLE__~__ROLE__~EXPIRATION_DATE |
Date |
No |
Yes |
No |
Not applicable |
Role Start Date |
__ROLE__~__ROLE__~ROLE_START_DATE |
Date |
No |
Yes |
No |
Not applicable |
Application Name |
__ROLE__~__ROLE__~ROLE_APP_ID |
String |
No |
Yes |
No |
Not applicable |
Figure 3-3 shows the default Roles entitlement mapping.
Figure 3-3 Default Attribute Mappings for Roles Entitlement
Description of "Figure 3-3 Default Attribute Mappings for Roles Entitlement"
3.4 Rules, Situations, and Responses
Learn about the predefined rules, responses and situations for a Target application. The connector use these rules and responses for performing reconciliation.
Predefined Identity Correlation Rules
By default, the EBS User Management connector provides a simple correlation rule when you create a Target application. The connector uses this correlation rule to compare the entries in Oracle Identity Governance repository and the target system repository, determine the difference between the two repositories, and apply the latest changes to Oracle Identity Governance.
Table 3-6 lists the default simple correlation rule for the EBS User Management connector. If required, you can edit the default correlation rule or add new rules. You can create complex correlation rules also. For more information about adding or editing simple or complex correlation rules, see Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-6 Predefined Identity Correlation Rule for the EBS User Management Connector
Target Attribute | Element Operator | Identity Attribute | Case Sensitive? |
---|---|---|---|
__NAME__ |
Equals |
User Login |
No |
-
__NAME__ is a single-valued attribute on the target system that identifies the user account.
-
User Login is the field on the OIG User form.
Figure 3-4 shows the simple correlation rule for the EBS User Management Connector.
Figure 3-4 Simple Correlation Rule for the EBS User Management Connector
Description of "Figure 3-4 Simple Correlation Rule for the EBS User Management Connector"
Predefined Situations and Responses
The EBS User Management connector provides a default set of situations and responses when you create a Target application. These situations and responses specify the action that Oracle Identity Governance must take based on the result of a reconciliation event.
Table 3-7 lists the default situations and responses for the EBS User Management connector. If required, you can edit these default situations and responses or add new ones. For more information about adding or editing situations and responses, see Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance
Table 3-7 Predefined Situations and Responses for the EBS User Management Connector
Situation | Response |
---|---|
No Matches Found |
None |
One Entity Match Found |
Establish Link |
One Process Match Found |
Establish Link |
Figure 3-5 shows the situations and responses that the connector provides by default.
Figure 3-5 Predefined Situations and Responses for the EBS User Management Connector
Description of "Figure 3-5 Predefined Situations and Responses for the EBS User Management Connector"
3.5 Reconciliation Jobs
These are the reconciliation jobs that are automatically created in Oracle Identity Governance after you create the application for your target system.
You can either use these predefined jobs or edit them to meet your requirements. Alternatively, you can create custom reconciliation jobs. For information about editing these predefined jobs or creating new ones, see Updating Reconciliation Jobs in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Full User Reconciliation Job
The Oracle EBS UM Target User Reconciliation job is used to fetch all user records from the target system.
Table 3-8 Parameters of the Oracle EBS UM Target User Reconciliation Job
Parameter | Description |
---|---|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Do not modify this value. |
Filter |
Enter the expression for filtering records that the scheduled job must reconcile. Sample value: For information about the filters expressions that you can create and use, see ICF Filter Syntax in Developing and Customizing Applications for Oracle Identity Governance. |
Incremental Recon Attribute |
Name of the target system column that holds holds the timestamp at which the user record was modified. Sample value: |
Object Type |
Type of object you want to reconcile. Default value: |
Latest Token |
The parameter holds the value of the target system column that is specified as the value of the Incremental Recon Attribute parameter. The Latest Token parameter is used for internal purposes. By default, this value is empty. Note: Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. |
Scheduled Task Name |
Name of the scheduled job. Note: For the scheduled job included with this connector, you must not change the value of this attribute. However, if you create a new job or create a copy of the job, then enter the unique name for that scheduled job as the value of this attribute. |
Incremental User Reconciliation Job
The Oracle EBS UM Target Incremental User Reconciliation job is used to fetch the records that are added or modified after the last reconciliation run.
Table 3-9 Parameters of the Oracle EBS UM Target Incremental User Reconciliation Job
Parameter | Description |
---|---|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Do not modify this value. |
Sync Token |
Enter the expression for filtering records that the scheduled job must reconcile. Sample value: For information about the filters expressions that you can create and use, see ICF Filter Syntax in Developing and Customizing Applications for Oracle Identity Governance. |
Object Type |
Type of object you want to reconcile. Default value: |
Scheduled Task Name |
Name of the scheduled job. Note: For the scheduled job included with this connector, you must not change the value of this attribute. However, if you create a new job or create a copy of the job, then enter the unique name for that scheduled job as the value of this attribute. |
Delete User Reconciliation Job
The Oracle EBS UM Target User Delete Reconciliation job is used to reconcile user data when for target application.
Table 3-10 Parameters of the Oracle EBS UM Target User Delete Reconciliation Job
Parameter | Description |
---|---|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Do not modify this value. |
Object Type |
Type of object you want to reconcile. Default value: |
Reconciliation Jobs for Entitlements
The following jobs are available for reconciling entitlements:
-
Oracle EBS UM Target Roles Lookup Reconciliation
-
Oracle EBS UM Target Responsibilities Lookup Reconciliation
-
Oracle EBS UM Target Applications Lookup Reconciliation
-
Oracle EBS UM Target Security Groups Lookup Reconciliation
The parameters for all the reconciliation jobs are the same.
Table 3-11 Parameters of the Reconciliation Jobs for Entitlements
Parameter | Description |
---|---|
Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Do not modify this value. |
Lookup Name |
This parameter holds the name of the lookup definition that maps each lookup definition with the data source from which values must be fetched. Depending on the reconciliation job you are using, the default values are as follows:
|
Object Type |
Enter the type of object whose values must be synchronized. Depending on the scheduled job you are using, the default values are as follows:
Note: Do not change the value of this attribute. |
Code Key Attribute |
Enter the name of the connector or target system attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: Note: Do not change the value of this attribute. |
Decode Attribute |
Enter the name of the connector or target system attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: |