6 Extending the Functionality of the EBS User Management Connector
You can extend the functionality of the connector to address your specific business requirements.
6.1 Adding New Multivalued Attributes for Reconciliation and Provisioning
You can add new multivalued attributes for reconciliation and provisioning.
By default, the attributes listed in Attribute Mappings are mapped for reconciliation and provisioning between Oracle Identity Governance and the target system. If required, you can map additional multivalued attributes for reconciliation and provisioning. The following sections describe the procedures to be performed for adding new multivalued attributes. The Security Attributes multivalued attribute has been used as an example to illustrate these procedures.
6.1.1 Summary of Steps to Add New Multivalued Attributes for Reconciliation and Provisioning
The following a summary of high-level steps to be performed to add a new multivalued attribute for reconciliation and provisioning:
- Update the DB wrapper package to include the new multivalued attribute. You must include the parent attribute in the main attribute list of the get_schema procedure and then create an attribute list with all the child attributes as described in Extending the Connector Schema.
- Update Oracle Identity Goernance metadata to include the new attribute as described in Extending Oracle Identity Manager Metadata.
- Create a scheduled job to synchronize values in the target system attributes corresponding to the newly created multivalued attribute with values in Oracle Identity Governance as described in Creating Scheduled Jobs.
- Update the connector bundle to include the new multivalued attribute in the search.properties and Procedures.properties file as described in Updating the Connector Bundle.
- Add APIs to Wrapper packages to enable provisioning operation on the newly added multivalued attribute as described in Adding APIs to Wrapper Packages.
6.1.2 Extending the Connector Schema
You must extend the connector schema to include a new multivalued attribute for reconciliation and provisioning. To do so:
6.1.3 Extending Oracle Identity Manager Metadata
By default, the multivalued fields listed on the Schema page for your application in Identity Self Service are mapped for reconciliation between Oracle Identity Governance and the target system. If required, you can add new multivalued fields for target resource reconciliation.
To add new multivalued fields for reconciling users from a target application:
- Log in to Oracle Identity System Administration and create a lookup that can hold the list of values for the multivalued field that you want to add.
- Create a child form and add attributes as follows:
- Log in to Identity Self Service.
- Search for and open the application you created for your target system for editing.
- On the Schema page, add a new child form and its attributes. For example, enter values for the Display Name and Target Attribute fields.
Note:
- Ensure to select the Recon Field option.
- When you add attributes to the child form, from the Advanced Settings option, ensure to mark the newly added attribute as a Lookup.
- In the List of values field, enter the name of the lookup created in Step 1.
- Apply the changes.
- Log in to Identity System Administration, create a new form and associate it with your application.
6.1.4 Creating Scheduled Jobs
You can either use these predefined jobs or edit them to meet your requirements. Alternatively, you can create custom reconciliation jobs. For information about editing these predefined jobs or creating new ones, see Updating Reconciliation Jobs in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.1.5 Updating the Connector Bundle
You must update the connector bundle (org.identityconnectors.ebs-1.0.1115.jar) to include all the updates made in the earlier sections. To do so:
6.2 Configuring the Connector for Multiple Installations of the Target System
You must create copies of configurations of your base application to configure it for multiple installations of the target system.
The London and New York offices of Example Multinational Inc. have their own installations of the target system, including independent schema for each. The company has recently installed Oracle Identity Governance, and they want to configure it to link all the installations of the target system.
6.3 Configuring Transformation and Validation of Data
Configure transformation and validation of user account data by writing Groovy script logic while creating your application.
You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Governance.
Similarly, you can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.
To configure transformation or validation of user account data, you must write Groovy scripts while creating your application. For more information about writing Groovy script-based validation and transformation logic, see Validation and Transformation of Provisioning and Reconciliation Attributes of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.4 Configuring Action Scripts
You can configure Action Scripts by writing your own Groovy scripts while creating your application.
For information on adding or editing action scripts, see Updating the Provisioning Configuration in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.