6 Extending the Functionality of the Identity Cloud Service Connector

You can extend the functionality of the connector to address your specific business requirements.

• Adding New Group Attributes for Reconciliation

• Adding New Group Attributes for Provisioning

• Configuring Transformation and Validation of Data

• Configuring Action Scripts

• Configuring the Connector for Multiple Installations of the Target System

6.1 Adding New Group Attributes for Reconciliation

The connector provides a default set of attribute mappings for reconciliation between Oracle Identity Governance and the target system. The default attribute mappings are listed in Attribute Mappings. If required, you can add new user and group attributes for reconciliation.

You can edit the default user attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

You can add new group attributes for reconciliation by performing the tasks listed in this section.

• Adding New Attributes on the Process Form

• Adding Attributes to Reconciliation Fields

• Creating Reconciliation Field Mapping

• Creating Entries in Lookup Definitions

• Performing Changes in a New UI Form

Note:

• This connector supports configuration of already existing (standard) attributes of Identity Cloud Service for reconciliation.

• Only single-valued attributes can be mapped for reconciliation.

6.1.1 Adding New Attributes on the Process Form

You add a new attribute on the process form in the Form Designer section of Oracle Identity Governance Design Console.

To add a new attribute on the process form:

1. Log in to the Oracle Identity Governance Design Console.
2. Expand Development Tools, and double-click Form Designer.
3. Search for and open the UD_IDCS_GRP process form.
4. Click Create New Version, and then click Add.
5. Enter the details of the field.

   For example, if you are adding the PREFIX field, enter UD_IDCS_GRP_PREFIX in the Name field and then enter other details such as Variable Type, Length, Field Label, and Field Type.

6. Click the Save icon, and then click Make Version Active. The following figure shows the new field added to the process form.

   Figure 6-1 Form Designer

   
   Description of "Figure 6-1 Form Designer"

6.1.2 Adding Attributes to Reconciliation Fields

You can add the new attribute to the resource object in the Resource Objects section of Oracle Identity Governance Design Console.

To add the new attribute to the list of reconciliation fields in the resource object:

1. Expand Resource Management, and double-click Resource Objects.
2. Search for and open the IDCS Group resource object.
3. On the Object Reconciliation tab, click Add Field.
4. Enter the details of the field.
   For example, enter Prefix in the Field Name field and select String from the Field Type list.
5. Click the Save icon. The following figure shows the new reconciliation field added to the resource object:

   Figure 6-2 Object Reconciliation Tab

   
   Description of "Figure 6-2 Object Reconciliation Tab"
6. Click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.

6.1.3 Creating Reconciliation Field Mapping

You create a reconciliation field mapping for the new attribute in the Process Definition section of Oracle Identity Governance Design Console.

To create a reconciliation field mapping for the new attribute in the process definition:

1. Expand Process Management, and double-click Process Definition.
2. Search for and open the IDCS Group process definition.
3. On the Reconciliation Field Mappings tab of the IDCS Group process definition, click Add Field Map.
4. From the Field Name list, select the field that you want to map.
5. Double-click the Process Data Field field, and then select the column for the attribute. For example, select UD_IDCS_GRP_PREFIX.
6. Click the Save icon. The following figure shows the new reconciliation field mapped to a process data field in the process definition:

   Figure 6-3 Process Definition Tab

   
   Description of "Figure 6-3 Process Definition Tab"

6.1.4 Creating Entries in Lookup Definitions

You create an entry for the newly added attribute in the lookup definition that holds attribute mappings for reconciliation.

To create an entry for the newly added attribute in the lookup definition:

1. Expand Administration.
2. Double-click Lookup Definition.
3. Search for and open the Lookup. IDCS.GM.Recon.AttrMap lookup definition.
4. Click Add and enter the Code Key and Decode values for the field. The Code Key value must be the name of the field in the resource object.
5. Click the Save icon. The following figure shows the entry added to the lookup definition:

   Figure 6-4 Lookup Definition Page

   
   Description of "Figure 6-4 Lookup Definition Page"

6.1.5 Performing Changes in a New UI Form

You must replicate all changes made to the Form Designer of the Design Console in a new UI form.

To perform all changes made to the Form Designer of the Design Console in a new UI form, perform the following procedure:

1. Log in to Oracle Identity System Administration.
2. Create and activate a sandbox. See Creating a Sandbox and Activating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
3. Create a new UI form to view the newly added field along with the rest of the fields. See Creating Forms By Using the Form Designer in Oracle Fusion Middleware Administering Oracle Identity Governance.
4. Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource from the Form field, select the form, and then save the application instance.
5. Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.

6.2 Adding New Group Attributes for Provisioning

The connector provides a default set of attribute mappings for provisioning between Oracle Identity Governance and the target system. The default attribute mappings are listed in Attribute Mappings. If required, you can add new user and group attributes for provisioning.

You can edit the default user attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

You can add new group attributes for provisioning by performing the tasks listed in this section.

• Adding New Attributes for Provisioning

• Creating Entries in Lookup Definitions for Provisioning

• Creating a Task to Enable Update Operations

• Replicating Form Designer Changes to a New UI Form

6.2.1 Adding New Attributes for Provisioning

You add a new attribute on the process form in the Form Designer section of Oracle Identity Governance Design Console.

Note:

If you have already added an attribute for reconciliation, then you need not repeat steps performed as part of that procedure.

1. Log in to the Oracle Identity Governance Design Console.
2. Expand Development Tools, and double-click Form Designer.
3. Search for and open the UD_IDCS_GRP process form.
4. Click Create New Version, and then click Add.
5. Enter the details of the attribute.
   For example, if you are adding the PREFIX field, enter UD_IDCS_GRP_PREFIX  in the Name field, and then enter the rest of the details of this field.
6. Click the Save icon, and then click Make Version Active.

   The following figure shows the new field added to the process form:

   Figure 6-5 New Field Added to the Process Form

   
   Description of "Figure 6-5 New Field Added to the Process Form"

6.2.2 Creating Entries in Lookup Definitions for Provisioning

You create an entry for the newly added attribute in the lookup definition that holds attribute mappings for provisioning.

To create an entry for the newly added attribute in the lookup definition that holds attribute mappings for provisioning:

1. Expand Administration.
2. Double-click Lookup Definition.
3. Search for and open the Lookup.IDCS.GM.ProvAttrMap lookup definition.
4. Click Add and then enter the Code Key and Decode values for the attribute.

   For example, enter Prefix in the Code Key column and then enter name.honorificPrefix in the Decode column. The following figure shows the entry added to the lookup definition:

   Figure 6-6 Entry Added to the Lookup Definition

   
   Description of "Figure 6-6 Entry Added to the Lookup Definition"

6.2.3 Creating a Task to Enable Update Operations

Create a task to enable updates on the new group attribute during provisioning operations.

If you do not perform this procedure, then you will not be able to modify the value of the attribute after you set a value for it during the Create User provisioning operation.

To enable the update of the attribute during provisioning operations, add a process task for updating the new group attribute as follows:

See Also:

Developing Provisioning Processes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance

1. Expand Process Management, and double-click Process Definition.
2. Search for and open the IDCS Group process definition.
3. Click Add.
4. On the General tab of the Creating New Task dialog box, enter a name and description for the task and then select the following:
   • Conditional
   • Allow Cancellation while Pending
   • Allow Multiple Instances
5. Click the Save icon. The following figure shows the new task added to the process definition:

   Figure 6-7 New Task Added to the Process Definition

   
   Description of "Figure 6-7 New Task Added to the Process Definition"
6. In the provisioning process, select the adapter name in the Handler Type section as follows:
   1. Go to the Integration tab, click Add.
   2. In the Handler Selection dialog box, select Adapter.
   3. From the Handler Name column, select adpIDCSUPDATEOBJECT.
   4. Click Save and close the dialog box.

      The list of adapter variables is displayed on the Integration tab. The following figure shows the list of adapter variables:

      Figure 6-8 List of Adapter Variables

      
      Description of "Figure 6-8 List of Adapter Variables"
7. In the Adapter Variables region, click the ParentFormProcessInstanceKey variable.
8. In the dialog box that is displayed, create the following mapping:

   • Variable Name: ParentFormProcessInstanceKey

   • Map To: Process Data

   • Qualifier: Process Instance

9. Click Save and close the dialog box.
10. Repeat Steps 7 through 9 for the remaining variables listed in the Adapter Variables region.
    The following table lists values that you must select from the Map To, Qualifier, and Literal Value lists for each variable:

    Variable	Map To	Qualifier	Literal Value
    ParentFormProcessInstanceKey	Process Data	Process Instance	NA
    Adapter Return Value	Response Code	NA	NA
    Object Type	Literal	String	Group
    itResourceFieldName	Literal	String	UD_IDCS_GRP_SERVER
    attributeFieldName	Literal	String	<NAME_OF_THE_NEW_GROUP_ATTRIBUTE>

11. On the Responses tab, click Add to add at least the SUCCESS response code, with Status C. This ensures that if the task is successfully run, then the status of the task is displayed as Completed.
12. Click the Save icon and close the dialog box, and then save the process definition.

6.2.4 Replicating Form Designer Changes to a New UI Form

You must replicate all changes made to the Form Designer of the Design Console in a new UI form.

To replicate all changes made to the Form Designer of the Design Console in a new UI form:

1. Log in to Oracle Identity System Administration.
2. Create and activate a sandbox. See Creating a Sandbox and Activating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
3. Create a new UI form to view the newly added field along with the rest of the fields. See Creating Forms By Using the Form Designer in Oracle Fusion Middleware Administering Oracle Identity Governance.
4. Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource from the Form field, select the form, and then save the application instance.
5. Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.

6.3 Configuring Transformation and Validation of Data

Configure transformation and validation of user account data by writing Groovy script logic while creating your application.

You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Governance.

Similarly, you can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.

To configure transformation or validation of user account data, you must write Groovy scripts while creating your application. For more information about writing Groovy script-based validation and transformation logic, see Validation and Transformation of Provisioning and Reconciliation Attributes of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.4 Configuring Action Scripts

You can configure Action Scripts by writing your own Groovy scripts while creating your application.

These scripts can be configured to run before or after the create, update, or delete an account provisioning operations. For example, you can configure a script to run before every user creation operation.

For information on adding or editing action scripts, see Updating the Provisioning Configuration in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.5 Configuring the Connector for Multiple Installations of the Target System

You must create copies of configurations of your base application to configure it for multiple installations of the target system.

The following example illustrates this requirement:

The London and New York offices of Example Multinational Inc. have their own installations of the target system, including independent schema for each. The company has recently installed Oracle Identity Governance, and they want to configure it to link all the installations of the target system.

To meet the requirement posed by such a scenario, you must clone your application which copies all configurations of the base application into the cloned application. For more information about cloning applications, see Cloning Applications in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.