6 Extending the Functionality of the Identity Cloud Service Connector
You can extend the functionality of the connector to address your specific business requirements.
6.1 Adding New Group Attributes for Reconciliation
The connector provides a default set of attribute mappings for reconciliation between Oracle Identity Governance and the target system. The default attribute mappings are listed in Attribute Mappings. If required, you can add new user and group attributes for reconciliation.
You can edit the default user attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Note:
-
This connector supports configuration of already existing (standard) attributes of Identity Cloud Service for reconciliation.
-
Only single-valued attributes can be mapped for reconciliation.
6.1.1 Adding New Attributes on the Process Form
You add a new attribute on the process form in the Form Designer section of Oracle Identity Governance Design Console.
To add a new attribute on the process form:
6.1.2 Adding Attributes to Reconciliation Fields
You can add the new attribute to the resource object in the Resource Objects section of Oracle Identity Governance Design Console.
To add the new attribute to the list of reconciliation fields in the resource object:
6.1.3 Creating Reconciliation Field Mapping
You create a reconciliation field mapping for the new attribute in the Process Definition section of Oracle Identity Governance Design Console.
To create a reconciliation field mapping for the new attribute in the process definition:
6.1.4 Creating Entries in Lookup Definitions
You create an entry for the newly added attribute in the lookup definition that holds attribute mappings for reconciliation.
To create an entry for the newly added attribute in the lookup definition:
6.1.5 Performing Changes in a New UI Form
You must replicate all changes made to the Form Designer of the Design Console in a new UI form.
To perform all changes made to the Form Designer of the Design Console in a new UI form, perform the following procedure:
- Log in to Oracle Identity System Administration.
- Create and activate a sandbox. See Creating a Sandbox and Activating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
- Create a new UI form to view the newly added field along with the rest of the fields. See Creating Forms By Using the Form Designer in Oracle Fusion Middleware Administering Oracle Identity Governance.
- Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource from the Form field, select the form, and then save the application instance.
- Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
6.2 Adding New Group Attributes for Provisioning
The connector provides a default set of attribute mappings for provisioning between Oracle Identity Governance and the target system. The default attribute mappings are listed in Attribute Mappings. If required, you can add new user and group attributes for provisioning.
You can edit the default user attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.2.1 Adding New Attributes for Provisioning
You add a new attribute on the process form in the Form Designer section of Oracle Identity Governance Design Console.
Note:
If you have already added an attribute for reconciliation, then you need not repeat steps performed as part of that procedure.
6.2.2 Creating Entries in Lookup Definitions for Provisioning
You create an entry for the newly added attribute in the lookup definition that holds attribute mappings for provisioning.
To create an entry for the newly added attribute in the lookup definition that holds attribute mappings for provisioning:
6.2.3 Creating a Task to Enable Update Operations
Create a task to enable updates on the new group attribute during provisioning operations.
See Also:
Developing Provisioning Processes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance6.2.4 Replicating Form Designer Changes to a New UI Form
You must replicate all changes made to the Form Designer of the Design Console in a new UI form.
- Log in to Oracle Identity System Administration.
- Create and activate a sandbox. See Creating a Sandbox and Activating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
- Create a new UI form to view the newly added field along with the rest of the fields. See Creating Forms By Using the Form Designer in Oracle Fusion Middleware Administering Oracle Identity Governance.
- Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource from the Form field, select the form, and then save the application instance.
- Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
6.3 Configuring Transformation and Validation of Data
Configure transformation and validation of user account data by writing Groovy script logic while creating your application.
You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Governance.
Similarly, you can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.
To configure transformation or validation of user account data, you must write Groovy scripts while creating your application. For more information about writing Groovy script-based validation and transformation logic, see Validation and Transformation of Provisioning and Reconciliation Attributes of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.4 Configuring Action Scripts
You can configure Action Scripts by writing your own Groovy scripts while creating your application.
For information on adding or editing action scripts, see Updating the Provisioning Configuration in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.5 Configuring the Connector for Multiple Installations of the Target System
You must create copies of configurations of your base application to configure it for multiple installations of the target system.
The London and New York offices of Example Multinational Inc. have their own installations of the target system, including independent schema for each. The company has recently installed Oracle Identity Governance, and they want to configure it to link all the installations of the target system.