Creating an Application By Using the Microsoft Exchange Connector

2 Creating an Application By Using the Microsoft Exchange Connector

Learn about onboarding applications using the connector and the prerequisites for doing so.

2.1 Process Flow for Creating an Application By Using the Connector

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.

Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.

Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector

Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"

2.2 Prerequisites for Creating an Application By Using the Connector

Learn about the tasks that you must complete before you create the application.

2.2.1 Downloading the Connector Installation Package

You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.

To download the connector installation package:

Navigate to the OTN website at http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html.
Click OTN License Agreement and read the license agreement.
Select the Accept License Agreement option.
You must accept the license agreement before you can download the installation package.
Download and save the installation package to any directory on the computer hosting Oracle Identity Governance.
Extract the contents of the installation package to any directory on the computer hosting Oracle Identity Governance. This creates a directory named CONNECTOR_NAME-RELEASE_NUMBER. For example, for this connector, the director name is activedirectory-12.2.1.3.0.
Copy the CONNECTOR_NAME-RELEASE_NUMBER directory to the OIM_HOME/server/ConnectorDefaultDirectory directory.

2.2.2 Installing and Configuring the Connector Server

The connector server can either be installed on the same computer as that of the Exchange Server or on a different computer in the same domain as that of the Exchange Server.

This section contains the following topics:

2.2.2.1 Prerequisites for the Connector Server

The following prerequisites and requirements must be met for the connector server:

The computer hosting the connector server must have Intel Dual-Core Processor, 2 GHz with 4 GB RAM or a computer with similar configuration.

If you have a computer dedicated to the connector server, then 2 GB RAM is sufficient.
Before you install the connector server, ensure that you have installed .NET Framework 4.0 or later on the same computer where you are installing the connector server.

The .NET connector server need not be installed on the Exchange server target system. It can be installed either on the Exchange server or on a system that belongs to the same domain as that of the Exchange server.

2.2.2.2 Installing the Connector Server

You must install the .NET Connector Server by downloading the Connector Server package from the Oracle Technology Network site and running the ServiceInstall-version.msi file.

To install, configure, and run the Connector Server, see Using the Microsoft .NET Framework Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.

2.2.2.3 Enabling Logging

The Exchange connector uses the built-in logging mechanism of the .NET framework. Logging for the Exchange connector is not integrated with Oracle Identity Governance. The log level is set in the .NET connector server configuration file (ConnectorServer.exe.config).

By default, logging is not enabled for the connector. To enable logging:

Navigate to CONNECTOR_SERVER_HOME directory. The default directory is C:\Program Files\Identity Connectors\Connector Server.

The ConnectorServer.exe.config file must be present in this directory.
Search and locate the tag <add name="myListener" under the <listeners> tag.
The connector logs all information in the file indicated by the initializeData parameter. The default value is c:\connectorserver.log.

Edit this value as per your deployment needs. As the connector server runs using the service account, ensure the service account has write permissions on the log location and on the log file. Otherwise, there would be no logs generated even if you enable logging.

In the ConnectorServer.exe.config file, add the lines shown in bold text:

<system.diagnostics>
  <trace autoflush="true" indentsize="4">
    <listeners>
      <remove name="Default" />
      <add name="myListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="c:\connectorserver.log" traceOutputOptions="DateTime">
        <filter type="System.Diagnostics.EventTypeFilter" initializeData="Information" />
      </add>
    </listeners>
  </trace>
  <switches>
    <add name="ExchangeSwitch" value="4" />
  </switches>
</system.diagnostics>

The value="4" sets the log level to Verbose. This value can be set as follows:

Table 2-1 Log Levels

Value	Log Level
value="4" or value="Verbose"	Verbose level. Most granular.
value="3" or value="Information"	Information level.
value="2" or value="Warning"	Warning level.
value="1" or value="Error"	Error level.
value="0"	No logging.

2.2.2.4 Configuring Log File Rotation

Information about events that occur during the course of reconciliation and provisioning operations are stored in a log file. As you use the connector over a period time, the amount of information written to a log file increases. If no rotation is performed, then log files become huge.

To avoid such a scenario, perform the procedure described in this section to configure rotation of the log file.

To configure rotation of a log file on a daily basis:

Log in to the computer that is hosting the connector server.
Stop the connector server.
Back up the ConnectorServer.exe.config file. The default location of this file is C:\Program Files\Identity Connectors\Connector Server.
In a text editor, open the ConnectorServer.exe.config file for editing.

Search for the <listeners> and </listeners> elements and replace the text between these elements with the following:

<remove name="Default" />
<add name="FileLog" type="Microsoft.VisualBasic.Logging.FileLogTraceListener,Microsoft.VisualBasic,Version=8.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
initializeData="FileLogWriter"
traceOutputOptions="DateTime"
BaseFileName="ConnectorServerDaily"
Location="Custom"
CustomLocation="C:\ConnectorServerLog\"
LogFileCreationSchedule="Daily">
<filter type="System.Diagnostics.EventTypeFilter" initializeData="Information"/>
</add>

Save the file and close it.
Start the connector server.

2.2.3 Deploying the Connector Bundle on the Connector Server

To deploy the connector bundle on the connector server, you must copy and extract the connector bundle to the connector server and then configure the IT resource for the connector server.

2.2.3.1 Copying and Extracting the Connector Bundle to the Connector Server

To copy and extract the connector bundle to the Connector Server:

Note:

If a single connector server is used for both Active Directory and Exchange connectors, and if the Connector Server already has the Active Directory connector DLL, do not update Connector Server with Active Directory connector DLL provided as part of the Exchange connector bundle ZIP file.

Stop the Connector Server.
From the installation media, copy and extract the contents of the bundle/Exchange.Connector-12.3.0.0.zip file to the CONNECTOR_SERVER_HOME directory.
Start the Connector Server.

2.2.3.2 Creating the IT Resource for the Connector Server

Create the IT resource for the connector server from Identity System Administration.

To create the IT resource:

Log in to Identity System Administration, and then in the left pane, under Provisioning Configuration, click IT Resource.
On the Manage IT Resources page, click the Create icon.

On the Create IT Resource page:

In the IT Resource Name field, enter a name for the IT resource. This is the name that you will provide in the Basic Configuration section while creating the Target application.
From the IT Resource Type dropdown list, select Connector Server.

In the Parameter Values section, specify values for the IT resource parameters, click Test Connectivity to test the connection, and then click Finish.

Table 2-2 provides information about the parameters of the IT resource.

Table 2-2 Parameters of the IT Resource for the Connector Server

Parameter	Description
Host	Enter the host name or IP address of the computer hosting the connector server. Sample value: `RManager`
Key	Enter the key for the Java connector server.
Port	Enter the number of the port at which the connector server is listening. Default value: `8759`
Timeout	Enter an integer value which specifies the number of milliseconds after which the connection between the connector server and Oracle Identity Manager times out. Sample value: `300`
UseSSL	Enter `true` to specify that you will configure SSL between Oracle Identity Manager and the Connector Server. Otherwise, enter `false.` Default value: `false` Note: It is recommended that you configure SSL to secure communication with the connector server. To configure SSL, see Setting SSL for Connector Server and OIM in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.

The IT resource for the Connector Server is created.

2.2.4 Creating a Target System User Account for Connector Operations

Oracle Identity Governance requires a target system user account to connect to and access the target system during reconciliation and provisioning operations. You must create this target system user account with appropriate permissions for connector operations.

The following is the minimum privilege required for an Exchange 2016 service account to manage recipients (UserMailbox and MailUser):

The service account must be a member of Recipient Management group.

For more information, see https://docs.microsoft.com/en-us/Exchange/permissions/permissions?view=exchserver-2016.

2.2.5 Creating the Parent Application

Before you create the application for your Exchange target system, you must create its parent application, which is the application for the Microsoft Active Directory target system, in Oracle Identity Governance.

You must specify this parent application (Microsoft Active Directory) as the value of the Parent Application Name dropdown on the Basic Information page while creating the application for Exchange. By doing so, the new application (for Exchange) inherits all the properties of its parent application (Microsoft Active Directory).

To create the parent application, see Creating an Application By Using the Microsoft Active Directory User Management Connector in Oracle® Identity Governance Configuring the Microsoft Active Directory User Management Application.

2.3 Creating an Application By Using the Connector

You can onboard an application into Oracle Identity Governance from the connector package by creating a Target application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

The following is the high-level procedure to create an application by using the connector:

Note:

For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Create an application in Identity Self Service. The high-level steps are as follows:
1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
2. Ensure that the Connector Package option is selected when creating an application.
3. From the Parent Application Name dropdown, ensure to select the application that you created for the Microsoft Active Directory target system. Specifying a value for the Parent Application Name dropdown is mandatory because this value links the Exchange application that you are about to create with the Microsoft Active Directory application, which is the parent application.
4. Update the basic configuration parameters to include connectivity-related information.
5. If required, update the advanced setting parameters to update configuration entries related to connector operations.
6. Review the default user account attribute mappings. If required, add new attributes or you can edit or delete existing attributes.
  If you want to perform Remote Mailbox provisioning, then add the Remote Routing Address and Recipient Type Details attributes to the existing list of attribute mappings.
7. Review the provisioning, reconciliation, organization, and catalog settings for your application and customize them if required. For example, you can customize the default correlation rules for your application if required.
8. Review the details of the application and click Finish to submit the application details.
  The application is created in Oracle Identity Governance.
9. When you are prompted whether you want to create a default request form, click Yes or No.
  If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. The default form cannot be modified later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.
Log out of and log in to Identity Self Service, and then verify reconciliation and provisioning operations on the newly created application.