Using the Generic SCIM Connector

4 Using the Generic SCIM Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

The following topics discuss information related to using the connector for performing reconciliation and provisioning operations:

Configuring Reconciliation

You can configure the connector to specify the type of reconciliation and its schedule.

This section discusses the following topics related to configuring reconciliation:

Performing Full Reconciliation and Incremental Reconciliation

Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Governance.

In incremental reconciliation, only records created or modified after the latest date or timestamp the last reconciliation was run are considered for reconciliation.

After you deploy the connector, you must first perform full reconciliation.

You can perform a full reconciliation run by removing or deleting any value currently assigned to the Filter attribute and then run the scheduled job for user data reconciliation. See Reconciliation Jobs for more information about the user reconciliation scheduled job and Filter attribute. In this scheduled job, you can include the timestamp attributes available in the Incremental Recon Attribute field.

At any given point in time, youcan switch from incremental reconciliation to full reconciliation. All you need to do is perform a full reconciliation run.

To perform incremental reconciliation, you must update and run the scheduled job for user data reconciliation to include the following attributes:

Incremental Recon Attribute — Name of the target system attribute that holds the time stamp at which the record was last modified. The value in this attribute is used to determine the newest or latest record reconciled from the target system.
Latest Token — Holds the value of the attribute that is specified as the value of the Incremental Recon Attribute attribute. The Latest Token attribute is used for internal purposes. Do not enter a value for this attribute. The reconciliation engine automatically enters a value in this attribute. Sample value: 1354753427000

Performing Limited (Filtered) Reconciliation

Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

You can perform limited reconciliation by creating filters that your target system supports. This connector provides the Filter attribute (scheduled task attributes) that allows you to use any of the attributes of the target system to filter target system records.

For detailed information about ICF Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.

Configuring Reconciliation Jobs

Configure Reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle IdentityGovernance.

You can apply this procedure to configure the reconciliation jobs for users and entitlements.

To configure a reconciliation job:

Log in to Oracle Identity System Administration.
In the left pane, under System Management, click Scheduler.

Note:

If you are using OIG 12cPS4 with 2022OCTBP or later version, log in to Identity Console, click Manage, under System Configuration, click Scheduler.
Search for and open the scheduled job as follows:
1. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
2. In the search results table on the left pane, click the scheduled job in the Job Name column.
On the Job Details tab, you can modify the parameters of the scheduled task:
- Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
- Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type. See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Governance.
In addition to modifying the job details, you can enable or disable a job.
On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

Note:

Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.
Click Apply to save the changes.

Note:

You can use the Scheduler Status page in Identity System Administration to either start, stop, or reinitialize the scheduler.

Performing Provisioning Operations

To create a new user in Oracle Identity Self Service by using the Create User page, you must provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Governance, perform the following steps:

Log in to Identity Self Service.
Create a user as follows:
1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
3. Enter details of the user in the Create User page.
On the Account tab, click Request Accounts.
In the Catalog page, search for and add to cart the application instance for the connector that you configured earlier and then click Checkout.
Specify value for fields in the application form and then click Ready to Submit.
Click Submit.