2 Creating an Application by Using the Salesforce Connector

Learn about onboarding applications using the connector and the prerequisites for doing so.

• Process Flow for Creating an Application By Using the Connector

• Prerequisites for Creating an Application By Using the Connector

• Creating an Application By Using the Connector

2.1 Process Flow for Creating an Application By Using the Connector

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.

Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.

Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector

Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"

2.2 Prerequisites for Creating an Application By Using the Connector

Learn about the tasks that you must complete before you create the application.

• Downloading the Connector Installation Package

• Registering a Client Application

2.2.1 Downloading the Connector Installation Package

You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.

To download the connector installation package:

1. Navigate to the OTN website at http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html.
2. Click OTN License Agreement and read the license agreement.
3. Select the Accept License Agreement option.
   You must accept the license agreement before you can download the installation package.
4. Download and save the installation package to any directory on the computer hosting Oracle Identity Governance.
5. Extract the contents of the installation package to any directory on the computer hosting Oracle Identity Governance. This creates a directory named CONNECTOR_NAME-RELEASE_NUMBER.
6. Copy the CONNECTOR_NAME-RELEASE_NUMBER directory to the OIG_HOME/server/ConnectorDefaultDirectory directory.

2.2.2 Registering a Client Application

Registering a client application (that is, the Salesforce connector) with the target system is a step that is performed to obtain the client ID and client secret for authenticating to the target system. It also involves creating a custom profile and an account in the target system that the connector (or client) can use for performing connector operations.

Registering a client application involves performing the following tasks on the target system:

Note:

The detailed instructions for performing these preinstallation tasks are available in the Salesforce documentation.

1. Register your client application with the target system by creating a Connected App in Salesforce. While creating the Connected App, ensure to select the OAuth scopes in the following table which represent the operations that can be performed through the Connected App you can configure. After the Connected App is created, note down the client ID and client secret values.

   OAuth Scope	Description
   Access your basic information (id, profile, email, address, phone).	This scope allows access to the Identity URL service.
   Access and manage your data (api)	This scope allows access to the logged-in user’s account using APIs, such as SCIM API and REST API. This value also includes chatter_api, which allows access to Chatter REST API resources.
   Full access (full)	Allows access to all data accessible by the logged-in user, and encompasses all other scopes. full does not return a refresh token. You must explicitly request the refresh_token scope to get a refresh token.

   The consumer key and consumer secret values for the Connected App are generated.
2. Note down the consumer key and consumer secret values as they are required while configuring the IT resource parameters. The consumer key corresponds to the clientId parameter while the consumer secret corresponds to the clientSecret parameter.
3. Create a custom profile by cloning a standard user profile with the following minimum set of administrative permissions:

   • API Enabled

   • API Only User

   • Assign Permission Sets

   • Chatter Internal User

   • Manage Internal Users

   • Manage IP Addresses

   • Manage Login Access Policies

   • Manage Package Licenses

   • Manage Password Policies

   • Manage Profiles and Permission Sets

   • Manage Roles

   • Manage Sharing

   • Manage Unlisted Groups

   • Manage Users

   • Moderate Chatter

   • Reset User Passwords and Unlock Users

   • View All Users

   • View Help Link

   • View Setup and Configuration

4. Create a target system user account to connect to the target system during each connector operation.

2.3 Creating an Application By Using the Connector

You can onboard an application into Oracle Identity Governance from the connector package by creating a Target application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

The following is the high-level procedure to create an application by using the connector:

Note:

For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

1. Create an application in Identity Self Service. The high-level steps are as follows:
   1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
   2. Ensure that the Connector Package option is selected when creating an application.
   3. Update the basic configuration parameters to include connectivity-related information.
   4. If required, update the advanced setting parameters to update configuration entries related to connector operations.
   5. Review the default user account attribute mappings. If required, add new attributes or you can edit or delete existing attributes.
   6. Review the provisioning, reconciliation, organization, and catalog settings for your application and customize them if required. For example, you can customize the default correlation rules for your application if required.
   7. Review the details of the application and click Finish to submit the application details.
      The application is created in Oracle Identity Governance.
   8. When you are prompted whether you want to create a default request form, click Yes or No.
      If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. The default form cannot be modified later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.
2. Verify reconciliation and provisioning operations on the newly created application.

See Also:

• Configuring the Salesforce Connector for details on basic configuration and advanced settings parameters, default user account attribute mappings, default correlation rules, and reconciliation jobs that are predefined for this connector

• Configuring Oracle Identity Governance for details on creating a new form and associating it with your application, if you chose not to create the default form