5 Using the Salesforce Connector
You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.
5.1 Configuring Reconciliation
Reconciliation involves duplicating in Oracle Identity Governance the creation of and modifications to user accounts on the target system.
This section provides details on the following topics related to configuring reconciliation:
5.1.1 Performing Full Reconciliation
Full reconciliation involves reconciling all active user records from the target system into Oracle Identity Governance.
If you want to get the frozen users in the Full Reconciliation Scheduled Job use the below
Filter Value For frozen users: WHERE+Id+IN+(SELECT+UserId+FROM+UserLogin+WHERE+IsFrozen=false)
The connector cannot support incremental reconciliation because the target system does not provide a way for tracking the time at which account data is created or modified.
If the target system contains more than 2200 records, then use the Flat File connector to perform full reconciliation as Salesforce.com does not allow you to reconcile more than 2200 users even after pagination. See Reconciling Large Number of Records.
5.1.2 Performing Limited Reconciliation
Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.
You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a filter attribute that allows you to use any of the attributes of the target system to filter target system records.
You specify a value for the filter attribute while configuring the user reconciliation scheduled job.
Filter value: WHERE+id+=+'0055g00000B5GYL'
Note:
If the target system contains more than 2200 records, then use the Flat File connector to perform limited reconciliation as Salesforce does not allow you to reconcile more than 2200 users even after pagination. Otherwise, use appropriate filters to reduce the records count. See Reconciling Large Number of Records.5.1.3 Reconciling Large Number of Records
During a reconciliation run, if the target system contains more than 2200 records, then you must use the Flat File connector to fetch all the records into Oracle Identity Governance.
5.2 Configuring Provisioning
Learn about performing provisioning operations in Oracle Identity Governance and the guidelines that you must apply while performing these operations.
5.2.1 Guidelines on Performing Provisioning Operations
These are the guidelines that you must apply while performing provisioning operations.
-
For a Create User provisioning operation, you must specify a value for the User Name field along with the domain name. For example, jdoe@example.com.
-
During a group provisioning operation you must give a value for DisplayName.
-
While assigning multiple groups with the same name, the target system appends a number to the group name. Therefore, you must execute Group target reconciliation job every time multiple groups with the same name are provisioned on the target system to bring the target system and Oracle Identity Governance in synchronization.
5.2.2 Performing Provisioning Operations
You create a new user in Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.
To perform provisioning operations in Oracle Identity Governance:
- Log in to Identity Self Service.
- Create a user as follows:
- In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
- From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
- Enter details of the user in the Create User page.
- On the Account tab, click Request Accounts.
- In the Catalog page, search for and add to cart the application instance for the connector that you configured earlier, and then click Checkout.
- Specify value for fields in the application form and then click Ready to Submit.
- Click Submit.
See Also:
Creating a User in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance for details about the fields on the Create User page5.3 Scheduled Job for Reconciliation of Groups
After you create an application, the Salesforce Group Recon scheduled job is automatically created for Group Management in Oracle Identity Governance. You must configure the scheduled job to suit your requirements by specifying values for its attributes.
Table 5-1 Attributes of the Salesforce Group Recon Scheduled Job
Attribute | Description |
---|---|
IT Resource Name |
Enter the name of the IT resource for the target system installation from which you want to reconcile user records Default Value: |
Object Type |
Enter the type of object whose values must be synchronized. Default Value: Note: Do not change the value of this attribute. |
OIM Organization Name |
Enter the name of the Oracle Identity Governance organization in which reconciled groups must be created or updated. |
Resource Object Name |
This attribute holds the name of the resource object used for reconciliation. Default value:
Salesforce Group
Note: Do not change the default value. |
Scheduled Task Name |
Name of the scheduled task used for reconciliation. Default Value:
Salesforce Group Reconciliation Note: Do not modify the value of this attribute |
5.4 Configuring Reconciliation Jobs
Configure reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Governance.
You can apply this procedure to configure the reconciliation jobs for users and entitlements.
5.5 Uninstalling the Connector
Uninstalling the connector deletes all the account-related data associated with its resource objects.
ObjectType
and ObjectValues
properties in the ConnectorUninstall.properties file. For example, if you want to delete resource objects, scheduled tasks, and scheduled jobs associated with the connector, then enter "ResourceObject"
, "ScheduleTask"
, "ScheduleJob"
as the value of the ObjectType
property and a semicolon-separated list of object values corresponding to your connector (for example, Salesforce User
; Salesforce Group
) as the value of the ObjectValues
property.
Note:
If you set values for theConnectorName
and Release
properties along with the ObjectType
and ObjectValue
properties, then the deletion of objects listed in the ObjectValues
property is performed by the utility and the Connector information is skipped.
For more information, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Governance.