5 Using the ServiceNow Connector
You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.
5.1 Configuring Reconciliation
You can configure the connector to specify the type of reconciliation and its schedule.
This section provides details on the following topics related to configuring reconciliation:
5.1.1 Performing Full and Incremental Reconciliation
Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Governance. After you create the application, you must first perform full reconciliation.
For a Target application, you can only perform full reconciliation. For an Authoritative application, you can perform both full and incremental reconciliation.
To perform a full reconciliation run, ensure that no value is specified for the Filter attribute of the scheduled job for reconciling users.
To perform an incremental reconciliation run, set the value of the Incremental Recon Attribute to sys_updated_on, and then run the ServiceNow User Trusted Reconciliation job. At the end of the reconciliation run, the Latest Token parameter of the reconciliation job for the user record reconciliation is automatically updated. From the next reconciliation run onward, only records created after this time stamp are considered for reconciliation. This is incremental reconciliation.
You can switch from incremental reconciliation to full reconciliation whenever you want to ensure that all target system records are reconciled in Oracle Identity Governance.
See Reconciliation Jobs for information about this reconciliation jobs.
5.1.2 Performing Limited Reconciliation
Limited or filtered reconciliation is the process of limiting the number of records being reconciled based on a set filter criteria.
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.
All users are associated with a unique system ID, also known as sys_id
. The sys_id
attribute is present in the target system and OIG. Filtered reconciliation is performed using the sys_id
as a filter suffix attribute.
Note:
In the current connector release, the sys_id
attribute is the only filter suffix supported for filtering records.
You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter Suffix attribute (a scheduled task attribute) that allows you to use the sys_id
attribute of the target system to filter target system records. The sys_id
is appended to the endpoint URL. When this endpoint URL is reconciled, all record reconciliation is limited to this filter suffix attribute. A sample filter suffix value is /0e220301db039a00b88df7a0cf9619
. The value provided in the filter suffix parameter varies in accordance with the target system.
For detailed information about ICF Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
While creating the application, follow the instructions in Configuring Reconciliation to specify attribute values.
5.2 Configuring Reconciliation Jobs
Configure reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Governance.
You can apply this procedure to configure the reconciliation jobs for users and entitlements.
5.3 Configuring Provisioning
Learn about performing provisioning operations in Oracle Identity Governance and the guidelines that you must apply while performing these operations.
5.3.1 Guidelines on Performing Provisioning Operations
These guidelines provide information on what to do when performing provisioning operations.
For a Create User provisioning operation, you must specify a value for the User Name field. For example, John Doe. It is a mandatory field.
5.3.2 Performing Provisioning Operations
You create a new user in Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.
To perform provisioning operations in Oracle Identity Governance:
- Log in to Identity Self Service.
- Create a user as follows:
- In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
- From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
- Enter details of the user in the Create User page.
- On the Account tab, click Request Accounts.
- In the Catalog page, search for and add to cart the application instance for the connector that you configured earlier, and then click Checkout.
- Specify value for fields in the application form and then click Ready to Submit.
- Click Submit.
See Also:
Creating a User in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance for details about the fields on the Create User page5.4 Uninstalling the Connector
Uninstalling the connector deletes all the account-related data associated with its resource objects.
If you want to uninstall the connector for any reason, then run the Uninstall Connector utility. Before you run this utility, ensure that you set values for ObjectType
and ObjectValues
properties in the ConnectorUninstall.properties file. For example, if you want to delete resource objects, scheduled tasks, and scheduled jobs associated with the connector, then enter "ResourceObject", "ScheduleTask", "ScheduleJob" as the value of the ObjectType
property and a semicolon-separated list of object values corresponding to your connector (for example, ServiceNow User; ServiceNow Group) as the value of the ObjectValues
property.
Note:
If you set values for theConnectorName
and Release
properties along with the ObjectType
and ObjectValue
properties, then the deletion of objects listed in the ObjectValues
property is performed by the utility and the Connector information is skipped.
For more information, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Governance.