6 Extending the Functionality of the SAP User Management Connector

You can extend the functionality of the connector to address your specific business requirements.

This following topics are discussed in this section:

• Determining the Names of Target System Attributes

• Configuring the Connector for Multiple Installations of the Target System

• Configuring Transformation and Validation of Data

• Configuring Resource Exclusion Lists

• Configuring Action Scripts

6.1 Determining the Names of Target System Attributes

You can determine the name of a target system attribute that you want to add for reconciliation or provisioning on the SAP system.

The target system attributes can be single-valued or multivalued. The names that you determine are used to build values for the Decode column of the lookup definitions that hold attribute mappings. These lookup definitions and their corresponding Decode column formats are listed in the following table:

Application Attribute			Provisioning Property		Reconciliation Property
Display Name	Target Attribute	Data Type	Mandatory?	Provisioning Field	Reconcliation Field	Key Field	Case Insensitive
Nick Name	NICKNAME;ADDRESS;NICKNAME;ADDRESSX	String	No	Yes	Yes	No	No
user ID	_NAME_	String	Yes	Yes	Yes	Yes	No
Password	_PASSWORD_	String	No	Yes	No	No	No

The format of single-valued target system attributes is as follows:

FIELD_NAME;STRUCTURE_NAME

In this format:

• FIELD_NAME is the name of the field

• STRUCTURE_NAME is the name of the structure

The format of multivalued target system attributes is as follows:

FIELD_NAME;STRUCTURE_NAME;FIELD_NAME_X;STRUCTURE_NAME_X

In this format:

• FIELD_NAME is the name of the field

• STRUCTURE_NAME is the name of the structure

• FIELD_NAME_X is the name of the field used to indicate whether or not the value in FIELD_NAME must be applied.

• STRUCTURE_NAME_X is the name of the structure that holds FIELD_NAME_X.

Note:

You need not perform this procedure for custom attributes that you add on the target system. For custom attributes, the names are the same as provided in the custom BAPI.

To determine the name of the target system attribute on which the connector can perform reconciliation and provisioning operations:

1. Run the SE37 transaction.
2. Execute any one of the following function modules:

   • For reconciliation attributes: BAPI_USER_GET_DETAIL

   • For provisioning attributes: BAPI_USER_CHANGE

3. Enter the user ID of the account created in Creating a Target System User Account for Connector Operations.

   The function module returns the list of all user attributes.

4. Select the attribute to view its details.
5. Select the structure icon to view further details in the Structure editor.

   The target system name for the attribute is displayed along with its value. Write down names of the attribute (FIELD_NAME for reconciliation and FIELD_NAME_X for provisioning) and the structure (STRUCTURE_NAME for reconciliation and STRUCTURE_NAME_X for provisioning). Note that attribute and structure names are case-sensitive.

6.2 Configuring the Connector for Multiple Installations of the Target System

You must create copies of configurations of your base application to configure it for multiple installations of the target system.

The following example illustrates this requirement:

The London and New York offices of Example Multinational Inc. have their own installations of the target system, including independent schema for each. The company has recently installed Oracle Identity Governance, and they want to configure it to link all the installations of the target system.

To meet the requirement posed by such a scenario, you must clone your application which copies all configurations of the base application into the cloned application. For more information about cloning applications, see Cloning Applications in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.3 Configuring Transformation and Validation of Data

Configure transformation and validation of user account data by writing Groovy script logic while creating your application.

You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Governance.

Similarly, you can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.

To configure transformation or validation of user account data, you must write Groovy scripts while creating your application. For more information about writing Groovy script-based validation and transformation logic, see Validation and Transformation of Provisioning and Reconciliation Attributes of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.4 Configuring Resource Exclusion Lists

You can specify a list of accounts that must be excluded from reconciliation and provisioning operations. The accounts whose user IDs you specify in the exclusion list are not affected by reconciliation and provisioning operations.

See Resource Exclusion Lists of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.5 Configuring Action Scripts

You can configure Action Scripts by writing your own Groovy scripts while creating your application.

These scripts can be configured to run before or after the create, update, or delete an account provisioning operations. For example, you can configure a script to run before every user creation operation.

For information on adding or editing action scripts, see Updating the Provisioning Configuration in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.