6 Extending the Functionality of the SAP User Management Connector
This following topics are discussed in this section:
6.1 Determining the Names of Target System Attributes
You can determine the name of a target system attribute that you want to add for reconciliation or provisioning on the SAP system.
The target system attributes can be single-valued or multivalued. The names that you determine are used to build values for the Decode column of the lookup definitions that hold attribute mappings. These lookup definitions and their corresponding Decode column formats are listed in the following table:
Application Attribute | Provisioning Property | Reconciliation Property | |||||
---|---|---|---|---|---|---|---|
Display Name |
Target Attribute |
Data Type |
Mandatory? |
Provisioning Field |
Reconcliation Field |
Key Field |
Case Insensitive |
Nick Name |
NICKNAME;ADDRESS;NICKNAME;ADDRESSX |
String |
No |
Yes |
Yes |
No |
No |
user ID |
_NAME_ |
String |
Yes |
Yes |
Yes |
Yes |
No |
Password |
_PASSWORD_ |
String |
No |
Yes |
No |
No |
No |
The format of single-valued target system attributes is as follows:
FIELD_NAME;STRUCTURE_NAME
-
FIELD_NAME is the name of the field
-
STRUCTURE_NAME is the name of the structure
The format of multivalued target system attributes is as follows:
FIELD_NAME;STRUCTURE_NAME;FIELD_NAME_X;STRUCTURE_NAME_X
-
FIELD_NAME is the name of the field
-
STRUCTURE_NAME is the name of the structure
-
FIELD_NAME_X is the name of the field used to indicate whether or not the value in FIELD_NAME must be applied.
-
STRUCTURE_NAME_X is the name of the structure that holds FIELD_NAME_X.
Note:
You need not perform this procedure for custom attributes that you add on the target system. For custom attributes, the names are the same as provided in the custom BAPI.
To determine the name of the target system attribute on which the connector can perform reconciliation and provisioning operations:
6.2 Configuring the Connector for Multiple Installations of the Target System
You must create copies of configurations of your base application to configure it for multiple installations of the target system.
The London and New York offices of Example Multinational Inc. have their own installations of the target system, including independent schema for each. The company has recently installed Oracle Identity Governance, and they want to configure it to link all the installations of the target system.
6.3 Configuring Transformation and Validation of Data
Configure transformation and validation of user account data by writing Groovy script logic while creating your application.
You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Governance.
Similarly, you can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.
To configure transformation or validation of user account data, you must write Groovy scripts while creating your application. For more information about writing Groovy script-based validation and transformation logic, see Validation and Transformation of Provisioning and Reconciliation Attributes of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.4 Configuring Resource Exclusion Lists
You can specify a list of accounts that must be excluded from reconciliation and provisioning operations. The accounts whose user IDs you specify in the exclusion list are not affected by reconciliation and provisioning operations.
See Resource Exclusion Lists of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
6.5 Configuring Action Scripts
You can configure Action Scripts by writing your own Groovy scripts while creating your application.
For information on adding or editing action scripts, see Updating the Provisioning Configuration in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.