3 Configuring the Connector
While creating a target application, you must configure connection-related parameters that the connector uses to connect to Oracle Identity Governance with your target system and perform connector operations. In addition, you can view and edit attribute mappings between the process form fields in Oracle Identity Governance and target system columns, predefined correlation rules, situations and responses, and reconciliation jobs.
3.1 Basic Configuration Parameters
These are the connection-related parameters that Oracle Identity Governance requires to connect to an SAP S/4HANA application.
Note:
Unless specified, do not modify entries in the below table.Table 3-1 Parameters in the Basic Configuration
| Parameter | Mandatory ? | Description |
|---|---|---|
| username | Yes | Enter the user name of the target system that you create for performing connector operations.
Sample value: |
| password | Yes | Enter the password of your API user name.
Sample Value: |
| baseUrl | Yes | Enter the base URL of S4/HANA Webservice/ API.
Sample Value http(s)://<tenant>.s4hana.ondemand.com/sapNote: The below sample value is applicable if you are using S4HANA-12.2.1.3.0A or a later version.Sample Value http(s)://s4hana.ondemand.com/sap |
| Connector Server Name | No | By default, this field is blank. If you are using this connector with the Java Connector Server, then provide the name of Connector Server IT Resource here. |
| clientID | Yes | Enter SAP IAS’ service account ClientID.
Sample Value
|
| clientSecret | Yes | Enter the ClientID for SAP IAS password.
Sample Value:
|
| host | Yes | Enter the hostname of the target system.
Default
Value:
https://<S4/HANA Host or
DNS>Note: This attribute is applicable from S4HANA-12.2.1.3.0A or a later version. |
| IASUserUrl | Yes | Enter SAP IAS User search URL.
Sample
Value:
https://<SAP IAS Host IP or
DNS>/service/scim/Users?filter=userName eq “%s”Note: The%s should be in quotes.
|
| lookupUrl | Yes | This entry specifies the S4/HANA Cloud Webservice
endpoint to list the roles.
Default
Value:
/sap/opu/odata/sap/APS_IAM_SIAG_BROLE_SRV/Aps_Iam_Siag_Br_DllNote: This attribute is applicable from S4HANA-12.2.1.3.0A or a later version. |
| skipIASUserVerification | Yes | Set it to true if you don't want to verify user existence in SAP IAS else false. |
| proxyHost | No | Enter the proxy host or IP if you are using proxy server to access internet.
Sample value |
| proxyPassword | No | Enter the proxy password if you are using proxy server to access internet. |
| proxyPort | No | Enter the proxy port.
Sample Value: |
| proxyUsername | No | If you are using proxy server to access internet. |
3.2 Advanced Settings Parameters
These are the configuration-related entries that the connector uses during reconciliation and provisioning operations.
Note:
-
Unless specified, do not modify entries in the below table.
-
All parameters in the below table are mandatory.
Table 3-2 Advanced Settings Parameters
| Parameter | Description |
|---|---|
| Bundle Name |
This entry holds the name of the connector bundle. Default value:
|
| Bundle Version |
This entry holds the version of the connector bundle. Default value: |
| Connector Name |
This entry holds the name of the connector class. Default value: |
| createUrl |
This entry specifies the S4/HANA Cloud Webservice endpoint to create user. Default value:
|
| updateUrl |
This entry specifies the S4/HANA Cloud Webservice endpoint to update user Default value:
|
| reconUrl |
This entry specifies the S4/HANA Cloud Webservice endpoint to list user(s) Default value:
|
| targetDateFormat |
This entry specifies the date format supported by target for field like Validity period i.e. Start and End Date Default value:
|
| updateNotSupportedForAttribute |
This entry specifies comma separated list of target attributes that can’t be updated as target doesn’t support it Default value:
|
3.3 Attribute Mappings
The Schema page for a target application displays the default schema (provided by the connector) that maps Oracle Identity Governance attributes to target system attributes. The connector uses these mappings during reconciliation and provisioning operations.
Default Attributes for SAP S/4HANA Cloud Target Application
Table 3-3 lists the user-specific attribute mappings between the process form fields in Oracle Identity Governance and SAP S/4HANA Cloud target application attributes. The table also lists whether a specific attribute is used during provisioning or reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-3 Default Attributes for SAP S/4HANA Cloud Target Application
| Display Name | Target Attribute | Data Type | Length | Mandatory Provisioning Property? | Provision Field? | Recon Field | Key Field? | Case Insensitive? |
|---|---|---|---|---|---|---|---|---|
| Person ID | __UID__ | String | 10 | No | Yes | Yes | Yes | Not applicable |
| Person External ID | PersonExternalID | String | 20 | No | Yes | Yes | No | Not applicable |
| Username | __NAME__ | String | 40 | Yes | Yes | Yes | Yes | Not applicable |
| Server | Long | Yes | Yes | Yes | Not applicable | |||
| First Name | FirstName | String | 80 | Yes | Yes | Yes | No | Not applicable |
| Last Name | LastName | String | 80 | Yes | Yes | Yes | No | Not applicable |
| Full Name | PersonFullName | String | 80 | Yes | Yes | Yes | No | Not applicable |
| Middle Name | MiddleName | String | 80 | No | Yes | Yes | No | Not applicable |
| EmailAddress | String | 241 | Yes | Yes | Yes | No | Not applicable | |
| User ID | UserID | String | 12 | No | No | Yes | No | Not applicable |
| Person UUID | PersonUUID | String | 36 | No | Yes | Yes | No | Not applicable |
| User Validity Start Date | StartDate | Date | Yes | Yes | Yes | No | Not applicable | |
| User Validity End Date | EndDate | Date | Yes | Yes | Yes | No | Not applicable | |
| Is Locked | LockedIndicator | Boolean | No | Yes | Yes | No | Not applicable | |
| Company Code | CompanyCode | String | 250 | No | Yes | No | No | Not applicable |
| Gender | GenderCode | String | 250 | No | Yes | No | No | Not applicable |
| Worker Type | PersonWorkAgreementType | String | 250 | No | Yes | No | No | Not applicable |
| Status | __ENABLE__ | String | No | No | Yes | No | Not applicable | |
| Decimal Format | DecimalFormatCode | String | 250 | No | Yes | Yes | No | Not applicable |
| Date Format | DateFormatCode | String | 250 | No | Yes | Yes | No | Not applicable |
| Time Format | TimeFormatCode | String | 250 | No | Yes | Yes | No | Not applicable |
| Time Zone | TimeZoneCode | String | 250 | No | Yes | Yes | No | Not applicable |
Figure 3-1 Default Attribute Mappings for SAP S/4HANA Cloud User Account
Role Attribute
Table 3-4 lists the inline Role attribute mappings between the process form fields in Oracle Identity Governance and SAP S/4HANA Cloud target application attributes. The table lists whether a given attribute is mandatory during provisioning. It also lists whether a given attribute is used during reconciliation and whether it is a matching key field for fetching records during reconciliation.
If required, you can edit the default attribute mappings by adding new attributes or deleting existing attributes as described in Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-4 Default Attribute Mappings for Role
| Display Name | Target Attribute | Data Type | Mandatory Provisioning Property? | Recon Field? | Key Field? | Case Insensitive? | Advanced Settings |
|---|---|---|---|---|---|---|---|
| Role Name | roles~__ROLE__~RoleName | String | Yes | Yes | Yes | No | Length:250 |
Figure 3-2 Default Attribute Mappings for Role
3.4 Correlation Rules, Situations, and Responses for a Target Application
When you create a target application, the connector uses correlation rules to determine the identity to which Oracle Identity Governance must assign a resource.
Predefined Identity Correlation Rules
By default, the SAP S/4HANA Cloud connector provides a simple correlation rule when you create a target application. The connector uses this correlation rule to compare the entries in Oracle Identity Governance repository and the target system repository, determine the difference between the two repositories, and apply the latest changes to Oracle Identity Governance.
Table 3-5 lists the default simple correlation rule for SAP S/4HANA Cloud connector. If required, you can edit the default correlation rule or add new rules. You can create simple correlation rules also. For more information about adding or editing simple or complex correlation rules, Updating Identity Correlation in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-5 Predefined Identity Correlation Rule for SAP S/4HANA Cloud Target Application
| Target Attribute | Element Operator | Identity Attribute | Case Sensitive? | Rule Operator |
|---|---|---|---|---|
|
__NAME__ |
Equals |
User Login |
No |
-
__NAME__ is a single-valued attribute on the target system that identifies the user account.
-
User Login is the field on the OIG User form.
Figure 3-3 shows the simple correlation rule for SAP S/4HANA Cloud target application.
Figure 3-3 Simple Correlation Rule for SAP S/4HANA Cloud Target Application
Predefined Situations and Responses
The SAP S/4HANA Cloud connector provides a default set of situations and responses when you create a target application. These situations and responses specify the action that Oracle Identity Governance must take based on the result of a reconciliation event.
Table 3-6 lists the default situations and responses for a SAP S/4HANA Cloud Target application. If required, you can edit these default situations and responses or add new ones. For more information about adding or editing situations and responses, see Creating a Target Application in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
Table 3-6 Predefined Situations and Responses for a SAP S/4HANA Cloud Target Application
| Situation | Response |
|---|---|
|
No Matches Found |
None |
|
One Entity Match Found |
Establish Link |
|
One Process Match Found |
Establish Link |
3.5 Reconciliation Jobs
These are the reconciliation jobs that are automatically created in Oracle Identity Governance after you create the application.
User Reconciliation Jobs
You can either use these predefined jobs or edit them to meet your requirements. Alternatively, you can create custom reconciliation jobs. For information about editing these predefined jobs or creating new ones, see Updating Reconciliation Jobs in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
The SAP S/4HANA Cloud Resource User Reconciliation job is used to reconcile user data from a target application.
Table 3-7 shows the parameters of the S4HANA user reconciliation job.
Table 3-7 Parameters of the S4HANA User Reconciliation Job
| Parameter | Description |
|---|---|
| Application Name |
Name of the application you created for your target system. This value is the same as the value that you provided for the Application Name field while creating your target application. Do not modify this value. |
| Scheduled Task Name |
This parameter holds the name of the scheduled job. Note: For the scheduled job included with this connector, you must not change the value of this parameter. However, if you create a new job or create a copy of the job, then enter the unique name for that scheduled job as the value of this parameter. Default value: APP_NAME S4HANA Target Resource User Reconciliation |
| Filter Suffix | Enter the search filter for fetching user records from the target system during a reconciliation run. See Performing Limited Reconciliation for more information about this attribute. |
| Object Type |
This attribute holds the name of the object type for the reconciliation run. Default value: Do not change the default value. |
Reconciliation Jobs for Entitlements
Note:
This Lookup Recon is applicable from S4HANA-12.2.1.3.0A or a later version.- Roles Lookup Reconciliation
The parameters for all the reconciliation jobs are the same.
Table 3-8 describes the parameters of the Reconciliation jobs for entitlements.
Table 3-8 Parameters of the Reconciliation Jobs for Entitlements
| Parameter | Description |
|---|---|
|
Application Name |
Current AOB application name with which the reconciliation job is associated. Do not modify this value. |
|
Code Key Attribute |
Name of the connector attribute that is used to populate the Code Key column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: __UID__ |
|
Decode Attribute |
Name of the connector attribute that is used to populate the Decode column of the lookup definition (specified as the value of the Lookup Name attribute). Default value: Name |
|
Lookup Name |
Enter the name of the lookup definition in Oracle Identity Governance that must be populated with values fetched from the target system. Depending on the Reconciliation job that you are using, the default values are as follows:
If you create a copy of any of these lookup definitions, then enter the name of that new lookup definition as the value of the Lookup Name attribute. |
|
Object Type |
Enter the type of object you want to reconcile. Depending on the Reconciliation job that you are using, the default values are as follows:
Do not change the value of this parameter. |