5 Using the Connector
You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.
Topics
This chapter discusses the following topics:
5.1 Configuring Reconciliation
You can configure the connector to specify the type of reconciliation and its schedule.
Reconciliation involves duplicating in Oracle Identity Governance the creation of and modifications to user accounts on the target system. This section provides information on the following topics related to configuring reconciliation:
5.1.1 Performing Full Reconciliation
Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Governance. After you create the application, you must first perform full reconciliation.
To perform a full reconciliation run, ensure that no value is specified for the Filter attribute.
5.1.2 Performing Batched Reconciliation
You can perform batched reconciliation to reconcile a specific number of records from the target system into Oracle Identity Governance.
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.
You can configure batched reconciliation to avoid such problems.
To configure batched reconciliation, you must specify a value for the batch-size parameter of the Basic Settings section. Use this attribute to specify the number of records that must be included in each batch. By default, this value is 10 and SAP recommends to use value between 10-100.
After you configure batched reconciliation, if reconciliation fails during a batched reconciliation run, then you only need to rerun the scheduled task without changing the values of the task parameter.
5.1.3 Performing Limited Reconciliation
You can perform limited reconciliation by creating filters for the reconciliation module, and reconcile records from the target system based on a specified filter criterion.
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. The connector provides a Filter parameter that allows you to use any of the SAP resource attributes to filter the target system records.
The following are the list of supported filters:
- BusinessPartnerRoleCodeInterval
- FirstNameInterval
- EmailAddressInterval
- LastNameInterval
- PersonExternalIDInterval
- PersonIDInterval
- UserIDInterval
- UserNameInterval
The syntax for this parameter is as follows:
Filter Account using Username
For example, EQ("UserNameInterval","NEHA")
Here any user with Username NEHA is reconciled.
Remaining Attributes filter parameters:
EQ("FirstNameInterval","NEHA")
EQ("LastNameInterval","Chandra")
EQ("BusinessPartnerRoleCodeInterval","BUP003")
EQ("EmailAddressInterval","nikhil@mail.com")
EQ("PersonExternalIDInterval","EE1912903_NIKHIL")
Other than EQUAL filter will support below Operation
Table 5-1 SAP S/4HANA Cloud connector
Operation | Syntax | Example |
---|---|---|
EQUAL | EQ(“<filterName>”,<value>) | EQ("BusinessPartnerRoleCodeInterval","BUP003") |
BETWEEN | BT(“<filtername>”,”<from value>”,”<to value>”) | BT("BusinessPartnerRoleCodeInterval","BUP003","BUP003") |
GREATER EQUAL | GE(“<filtername>”,”<from value>”,”[to value]”) | GE("BusinessPartnerRoleCodeInterval","BUP003") |
GREATER THAN | GT(“<filtername>”,”<from value>”,”[to value]”) | GT("BusinessPartnerRoleCodeInterval","BUP003") |
LESS EQUAL | LE(“<filtername>”,”<from value>”,”[to value]”) | LE("BusinessPartnerRoleCodeInterval","BUP003") |
LESS THAN | LT(“<filtername>”,”<from value>”,”[to value]”) | LT("BusinessPartnerRoleCodeInterval","BUP003") |
Note:
SAP S/4HANA Cloud connector does not support any other filters.<> - indicates value is required
[ ] – indicates optional
BusinessPartnerRoleCodeInterval filter only supports BUP003 (Employee)
For more details on S4/HANA Cloud filters, to Business User - Read under APIs for Setting Up Your SAP S/4HANA Cloud" in SAP Help Portal.
5.2 Configuring Reconciliation Jobs
Configure reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Governance.
You can apply this procedure to configure the reconciliation jobs for users and entitlements.
5.3 Performing Provisioning Operations
You create a new user in Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.
To perform provisioning operations in Oracle Identity Governance:
- Log in to Identity Self Service.
- Create a user as follows:
- In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
- From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
- Enter details of the user in the Create User page.
- On the Account tab, click Request Accounts.
- In the Catalog page, search for and add to cart the application instance for the connector that you configured earlier, and then click Checkout.
- Specify value for fields in the application form and then click Ready to Submit.
- Click Submit.
See Also:
Creating a User in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance for details about the fields on the Create User page5.4 Uninstalling the Connector
Uninstalling the connector deletes all the account-related data associated with its resource objects.
If you want to uninstall the connector for any reason, then run the Uninstall
Connector utility. Before you run this utility, ensure that you set values for
ObjectType
and ObjectValues
properties in the
ConnectorUninstall.properties file. For example, if you want to delete resource
objects, scheduled tasks, and scheduled jobs associated with the connector, then
enter "ResourceObject", "ScheduleTask", "ScheduleJob" as the
value of the ObjectType
property and a semicolon-separated list of
object values corresponding to your connector as the value of the
ObjectValues
property.
Below are examples to uninstall ResourceObjects and ScheduleJobs respectively:
-
ObjectType=ResourceObject
ObjectValues=<Application Name>
-
ObjectType= ScheduleJob
ObjectValues= <Application Name>Workday Target User Reconciliation
Note:
If you set values for theConnectorName
and Release
properties along
with the ObjectType
and ObjectValue
properties,
then the deletion of objects listed in the ObjectValues
property is
performed by the utility and the Connector information is skipped.
For more information, see Uninstalling a Connector in Oracle Fusion Middleware Administering Oracle Identity Governance.