1. Configuring the SAP User Management Engine Application
  2. Creating an Application By Using the SAP User Management Engine Connector

2 Creating an Application By Using the SAP User Management Engine Connector

Learn about onboarding applications using the connector and the prerequisites for doing so.

2.1 Process Flow for Creating an Application By Using the Connector

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.

Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.

Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector

Description of Figure 2-1 follows
Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"

2.2 Prerequisites for Creating an Application By Using the Connector

Learn about the tasks that you must complete before you create the application.

2.2.1 Downloading the Connector Installation Package

You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.

To download the connector installation package:
  1. Navigate to the OTN website at http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html.
  2. Click OTN License Agreement and read the license agreement.
  3. Select the Accept License Agreement option.
    You must accept the license agreement before you can download the installation package.
  4. Download and save the installation package to any directory on the computer hosting Oracle Identity Governance.
  5. Extract the contents of the installation package to any directory on the computer hosting Oracle Identity Governance. This creates a directory named CONNECTOR_NAME-RELEASE_NUMBER.
  6. Copy the CONNECTOR_NAME-RELEASE_NUMBER directory to the OIG_HOME/server/ConnectorDefaultDirectory directory.

2.2.2 Creating a Target System User Account for Connector Operations

The connector uses a target system account to connect to and perform operations on the target system.

To create this target system account:

  1. Create a technical user account in the target system and assign it a role with  the Spml_Read_Action and Spml_Write_Action actions.
  2. If the target system is configured with JAVA data source by default, then assign the following roles:

    • NWA_SUPERADMIN

    • MY_SPML_FULL_ACCESS_ROLE

    Note:

    If target system Netweaver 7.3 is configured with JAVA data source by default and if JAVA Data source is used for Admin User, then assign the following roles:

    • Administrator

    • Super Administration

    • MY_SPML_FULL_ACCESS_ROLE

  3. If the target system is configured with ABAP data source, then assign the SAP_J2EE_ADMIN group.
  4. If this connector is configured with the ABAP data source and CUA is enabled in the backend ABAP application, then assign a system to the user account created earlier.
  5. If you want to perform connector operations such as Access Request Management and Access Risk Analysis through an SAP Business Objects Access Control system, then assign the following minimum set of roles to a user account in SAP Business Objects Access Control:
    Role Name Description

    SAP_BC_WEBSERVICE_CONSUMER

    Web Service Consumer

    SAP_GRC_NWBC

    Governance, Risk, and Compliance

    SAP_GRAC_ACCESS_APPROVER

    Role for Access Request Approver

    SAP_GRAC_RISK_OWNER

    Risk Maintenance and Risk Analysis

    SAP_GRAC_ROLE_MGMT_ROLE_OWNER

    Role Owner

For detailed information on each of these preinstallation tasks, refer to the SAP documentation.

2.3 Creating an Application By Using the Connector

You can onboard an application into Oracle Identity Governance from the connector package by creating a target or an authoritative application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

The following is the high-level procedure to create an application by using the connector:

Note:

For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

  1. Create an application in Identity Self Service. The high-level steps are as follows:
    1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
    2. Ensure that the Connector Package option is selected when creating an application.
    3. Update the basic configuration parameters to include connectivity-related information.
    4. If required, update the advanced setting parameters to update configuration entries related to connector operations.
    5. Review the default user account attribute mappings. If required, add new attributes or you can edit or delete existing attributes.
    6. Review the provisioning, reconciliation, organization, and catalog settings for your application and customize them if required. For example, you can customize the default correlation rules for your application if required.
    7. Review the details of the application and click Finish to submit the application details.
      The application is created in Oracle Identity Governance.
    8. When you are prompted whether you want to create a default request form, click Yes or No.
      If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. The default form cannot be modified later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.
  2. Verify reconciliation and provisioning operations on the newly created application.

See Also: