OIG 11G R2 Field Enablement Training - Oracle · 2014-06-04 · Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class 1 | P a g e OIG 11G R2 Field Enablement

OIG 11G R2 Training

Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class 1 | P a g e

OIG 11G R2 Field Enablement Training

Lab 16 - Disconnected Resources Lab

Disclaimer: The Virtual Machine Image and other software are provided for use

only during the workshop. Please note that you are responsible for deleting

them from your computers before you leave. If you would like to try out any of

the Oracle products, you may download them from the Oracle Technology

Network (http://www.oracle.com/technology/index.html) or the Oracle E-

Delivery WebSite (http://edelivery.oracle.com)

http://www.oracle.com/technology/index.html

http://edelivery.oracle.com/

OIG 11G R2 Training


Table of Contents

OIG 11G R2 Field Enablement Training ................................................................................................... 1

Disconnected Resources Lab .............................................................................................................. 1

1. Introduction .................................................................................................................................... 3

2. Creating a disconnected Resource .................................................................................................. 3

2.1 Creating a sandbox .................................................................................................................... 3

2.2 Creating the application ............................................................................................................ 3

2.3 Publishing the Sandbox ........................................................................................................... 12

2.4 Preparing the Application for Request.................................................................................... 13

2.5 Customizing the Request Form ............................................................................................... 14

3. Requesting for Disconnected Resource ........................................................................................ 19

3.1 Requesting for an Account ...................................................................................................... 19

3.2 Requesting for an Entitlement ................................................................................................ 23

Appendix - Disconnected Resource Data Loading using Flat File …………………………………………………27

OIG 11G R2 Training


1. Introduction

In some deployments it would be necessary to support disconnected resource. These are the

resources for which there is no connector. When disconnected resource is used for actual

provisioning will be done using the manual fulfillment. OIM generates a special workflow for manual

provisioning task. In some deployments disconnected resources are also used from certification

perspective. Customer just wants to bring in the data from disconnected resources and run

certifications on these resources.

This lab will demonstrate how to create a disconnected resource as well as how to load the data into

OIM from a disconnected resource using flat file.

2. Creating a disconnected Resource

2.1 Creating a sandbox

As a first step in creating something new, we create a sandbox to store our customizations. Let us

create one for the exercise.

1. Log into the sysadmin console as user ADMIN.

2. Click on the Sandboxes link.

3. Click on the Create Sandbox button.

4. Enter AppWorx as the Sandbox Name and then click on the Save and Close button.

5. Click on the OK button on the confirmation screen.

2.2 Creating the application

1. Click on the Application Instances link under the Configuration menu.

OIG 11G R2 Training


2. Click on the Create button.

3. In the Create App Instance tab enter the following:

a. Name : AppWorx

b. Display Name : AppWorx

c. Description : AppWorx

d. Disconnected : Checked

OIG 11G R2 Training


4. Click on the Save button.

5. Click on the OK button. Wait for a while for the app instance to be created.

6. Ensure that the default form AppWorx is now selected. Else from the dropdown select the

form.

7. Click on the Edit icon besides the Form field.

OIG 11G R2 Training


8. Navigate to the Child Objects sub tab.

9. Click on Add.

10. Give the name as PERMISS

11. Click on the OK button.

12. Click on the newly created object PERMISS to edit it.

13. Under the Custom tab click on the Create New icon.

14. Select the LookUp option and click OK.

15. Enter the following in the Create Lookup Field panel:

OIG 11G R2 Training


a. Display Label : Permission Name

b. Name: <auto populates>

c. Description : Permission Name

d. Searchable : Checked

e. Entitlement: Checked

f. Searchable Picklist:Checked

16. Click on the create icon besides the Lookup Type field to create a new set of values. Provide

the following values.

a. Meaning: Permission Name

b. Code: PermissionName

OIG 11G R2 Training


17. Click on the create icon in the box below.

18. For meaning and code fill the following details by clicking on create every time.

Meaning Code

Read access to AppWorx APPWORX_READ

Write access to AppWorx APPWORX_WRITE

DBA access to AppWorx APPWORX_DBA

Operator access to AppWorx APPWORX_OPER

OIG 11G R2 Training


19. Click on the Save button.

20. Click on the Save and Close button.

21. At the top right corner, click on Back to Parent Object.

22. Once all the custom fields are created click on the Regenerate View button.

23. Make sure to keep the default option (Parent+Child Form). Click on the OK button in the

popup window.

24. Close this tab.

25. Now we need to publich the application instance AppWORX we created to organizations so

that user belonging to that organization can request it. In the AppWorx tab click on the

Organizations sub tab.

26. Click on the Assign button.

OIG 11G R2 Training


27. Search for and select the Information Systems organization.

28. Check the checkbox which says Apply for Entitlement.

OIG 11G R2 Training


29. Click on the OK button.

30. Click on the TOP organization row.

31. Click Revoke from the menu.

32. Click on YES in the warning dialog box.

33. Navigate to the Entitlements tab. In spite of creating some entitlement values why is nothing

present here? Any guess?

34. Click on Scheduler link from the System Management sub menu.

35. Search for a task with name as Entitlement List.

36. Run the job by clicking on Run Now.

37. Verify the status of the job by clicking on Refresh. You should see a success message in the

Job History area.

38. Now search for another job with name as Catalog Synchronization Job.

39. Run the job by clicking on Run Now.

40. Verify the status of the job by clicking on Refresh. You should see a success message in the

Job History area.

41. Close the Scheduled Tasks popup.

42. Now refresh the screen to see that the entitlements have got populated in the Entitlements

sub tab.

OIG 11G R2 Training


43. Select the first entitlement, APPWORX_OPER and click on Edit from the menu above.

44. Give a friendly description.

45. Click Save. This is how one would add business friendly descriptions to entitlements manually.

46. Now close all the tabs. This is very important.

2.3 Publishing the Sandbox

As we have completed our customizations now let’s go ahead and publish the sandbox to make the

customizations global.

1. Click on the Sandboxes link at the top.

2. Go to the Manage Sandboxes tab.

3. Ensure AppWorx sandbox is selected.

4. Once selected click on the Publish Sandbox button.

5. Click on Yes in the window that pops up.

6. Sign out and close the browser.

OIG 11G R2 Training


2.4 Preparing the Application for Request

We are not done yet. We need to provide few more details before an end user can request for an

account and an entitlement for this resource.

1. Open OIM Identity Self Service Console.

2. Login as SELLISON who is the Catalog Admin.

3. Click on the Catalog link under the Requests Menu.

4. Enter AppWorx in the search textbox and then click on the search icon.

5. Select AppWorx from the Catalog item list.

6. Scroll Down to the Request Details section.

7. Set the value of Fulfillment Role to Asset Management by searching for it.

OIG 11G R2 Training


8. Click on Apply.

9. Sign out and close the browser.

2.5 Customizing the Request Form

We would customize the request form to hide couple of fields.

2.5.1 Creating a sandbox

1. Open OIM Identity Self Service Console.

2. Login as ADMIN.

3. Click on the sandboxes link and create a new sandbox, Appworx_InputForm.

4. Click on Save and Close.

5. Accept all messages.

2.5.2 Completing the Customizations

1. Click on the Catalog link under the Requests Menu.

2. Enter AppWorx in the search textbox and then click on the search icon.

3. Select AppWorx Account from the Catalog item list.

OIG 11G R2 Training


4. Click on Add to Cart.

5. Click on Checkout. The provisioning form appears.

6. Click Customize at the top.

7. Select View by Source from the top menu which newly appeared.

8. Click on the Account Id field to highlight it for editing.

9. Click on Edit in the confirmation dialog. Notice that the appropriate code is selected in the

above frame.

10. From the menu at the top frame click on Edit.

OIG 11G R2 Training


11. Navigate to the Display Options sub tab.

12. Uncheck the Show Components attribute.

OIG 11G R2 Training


13. Click Apply.

14. Click OK.

15. Click on the Service Account checkbox. Notice that the appropriate code snippet is selected

in the frame above.

16. Click Edit in the top menu.

OIG 11G R2 Training


17. Navigate to the Display Options sub tab.

18. Uncheck the Show Components attribute.

19. Click Apply.

20. Click OK.

21. Click Close at the top right corner.

2.5.3 Publishing a sandbox

1. Close all the tabs.

2. Click on the Sandboxes link at the top of the page.

3. Ensure that AppWorx_InputForm is selected.

OIG 11G R2 Training


4. Click on Publish.

5. Click on Yes.

6. Sign-out and close the browser.

3. Requesting for Disconnected Resource

Pre Requisite: Make sure that OIM and SOA servers are up

3.1 Requesting for an Account

1. Go to the OIM Identity Self Service console in your browser.

2. Login as JKRAUSE into the OIM Identity Self Service Console.

3. Click on the Catalog link under the Requests menu.

4. Enter the value AppWorx in the free text search box.

5. Click on the Search button.

6. Deselect Entitlements in the Categories leaving just Application Instances checked.

OIG 11G R2 Training


7. Select the AppWorx item from the Catalog Items list and then Click on the Add to Cart

button.

8. Click on the Check Out button.

9. Enter the following details in the request form in the frame below.

a. Account Login: JKRAUSE

b. Password: Oracle123

10. Click on the Ready to Submit button. Observe that the Submit button at the top now

becomes active.

11. Then click on the Submit Button.

12. Review Request Summary information in the Request Details and Approval Details tab. Click

on Refresh button to see the approval flow details if not already shown.

13. In the Approval Details tab observe that the request has been assigned to DCRANE who is

JKRAUSE’s manager.

14. Open a different browser and log in as the manager DCRANE/Oracle123.

15. Click on the Inbox. You should see a request from JKRAUSE. Click the Request to Open it.

16. Click Approve to approve the request.

OIG 11G R2 Training


17. Switch back to the browser where you logged in as JKRAUSE.

18. Click on the Refresh button in the Approval Details tab.

19. Observer that a Manual Fulfillment task has been assigned to the xelsysadm.

OIG 11G R2 Training


20. Click on the My Access link under the My Profile menu. Then click on the Accounts Tab.

21. Observe that the AppWorx resource is in the Provisioning state.

22. Open a different browser and log in as xelsysadm.

23. Click on the Pending Approvals link under the Requests menu.

24. Click on InBox. Observe that a manual task has been assigned to the xelsysadm Team.

OIG 11G R2 Training


25. Click the Actions Menu and Select the Complete action from the Actions menu.

26. Click OK.


28. Click on the Refresh button in the Accounts tab.

29. Observer that the status of the Account has changed from Provisioning to Provisioned.

3.2 Requesting for an Entitlement

Now that the user has an account he/she can request for an entitlement.

1. Go to the OIM Identity Self Service console in your browser.

2. Login as JKRAUSE into the OIM Identity Self Service Console.

3. Click on the Catalog link under the Requests menu.

4. Enter the value AppWorx in the free text search box.

5. Click on the Search button.

6. Deselect Application Instances in the Categories leaving just Entitlements checked.

OIG 11G R2 Training


7. Select the DBA Access for AppWorx item from the Catalog Items list and then Click on the

Add to Cart button.

8. Click on the Check Out button. Provide any Justification in the next screen

9. Then click on the Submit Button.

10. Review Request Summary information in the Request Details and Approval Details tab. Click

on Refresh button to see the approval flow details if not already shown.

11. In the Approval Details tab observe that the request has been assigned to DCRANE who is

JKRAUSE’s manager.

12. Open a different browser and log in as the manager DCRANE/Oracle123.

13. Click on InBox. You should see a Pending Approval.

14. Observe that an approval task has been assigned to the manager.

OIG 11G R2 Training


15. Select the request, You don’t need to open it.

16. Select the Approve action from the Actions menu.

17. Login as xelsysadm and observe that manual fulfillment request is assigned. Select the

request. You don’t need to open it.

18. Click on Actions -> Complete to complete the task


20. Click on the Refresh button in the Approval Details tab. See the request is completed.

OIG 11G R2 Training


21. Navigate to My Access under My Profile.

22. Navigate to the Entitlements tab.

23. Observe that the new entitlement is provisioned.

OIG 11G R2 Training


Disconnected Resource Data Loading using Flat File Connector

Once the disconnected resource is created. You might have accounts and entitlements in the

disconnected resource that you would like to load into OIM. This is also needed from certification

purpose as well. OIM PS2 allows you to use the new ICF based flat file connector to load the data

from disconnected resources using flat file. You can load both accounts and entitlements from the

disconnected resource into OIM.

Prerequisites

1. The new ICF based Flat File connector is supplied in /app/software directory. Open a

terminal and navigate to /app/software directory

2. Unzip the connector

unzip FlatFile-11.1.1.5.0.zip

3. Now copy the connector to OIM’s default directory

mv FlatFile-11.1.1.5.0 /app/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/.

4. Login to sysadmin console as admin/Oracle123

5. Click on Manage Connector

6. Click on Install

7. Form the list select the Flat File connector and click Load

OIG 11G R2 Training


8. Now click Continue to install the connector

9. Wait for the connector to install and you should see the following screen. Click Exit to close

the connector installer.

OIG 11G R2 Training


Note: If you don’t have the disconnected resource created in OIM and would like to generate

the metadata for loading the resource. You can do that using the metadata generator utility. This

will build all the OIM objects (which we have done in this lab) as part of the utility and creates a

connector zip file. You can then install that connector in addition to base version we have

installed.

http://docs.oracle.com/cd/E22999_01/doc.111/e50210/deploy.htm#CHDGFGCB

Configuring OIM for Data Loading

In this example we will be loading the Accounts and Entitlements. In order to load the accounts

and entitlements, We need to have the schema defined. A schema defines the fields contained

in the flat file feed supplied to OIM. OIM will use the schema definition to identify the flatfile

fields when you run the reconciliation.

There are two schema files created in /app/dummydata/Lab16. AppWorx.properties for

accounts and entitlement.properties for loading the entitlements.

1. Take a look at the AppWorx.properties file first which is located in /app/dummydata/Lab16

http://docs.oracle.com/cd/E22999_01/doc.111/e50210/deploy.htm#CHDGFGCB

OIG 11G R2 Training


#Schema File for AppWorx

#List of Fields Present in the file

FieldNames=Account ID,Account Login,Password,IT Resource,Permission Name

#__UID and __NAME__ attribute names

UidAttribute=Account Login

NameAttribute=Account Login

#Multi Valued Attributes

Permission Name.Multivalued=true

The FieldNames defines the fields that OIM can expect in the flatfile

UidAttribute defines the Key field in the flat file feed

NameAttribute defined the name attribute from target. These are Mandatory field

Permission Name.Multivalued=true Defines that this is a Multi Valued Child Form field.

2. Let’s take a look at the entitlement.properties file located in /app/dummydata/Lab16

FieldNames=Permission Name

#__UID and __NAME attribute

UidAttribute=Permission Name

NameAttribute=Permission Name

This file has only one Field which is Permission Name which is the child table column.

3. We need to define a lookup for mapping the reconciliation attributes. This will map the

attributes from incoming flat file fields to OIM form fields.

Navigate to sysadmin console and click on Lookups

Click on Create button to create new Lookup field

OIG 11G R2 Training


Enter the Meaning and code as below

Meaning : Lookup.AppWorx.UM.Recon.AttrMap

Code : Lookup.AppWorx.UM.Recon.AttrMap

Now click on Create button to Create the new entry

Enter the following by creating multiple entries

Meaning Code

Account ID Account ID

Account Login Account Login

Password Password

IT Resource IT Resource

Permission Name AppWorxUD_PERMISS Child~Permission Name

Note: Meaning indicates the fields in OIM and Code indicates the fields coming from flat file

feed.

The Child table is represented by Child Table Name ~ Child Coulmn Name

OIG 11G R2 Training


Click Save to save the lookup

Click Ok to close the lookup window

4. Create Reconciliation Rule

Launch the Design console using the launchDesignConsole.sh command on

Desktop/Startup_Scripts

Login as xelsysadm/Oracle123

OIG 11G R2 Training


Click on Reconciliation Rules to open the new rule

Provide the following

Name: AppWorx Recon Rule

Object: Search and select AppWorx

Descrption : AppWorx Reconcilition Rule

Click on Save to save the work

Now Click on Add Rule Element to define the following rule

OIG 11G R2 Training


Click on Save button to Save. Once done close using X

In the main window click on Save

OIG 11G R2 Training


Now check the Active checkbox and Save.

OIG 11G R2 Training


5. Create the Reconciliation Action Rules in the Resource Object AppWorx

Search and Open the Resource Object AppWorx

Click on the Object Reconciliation Tab

Click on Reconciliation Action Rules sub tab

OIG 11G R2 Training


Click on Add button and define the following rules

The final rules should look like this

OIG 11G R2 Training


Click Save button

Now Click on Create Reconciliation Profile button to create the profile

You should see the below message.

Click Ok

OIG 11G R2 Training


6. Update the Flat File lookups to reflect the AppWorx disconnected resource connector

We need to update the lookup Lookup.FlatFile.UM.Configuration to point to the Lookup

Lookup.AppWorx.UM.Recon.AttrMap we created which holds the mapping between our

resource and flat file fields.

In the sysadmin console Search for the lookup Lookup.FlatFile.UM.Configuration . Highlight

the result and click Edit

Change the meaning from Dummy to Lookup.AppWorx.UM.Recon.AttrMap

Note: Make sure that there is no space at the end.

Click Save

Click OK to close the window

OIG 11G R2 Training


Search for the lookup Lookup.FlatFile.EntFieldMap

Click Edit

Change the Meaning for both Code and Decode to Permission Name ( Child table column

name)

OIG 11G R2 Training


Click Save and Click OK in the main window to close

7. Update the IT Resources to use the Schema we have defined for Accounts and Entitlements

Out of the Box there are two IT Resources Flat File Accounts & Flat File Entitlements

From the Sysadmin Console Click on IT Resources. Once open Search

Click on Edit for the IT Resource Flat File Accounts

OIG 11G R2 Training


Enter the schemaFile as /app/dummydata/Lab16/AppWorx.properties

Click Update to save the changes

Open the Flat File Entitlements IT Resource by clicking on Edit

Update the Schema File as /app/dummydata/Lab16/entitlement.properties

OIG 11G R2 Training


Click on Update to update the values

Close the IT Resources window.

Loading the Data into OIM

We would cover 3 use cases in this section. We will load the entitlements, we will load the

accounts and finally we will also demonstrate the delete reconciliation where if the

customer provides a flat file any account that’s not in the flatfile needs to be revoked.

Use Case 1: Entitlement Reconciliation

1. Navigate to Sysadmin console as admin/Oracle123 and click on Scheduler link to open the

scheduler.

2. Search the scheduled job using Flat File*

3. Open the Flat File Entitlement Loader job

OIG 11G R2 Training


4. Update the following attributes in the Job

Flat File Directory : /app/dummydata/Lab16/Entitlements

Target Application Instance Name : AppWorx

Target LookupName: PermissionName

Click on Apply to save the changes.

Take a look at the file we are supplying for this reconciliation

Open the file located at /app/dummydata/Lab16/Entitlements directory

We only have one column Permission Name which is the name of the child table column.

OIG 11G R2 Training


Click on Run Now to run the job

Note: The Mode parameter could be Full OR Incremental

You can specify the archive directory for archiving the flat file once the job is executed. If

you don’t specify the archive directory, the directory will be created in the current

directory where the file resides

Click on Refresh to refresh the job

Wait till the Job completes

You can check that archive directory has been created and the file has been archived.

At /app/dummydata/Lab16/Entitlements

Now let’s check the target lookup which has to be populated. Click on the Lookups and

search for the lookup PemissionName

OIG 11G R2 Training


Note down the IT Resource Key specified in the Code, in this example it’s 61.

As we can see as part of this use case we have run the entitlement reconciliation.

Note: If you don’t see the lookup populated and would like to run the reconciliation again,

then unzip the zip file to get the entitlement.csv and copy it to

/app/dummydata/Lab16/Entitlements and run it again.

Use Case 2: Account Reconciliation

1. Let’s take a look at the file we are using for this reconciliation. Open the file AppWorx.csv

located at /app/dummydata/Lab16/Accounts directory

If the IT Resource Key you noted down is different, please update the key in this file to 61 to

your noted down key. Save the file.

Also notice that we will be loading 3 Accounts DCRANE,AKENI & DHILL as part of this

reconciliation.

Note: The fields in this file map to the fields in the Process Form for the resource AppWorx.

OIG 11G R2 Training


2. Navigate to Sysadmin console click on Scheduler and search for Flat File*

3. Open the Flat File Loader job

4. Update the following in the Job

Flat File Directory: /app/dummydata/Lab16/Accounts

Target Application Instance: AppWorx

OIG 11G R2 Training


Click on Apply to save the change.

Click Run Now to run the Job

5. Wait till the job finishes and you see the Success message.

You will also see that the successful run has created an archive directory inside

/app/dummydata/Lab16/Accounts and the file has been zipped for archival.

6. Click on the Event Management and Search for Events. You should see 3 events from

running the reconciliation

OIG 11G R2 Training


Note: If you don’t see the events created and would like to run the reconciliation again,

unzip the zip file and copy the Accounts.csv to /app/dummydata/Lab16/Accounts folder

7. Click on the first Event to open it

8. You should see the event is successful in creating an Account

OIG 11G R2 Training


9. Now in another browser login to Identity console as admin/Oracle123

OIG 11G R2 Training


10. Search for the user DHILL and open the Accounts Tab

11. You should see that the Account AppWorx has been provisioned to user DHILL

Click on the Entitlements tab, you should see the entitlement AppWorx_Borrow provisioned

to this user.

12. Similarly you can check for other two users AKENI and DCRANE. They should have the

account AppWorx as well

OIG 11G R2 Training


As we saw in this use case we have now reconciled accounts for disconnected resource.

Use Case 3: Delete Reconciliation

Let’s run the last use case. This is a use case where you supply the file and all the accounts

that are not in the file needs to be revoked. We will use the Flat file Accounts Delete

Reconciliation.

1. Let’s look at the file first. Open the file AccountsDelete.csv located at

/app/dummydata/Lab16/AccountsDelete folder

Notice that there is only one user DCRANE which means that we reconciled 3 users in the

last use case. When we run the delete reconciliation the users not in this file (i.e AKENI and

DHILL’s AppWorx accounts will be deleted)

Note: If your IT Resource Key is different than what’s mentioned in the file (61) , Please

update the file and save it.

OIG 11G R2 Training


2. Open the Flat File Accounts Delete Reconciliation job

3. Update the following

Flat File Directory: /app/dummydata/Lab16/AccountsDelete

Target Application Instance: AppWorx

Click on Apply and then Run Now

4. Make sure the reconciliation run is successful

5. Navigate to Event Management tab and search. You should have 2 new events

OIG 11G R2 Training


Note: If you don’t see the events created successfully and would like to run the

reconciliation again, unzip the archived zip file at

/app/dummydata/Lab16/AccountsDelete/archived and copy the AccountsDelete.csv to

/app/dummydata/Lab16/AccountsDelete and run the recon again.

6. Click on the first event and open it. You should see that the Account has been deleted.

Also if you check the users Account it should say revoked as well for both DHILL and AKENI

OIG 11G R2 Training


Summary

In this lab we saw how to create a disconnected resource which was introduced as part of

the 11gR2 release. We also saw the new patch set 2 feature of loading the data from flat file

for disconnected resources. Once the data is loaded you can then run certifications on the

disconnected resource which is really powerful.

Documents

OIG 11G R2 Field Enablement Training - Oracle · 2014-06-04 · Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class 1 | P a g e OIG 11G R2 Field Enablement