Oracle Identity Governance (OIG) 12c uses connectors to reconcile user data from trusted source applications like Oracle Identity Cloud Service (IDCS). By default, OIG will perform a full reconciliation and sync all users from the source application.
What is Incremental Reconciliation?
The incremental reconciliation is a concept in IDM demography were during the reconciliation of data from a source, only the delta is picked by OIM connector which has been changed after last reconciliation timestamp. So, let’s say that if the reconciliation from IDCS to OIM has been triggered on 10th Oct,2022 at 2:00pm PST and next scheduled run of reconciliation is on 14th Oct,2022 at 2:00 pm PST, then, the data which has been modified/changed after 2:00pm PST 10th Oct,2022 will be picked up by the connector and will be reconciled in OIM. Therefore, in this article, you will know on how to enable this functionality of delta reconciliation from IDCS to OIM.
This article explains how to configure OIG to perform incremental reconciliation from IDCS, syncing only users that have changed since the last reconciliation run. We will show you how to enable this functionality of delta reconciliation from IDCS to OIM.
Pre-Requisites
The OIG 12c – IDCS connector should be installed in respective OIM instance as Trusted Source through AoB/Application Onboarding approach. Refer then below screenshot.
The Scheduled Task named as: IDCSTrusted REST Application Trusted User Reconciliation should be present in respective environment of OIG.
Enabling Incremental Reconciliation for IDCS Trusted Source in OIG
- Login to Identity – Self Service Console using XELSYSADM user.
- Navigate to Manage Tab. Click on Manage.
- You will get below page.
- Click on Applications tile.
- Below page will be rendered.
- Perform the blank search on this page by clicking on “Search” button.
- Results will be displayed as shown in below screenshot. Note that search result will differ as per your OIG environment and list of connectors you have installed through AoB approach.
- Look for Generic REST connector installation which is configured as Trusted source for IDCS.
- Select the Connector and click on Edit.
- Below page will be rendered.
- Scroll down till you see the Advanced Settings section.
- Expand the Advanced Settings section.
- Below page will be rendered.
- Search for “relURLs” configuration.
- The existing relURLs configuration will be as follows.
Existing relURLs configuration
|
- Change the relURLs to below value
New relURLs configuration “__ACCOUNT__.SEARCHOP=/admin/v1/Users?$(Filter Suffix)$&attributes=name.givenName,name.familyName,displayName,userName,employeeNumber,userType,organization,id,active,emails[primary+eq+%22true%22].value,meta.lastModified&count=200” |
- Update the configuration in relURLs parameter of Advanced Settings.
- Once updated, scroll up and click on Apply.
- You will get below message.
- Then, login to OIG – System Admin Console.
- Click on Scheduler.
- Below popup will be rendered.
- Search for Scheduler named using search string as: *IDCS*.
- Click on Search button.
- You will get below results.
- Click on Scheduler named as : IDCSTrusted REST Application Trusted User Reconciliation.
- The scheduled task will be opened.
- Enter the Incremental Recon Attribute as: lastModified
- Apply the changes.
- Apply the changes.
- The changes will be applied successfully and Incremental Recon Attribute will be updated successfully in scheduled task.
Incremental reconciliation is an important feature to optimize reconciliation performance. This article walked through the steps to enable incremental reconciliation from IDCS to OIG 12c, configuring the Generic REST connector and reconciliation scheduled task. With incremental reconciliation enabled, OIG will pick up only modified user data from IDCS, greatly improving reconciliation efficiency.
Author: Rohit Wekhande, IDMWORKS, Sr AIM Consultant