Reconciliation rules
Hi all,
I'm new to OIM and need your help with 2 requirements :
1- We need to reconcile a list of users from a flat file to OIM but we don't want the newly created users to be provisioned to any resources. I was thinking to prevent provisioning using an access policy that will match all users . Is this the right approach? By the way, is it possible to delete an existing access policy?
2- After reconciliation from the flat file is completed, we need to match the AD accounts to the reconciled accounts. The reconciliation rule is OIM login matches the username portion of AD mail attribute. How can we accomplish this?
Thank you for your time
I didn't say this, I am just removing the access policies from previous group and attach that access policy with any Dummy Group if you don wanna use Access Policy at all ?It would take very long time to go through all 200 groups and remove the access policies from them. I will have to rebuild all groups with new membership rules this is why I thought deleting all groups and membership rules will prevent provisioning. Would that be OK?
Yes I agree with your point but your requirement is something special. You can go for Transformation Class. But before that explain your use case with some example, we may suggest something different.We need to use target resource reconciliation from AD to the newly created accounts that are reconciled from flat file. The user id in the flat file doesn't match AD attributes cn or sAMAccountName.
For example,
flat file userid: stewiegriffin
AD cn: stewieg
AD sAMAccountName: stewiegr
AD mail: [email protected]
so we need to match flat file userid (OIM login) with the username portion of the mail attribute
Is creating a transformation class the best way?
Similar Messages
-
Reconciliation Rules in OIM 9.1
Hi,
I need your input in the below mentioned problem.Lets assume we call the field UserLogin in OIM and UserID in Target System ( Target Systems are Exchange and Active Directory).
A Sample UserLogin is A123456 and a sample UserID is 8123456 Both of these are fields are 7 characters long.
In the Reconciliation rule, we can compare last 6 characters of both UserLogin (OIM) and UserID (AD) by using endswith function and transforming by using substring function in Recon Rules of the Design Console, but the difficulty is with second part of the rule is, If the above condition evaluates to true,we want to add one more recon rule, which should check whether UserLogin (OIM) field in starts with number say 8.
can you please let us know, how and what is the efficient/best way of writing this recon rule.
Thanks for your help in Advance
Regardshttp://download.oracle.com/docs/cd/E21764_01/doc.1111/e14309/resmgt.htm#CHDDJCAH
Check : Reconciliation Fields Tab section -
Reconciliation Rule for Trusted Sources
Is it possible to create a reconciliation rule for a trusted source based a user-defined field that stores a GUID? By default, OIM uses the user id in the reconciliation rule, however if the user id changes on the trusted source a recon. rule based on user id will never find a match - if I understand how the recon. rule works.
Has anyone attempted to use something other than user id in a recon. rule for a trusted source?
ThanksI have a doubt here..please clear if i am able to sucessfully explain...in reconcilliation action we wrote that "No Match Found" --> "create User". it is working fine (for me it is Sun LDAP on other side)..but issue is that when it create a user in OIM...under resource profile no resource is coming as attached...then how can one knows that this user already had a profile in LDAP and need not created a new one and also we cannot provision the same user to LDAP as it is already there...means we cannot link these two user profiles (OIM and LDAP one)....but for feasible scenerion it should be...can anyone tell me where i am wrong and what other configuration needs to be done if it is a feasible scenerion..
-
OIM Target reconciliation - Applying logic on field used in reconciliation rule
Hi All,
I am working on OIM 11g R1. We are doing target accounts reconciliation from AD using OOTB connectors. samAccountName is the field used for reconciliation matching rules. Now my requirement is to apply some logic on this field(For ex: Removing whitespaces at the end of the field value or adding 0 as prefix) before the reconciliation rules are evaluated to find the match in OIM.
Could someone help me on implementing this.
Thanks.
Rgds,
MounikaThis can be achieved creating a class for doing the data transformation and making an an entry in the ReconTransformation lookup against the field for which transformation is required. Please follow the link - http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#CMSAD357
-
How to define complex reconciliation rule
i have to do reconciliation with some complex rule but if i see reconciliation rule we can only define simple rule like userid = samAccountName. Please suggest how we can define complex rule.
thanks in adv.http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14061/busrule.htm#BIBJEFCG
-
Hi All,
Is it possible to configure multiple reconciliation rule for a particular resource (AD, LDAP) as per container (OU). If possible please post the detail.
As per my understanding we can configure the recon rule for a particular resource only with single logical operator (or/and).
TIA...Hi Martin,
I tried to achieve this for Novell eDirectory.
For this requirement, I have created a Resource Object Form, a process form under form designer with all the mandatory fields (for provisioning) and then create a process and attach Resource object as object name and form as table name.
I tried to assign this resource to any user and it gives me DOBJ.INSERT_FAILED error. There is nothing helpful in the logs. Could you please tell me what i am doing wrong or if any required configuration is missing.
PS-- For now i am using the create user method and using the same adapter under integration with all the required mappings. In the form i have also created an ITResource field and assign the value eDirectory IT Resource. -
References for developing Reconciliation Rules for OIM 11GR1
Good Day!
Hi Folks!
I would like to ask if you can share some references or any documents which tackles on the development or creation of reconciliation rules for OIM 11GR1. Currently, we are trying to pull users from a SAP system and provision them to MS AD. Currently, we want to develop reconciliation rules such that we can avoid doing manual ad-hoc link.
Aside from the documentation guide, are there any other references there available in helping us to develop recon rules from a simple definition and from there maybe we can pick it up to define a complex one?
All answers are appreciated.
Thanks in advance!
Regards,
Jeffreconciliation rule support very limited operator. find the below link
http://docs.oracle.com/cd/E11223_01/doc.910/e11217/cnnctrcmpnts.htm#CEGJHBDC -
Xellerate - Reconciliation Rule definition: Tokenize
Hi Gurus,
does anyone know how the TOKENIZE transformation work in the Reconciliation Rule definition?
My Rule Element is:
User Profile Data: Last Name
Operator: Contains
Attribute: TargetCustomField
Transform: Tokenize
Can you help me to set properly the Rule Element Prorperties:
Delimiters
Token number
Space Delimiter
In my case i want to match
Last Name: "Ferrari"
with
TargetCustomField: "Mr. Ferrari Hector"
Thanxs in advance,
EttoreWhat's the OIM version which you are working on? If 11G then be sure to click the "Create Recon Profile" on the resource object to make the rule work.
-Bikash -
Reconciliation Rule Transform Tokenize Problem
I am trying to link OIM Users to a target resource whose User ID has 'DOA' or 'doa' suffix. It works fine with 'doa' suffix but not with 'DOA'. It is implemented as 2 separate rule element.
This works fine:
Delimeters: doa
Token Number: 0
Space Delimeter: FALSE
This does not work:
Delimeters: DOA
Token Number: 0
Space Delimeter: FALSE
Can somebody help me please.We have tried having the Reconciliation Rule only on the Employee Number. It does not work. When an existing user is modified in the trusted source, instead of having it modified in OIM, a new one is created with the same Employee Number.
Thanks,
--jtellier -
Configuring reconciliation rule for AD
Hello everyone,
I have to configure Reconciliation rule for AD where i have to match user login at OIM side to Manager value at AD side. As manager is dn on AD side, how can i compare both the values. Is there any way to spilit the dn to find out the cn value before reconciliation rule will run? How does the tranform feature provided under rule element will work? If anybody came across this scenerio and got any resolution please share.
TIAI have a doubt here..please clear if i am able to sucessfully explain...in reconcilliation action we wrote that "No Match Found" --> "create User". it is working fine (for me it is Sun LDAP on other side)..but issue is that when it create a user in OIM...under resource profile no resource is coming as attached...then how can one knows that this user already had a profile in LDAP and need not created a new one and also we cannot provision the same user to LDAP as it is already there...means we cannot link these two user profiles (OIM and LDAP one)....but for feasible scenerion it should be...can anyone tell me where i am wrong and what other configuration needs to be done if it is a feasible scenerion..
-
Customized reconciliation rule
Hi All,
We have a requirement to customize the attribute from target side before comparing it in reconciliation rule. Lets say of i have configured reconciliation (target) with AD and sAMAccountName of person on AD is "msmith" then i have to compare it with OIM side attribute by concatinating "domain\" on "msmith" so that if my oim user id is "domain\msmith" then it should match with "msmith" on AD side. Is it possible by some customization or OOTB anyway. Please put your thoughts.
Can we use transformation rule for this requirement? if so how can we customize these?
TIA.......Thanks Kevin...but transformation rules as per documentation only talks about substring, ends string and all. Do we have any option to add few chars on target attribute side before comparing. Also i cannot use "ends with" operator as in that case if "msmith" record is coming from target side and if i have two oim records "UK\adamsmith" and "uk\msmith", then rule will return me muliple users matched. Can we add more transformation rules/adapters in reconciliation rule. TIA...
-
Where to mention Reconciliation Rule Name ?
Hi,
I have created new AD Reconciliation rule "Target Resource Recon Rule New" using Reconciliation Rule Builder, where i try to match ObjectGUID OR Employee Number.
There is already "Target Resource Recon Rule" provided by AD Connector which runs for my AD recons which tries to match ObjectGUID OR UserId. But I don't want that.
Now where do I tell OIM to use "Target Resource Recon Rule New " and not "Target Resource Recon Rule" ??
Thanks
DonMake the Rule "Target Resource Recon Rule New" Active by cheking the "Active" Check box in the recon rule window.
Also Make the "Target Resource Recon Rule" inactive by unchecking the "Active" Check box in the recon rule window. -
Internal Reconciliation rules for the Business Partner
Version: (Please provide the current version)
SBO 2005-A PL11
Description of requirements: (Please provide a detailed description)
Employees are considered as Supplier for us
We have defined two control account
One to follow the Employee Advance payment : 15130020
the other to follow the Employee Expense voucher : 37100010
Step 1 :
We create one Down Payment Request for the Employee
Step 2 :
We paid the Down Payment Request (amount : 2000) using the Outgoing Payment :
Posting Scheme generated :
(C) 11100241 Petty Cash Account
(D) 15130020 Employee Control Account for Down Payment
Step 3 :
We enter the Expense Voucher for this employee (Amount : 1200)
Posting Scheme
(D) 6XXXXXXX Profit & Loss GL Account
(C) 37100010 Employee Control Account for Expenses
Step 4 :
Due to the fact that the amount of the advance is greater than the amount of the expense voucher, the employee have to reimburse the difference.
We use the menu incoming payment
The different steps follow up are :
Select Vendor as type of BP for the incoming payment
Select the invoice to be paid for the vendor, and tick the box "Payment on Advance" to take in account the amount already paid in the DPR
Do the reimbursement of 800
Posting Scheme :
(C) 37100010 Employee Control Account for Expenses
(D) 11100241 Petty Cash Account
The problem is when we try to do the internal reconciliation we could not see in the same time for the Employee the 2 reconciliation accounts.
How could we do ?
Valid as of: (Date that this legal requirement is applicable)
Business needs: (Please describe the impact on your business, if the functionality is not realized)
We are not able to clear the advance done for the employee and the reimbursement done by the employee.
Due to this fact, we retrieve if we have one other invoice to paid the DPR already paid and take in account in a previous reimbursement which generates damage in the system.
Examples: (Please describe a typical example, how the functionality should work.)
See upper
Current Workaround: (Please describe the workarounds you are using at the moment)
Use the same Control accounts for the Expense Voucher and the Advance payment
Proposed solution: (Please suggest how the new functionality should work)
Permit for the Internal reconciliation process for One Employee to retrieve the data link on the different control account regarding one employee / SupplierHello,
I was just wondering whether you have checked the case in 2007 A version in which brand new concept of internal reconciliation was delivered for customers.
Please try to avoid so long postings. Create rather an attachment with longer description of the issue/case. This helps to increase transparency in the discussions.
Peter Dominik
SAP
B1 Product Definition -
OIM 9.1.02 Reconciliation Rule Priorities
Hi All,
Is there a way to set priorities on the reconcilation matching rules?
e.g..
If Rule 1 and Rule 2 match to users i'd like to make OIM use Rule 1 without manual intervention.
Thanks,
SgYou are correct. If you pre-populate, it will be the requester. The requester would need to manually populate the field during the request with the requestee information. And there is only one form available. You can however, after submission of the request, get the request data, parse the Consolidated Request Data to determine the id's in the request field, and then return appropriate responses to trigger the tasks needed. This will still be a problem in the long run because you can't change the requestee information for each approval task. You're pretty much out of luck on this one.
-Kevin -
OIM Reconciliation Rule Tokenize Transform
Could someone please explain the three rule element properties for the Tokenize transform for me. This is my best understanding.
1. Delimiters - The characters used to delimit parts of the input string
2. Token Number - the token to be used in the compare operation (numbering starts at 1)
3. Space Delimiter - No Idea
I currently have this working without setting the Space Delimiter, but the rule is not marked as valid.What's the OIM version which you are working on? If 11G then be sure to click the "Create Recon Profile" on the resource object to make the rule work.
-Bikash
Maybe you are looking for
-
HT5096 How can I move my Time Capsule Backup to an External Hard Drive?
Hi I have run out of space on my Time Capsule so have decided to change my backup drive to an external hard drive of 4TB. I moved the Sparse Disk Image Bundle from the Time Capsule to the new drive and then changed Time Machine preferences to use the
-
Hi, I am working on a couple of new forms for requesting accounts. I have set up some nice drop down menu's but would like to fix them so that when a particular option is selected in one drop down, the next drop down will offer only the options for t
-
Compare Two Characteristics in the report
Hi All, I have a query, where I need to compare the 'Payment Terms' opted by the customer (Master data) with Payment terms actually done in the transaction. So, I have Payment terms present in the InfoCube and also attribute of Customer Master. Now,
-
C++ code to get XMP metadata from pdf files ??
Hi, I am new to this field and now I have to write a C++ code which will read the XMP metadata from any pdf files. Could anyone please tell me how to do that or where to start? Is there any sample code available for that? I am reading the Programmer'
-
i have the latest firefox 10.02 in win7 and even if firefox shows is installed my adobe flash is not working so i have to run the flash installer every time i start my pc.After this everything works fine until the next start when i have to run the fl