Retiree Data Flow Diagram
0 likes295 views
This document summarizes the OID attribute flow for user provisioning and synchronization. Key components include the OID servers that store attributes, the load balancer and virtual directories that retrieve attributes, the HCM database that provides source user data, and the identity provisioning system that provisions users from HCM into Active Directory. It also lists various OID and LDAP attributes that are synced, retrieved, or used to provision user profiles and retrieve their data.
Retiree Data Flow Diagram
- 1. OID Attribute Flow This Data is stored in OID and synced via the DIP Servers OVD Common/Retrievable Attributes OID Attribute LDAP Attribute Attribute Notes LDAP User Storage Load Balancer (Oracle Virtual Directory) VIP: 0.0.0.0 sub.domain.com HCM DB Active Directory Provision User Data Identity Provisioning System Provisions users from HCM into Active Directory Get Data Synchronization Profile User: _svcaccount Source Container: ou=users,dc=companyA,dc=com Push data Retrieve or Update Data dc description orclSamAccountName domain Groupofuniquen ames orcladgroup uniquememberGroupofuniquen ames ownerGroupofuniquen ames displaynameorclgroup Object Class departmentnumberinetorgperson mobileinetorgperson telephonenumberinetorgperson facsimiletelephonenumberinetorgperson ouorganizationalu nit cnperson orclsourceobjectdnorcladobject snperson employeenumberinetorgperson titleorganizationalp erson givennameinetorgperson uidinetorgperson mailinetorgperson categoryinetorgperson OID Data Provisioning nameinetorgperson cn dnQualifier manager pwdchangedtime orclnormdn sn name title givenname uid mail category Within the Portal, the crawler uses the following ldp filter to crawl in any eligible retiree: (&(|(category=Retiree1)(destinationIndicator=RetireeOU))(cn=*)) destinationindicator Connects to LB The Portal uses this field as the “User Name Attribute”, “User Authentication Attribute”, “User Unique Name Attribute”, & “Group Name Attribute” objectclass createtimestamp HomeEmployeeID modifytimestamp employeeNumber The Login Page uses this as the user’s Alias to authenticate into the portal The Portal feeds this value through the “Profile Source” crawler. This is required to be present in the portal in order for the user to interact with portlet content. This value will tell you the last time the user changed the password Non Synced Non Synced Non Synced Non Synced Non Synced Non Synced Provisions users with Status of (T or R) as enabled if they have a valid Retiree Code value from HCM. Will show up in the downstream field called “Category” users users Author: M.REAMS Prints 8 ½” x 17" userPasswordNon Synced Retiree login uses this to store user’s password pwdaccountlockedtimeNon Synced This field will tell you when a user’s account was locked out Virtual Server 2 0.0.0.0 Virtual Server 1 0.0.0.0 Cluster LDAP Web Service Connects to LB Identity Services Portal Crawler Help Desk Admins DIP Servers (OID Sync Tool) Virtual Server 2 0.0.0.0 Virtual Server 1 0.0.0.0 Load Balancer (Oracle Internet Directory) VIP: 0.0.0.0 sub.domain.com Virtual Server 2 0.0.0.0 Virtual Server 1 0.0.0.0 Cluster users