Connector Delta Export Enhancements
The Connector Delta Exporting feature has been enhanced to handle issues resulted by file access, server access and non unique primary keys.
Delta Export Control
A major issue in the delta export feature was when reference file was not accessible due to shared folder issues. In such a scenario, the delta processor was considering it as the first run and was returning all entries. This was resulting in unwanted bulk processing and other related issues. The delta processor has been enhanced to avoid this using a delta export control. This is done by introducing a new column named DELTA_EXPORT_CONTROL in PRODUCT_TASK table, which can have one of the below values.
|CAN_HAVE_REF_FILE||0||Option to do a full export or delta export based on reference file availability. This is the default option for a new task.|
|MUST_HAVE_REF_FILE||1||Option to fail the task if reference file is missing. Delta export tasks are dynamically switched to this option after the run using other options.|
|REFRESH_REF_FILE||2||Option to refresh the reference file and ignore the changes after the last successful run. This option can also be used during the initial run if entries need not be processed.|
|DELETE_REF_FILE||3||Option to do a full export by deleting reference file. Use this option only when all entries are to be processed again.|
When a new workflow is deployed, this configuration will have a value 0. During the first successful run, this configuration is updated to 1. Once it is changed to 1, succeeding exports will fail when reference file is not accessible. This means a full data export is never returned after the first run. The last two options are added to help special scenarios as mentioned in the description. This configuration can be controlled during workflow deploy from task configuration page.
Delta Duplicate Handling
Another major delta issue facing in many implementation is unwanted provisioning and de-provisioning driven by duplicate entries. This is most common when complex views are used for export in JDBC systems. The delta processing is enhanced to manage duplicates in a way most suitable for the implementation. This is controlled by the below plug-in parameter. This configuration supports the below values and can be configured for any delta export task.
- None will not do any duplicate checks. All duplicate entries are included with delta export data.
- CountAndLogDuplicates will log duplicate counts and include all duplicate entries with delta export data.
- SkipAllDuplicates will identify and skip all duplicate entries irrespective of the change type.
- SkipAddAndDeleteDuplicates will identify and skip all duplicate entries having change type add or delete.
System Variables to Expose Delta Counts
The following system variables have been introduced for the delta export feature. These can be used in the data mapper of the workflow to add extra enforcements based on the counts.
Asynchronous Task Notification Failover
Introduced delta reference file restore when async task completion notification had failed. This will make sure that no data change event is lost. Succeeding delta export will pick the changes. Also, introduced retry for async task completion notification.
Ellucian Ethos Connector Enhancements
Following enhancements have been added for Ellucian Ethos connector.
Buildings-v11 Data Format
Introduced a new data format Buildings-v11 to support new attributes included with version 11.0.0 of the buildings API. Version 11.0.0 of the buildings API is now available only for Colleague and not available for Banner. So the existing Buildings data format is retained to use version 6.0.0 of the API. Now one of the two Buildings data format can be used based on the requirement and API availability.
This is an export and lookup data format and import is not supported. Filter is not supported for export and lookup. Following table shows the attributes for this data format.
Person Set EmailType using emails->type->detail->id
While importing person emails, emails->type->emailType was the attribute supported by the connector. This attribute is not unique in certain scenarios. So the attribute to be used in such scenario is emails->type->detail->id. Ethos connector Person data format is enhanced to support that attribute.
EmailType Data Format Filter Support
EmailType data format is enhanced to support filters in export and lookup. The API doesn't have filter support, so filtering is implemented at the connector level. Filtering is supported by the attributes code, emailType and title.
Office 365 Connector - User Licenses and Services with Microsoft Graph
When connecting through Modern authentication, the export & import of User ‘LicensesAndServices’ attribute in Microsoft Office 365 systems can use Microsoft Graph power shell module depending on the connected system configuration. The connected system configuration may only have certificate, client secret, both, or none. Certificate has the highest priority for getting the connection through MgGraph. If certificate is configured, it is used for MgGraph connection. Otherwise, client secret, if configured, is used to connect MgGraph. If both certificate and client secret are not configured, the MSOnline module will be used as in previous versions.
- Install Microsoft Graph module as pre-requisite
Install-Module Microsoft.Graph -Scope CurrentUser
- Register Application in Azure portal
Azure Active Directory -> App Registration -> New registration
- API Permission
Registered Application -> API Permissions -> Add a permission -> Select Microsoft Graph -> Application Permissions
Add the following permissions to work with license and services
- Certificates & Secrets
Registered Application -> Certificate & Secrets
We can connect Microsoft Graph either with certificate or client secret.
- Export - Fetch all the licenses and services for the user
- Import - Update all the licenses and services for the user w.r.t the given modify type (add, delete, replace)
- Modify Type - Add: Add the given Licenses and Services. Add Services to existing licenses
- Modify Type - Replace: Replace with the given Licenses and Services.
i.e., Add all the given new licenses and services, delete existing unwanted licenses.
- Modify Type - Delete: Delete all the given Licenses and Services
Example pay loads:
* Option added to provide “SkuId” along with payload (if needed)
- Connected System details
* Application Secret is the parameter for client secret.
Note: - ‘Tenant Id’ is not needed for LicensesAndServices if neither certificate or secret is configured and MSOnline module is used.
List of defects reported by customers or implementation, does not contain defects raised internally.
- Fixed issue with provgig war creation during GIG auto upgrade. Auto upgrade was not including jars from ext folder when provgig war is created.
- Fixed issue of mapper not decrypting the encryption marked attributes when ProvisioningHub is the input task and display name is configured for product attributes.
- Changes to permit Null values for profile attributes.
- Fixed issue with switching user type from claim. Cleared the bean from session to refresh the UI when the URL is updated with a different user type.
- Made changes to set modified date and modified user for workflow suspend/activate done during GIG auto upgrade. Modified user is set as SYSTEM. Also added audit for these actions.
- Fixed audit event for authentication before password reset uses the master ORG id on recording the failures.
- Fix to mark the mapper task as failed when an infinite loop is encountered. Also made changes to skip succeeding entry processing when an infinite loop is encountered. Included line info including function name for the while condition resulted in infinite loop.
- Fix the service provider usage report failure from self-service.