Integration Solutions 5-3 Figure 5–2 Functional Architecture of a Generic Technology Connector Generic technology connectors have the following features: ■ Features specific to the reconciliation module are: – Generic technology connector in trusted source reconciliation: A generic technology connector can be used for trusted source reconciliation. During reconciliation in trusted mode, if the reconciliation engine detects new target system accounts, then it creates corresponding OIM Users. If the reconciliation engine detects changes to existing target system accounts, then the same changes are made in the corresponding OIM Users. – Generic technology connector in account status reconciliation: User account status information is used to track whether or not the owner of a target system account is to be allowed to access and use the account. If the target system does not store account status information in the format in which it is stored in Oracle Identity Manager, then you can use the predefined Translation Transformation Provider to implement account status reconciliation. – Generic technology connector in full or incremental reconciliation: While creating a generic technology connector, you can specify that you want to use the connector for full or incremental reconciliation. In incremental reconciliation, only target system records that have changed after the last reconciliation run are reconciled stored into Oracle Identity Manager. In full reconciliation, all the reconciliation records are extracted from the target system. – Generic technology connector for batched reconciliation: To exercise more control over the reconciliation process, you can use the generic technology connector to specify a batch size for reconciliation. By doing this, you can break into batches the total number of records that the reconciliation engine fetches from the target system during each reconciliation run. – Generic technology connector in reconciliation of multivalued attribute data child data deletion: You can specify whether or not you want to reconcile See Also: Oracle Fusion Middleware Developers Guide for Oracle Identity Manager for detailed information about the functional architecture, configuration, and functionalities of the generic technology connector Generic Technology Connector Oracle Identity Manager Provisioning Format Provider Transformation Providers Provisioning Transport Provider Provisioning Staging Data Sets Reconciliation Transport Provider Reconciliation Format Provider Validation Providers Transformation Providers Reconciliation Staging Data Sets Source Data Sets Target System OIM Data Sets Provisioning Module Reconciliation Module 5-4 Oracle Fusion Middleware Users Guide for Oracle Identity Manager into Oracle Identity Manager the deletion of multivalued attribute data on the target system. – Generic technology connector in failure threshold for stopping reconciliation: During reconciliation, Validation Providers can be used to run checks on target system data before it is stored in Oracle Identity Manager. You can set a failure threshold to automatically stop a reconciliation run if the percentage of records that fail the validation checks to the total number of records processed exceeds the specified threshold percentage. ■ Other features of generic technology connectors are: – Custom Providers: If the predefined providers shipped with Oracle Identity Manager do not address the transport, format change, validation, or transformation requirements of your operating environment, then you can create custom providers. – Multilanguage Support: Generic technology connectors can handle both ASCII and non-ASCII user data. – Custom Date Formats: While creating a generic technology connector, you can specify the format of date values in target system records that are extracted during reconciliation and the format in which date values must be sent to the target system during provisioning. – Propagation of Changes in OIM User Attributes to Target Systems: While creating a generic technology connector, you can enable the automatic propagation of changes in OIM User attributes to the target system.

5.3 Custom Connectors

If the target resource has no technology interface or accessible user repository, then the customer can develop a custom connector. The Adapter Factory tool in Oracle Identity Manager Design Console provides a definitional user interface that facilitates such custom development efforts without coding or scripting.

5.4 Components Common to All Connectors

Table 5–1 lists the definitions of connector components contained in the connector XML file. These components are common to all connectors. See Also: Adapters in the Oracle Fusion Middleware Developers Guide for Oracle Identity Manager for details about how to define adapters by using the Adapter Factory Table 5–1 Connector Components Components Description Resource Object This is a virtual representation of the target application on which you want to provision accounts. It is the parent record with which the provisioning process and process form are associated. Provisioning Process This process definition is used to create, maintain, and delete accounts on the target system. It consists of definitions of the individual tasks that are used to perform automated functions on the target system. Each connector is packaged with a single provisioning process. You can manually create additional provisioning processes. Note: For more information about provisioning process, see Table 5–2 and Table 5–3 . Integration Solutions 5-5

5.4.1 Provisioning Process Tasks

Table 5–2 lists the predefined tasks or their equivalents that the Provisioning Process component contains. Process Form This form is used to provide information about user accounts to be created, updated, or deleted on the target system. This form is also used to capture data that can be used by provisioning process tasks or to provide a mechanism for users to provide real-time data. This form is used extensively when conducting reconciliation. The table structure associated with this form supports the archiving and auditing of user accounts on the target system. Each process form consists of field definitions required by a standard connector. If you require additional fields, then you can create another version of the form and add the required fields. Each connector is shipped with certain default process forms. You can manually create additional process forms. IT Resource Type This component is a template for all IT resource definitions associated with the connector. An IT resource type specifies the parameters that are common to all IT resource instances, such as host servers and computers, of that particular IT resource type. The parameters specified in this definition are inherited by all IT resource definitions of that type. For example, the Solaris 8 IT resource type can have a parameter called IP Address. The value of that parameter for the Target_Solaris IT resource instance can be set to 192.168.50.25. Adapters This includes all adapters that are required to perform common functions on the target application. Each adapter is predefined with certain mappings and functionality. These adapters are capable of interacting with the tasks in the provisioning process and the fields of the process form. Note : For more information about adapters, see Oracle Identity Manager Tools Reference. Scheduled Task where applicable If the connector that you want to use is shipped with a predefined reconciliation module, then you are provided with a scheduled task definition. You use this component to control the frequency at which the target system is polled for changes to tracked data. Table 5–2 Provisioning Process Tasks Provisioning Process Task Purpose Create User Creates a new user account in the target application provisions the user with an account Disable User Temporarily disables a user account in the target application Enable User Re-enables a disabled user account in the target application Delete User Deletes a user account in the target application revokes the users account Update User Modifies the privileges or profile of a user account in the target application Table 5–1 Cont. Connector Components Components Description