Adapters
It is smallest component in IDM which is used to perform a particular function in IDM. It can be attached with a form, task. Depending on its type, it performs various operations in OIM.Type of Adapter
- Process Tasks adapters - automate completion of
a process task and are attached to a Process Definition Form ( AD user, OID
User, etc).
As the name suggests, it can be attached only in
task.
- Entity Adapter - Automatically populates a field on the OIM User form or custom User Form on pre-update, pre-delete, pre-insert, post-insert, post-update, or post-delete.When you want to perform any operation on any Entity like user/group then we use Entity Adapters. It can be attached only with forms
- Pre-Populate Adapter - : This adapter is used for populating any field on forms (Process/Object) with some data.specific type of rule generator attached to a user-created form field that can automatically generate data to the form but does not save that data to the OIM database but does send that information to appropriate directory user object. The data can come from manual entry on a form or from automated entry from the OIM defined forms.
- Rule Generator - can populate fields automatically on an OIM form or a user-created form and save to the OIM database based on business rules
- Task Assignment Adapter - Automates the assignment of a process task to a user or group.It is used for assigning the task to any particular user/group. Task assignment adapter is used when you want to perform some operation to find the user to whom you want to assign task.
Process Form: Process form is used to send data to Target Resource.Like in AD, AD takes the user data from Process form. This is the actual data which goes to AD.
Resource Form: Resource form is used to take some input from the user while creating request for provisioning.Object Form: Object form is associated with Resource Object. It is visible at the time of provisioning. It is used for getting some input from the user while provisioning.
Application Instance: IT resource instance + resource object
Application instance is the object that is to be provisioned to a user. Application Instances are checked out in the catalog and user can request for application instances via catalog.· In OIM 11gR2 resources and entitlements are bundled in Application Instance which user can select and request from catalog.Application instance is a combination of IT Resource and RO. So, you cannot create another App Instance with the same RO & IT Resource if it already exists for some other App Instance. One of these ( RO or IT Resource) must have a different name
- Application instance can be associated with multiple organizations.
- An application instance can also have entitlements associated with it. Entitlement can include Roles/Groups or Responsibility.
- Application Instance are published to the catalog by a scheduled task “Catalog Synchronization Job”
Orchestration:An orchestration is automated management of operations in Oracle Identity Manager. In case of event handlers, at what stage (pre-process/post-process etc) that event handler is about to be executed, on what object(user/role/resource etc) and in what order it is to be executed, are all handled by orchestration. Orchestration also holds data during these operations as well.
An adapter provides the following benefits:
- It extends the internal logic and functionality of Oracle Identity Manager.
- It interfaces with any software resource, by connecting to that resource by using the API of the resource.
- It enables the integration between Oracle Identity Manager and an external system.
- It can be generated without manually writing code. However, Oracle Identity Manager does not restrict you from writing your own code for creating adapters.
- It is lightweight and specific to your needs.
IT
Resource: An IT resource is a physical representation of a
logical resource object. It holds all the physical details of the resource for
which a new user is provisioned. If, for example, you have a resource object
called Customer Database, you need to also define one or more corresponding IT
resource objects that represent the physical characteristics of the resource.This information is used by the OIM integration engine when it
needs to communicate with those servers to complete a provisioning-related
task.The specific set of attributes of an IT resource is highly dependent on
the type of system on which the account is being created (relational database
IT Resources expect schema names and passwords; LDAP servers IT Resources
expect names places and directory information tree details). OIM allows you to
define an IT resource type that acts as a template to define a specific data
model for certain types of IT resources.
Resource
Object: A resource object is an OIM object representing a
logical resource for which users need to have accounts created. For instance,
you can have OIM resource objects called “e-mail Server” and “Customer
Database.” A resource object can represent almost anything, from applications,
databases, and operating systems, to physical assets and any other entity
relevant to provisioning. A resource object is used to track which users are
provisioned to what logical assets.Resource objects are also used to design approval
workflows and policies around those workflows that are application-centric.
Application instances can be connected or disconnected. A connected application instance has a connector defined for
the provisioning of entities. A disconnected application instance is
used for the provisioning of a disconnected resource, for which a connector is
not defined, and therefore, the provisioning is performed manually by the
administrator.
Dataset in OIM: OIM11G
has the concept of datasets instead of object forms and these datasets are xml
files which has
to be created manually.This xml file again have specific
place holders for the resource name and the type of model to be used for the
dataset and etc. Since this is created manually thus there are chances of
typos/missing of tags etc which we can find only while uploading the data set
into MDS (again are not very user friendly messages).Thus
a tool would be a great way to generate a dataset based on the process form and
the provisioning process automatically. The xml file thus generated can be
modified accordingly manually later on for any special requirements
Application instances can be connected or disconnected. A connected application instance has a connector defined for
the provisioning of entities. A disconnected application instance is
used for the provisioning of a disconnected resource, for which a connector is
not defined, and therefore, the provisioning is performed manually by the
administrator.
Dataset in OIM: OIM11G
has the concept of datasets instead of object forms and these datasets are xml
files which has
to be created manually.This xml file again have specific
place holders for the resource name and the type of model to be used for the
dataset and etc. Since this is created manually thus there are chances of
typos/missing of tags etc which we can find only while uploading the data set
into MDS (again are not very user friendly messages).Thus
a tool would be a great way to generate a dataset based on the process form and
the provisioning process automatically. The xml file thus generated can be
modified accordingly manually later on for any special requirements