Basics of IDM -II

Adapters 

It is smallest component in IDM which is used to perform a particular function in IDM. It can be attached with a form, task. Depending on its type, it performs various operations in OIM. 

Type of Adapter 

•    Process Tasks adapters - automate completion of a process task and are attached to a Process Definition Form ( AD user, OID User, etc).As the name suggests, it can be attached only in task.

•  Entity Adapter - Automatically populates a field on the OIM User form or custom User Form on pre-update, pre-delete, pre-insert, post-insert, post-update, or post-delete.When you want to perform any operation on any Entity like user/group then we use Entity Adapters. It can be attached only with forms

•   Pre-Populate Adapter - : This adapter is used for populating any field on forms (Process/Object) with some data.specific type of rule generator attached to a user-created form field that can automatically generate data to the form but does not save that data to the OIM database but does send that information to appropriate directory user object. The data can come from manual entry on a form or from automated entry from the OIM defined forms.

• Rule Generator - can populate fields automatically on an OIM form or a user-created form and save to the OIM database based on business rules

•  Task Assignment Adapter - Automates the assignment of a process task to a user or group.It is used for assigning the task to any particular user/group. Task assignment adapter is used when you want to perform some operation to find the user to whom you want to assign task.

Process Form: Process form is used to send data to Target Resource.Like in AD, AD takes the user data from Process form. This is the actual data which goes to AD.

Resource Form: Resource form is used to take some input from the user while creating request for provisioning.


Object Form: Object form is associated with Resource Object. It is visible at the time of provisioning. It is used for getting some input from the user while provisioning.
 
 
Application Instance:  IT resource instance + resource object  
Application instance is the object that is to be provisioned to a user. Application Instances are checked out in the catalog and user can request for application instances via catalog.· In OIM 11gR2 resources and entitlements are bundled in Application Instance which user can select and request from catalog.Application instance is a combination of IT Resource and RO. So, you cannot create another App Instance with the same RO & IT Resource if it already exists for some other App Instance. One of these ( RO or IT Resource) must have a different name

• Application instance can be associated with multiple organizations.

• An application instance can also have entitlements associated with it. Entitlement can include Roles/Groups or Responsibility.

• Application Instance are published to the catalog by a scheduled task “Catalog Synchronization Job”

Disconnected resources : Disconnected resources are targets for which there is no connector.. In earlier releases of Oracle Identity Manager, disconnected provisioning is not supported as a first class use case, it is supported by using manual tasks in the provisioning process.In Oracle Identity Manager 11g Release 2 (11.1.2), disconnected resources are an enhanced configuration for manual provisioning that leverage SOA integration to provide higher flexibility and configurability of the manual provisioning workflow.
Orchestration:An orchestration is automated management of operations in Oracle Identity Manager. In case of event handlers, at what stage (pre-process/post-process etc) that event handler is about to be executed, on what object(user/role/resource etc) and in what order it is to be executed, are all handled by orchestration. Orchestration also holds data during these operations as well.

An adapter provides the following benefits:

• It extends the internal logic and functionality of Oracle Identity Manager.
• It interfaces with any software resource, by connecting to that resource by using the API of the resource.
• It enables the integration between Oracle Identity Manager and an external system.
• It can be generated without manually writing code. However, Oracle Identity Manager does not restrict you from writing your own code for creating adapters.
• It is lightweight and specific to your needs.

IT Resource: An IT resource is a physical representation of a logical resource object. It holds all the physical details of the resource for which a new user is provisioned. If, for example, you have a resource object called Customer Database, you need to also define one or more corresponding IT resource objects that represent the physical characteristics of the resource.This information is used by the OIM integration engine when it needs to communicate with those servers to complete a provisioning-related task.The specific set of attributes of an IT resource is highly dependent on the type of system on which the account is being created (relational database IT Resources expect schema names and passwords; LDAP servers IT Resources expect names places and directory information tree details). OIM allows you to define an IT resource type that acts as a template to define a specific data model for certain types of IT resources.

Resource Object: A resource object is an OIM object representing a logical resource for which users need to have accounts created. For instance, you can have OIM resource objects called “e-mail Server” and “Customer Database.” A resource object can represent almost anything, from applications, databases, and operating systems, to physical assets and any other entity relevant to provisioning. A resource object is used to track which users are provisioned to what logical assets.Resource objects are also used to design approval workflows and policies around those workflows that are application-centric.

      Application instances can be connected or disconnected. A connected application instance has a connector defined for the provisioning of entities. A disconnected application instance is used for the provisioning of a disconnected resource, for which a connector is not defined, and therefore, the provisioning is performed manually by the administrator.     

   

       Dataset in OIM: OIM11G has the concept of datasets instead of object forms and these datasets are xml files which has to be created manually.This xml file again have specific place holders for the resource name and the type of model to be used for the dataset and etc. Since this is created manually thus there are chances of typos/missing of tags etc which we can find only while uploading the data set into MDS (again are not very user friendly messages).Thus a tool would be a great way to generate a dataset based on the process form and the provisioning process automatically. The xml file thus generated can be modified accordingly manually later on for any special requirements