1. Administering Oracle Identity Cloud Service
  2. Perform Identity Administration
  3. Manage Oracle Identity Cloud Service Applications
  4. Architecture: SAML and Provisioning Integration with Oracle Identity Cloud Service
  5. Architecture Diagram Defining Oracle Identity Cloud Service and Provisioning Integration

Architecture Diagram Defining Oracle Identity Cloud Service and Provisioning Integration

The customer application is configured as a managed application of Oracle Identity Cloud Service. Through provisioning operations performed on Oracle Identity Cloud Service, accounts are created and updated on the target system for Oracle Identity Cloud Service Users. Through synchronization, account data that is created and updated directly on the target system is pulled into Oracle Identity Cloud Service and stored for the corresponding Oracle Identity Cloud Service Users.

The Identity Connector Framework (ICF) is a component that is required to use identity connectors. ICF is distributed with Oracle Identity Cloud Service and doesn't require configuration or modifications.

The following architecture diagram illustrates the integration between Oracle Identity Cloud Service and Provisioning.

Figure 5-2 Architecture Diagram: Oracle Identity Cloud Service and Provisioning Integration

Description of Figure 5-2 follows
Description of "Figure 5-2 Architecture Diagram: Oracle Identity Cloud Service and Provisioning Integration"
During provisioning:

  1. App Management calls ICF.

  2. ICF sends a CREATE request to the Connector Bundle.

  3. The Connector Bundle calls the target API for provisioning.

  4. The target API accepts provisioning data from the Connector Bundle.

  5. The target API carries out the required operation on the target system.

  6. The target API then sends the response from the target system to the Connector Bundle.

During synchronization:

  1. A synchronization job calls ICF.

  2. ICF sends a SEARCH request to the Connector Bundle.

  3. The Connector Bundle calls the target API for the synchronization operation.

  4. The API extracts user records that match the synchronization criteria.

  5. The API sends these records through the Connector Bundle and ICF to the synchronization job, which syncs the records with Oracle Identity Cloud Service.

Each record fetched from the target system is compared with the user accounts that are already provisioned to Oracle Identity Cloud Service Users. If a match is found, then the update made to the account from the target system is copied to the user account in Oracle Identity Cloud Service. If a match isn't found, then the user ID of the record is compared with the user ID of each Oracle Identity Cloud Service User. If the user ID matches, then data in the target system record is used to provision the user account to the Oracle Identity Cloud Service User.