1. Administering Oracle Identity Cloud Service
  2. Configure Administrator Settings
  3. Manage Provisioning Bridges for Oracle Identity Cloud Service
  4. Why Use the Provisioning Bridge?

Why Use the Provisioning Bridge?

Most customers have Microsoft Active Directory (AD) as their central directory service. These customers also use AD as their network directory. This directory is where all of their workstations are connected to and from where they manage their users.

In addition to AD, customers use:
  • An enterprise LDAP to centralize all of their user identities. So, a customer uses AD to manage their employees, but in the centralized LDAP, the customer manages their partners, consumers, and any other users with which the customer has relationships.
  • Business applications to manage and automate processes across their enterprise. These processes include customer relationship management (CRM), enterprise resource planning (ERP), and supply chain management (SCM) processes.

For these reasons, it's imperative that Oracle Identity Cloud Service can integrate with AD, an enterprise LDAP (for example, Oracle Internet Directory), and an on-premises business application to manage and automate the customer’s CRM, ERP, SCM, and other business-related processes.

By using Oracle Identity Cloud Service, customers can control when they will migrate their directory-based applications to the cloud. In the interim, they can use one of the following:

  • AD Bridge: This bridge provides a link between your AD enterprise directory structure and Oracle Identity Cloud Service. Oracle Identity Cloud Service can synchronize with this directory structure so that any new, updated, or deleted user or group records are transferred into Oracle Identity Cloud Service. Each minute, the bridge polls AD for any changes to these records and brings these changes into Oracle Identity Cloud Service. So, if a user is deleted in AD, then this change will be propagated into Oracle Identity Cloud Service. As a result, the state of each record is synchronized between AD and Oracle Identity Cloud Service. After the user is synchronized from AD to Oracle Identity Cloud Service, if you activate or deactivate a user, modify the user's attribute values, or change the group memberships for the user in Oracle Identity Cloud Service, then these changes are propagated to AD through the AD Bridge. See Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service.

  • Provisioning Bridge: This bridge provides a link between your enterprise LDAP or on-premises business application (such as Oracle Internet Directory or Oracle E-Business Suite) and Oracle Identity Cloud Service. Through synchronization, account data that’s created and updated directly on the LDAP or business application is pulled into Oracle Identity Cloud Service and stored for the corresponding Oracle Identity Cloud Service users and groups. Any changes to these records will be transferred into Oracle Identity Cloud Service. Because of this, the state of each record is synchronized between the LDAP or business application and Oracle Identity Cloud Service.

    After users are synchronized from the on-premises business application to Oracle Identity Cloud Service, you can also use the Provisioning Bridge to provision users to the application. Provisioning allows you to use Oracle Identity Cloud Service to manage the lifecycle of users in the application. This includes creating, modifying, deactivating, activating, and removing users and their profiles across the application. Any changes that you make to users or their profiles in Oracle Identity Cloud Service are propagated to the business application through the Provisioning Bridge.

This chapter focuses on using the Provisioning Bridge to synchronize and provision users between an enterprise LDAP (such as Oracle Internet Directory) or an on-premises business application (such as Oracle E-Business Suite) and Oracle Identity Cloud Service.