27 Using Oracle Identity Manager As a Target System for Provisioning Operations

You can create a generic technology connector to perform provisioning operations on a target Oracle Identity Manager installation. In other words, an Oracle Identity Manager installation can be used as a provisioning-only target system for another Oracle Identity Manager installation.

See Also:

The "SPML Provisioning Format Provider" section for information about supported SPML operations

For OIM Users on OIM1, target resource accounts can be created, modified, or deleted on OIM2. When you create, modify, or delete an OIM2 (target resource) account of a user through OIM1, the following sequence of events takes place:

The SPML Provisioning Format Provider of GTC1 converts the provisioning operation data into an SPML request and bundles it into a SOAP packet.
The Web Services Provisioning Transport Provider of GTC1 sends the SOAP packet to the SPML Web Service of OIM2.
The SPML Web Service parses the SPML request and performs the provisioning operation.
Because the provisioning operation was successfully performed on OIM2, the SPML Web Service sends an SPML response (indicating success of the operation) back to the Web Services Provisioning Transport Provider.
The psoID value is extracted from the SPML response by the Web Services Transport provider and passed on to the generic technology connector framework as the ID field value.

To create a generic technology connector for use as the provisioning link to a target Oracle Identity Manager installation, perform the instructions described in the "Using the Administrative and User Console to Create the Generic Technology Connector" section. Steps that are specific to creating this generic technology connector are as follows:

On the Step 1: Provide Basic Information page:

Select the Provisioning option and then select the following providers:
- Web Services Provisioning Transport Provider
- SPML Provisioning Format Provider
On the Step 2: Specify Parameter Values page:

Specify values for the run-time and design parameters. While performing this procedure, you need not specify a value for the Target Date Format parameter. This is because the default value of the date format is used.

On the Step 3: Modify Connector Configuration page:

The Web Services Provisioning Transport Provider and SPML Provisioning Format Provider do not have the capability to detect metadata. Therefore, you must manually add fields and create mappings on the Step 3: Modify Connector Configuration page as follows:

Create the following fields in the Provisioning Staging - Account data set. These are mandatory fields.
- Users.User ID
- Users.First Name
- Users.Last Name
- Organizations.Organization Name
- Users.Xellerate Type
- Users.Role
- Users.Password
Because you are using the SPML Provisioning Format Provider, the following fields are automatically created in the Provisioning Staging - Account data set as part of metadata detection:
- containerID
- objectclass
- ID
Note:
In the provisioning operation, the value of the containerID field takes precedence over the value of the Organizations.Organization Name field. If an SPML request sent by the generic technology connector contains values for both the containerID and Organizations.Organization Name fields, then the value of the containerID field is used in the provisioning operation.

If required, you can also create the following fields in the Provisioning Staging data set. These are nonmandatory fields.
- Users.Middle Name
- Users.Status
- Users.Provisioned Date
- Users.Creation Date
- Users.Manager Login
- Users.End Date
- Users.Start Date

Create the mappings shown in the following table. The word "recommended" in the heading of the first column is used to indicate that it is not mandatory to use the source fields listed in that column for creating mappings with the fields listed in the second column.

Recommended Source Field in the OIM - User Data Set	Destination Field in the Provisioning Staging - Account Data Set
User ID	Users.User ID
First Name	Users.First Name
Last Name	Users.Last Name
Organization	Organizations.Organization Name
User Type	Users.Xellerate Type
Employee Type	Users.Role
Password	Users.Password

Because you are using the SPML Provisioning Format Provider, the following mappings are created as part of metadata detection.

Source Field in the OIM - Account Data Set	Destination Field in the Provisioning Staging - Account Data Set
containerID This is the recommended source field. You can use any field.	containerID
objectclass This is the recommended source field. You can use any field.	objectclass
ID	ID

If you add fields from the list of nonmandatory fields given in Step 3.a, then you must create mappings between those fields and the corresponding fields in the OIM data sets.

If required, create child data sets for the OIM - Account and Provisioning Staging - Account data sets and then create mappings between corresponding fields of the child data sets.

On the Step 2: Specify Parameter Values page, you specify a value for the ID Attribute for Child Dataset Holding Group Membership Information parameter. You must ensure that a field with the same name as the value you specify is included in the child data set.

See Also:
The "SPML Provisioning Format Provider" section for more information about the ID Attribute for Child Dataset Holding Group Membership Information parameter

After you perform these steps, click Close on the Step 3: Modify Connector Configuration page.

On the Step 4: Verify Connector Form Names page:

Accept or modify the values displayed on this page.
On the Step 5: Verify Connector Information page:

Review the information displayed on this page, and then click Create.