1.3 Synchronization, Provisioning, and the Difference Between Them

Synchronization has to do with directories rather than applications. It ensures the consistency of entries and attributes that reside in both Oracle Internet Directory and other connected directories.

Provisioning has to do with applications. It notifies them of changes to user or group entries or attributes that the application needs to track.

This section contains these topics:

• Synchronization

• Provisioning

• How Synchronization and Provisioning Differ

1.3.1 Synchronization

Synchronization enables you to coordinate changes among Oracle Internet Directory and connected directories. For all directories to both use and provide only the latest data, each directory must be informed of change made in the other connected directories. Synchronization ensures that any change to directory information—including, but not limited to data updated through provisioning—is kept consistent.

Whenever you decide to connect a third-party directory to Oracle Internet Directory, you create a synchronization profile for that specific directory. This profile specifies the format and content of the data to be synchronized between Oracle Internet Directory and the connected directory. To create a synchronization profile, you use the Directory Integration and Provisioning Assistant.

See Also: Part III, "Synchronization in Oracle Identity Management Integration" The chapter on Oracle Directory Integration and Provisioning tools in the Oracle Identity Management User Reference for information on the Directory Integration and Provisioning Assistant

1.3.2 Provisioning

Provisioning enables you to ensure that an application is notified of directory changes to, for example, user or group information. Such changes can affect whether the application allows a user access to its processes and which resources can be used.

Use provisioning when you are designing or installing an application that

• Does not maintain a directory

• Is LDAP-enabled

• Can and should allow only authorized users to access its resources

When you install an application that you want to provision, you must create a provisioning integration profile for it by using the Provisioning Subscription Tool.

See Also: Part IV, "Provisioning in Oracle Identity Management" The chapter on Oracle Directory Integration and Provisioning tools in the Oracle Identity Management User Reference for information on the Provisioning Subscription Tool

1.3.3 How Synchronization and Provisioning Differ

Synchronization and provisioning have important operational differences as described in Table 1-1.

Table 1-1 Directory Synchronization and Provisioning Integration Distinctions

	Directory Synchronization	Provisioning Integration
The time for action	Application deployment time. Directory synchronization is for connected directories requiring synchronization with Oracle Internet Directory.	Application design time. Provisioning integration is for application designers developing LDAP-enabled applications.
Communication direction	Either one-way or two-way—that is, either from Oracle Internet Directory to connected directories, the reverse, or both	Two way—that is, from Oracle Internet Directory to provisioned applications, and from provisioned applications to Oracle Internet Directory
Type of data	Any data in a directory	Restricted to provisioned users and groups
Examples	Oracle Human Resources SunONE Directory Server Microsoft Active Directory	OracleAS Portal