C Case Study: A Deployment of Oracle Directory Integration Platform

This appendix describes a deployment in which Oracle Directory Integration Platform integrates various applications in the MyCompany enterprise.

This section contains these topics:

• Components in the MyCompany Enterprise

• Requirements of the MyCompany Enterprise

• Overall Deployment in the MyCompany Enterprise

• User Creation and Provisioning in the MyCompany Enterprise

• Modification of User Properties in the MyCompany Enterprise

• Deletion of Users in the MyCompany Enterprise

C.1 Components in the MyCompany Enterprise

This hypothetical enterprise has the following components:

• Oracle Human Resources, in which all employees and contractors are managed

• Oracle Internet Directory, which is the Oracle back-end directory

• Oracle Directory Server Enterprise Edition (previously Sun Java System Directory Server), a connected directory that is being used by certain applications

• Oracle Portal, which is used as the intranet portal for all employees

C.2 Requirements of the MyCompany Enterprise

The MyCompany enterprise requires that:

• All employees and contractors are created in Oracle Human Resources. Once created, all applications in the enterprise must share this information through the Oracle back-end directory (Oracle Internet Directory).

• All applications in the enterprise, including single sign-on services, can honor any employee created in Oracle Human Resource.

• All applications that are affected by changes to user properties are notified when changes occur.

• A user's access rights are revoked when the user is terminated in Oracle Human Resources.

C.3 Overall Deployment in the MyCompany Enterprise

Figure C-1 illustrates the various components and their relationships to each other.

Figure C-1 Example of Oracle Directory Integration Platform in the MyCompany Deployment

In the example in Figure C-1:

• Oracle Internet Directory (the Oracle back-end directory) is the central user repository for all enterprise applications.

• Oracle Human Resources is the basis for all user-related information. It is synchronized with Oracle Internet Directory by using the Oracle Directory Synchronization Service.

• Oracle Directory Server Enterprise Edition, which is already deployed in the enterprise, is synchronized with Oracle Internet Directory by using the Oracle Directory Synchronization Service.

• Oracle Portal is notified of changes in Oracle Internet Directory by using the Oracle Directory Integration Platform Service.

C.4 User Creation and Provisioning in the MyCompany Enterprise

In this example, the MyCompany enterprise requires that all users be created in Oracle Human Resources. Oracle Directory Integration Platform must propagate new user records to all other repositories in the enterprise.

Figure C-2 illustrates how Oracle Directory Integration Platform performs this task.

Figure C-2 User Creation and Provisioning

Figure C-2 shows the creation of a new user in Oracle Human Resources, which, in turn, causes an entry for that user to be created in Oracle Internet Directory and Oracle Directory Server Enterprise Edition (previously Sun Java System Directory Server). It also shows the process of provisioning the user to access the Oracle Portal application. User creation and provisioning occur in the following manner:

1. The Oracle Human Resources administrator creates the user in the Oracle Human Resources database.

2. Oracle Directory Integration Platform, through the Oracle Directory Synchronization Service, detects the new-user creation.

3. Oracle Directory Integration Platform, through the Oracle Directory Synchronization Service creates the entry for the user in Oracle Internet Directory.

4. Oracle Directory Integration Platform, through the Oracle Directory Synchronization Service, creates an entry in the Oracle Directory Server Enterprise Edition.

5. Because the user entry is available in Oracle Internet Directory, the Oracle Portal administrator can now provision the user to use the services of Oracle Portal. During this task, the Oracle Portal software automatically retrieves the user information from Oracle Internet Directory.

Note that Oracle Directory Integration Platform does not directly notify Oracle Portal about new users. This is because not all users created in Oracle Human Resources need access to all services. In this case, the deployment must explicitly provision the users to use these services, as in Step 5.

C.5 Modification of User Properties in the MyCompany Enterprise

In this example, the MyCompany enterprise requires that any modification to user properties be communicated to all components interested in such changes. Figure C-3 illustrates the actions that Oracle Directory Integration Platform takes to meet this requirement.

Figure C-3 Modification of User Properties

The process is as follows:

1. The user is first modified in Oracle Human Resources.

2. Oracle Directory Integration Platform retrieves these changes through the Oracle Directory Synchronization Service.

3. Oracle Directory Integration Platform makes the corresponding user modification in Oracle Internet Directory.

4. The Oracle Directory Synchronization Service modifies the user in Oracle Directory Server Enterprise Edition.

5. Oracle Directory Integration Platform, through the Oracle Directory Integration Platform Service, notifies Oracle Portal about the change in user properties.

C.6 Deletion of Users in the MyCompany Enterprise

In this example, the MyCompany enterprise requires that a user being deleted or terminated in Oracle Human Resources be automatically denied access to all enterprise resources that are based on the directory service.

Figure C-4 shows the flow of events during the deletion of users.

Figure C-4 Deletion of Users from the Corporate Human Resources

Figure C-4 shows the process by which Oracle Directory Integration Platform communicates the deletion of users to all systems in the enterprise. The process is as follows:

1. The user is first deleted in Oracle Human Resources.

2. Oracle Directory Integration Platform retrieves these changes through the Oracle Directory Synchronization Service.

3. Oracle Directory Integration Platform, through the Oracle Directory Synchronization Service, makes the corresponding user deletion in Oracle Internet Directory.

4. Oracle Directory Integration Platform, through the Oracle Directory Synchronization Service, deletes the users in Oracle Directory Server Enterprise Edition.

5. Oracle Directory Integration Platform, through the Oracle Directory Integration Platform Service, notifies Oracle Portal about the deletion of the user.

Once all of the steps are completed, a deleted user in Oracle Human Resources cannot access Oracle Portal.