An application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism). Application instances have business-friendly names that are easier to remember. Creating and managing application instances are performed by using the Application Instance section of Oracle Identity System Administration.
Application instances can be connected or disconnected. A connected application instance has a connector defined for the provisioning of entities. A disconnected application instance is used for the provisioning of a disconnected resource, for which a connector is not defined, and therefore, the provisioning is performed manually by the administrator.
For information about application instance concepts and how to create and manage application instances, see "Managing Application Instances" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
This chapter describes how application developers can manage resource objects, which is a component of application instance, by using the Design Console. In addition, it describes the procedure to convert a disconnected application instance to a connected application instance. For information about creating and managing IT resources, see "Managing IT Resources" in Administering Oracle Identity Manager.
This chapter includes the following topics:
This chapter describes resource management in the Design Console. It contains the following sections:
Note:Only the users belonging to the SYSTEM ADMINISTRATORS group of Oracle Identity Manager can log in to Design Console.
The Resource Management folder provides you with tools to manage Oracle Identity Manager resources. This folder contains the following forms:
IT Resources Type Definition: Use this form to create resource types that are displayed as lookup values on the IT Resources form.
Rule Designer: Use this form to create rules that can be applied to password policy selection, automatic role membership, provisioning process selection, task assignment, and prepopulating adapters.
Resource Objects: Use this form to create and manage resource objects. These objects represent resources that you want to make available to users and organizations.
See Also:See Chapter 3, "Using the Adapter Factory" for more information about adapters and adapter tasks
The IT Resources Type Definition form is in the Resource Management folder. You use the IT Resources Type Definition form to classify IT resource types, for example, AD, Microsoft Exchange, and Solaris. Oracle Identity Manager associates resource types with resource objects that it provisions to users and organizations.
After you define an IT resource type on this form, it is available for selection when you define an IT resource. The type is displayed in the Create IT Resource and Manage IT Resource pages of Advanced Administration.
IT resource types are templates for the IT resource definitions that reference them. If an IT resource definition references an IT resource type, the resource inherits all of the parameters and values in the IT resource type. The IT resource type is the general IT classification, for example, Solaris. The resource is an instance of the type, for example, Solaris for Statewide Investments. You must associate every IT resource definition with an IT resource type.
Figure 1-1 shows the IT Resources Type Definition form.
Table 1-1 describes the fields of the IT Resources Type Definition form.
The name of the IT resource type
Specifies whether or not this IT resource type can be referenced by more than one IT resource
To define an IT resource type:
Enter the name of the IT resource type in the Server Type field, for example, Solaris.
To make the IT resource type available for multiple IT resources, select Insert Multiple.
The IT resource type is defined. You can select it when defining IT resources in the Create IT Resource page of Advanced Administration.
To describe the procedure to convert a disconnected application instance to a connected application instance, the following assumptions have been made:
A disconnected application instance exists in Oracle Identity Manager deployment, for example, the production environment. This disconnected application instance will be exported to another deployment of Oracle Identity Manager, for example, a test environment, and converted to a connected application instance. After testing the connected application instance in the test environment, it will be imported in the production environment again.
Note:Optionally, the disconnected resource can be converted to a connected resource in the same environment. See "Modifying the Application Instance from Disconnected to Connected" for further details.
The application instance, process definition, forms, IT resource type definition, and IT resource retain the same name while converting a disconnected application instance to connected application instance.
The following are the broad-level steps to convert a disconnected application instance to a connected application instance:
Import the existing disconnected resource from the existing environment to the test environment.
Modify the implementation of the application instance, such as resource object definition and process definition.
Test the application instance by provisioning it to users and validating the behavior for enable, disable, revoke, and update tasks.
Export the new connected resource from the test environment and import it to the production environment.
Only the resource is exported between environments and not the application instance.
This section outlines the steps to import/export the resource of the application instance by using the Deployment Manager. Alternatively, the connector upgrade utility can also be used for import/export of the resource. See "Managing Connector Lifecycle" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about using the connector upgrade utility.
To create a disconnected application instance in the production environment:
Login to Oracle Identity System Administration.
Click Sandboxes to access sandbox management, create a sandbox, and activate it. See "Managing Sandboxes" for information about sandboxes and how to create, activate, and publish sandboxes.
Under Configuration, click Application Instances. Click Create on the toolbar to open the Create Application Instance page.
Enter values in the Name and Display Name fields, such as
Select the Disconnected option to specify a disconnected application instance. Selecting the Disconnected option disables the Resource Object and IT Resource Instance fields in the page.
Click Save, and then click OK to confirm creation of the FinApp application instance. The artifacts for a disconnected application instance are created.
Go to the Manage Sandboxes page, and publish the sandbox.
Upon successful creation of the application instance, organization and entitlements can be configured if necessary. For testing purpose, create four or five users and provision the newly created disconnected application instance to the users. Ensure that the users have the application instance in one of the following status: Provisioned, Enabled, Disabled, and Revoke. Try modifying one of the users to ensure that the account can be successfully updated.
To export the disconnected application instance from the test environment:
Login to Oracle Identity System Administration. In the left pane, under System Management, click Export. The Deployment Manager wizard is displayed in a new window.
Search for the disconnected application instance. To do so, in the search section, select Resource from the list, enter the name of the disconnected application instance, for example
LaptopApplication*, and click Search. The disconnected application instance is displayed in the Search Results section.
Select LaptopApplicationInstance in the Search Results section, and then click Select Children. The Select Children page is displayed.
Select the required child attributes, as shown in Figure 1-2:
Click Select Dependencies. The Select Dependencies page is displayed.
Click Confirmation. In the Confirmation page, click Add For Export.
After verifying that all the required dependencies are displayed in the export summary, as shown in Figure 1-3, click Export.
Provide a name to the XML file, such as DisconnectedLaptopExp.xml. Upon successful export, a message is displayed.
To import the disconnected application instance in production environment:
In the left pane of the Oracle Identity System Administration, under System Management, click Import.
Provide the path to the exported XML file, and then click OK. A confirmation page is displayed. Click Add File.
In the Substitutions page, you can provide substitutions for users or groups. If there are no substitutions, then click Cancel Substitution.
In the import summary, as shown in , check for any unresolved dependency, as shown in Figure 1-4 and then click Import.
Verify that the process definition, resource object, and forms have been successfully imported.
In the environment where the application instance has been imported, make the following changes to convert the disconnected application instance to a connected application instance:
Login to the Design Console.
Expand Resource Management. Click Resource Objects to open the Resource Objects form.
Change the type of the resource object from Disconnected to Application.
Define new IT resource parameters in conjunction with the connected resource as required in the IT Resource Type Definition form.
Modify the existing IT resource (assuming that the ITResource is the same) with the new parameters added in step 4.
Expand Process Management, and click Process Definition to open the Process Definition form.
Search the process definition of the disconnected application instance. The following tasks are displayed:
For each task, perform the following:
Double-click the Task row to open the task details. See "Modifying Process Tasks" for more information about modifying process tasks.
Rename the task. For example, change the task name from ManualProvisioningStart to XXManualProvisioningStart.
Make sure the Conditional option is selected. In addition, ensure that the Required for Completion option is not selected.
If the task is an enable/disable/revoke task, then change the task effect to No effect.
In the Integration tab, disassociate the adapters attached to the task by clicking on Remove.
Remove task dependency, if any.
Remove undo/recovery/generated tasks, if any.
Change the object status mapping, if any, to none.
Note:Step 6a through 6g are to ensure that the existing tasks for disconnected application instance do not start when the application instance is exported as a connected application instance.
There is a task by the name PARENT_FORM_NAME Updated. This task triggers whenever the parent form is updated. Make sure to disassociate the existing adapters attached to the task and customize the task as required.
If there are any tasks related to the child form, then make sure to remove the triggers for create/update/delete by clicking Clear. If these tasks are not going to be reused, then disassociate the adapters attached to these tasks and rename the tasks to ensure that they do not run. Oracle recommends creating new tasks for each create, update, and delete trigger.
Optionally, the same tasks for the child data can be retained but custom adapters must be defined for the create/update/delete trigger.
For a disconnected application instance with child data, the task with the delete trigger will be associated with the tcCompleteTask adapter. Make sure to define and attach a custom adapter to this task to enable proper deletion of entitlement or child data.
Define custom adapters for the create, disable, enable, revoke, and update account tasks. If there are child tables, then make sure to define custom adapters for the same.
Create the following tasks in the process definition, and associate the corresponding adapters to each of those tasks. Map the required undo/recovery tasks and set the object status mapping.
Create User: Ensure that in the task properties, the Required for Completion option is selected and the Conditional option is not selected.
Disable User: Ensure that the task effect is Disable Processes or Access to Application.
Enable User: Ensure that the task effect is Enable Processes or Access to Application.
Delete User: Ensure that the task effect is Revoke Processes or Access to Application.
ATTRIBUTE_NAME Updated: For each attribute defined in the process form, corresponding update tasks have to be created. These tasks are triggered on updates to the process form, for example, Account Name Update, Account ID Updated, and so on.
If there is a child table, then define tasks for each trigger type, such as create, update, and delete.
Test the connected application instance by provisioning it to a few users in the test environment. You must define a new application instance with the modified resource object and IT resource to provision the application instance to users.