Understand the Provisioning Bridge

The Provisioning Bridge provides a link between your on-premises apps and Oracle Identity Cloud Service. Through synchronization, account data that’s created and updated directly on the apps is pulled into Oracle Identity Cloud Service and stored for the corresponding Oracle Identity Cloud Service users and groups. As a result, any changes to these records will be transferred into Oracle Identity Cloud Service. So, if a user is deleted in one of your apps, then this change will be propagated into Oracle Identity Cloud Service. Because of this, the state of each record is synchronized between your apps and Oracle Identity Cloud Service.

Suppose you're using an on-premises app such Oracle Internet Directory as an authoritative source for your company's users and groups. This app lies within your company's firewall. For a Provisioning Bridge to communicate with on-premises apps such as Oracle Internet Directory, it must leverage Identity Connector Framework (ICF) connectors to access the associated apps. As a result, the Provisioning Bridge can poll the on-premises apps for changes to users and groups in the apps, and synchronize these changes with Oracle Identity Cloud Service. You can configure a Provisioning Bridge so that Oracle Identity Cloud Service can synchronize users and groups from one or multiple apps.

Figure 15-1 Directory Synchronization

Description of Figure 15-1 follows
Description of "Figure 15-1 Directory Synchronization"

Both the Provisioning Bridges and your on-premises apps are in your Microsoft Windows or generic environment. A generic environment consists of any machine that has Java 8 installed on it and supports Bash shell.

Each Provisioning Bridge uses a client network to access the on-premises apps with which you want to synchronize Oracle Identity Cloud Service users and groups. Because Oracle Identity Cloud Service is an Oracle Cloud service, it's in an Oracle environment.

Figure 15-2 Provisioning Bridge Security

Description of Figure 15-2 follows
Description of "Figure 15-2 Provisioning Bridge Security"

The Synchronize Users from Oracle Internet Directory to Oracle Identity Cloud Service video shows you how to configure on-premises apps such as Oracle Internet Directory so that the Provisioning Bridge can use the associated ICF connectors to poll the apps for changes to users and groups in the apps, and synchronize these changes with Oracle Identity Cloud Service.

Certified Components

With the Provisioning Bridge, Oracle Identity Cloud Service can connect to your on-premises apps.

The following table lists the certified versions for Oracle Identity Cloud Service, the versions of the on-premises apps with which Oracle Identity Cloud Service will synchronize by using Provisioning Bridges, and the features of these apps that the bridges support.

Oracle Identity Cloud Service On-Premises App Supported Features
19.2.1 Oracle Internet Directory 12c PS3 Authoritative synchronization

Statuses

There are two statuses for a Provisioning Bridge client:
There are also two statuses for a Provisioning Bridge:
  • Active: The Provisioning Bridge is installed, started, and activated. It’s available to poll the apps to which the Provisioning Bridge is assigned for changes to users and groups in the apps, and synchronize these changes with Oracle Identity Cloud Service. See Activate Provisioning Bridges.

  • Inactive: The Provisioning Bridge is installed and configured, but it's deactivated. It’s not available to retrieve users and groups from the apps to which the Provisioning Bridge is assigned. For performance reasons, this is done. See Deactivate Provisioning Bridges.