1.5 Connector Architecture

The ARCON Privileged Access Management is implemented by using the Identity Connector Framework (ICF).

The ICF is a component that is required in order to use Identity Connector. ICF provides basic reconciliation and provisioning operations that are common to all Oracle Identity Governance connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as, buffering, time outs, and filtering. ICF is distributed together with Oracle Identity Governance. Therefore, you do not need to configure or modify ICF.

The following figure shows the architecture of the ARCON Privileged Access Management.

Figure 1-1 ARCON Privileged Access Management Connector Architecture

The connector is configured to run in one of the following modes:

• Account management

  Account management is also known as target resource management. In this mode, the target system is used as a target resource and the connector enables the following operations:

  • Provisioning

    Provisioning involves creating and updating users on the target system through Oracle Identity Governance. During provisioning, the adapters invoke the ICF operation; ICF in turn invokes the create operation on the ARCON Privileged Access Management Identity Connector Bundle, and then the bundle calls the target system API (ARCON Privileged Access Management API) for provisioning operations. The API on the target system accepts provisioning data from the bundle, carries out the required operation on the target system, and returns the response from the target system back to the bundle, which passes it to the adapters.

  • Target resource reconciliation

    During reconciliation, a scheduled task initiates an ICF operation, which involves searching the ARCON Privileged Access Management Identity Connector Bundle. This bundle interfaces with the ARCON Privileged Access Management API to retrieve user records that meet specific criteria. These records are then returned via the bundle and ICF to the scheduled task, where they are integrated into Oracle Identity Governance.

    Each record from the target system is compared to existing ARCON Privileged Access Management resources provisioned in OIM. When a match is found, updates from the target system's ARCON Privileged Access Management record are copied to the corresponding ARCON Privileged Access Management resource in Oracle Identity Governance. If there's no match, the record's name is compared with OIM user logins. In the event of a match, the data from the target system's record is utilized to provision an ARCON Privileged Access Management resource for the OIM user.

    The Connector Bundle uses the HTTPS protocol to communicate with the ARCON Privileged Access Management API, which provides programmatic access through SCIM API endpoints. These endpoints enable applications to perform create, read, and update operations on various directory data and objects, including users, roles, multi-factor authentication, services, and groups.

See Also:

Understanding the Identity Connector Framework in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance for more information about ICF.