1 About the DocuSign Connector
Oracle Identity Governance is a centralized identity management solution that provides self-service, compliance, provisioning and password management services for applications residing on-premises or on the Cloud. Oracle Identity Governance connectors are used to integrate Oracle Identity Governance with the external identity-aware applications.
The DocuSign connector lets you create and onboard DocuSign applications in Oracle Identity Governance.
Note:
In this guide, the connector that is deployed using the Applications option on the Manage tab of Identity Self Service is referred to as an AOB application.Application onboarding is the process of registering or associating an application with Oracle Identity Governance and making that application available for provisioning and reconciliation of user information.
The following topics provide a high-level overview of the DocuSign connector:
- Certified Components
- Usage Recommendation
- Certified Languages
- Supported Connector Operations
- Connector Architecture
- Supported Use Cases
- Supported Connector Features Matrix
- Connector Features
Note:
In this guide, the term Oracle Identity Governance server refers to the computer on which Oracle Identity Governance is installed.1.1 Certified Components
These are the software components and their versions required for installing and using DocuSign connector.
Table 1-1 Certified Components
| Component | Requirement for AOB Application |
|---|---|
|
Oracle Identity Governance or Oracle Identity Manager |
You can use one of the following releases of Oracle Identity Governance:
|
|
Oracle Identity Governance JDK |
JDK 1.8 and later version |
|
Target System |
Any version (Cloud) |
|
Connector Server |
11.1.2.1.0 or 12.2.1.3.0 |
|
Connector Server JDK |
JDK 1.8 and later version |
1.2 Usage Recommendation
These are the recommendations for the DocuSign connector versions that you can deploy and use depending on the Oracle Identity Governance or Oracle Identity Manager version that you are using.
-
If you are using Oracle Identity Governance release 12c (12.2.1.3.0) or later version, then use the latest 12.2.1.x version of this connector. Deploy the connector using the Applications option on the Manage tab of Identity Self Service.
1.3 Certified Languages
These are the languages that the connector supports.
-
Arabic
-
Chinese (Simplified)
-
Chinese (Traditional)
-
Czech
-
Danish
-
Dutch
-
English
-
Finnish
-
French
-
French (Canadian)
-
German
-
Greek
-
Hebrew
-
Hungarian
-
Italian
-
Japanese
-
Korean
-
Norwegian
-
Polish
-
Portuguese
-
Portuguese (Brazilian)
-
Romanian
-
Russian
-
Slovak
-
Spanish
-
Swedish
-
Thai
-
Turkish
1.4 Supported Connector Operations
These are the list of operations that the connector supports for your target system.
Table 1-2 Supported Connector Operations
| Operation | Supported |
|---|---|
| User Management | - |
| Create a user | Yes |
| Reconcile user | Yes |
| Update user | Yes |
| Delete user | Yes |
| DocuSign Group Grant Management | - |
| Assign and remove groups | Yes |
1.5 Connector Architecture
The connector uses DocuSign APIs to synchronize user attributes between Oracle Identity Governance and DocuSign directory services and is implemented using the Identity Connector Framework (ICF) component.
The ICF is a component that is required to use Identity Connector. ICF provides basic reconciliation and provisioning operations that are common to all Oracle Identity Governance connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as buffering, time-outs, and filtering. ICF is distributed together with Oracle Identity Governance. Therefore, you do not need to configure or modify ICF.
- Account ManagementAccount management is also known as target resource management. In this mode, the target system is used as a target resource and the connector enables the following operations:
- Provisioning
Provisioning involves creating or updating users on the target system through Oracle Identity Governance. When you allocate (or provision) a DocuSign resource to the OIM User, the operation results in the creation of an account on DocuSign for that user. In the Oracle Identity Governance context, the term provisioning also covers updates made to the target system account through Oracle Identity Governance.
- Target Resource Reconciliation
In target resource reconciliation, data related to the newly created and modified target system accounts can be reconciled and linked with existing OIM Users and provisioned resources. Use a scheduled job for performing reconciliation.
- Provisioning
Figure 1-1 shows the architecture of the DocuSign connector.
Figure 1-1 Connector Architecture
As shown in this figure, the DocuSign connector enables you to use the target system as a managed resource (target) of identity data for Oracle Identity Governance.
Through the provisioning operations that are performed on Oracle Identity Governance, accounts are created and updated in the target system for Oracle Identity Governance Users. During provisioning, the Adapters invoke ICF operation, ICF, in turn, invokes create operation on the DocuSign Identity Connector Bundle, and then the bundle calls the target system API for provisioning operations. The DocuSign Table API on the target system accepts provisioning data from the bundle, carries out the required operation on the target system, and returns the response from the target system to the bundle, which passes it to the adapters.
During reconciliation, a scheduled task invokes an ICF operation. ICF, in turn, invokes a search operation on the DocuSign Identity Connector Bundle and then the bundle calls DocuSign API for reconciliation operation. The API extracts user records that match the reconciliation criteria and hands them over through the bundle and ICF back to the scheduled task, which brings the records to Oracle Identity Governance.
Each record fetched from the target system is compared with DocuSign resources that are already provisioned to OIG Users. If a match is found, then the update made to the DocuSign record from the target system is copied to the DocuSign resource in Oracle Identity Governance. If no match is found, then the user ID of the record is compared with the user ID of each OIG User. If a match is found, then data in the target system record is used to provision a DocuSign resource to the OIG User.
The DocuSign Identity Connector Bundle communicates with the DocuSign Table API using the HTTPS protocol. The DocuSign Table API provides programmatic access through REST API endpoints. Apps can use the DocuSign API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users.
See Also:
Understanding the Identity Connector Framework in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance for more information about ICF.1.6 Supported Use Cases
DocuSign connector is used to integrate OIG with a DocuSign instance. DocuSign connector ensures that all DocuSign accounts are created, updated, deleted, and deactivated on an integrated cycle with the rest of the identity-aware applications in your enterprise.
DocuSign connector standardizes service processes and implements automation to replace manual tasks. In a typical IT scenario, an organization using OIG wants to manage accounts, user association with a role or with a department across a DocuSign Cloud instance.
As a business use case, consider a leading logistics company in Australia which was using DocuSign for the ticketing system solution and OIG for Identity Management. Before using DocuSign connector, operations such as create, edit, and delete were performed manually and lacked a centralized streamlining operation. These operations can be easily automated using the DocuSign REST APIs. By integrating DocuSign connector with Oracle Identity Governance, the logistics company was able to achieve complete automation.
-
DocuSign User Management
An organization using DocuSign wants to integrate with OIG to manage identities. The organization wants to manage its user identities by creating them in the target system using OIG. The organization also wants to synchronize user identity changes performed directly in the target system with OIG. In such a scenario, a quick and easy way is to install the DocuSign connector and configure it with your target system by providing connection information in the IT resource.
DocuSign connector allows new users to self-provision on a DocuSign Cloud instance. New users can request and provision from a catalog of cloud-based resources.
To create a new user in the target system, fill in and submit the OIG process form to trigger the provisioning operation. The connector executes the create operation against your target system and the user is created on successful execution of the operation. Similarly, operations such as delete, and update can be performed.
To search or retrieve the user identities, you must run a scheduled task from OIG. The connector will run the corresponding search operation against the user identities in the target system and fetch all the changes to OIG.
1.7 Supported Connector Features Matrix
Provides the list of features supported by the AOB application.
Table 1-3 Supported Connector Features Matrix
| Feature | AOB Application |
|---|---|
|
Full reconciliation |
Yes |
|
Limited (filtered) reconciliation |
Yes |
|
Delete reconciliation |
Yes |
|
Use connector server |
Yes |
|
Configure validation and transformation of account data |
Yes |
|
Perform connector operations in multiple domains |
Yes |
|
Support for pagination |
Yes |
|
Test connection |
Yes |
| Clone applications or create new application instances | Yes |
| Provide secure communication to the target system through SSL | Yes |