1 About the Connector
Oracle Identity Governance is a centralized identity management solution that provides self service, compliance, provisioning and password management services for applications residing on-premises or on the Cloud. Oracle Identity Governance connectors are used to integrate Oracle identity Governance with the external identity-aware applications.
Note:
In this guide, the connector that is deployed using the Applications option on the Manage tab of Identity Self Service is referred to as an AOB application. The connector that is deployed using the Manage Connector option in Oracle Identity System Administration is referred to as a CI-based connector (Connector Installer-based connector).Application onboarding is the process of registering or associating an application with Oracle Identity Governance and making that application available for provisioning and reconciliation of user information.
The following topics provide a high-level overview of the Eloqua connector:
1.1 Certified Components
These are the software components and their versions required for installing and using the Eloqua connector.
Table 1-1 Certified Components
Component | Requirement for AOB Application | Requirement for CI-Based Connector |
---|---|---|
Oracle Identity Governance or Oracle Identity Manager |
You can use one of the following releases:
|
You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager:
|
Target systems |
Eloqua |
Eloqua |
Connector Server |
11.1.2.1.0 or later |
11.1.2.1.0 or later |
Connector Server JDK |
JDK 1.8 and later |
JDK 1.8 and later |
1.2 Usage Recommendation
This is the recommendation for the Eloqua connector version that you can deploy and use depending on the Oracle Identity Governance or Oracle Identity Manager version that you are using.
If you are using Oracle Identity Governance 12c (12.2.1.3.0), then use the latest 12.2.1.x version of this connector. Deploy the connector using the Applications option on the Manage tab of Identity Self Service.
1.3 Certified Languages
These are the languages that the connector supports.
-
Arabic
-
Chinese (Simplified)
-
Chinese (Traditional)
-
Czech
-
Danish
-
Dutch
-
English (US)
-
Finnish
-
French
-
French (Canadian)
-
German
-
Greek
-
Hebrew
-
Hungarian
-
Italian
-
Japanese
-
Korean
-
Norwegian
-
Polish
-
Portuguese
-
Portuguese (Brazilian)
-
Romanian
-
Russian
-
Slovak
-
Spanish
-
Swedish
-
Thai
-
Turkish
1.4 Supported Connector Operations
These are the list of operations that the connector supports for your target system.
Table 1-2 Supported Connector Operations
Operation | Supported |
---|---|
User Management |
|
Create user |
Yes |
Update user |
Yes |
Delete user |
Yes |
Reset Password |
Yes |
License Grant Management |
|
Grant and Revoke Licences |
Yes |
Group Management | |
Add and Remove Groups |
Yes |
Note:
All the connector artifacts required for managing groups as an object (for example groups attribute mappings, reconciliation rules, jobs, and so on) are not visible in the Applications UI in Identity Self Service. However, all the required information is available in the predefined application templates of the connector installation package.1.5 Connector Architecture
The Eloqua connector is implemented by using the Identity Connector Framework (ICF).
The ICF is a component that is required in order to use Identity Connector. ICF provides basic reconciliation and provisioning operations that are common to all Oracle Identity Governance connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as, buffering, time outs, and filtering. ICF is distributed together with Oracle Identity Governance. Therefore, you do not need to configure or modify ICF.
Figure 1-1 shows the architecture of the Eloqua connector.
Figure 1-1 Connector Architecture
![This figure shows the architecture of the Eloqua connector. The description of the architecture is provided in the same section. This figure shows the architecture of the Eloqua connector. The description of the architecture is provided in the same section.](img/eloqua-architecture.png)
-
Provisioning
Provisioning involves creating or updating users on the target system through Oracle Identity Governance. When you allocate (or provision) a Eloqua resource to the OIM User, the operation results in the creation of an account on Eloqua for that user. In the Oracle Identity Governance context, the term provisioning also covers updates made to the target system account through Oracle Identity Governance.
-
Target resource reconciliation
In target resource reconciliation, data related to the newly created and modified target system accounts can be reconciled and linked with existing OIM Users and provisioned resources. You use a scheduled job for performing reconciliation.
The Eloqua Identity Connector Bundle communicates with the Eloqua API using the HTTPS protocol. The Eloqua API provides programmatic access through REST API endpoints. Apps can use the Eloqua API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users.
See Also:
Understanding the Identity Connector Framework in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance for more information about ICF.
1.6 Use Cases Supported by the Connector
The Eloqua connector is used to integrate Oracle Identity Governance with Eloqua to ensure that all Eloqua accounts are created, updated, and deactivated on an integrated cycle with the rest of the identity-aware applications in your enterprise. The Eloqua connector supports management of identities for Cloud Identity, Synchronized Identity, and Federated Identity models of Eloqua. In a typical IT scenario, an organization using Oracle Identity Governance wants to manage accounts, groups, and licenses across Eloqua Cloud Service.
-
Eloqua User Management
An organization using Eloqua wants to integrate with Oracle Identity Governance to manage identities. The organization wants to manage its user identities by creating them in the target system using Oracle Identity Governance. The organization also wants to synchronize user identity changes performed directly in the target system with Oracle Identity Governance. In such a scenario, a quick and an easy way is to install the Eloqua connector and configure it with your target system by providing connection information.
To create a new user in the target system, fill in and submit the OIM process form to trigger the provisioning operation. The connector executes the CreateOp operation against your target system and the user is created on successful execution of the operation. Similarly, operations like delete and update can be performed.
To search or retrieve the user identities, you must run a scheduled task from Oracle Identity Governance. The connector will run the corresponding SearchOp against the user identities in the target system and fetch all the changes to Oracle Identity Governance.
-
Eloqua Group Management
An organization has a number of Eloqua Security Groups allowing its users to assign and unassign groups. By using the Eloqua connector, you can effectively track all user groups by leveraging Oracle Identity Governance capability.
-
Eloqua User License Management
Another scenario is one in which an organization is using Eloqua for business and manages user licenses as per the changing needs of the organization by assigning or unassigning licenses for users. What is needed is an effective way to keep track of all the licenses and user rights both in cloud and on-premise servers. In such a scenario, you can use the Eloqua connector to effectively track all user licenses. You can keep track of these license assignment changes by leveraging Oracle Identity Governance capability of auditing and reporting.
1.7 Connector Features
The features of the connector include support for connector server, full reconciliation, limited reconciliation, and reconciliation of deleted account data.
Table 1-3 Supported Connector Features Matrix
Feature | AOB Application | CI-Based Connector |
---|---|---|
Full reconciliation |
Yes |
Yes |
Incremental reconciliation |
Yes |
Yes |
Limited reconciliation |
Yes |
Yes |
Delete reconciliation |
Yes |
Yes |
Use connector server |
Yes |
Yes |
Transformation and validation of account data |
Yes |
Yes |
Perform connector operations in multiple domains |
Yes |
Yes |
Support for paging |
Yes |
Yes |
Test connection |
Yes |
No |
The following topics provide more information on the features of the AOB application:
1.7.1 Full Reconciliation and Incremental Reconciliation
You can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Governance.
After the first full reconciliation run, you can configure your connector for incremental reconciliation if the target system contains an attribute that holds the timestamp at which an object is created or modified.
In incremental reconciliation, only records that are added or modified after the last reconciliation run are fetched into Oracle Identity Governance. During an incremental reconciliation run, the scheduled job fetches only target system records that are added or modified after the time-stamp stored in the Latest Token attribute of the scheduled job.
Note:
The connector supports incremental reconciliation if the target system contains an attribute that holds the timestamp at which an object is created or modified.You can perform a full reconciliation run at any time. See Performing Full and Incremental Reconciliation for more information about performing full and incremental reconciliation.
1.7.2 Support for the Connector Server
Connector Server is one of the features provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles.
A Java connector server is useful when you do not want to execute a Java connector bundle in the same VM as your application. It can be beneficial to run a Java connector on a different host for performance improvements if the bundle works faster when deployed on the same host as the native managed resource.
See Also:
Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for more information about installing and configuring connector server and running the connector server
1.7.3 Limited Reconciliation
You can reconcile records from the target system based on a specified filter criterion. To limit or filter the records that are fetched into Oracle Identity Governance during a reconciliation run, you can specify the subset of added or modified target system records that must be reconciled.
You can set a reconciliation filter as the value of the Filter Suffix attribute of the user reconciliation scheduled job. The Filter Suffix attribute helps you to assign filters to the API based on which you get a filtered response from the target system.
For more information, see Performing Limited Reconciliation.
1.7.4 Transformation and Validation of Account Data
You can configure transformation and validation of account data that is brought into or sent from Oracle Identity Governance during reconciliation and provisioning operations by writing Groovy scripts while creating your application.
For more information, see Validation and Transformation of Provisioning and Reconciliation Attributes in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.