1.5 Connector Architecture

The SAP Fieldglass Connector enables management of accounts on the target system through Oracle Identity Governance.

The following figure shows architecture of the SAP Fieldglass Connector.

Figure 1-1 Architecture of the SAP Fieldglass Connector

The connector is configured to run in one of the following modes:

• Account management
  Account management is also known as target resource management. In this mode, the target system is used as a target resource and the connector enables the following operations:

  • Provisioning

    Provisioning involves creating, updating, or deleting users on the target system through Oracle Identity Governance. During provisioning, the Adapters invoke ICF operation, ICF in turn invokes create operation on the SAP Fieldglass Identity Connector Bundle and then the bundle calls the target system API (SAP Fieldglass API) for provisioning operations. The API on the target system accepts provisioning data from the bundle, carries out the required operation on the target system, and returns the response from the target system back to the bundle, which passes it to the adapters.

  • Target resource reconciliation

    During reconciliation, a scheduled task invokes an ICF operation. ICF in turn invokes a search operation on the SAP Fieldglass Identity Connector Bundle and then the bundle calls SAP Fieldglass API for Reconciliation operation. The API extracts user records that match the reconciliation criteria and hands them over through the bundle and ICF back to the scheduled task, which brings the records to Oracle Identity Governance.

    Each record fetched from the target system is compared with SAP Fieldglass resources that are already provisioned to OIM Users. If a match is found, then the update made to the SAP Fieldglass record from the target system is copied to the SAP Fieldglass resource in Oracle Identity Governance. If no match is found, then the Name of the record is compared with the User Login of each OIM User. If a match is found, then data in the target system record is used to provision an SAP Fieldglass resource to the OIM User.

  The SAP Fieldglass Identity Connector Bundle communicates with the SAP Fieldglass API using the HTTPS protocol. The SAP Fieldglass API provides programmatic access to SAP Fieldglass through SCIM API endpoints. Apps can use the SCIM API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users, groups.

  See Also:

  Understanding the Identity Connector Framework in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance for more information about ICF.