1 Developing Application Instances

Application developers can manage resource objects, which is a component of application instance, by using the Design Console. A disconnected application instance can be created by using Identity System Administration and can be converted to a connected application instance.

For information about creating and managing IT resources, see Managing IT Resources in Administering Oracle Identity Governance.

This chapter contains the following topics:

• Overview of Application Instances

• Managing Resources By Using the Design Console

• Converting a Disconnected Application Instance to Connected Application Instance

1.1 Overview of Application Instances

An application instance is a provisionable entity, and a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism).

Application instances have business-friendly names that are easier to remember. Creating and managing application instances are performed by using the Application Instance section of Oracle Identity System Administration.

Application instances can be connected or disconnected. A connected application instance has a connector defined for the provisioning of entities. A disconnected application instance is used for the provisioning of a disconnected resource, for which a connector is not defined, and therefore, the provisioning is performed manually by the administrator.

For information about application instance concepts and how to create and manage application instances, see Managing Application Instances in the Administering Oracle Identity Governance.

1.2 Managing Resources By Using the Design Console

Resource objects and IT resources are managed by using the Design Console.

This section describes resource management in the Design Console. It contains the following topics:

Note:

Only the users belonging to the SYSTEM ADMINISTRATORS group of Oracle Identity Manager can log in to the Design Console.

• Overview of Resource Management

• IT Resources Type Definition Form

• Fields of the IT Resource Type Definition Form

• Defining a Template (a Resource Type) for IT Resources

1.2.1 Overview of Resource Management

The Resource Management folder provides you with tools to manage Oracle Identity Manager resources.

The Resource Management folder contains the following forms:

• IT Resources Type Definition: Use this form to create resource types that are displayed as lookup values on the IT Resources form.

• Rule Designer: Use this form to create rules that can be applied to password policy selection, automatic role membership, provisioning process selection, task assignment, and prepopulating adapters.

• Resource Objects: Use this form to create and manage resource objects. These objects represent resources that you want to make available to users and organizations.

See Also:

See Using the Adapter Factory for more information about adapters and adapter tasks

1.2.2 IT Resources Type Definition Form

The IT Resources Type Definition form is used to classify IT resource types.

The IT Resources Type Definition form is in the Resource Management folder. You use the IT Resources Type Definition form to classify IT resource types, for example, AD, Microsoft Exchange, and Solaris. Oracle Identity Manager associates resource types with resource objects that it provisions to users and organizations.

After you define an IT resource type on this form, it is available for selection when you define an IT resource. The type is displayed in the Create IT Resource and Manage IT Resource pages of Advanced Administration.

IT resource types are templates for the IT resource definitions that reference them. If an IT resource definition references an IT resource type, the resource inherits all of the parameters and values in the IT resource type. The IT resource type is the general IT classification, for example, Solaris. The resource is an instance of the type, for example, Solaris for Statewide Investments. You must associate every IT resource definition with an IT resource type.

Figure 1-1 shows the IT Resources Type Definition form.

Figure 1-1 The IT Resources Type Definition Form

Description of "Figure 1-1 The IT Resources Type Definition Form"

1.2.3 Fields of the IT Resource Type Definition Form

The IT Resources Type Definition form provides fields for classifying IT resource types.

Table 1-1 describes the fields of the IT Resources Type Definition form.

Table 1-1 Fields of the IT Resources Type Definition Form

Field Name	Description
Server Type	The name of the IT resource type
Insert Multiple	Specifies whether or not this IT resource type can be referenced by more than one IT resource

1.2.4 Defining a Template (a Resource Type) for IT Resources

The IT resource type that you define is selected when creating IT resources.

To define an IT resource type:

1. Enter the name of the IT resource type in the Server Type field, for example, Solaris.
2. To make the IT resource type available for multiple IT resources, select Insert Multiple.
3. Click Save.

   The IT resource type is defined. You can select it when defining IT resources in the Create IT Resource page of Advanced Administration.

1.3 Converting a Disconnected Application Instance to Connected Application Instance

A disconnected application instance is converted to a connected application instance by importing the disconnected resource to a test environment, modifying the implementation of the application instance, such as resource object definition and process definition, and exporting the new connected resource to the production environment.

For information about disconnected application instance, see Managing Disconnected Resources in Administering Oracle Identity Governance.

This section describes how to convert a disconnected application instance to a connected application instance. It contains the following topics:

• Assumptions and Broad-Level Steps

• Creating a Disconnected Application Instance in the Production Environment

• Exporting Disconnected Application Instance From Test Environment

• Importing the Disconnected Application Instance in Production Environment

• Modifying the Application Instance from Disconnected to Connected

• Testing the Connected Application Instance

1.3.1 Assumptions and Broad-Level Steps

The assumption made to show the conversion of disconnected application instance to connected application instance is that the application instance, process definition, forms, IT resource type definition, and IT resource retain the same name while converting, which involves importing the disconnected resource, modifying the application instance implementation, and exporting it back to the production environment.

To describe the procedure to convert a disconnected application instance to a connected application instance, the following assumptions have been made:

• A disconnected application instance exists in Oracle Identity Manager deployment, for example, the production environment. This disconnected application instance will be exported to another deployment of Oracle Identity Manager, for example, a test environment, and converted to a connected application instance. After testing the connected application instance in the test environment, it will be imported in the production environment again.

  Note:

  Optionally, the disconnected resource can be converted to a connected resource in the same environment. See Modifying the Application Instance from Disconnected to Connectedfor further details.

• The application instance, process definition, forms, IT resource type definition, and IT resource retain the same name while converting a disconnected application instance to connected application instance.

The following are the broad-level steps to convert a disconnected application instance to a connected application instance:

• Import the existing disconnected resource from the existing environment to the test environment.

• Modify the implementation of the application instance, such as resource object definition and process definition.

• Test the application instance by provisioning it to users and validating the behavior for enable, disable, revoke, and update tasks.

• Export the new connected resource from the test environment and import it to the production environment.

Note:

• Only the resource is exported between environments and not the application instance.

• This section outlines the steps to import/export the resource of the application instance by using the Deployment Manager. Alternatively, the connector upgrade utility can also be used for import/export of the resource. See Managing Connector Lifecycle in the Administering Oracle Identity Governance for information about using the connector upgrade utility.

1.3.2 Creating a Disconnected Application Instance in the Production Environment

Select the Disconnected option while creating the application instance.

To create a disconnected application instance in the production environment:

1. Login to Oracle Identity System Administration.
2. Click Sandboxes to access sandbox management, create a sandbox, and activate it. See Managing Sandboxes for information about sandboxes and how to create, activate, and publish sandboxes.
3. Under Configuration, click Application Instances. Click Create on the toolbar to open the Create Application Instance page.
4. Enter values in the Name and Display Name fields, such as LaptopApplicationInstance.
5. Select the Disconnected option to specify a disconnected application instance. Selecting the Disconnected option disables the Resource Object and IT Resource Instance fields in the page.
6. Click Save, and then click OK to confirm creation of the LaptopApplicationInstance application instance. The artifacts for a disconnected application instance are created.
7. Go to the Manage Sandboxes page, and publish the sandbox.

Upon successful creation of the application instance, organization and entitlements can be configured if necessary. For testing purpose, create four or five users and provision the newly created disconnected application instance to the users. Ensure that the users have the application instance in one of the following status: Provisioned, Enabled, Disabled, and Revoke. Try modifying one of the users to ensure that the account can be successfully updated.

1.3.3 Exporting Disconnected Application Instance From Test Environment

A disconnected application instance is exported from the test environment by using the Export section of Identity System Administration.

To export the disconnected application instance from the test environment:

1. Login to Oracle Identity System Administration. In the left pane, under System Management, click Export. The Deployment Manager wizard is displayed in a new window.
2. Search for the disconnected application instance. To do so, in the search section, select Resource from the list, enter the name of the disconnected application instance, for example LaptopApplication*, and click Search. The disconnected application instance is displayed in the Search Results section.
3. Select LaptopApplicationInstance in the Search Results section, and then click Select Children. The Select Children page is displayed.
4. Select the required child attributes, as shown in Figure 1-2:

   Figure 1-2 Child Attributes

   
   Description of "Figure 1-2 Child Attributes"
5. Click Select Dependencies. The Select Dependencies page is displayed.
6. Click Confirmation. In the Confirmation page, click Add For Export.
7. After verifying that all the required dependencies are displayed in the export summary, as shown in Figure 1-3, click Export.

   Figure 1-3 Export Summary

   
   Description of "Figure 1-3 Export Summary"
8. Provide a name to the XML file, such as DisconnectedLaptopExp.xml. Upon successful export, a message is displayed.

1.3.4 Importing the Disconnected Application Instance in Production Environment

A disconnected application instance is imported to the production environment by using the Export section of Identity System Administration.

To import the disconnected application instance in production environment:

1. In the left pane of the Oracle Identity System Administration, under System Management, click Import.
2. Provide the path to the exported XML file, and then click OK. A confirmation page is displayed. Click Add File.
3. In the Substitutions page, you can provide substitutions for users or groups. If there are no substitutions, then click Cancel Substitution.
4. In the import summary, as shown in , check for any unresolved dependency, as shown in Figure 1-4 and then click Import.

   Figure 1-4 Import Summary

   
   Description of "Figure 1-4 Import Summary"
5. Verify that the process definition, resource object, and forms have been successfully imported.

1.3.5 Modifying the Application Instance from Disconnected to Connected

A disconnected application instance is converted to a connected application instance by modifying the implementation of the application instance, such as resource object definition and process definition.

In the environment where the application instance has been imported, make the following changes to convert the disconnected application instance to a connected application instance:

1. Login to the Design Console.

2. Expand Resource Management. Click Resource Objects to open the Resource Objects form.

3. Change the type of the resource object from Disconnected to Application.

4. Define new IT resource parameters in conjunction with the connected resource as required in the IT Resource Type Definition form.

5. Modify the existing IT resource (assuming that the ITResource is the same) with the new parameters added in step 4.

6. Expand Process Management, and click Process Definition to open the Process Definition form.

7. Search the process definition of the disconnected application instance. The following tasks are displayed:

   • ManualProvisioningStart

   • ManualProvisioningEnd

   • ManualEnableStart

   • ManualEnableEnd

   • ManualDisableStart

   • ManualDisableEnd

   • ManualRevokeStart

   • ManualRevokeEnd

8. For each task, perform the following:

   1. Double-click the Task row to open the task details. See Modifying Process Tasks for more information about modifying process tasks.

   2. Rename the task. For example, change the task name from ManualProvisioningStart to XXManualProvisioningStart.

   3. Make sure the Conditional option is selected. In addition, ensure that the Required for Completion option is not selected.

   4. If the task is an enable/disable/revoke task, then change the task effect to No effect.

   5. In the Integration tab, disassociate the adapters attached to the task by clicking on Remove.

   6. Remove task dependency, if any.

   7. Remove undo/recovery/generated tasks, if any.

   8. Change the object status mapping, if any, to none.

      Note:

      Step 6a through 6g are to ensure that the existing tasks for disconnected application instance do not start when the application instance is exported as a connected application instance.

9. There is a task by the name PARENT_FORM_NAME Updated. This task triggers whenever the parent form is updated. Make sure to disassociate the existing adapters attached to the task and customize the task as required.

10. If there are any tasks related to the child form, then make sure to remove the triggers for create/update/delete by clicking Clear. If these tasks are not going to be reused, then disassociate the adapters attached to these tasks and rename the tasks to ensure that they do not run. Oracle recommends creating new tasks for each create, update, and delete trigger.

    Note:

    • Optionally, the same tasks for the child data can be retained but custom adapters must be defined for the create/update/delete trigger.

    • For a disconnected application instance with child data, the task with the delete trigger will be associated with the tcCompleteTask adapter. Make sure to define and attach a custom adapter to this task to enable proper deletion of entitlement or child data.

11. Define custom adapters for the create, disable, enable, revoke, and update account tasks. If there are child tables, then make sure to define custom adapters for the same.

12. Create the following tasks in the process definition, and associate the corresponding adapters to each of those tasks. Map the required undo/recovery tasks and set the object status mapping.

    • Create User: Ensure that in the task properties, the Required for Completion option is selected and the Conditional option is not selected.

    • Disable User: Ensure that the task effect is Disable Processes or Access to Application.

    • Enable User: Ensure that the task effect is Enable Processes or Access to Application.

    • Delete User: Ensure that the task effect is Revoke Processes or Access to Application.

    • ATTRIBUTE_NAME Updated: For each attribute defined in the process form, corresponding update tasks have to be created. These tasks are triggered on updates to the process form, for example, Account Name Update, Account ID Updated, and so on.

13. If there is a child table, then define tasks for each trigger type, such as create, update, and delete.

Test the connected application instance by provisioning it to a few users in the test environment. You must define a new application instance with the modified resource object and IT resource to provision the application instance to users.

1.3.6 Testing the Connected Application Instance

Test the connected application instance after converting it from a disconnected application instance.

After converting the disconnected application instance to a connected application instance, test the connected application instance in the following way:

1. Export the modified resource from the test environment.
2. Import the modified resource to the production environment.