AOB and CI based connectors

Difference between AOB and CI-based connector

If you are using Oracle Identity Governance (OIG) 12c (or earlier name Oracle Identity Manager OIM) then you may use the new AOB based connectors to integrate your applications with Oracle Identity Governance OIG or OIM. There are over 20 such connectors available ranging from Oracle E-Business Suite, to Microsoft Active Directory and O365, to SAP, GoToMeeting and Webex. Here is the download page.

In OIG 12c release, the AOB connector have been introduced. The earlier ICF connectors (for 11g and previous versions) continue to be available and supported, and are now referred to as CI-based connectors.

So given the option of these two types of connectors with OIG which one should one choose. Well, if you are already in 12c version then use the AOB based connector. You can refer to the Table below, which provides snapshot comparison of the requirements for the two types of connectors

Following are the available OIG 12c Connectors implemented through AOB:
Box, Concur, Database User Management, Dropbox, Eloqua, Flat File, GoToMeeting, Google Apps, Microsoft Active Directory User Management, Microsoft Exchange, Office 365 (O365), Oracle E-Business HRMS, Oracle E-Business Suite User Management, Oracle Identity Cloud Services, Oracle Internet Directory, SAP SuccessFactors, SAP User Management, SAP User Management Engine, Salesforce, ServiceNow, WebEx, UNIX

You can start with referring to this Oracle guide for Difference between AOB and CI-based connector
https://docs.oracle.com/en/middleware/idm/identity-governance-connectors/12.2.1.3/index.html  (this page provides the AOB connectors for OIG)

Oracle Identity Governance 12c connectors support both Application Onboarding (AOB) and Connector Installer (CI) based implementations.

For CI-based connectors, refer to Oracle Identity Manager Connectors, Release 11.1.1. Oracle Identity Governance 12c PS3 supports most of the Oracle Identity Manager 11g connectors through CI-based implementation. However, if you are in 12c version then go for AOB connectors. 
Here is directly from Oracle "Although Oracle Identity Governance 12c connectors support both Application Onboarding (AOB) and Connector Installer (CI) based implementations, it is recommended to use the application onboarding capability to install the 12c connector."

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the Application onboarding capability of Oracle Identity Self Service. This capability lets business users to onboard applications with minimum details and effort.
What is Application onboarding: Application onboarding is the process of registering or associating an application with Oracle Identity Governance and making that application available for provisioning and reconciliation of user information.

The connector that is deployed using the Applications option on the Manage tab of Identity Self Service is referred to as an AOB application. The connector that is deployed using the Manage Connector option in Oracle Identity System Administration is referred to as a CI-based connector (Connector Installer-based connector).

See below table which provides snapshot comparison of the requirements for the two types of connector.
CI-based connector vs AOB application

If you are using Oracle Identity Manager (OIM) release 11.1.x, then you can install and use the connector only in the CI-based mode. If you want to use the AOB application, then you must upgrade to Oracle Identity Governance release 12.2.1.3.0
Note: AOB connector is only available for 12.2.1.3.0 version

If you are using Oracle Identity Governance 12c (12.2.1.3.0) and want to integrate it with any of the following target systems, then use the latest 12.2.1.x version of this connector and deploy it using the Applications option on the Manage tab of Identity Self Service:
Supported target systems for AOB connector
 OID release 9.x, 10.1.4.x, and 11g release 1 (11.1.1.5.0, 11.1.1.6.0, 11.1.1.7.0 and 11.1.1.9.0)
 OUD 11g release (11.1.1.5.0, 11.1.2.0.0, 11.1.2.2.0, and 11.1.2.3.0)
 ODSEE 11g release 1 (11.1.1.5.0 and 11.1.1.7.2)
 An LDAPv3-compliant directory server

Refer the Usage Considerations for OID connector versions that you can deploy and use depending on the Oracle Identity Governance (OIG) or Oracle Identity Manager (OIM) version that you are using.
Note:If you are using Oracle Identity Manager release 11.1.x, then you can install and use the connector only in the CI-based mode. If you want to use the AOB application, then you must upgrade to Oracle Identity Governance release 12.2.1.3.0.
If you are using Oracle Identity Governance 12c (12.2.1.3.0) and want to integrate it with any of the following target systems, then use the latest 12.2.1.x version of this connector and deploy it using the Manage Connector option in Oracle Identity System Administration. Refer discussion on Oracle Identity Management Forum.

Both connectors support all the features except that Test connection feature is not supported by CI-based Connector.

However, be aware if you are using OUD 12c as a target directory, reconciliation of OUD groups to roles in OIG is not supported. The reason is that OUD connector does not support the Trusted mode of roles/groups reconciliation as in reconciling OUD groups and memberships as roles to OIM. Read this discussion for reference.

The good news is that Oracle Identity Governance (OIG) 12c PS3 supports most of the Oracle Identity Manager (OIM) 11g connectors through CI-based implementation.


Comments

Post a Comment

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

SOAPUI - import certificate

Session Timeout in Oracle Access Manager