AOB and CI based connectors

Difference between AOB and CI-based connector

If you are using Oracle Identity Governance (OIG) 12c (or earlier name Oracle Identity Manager OIM) then you may use the new AOB based connectors to integrate your applications with Oracle Identity Governance OIG or OIM. There are over 20 such connectors available ranging from Oracle E-Business Suite, to Microsoft Active Directory and O365, to SAP, GoToMeeting and Webex. Here is the download page.

In OIG 12c release, the AOB connector have been introduced. The earlier ICF connectors (for 11g and previous versions) continue to be available and supported, and are now referred to as CI-based connectors.

So given the option of these two types of connectors with OIG which one should one choose. Well, if you are already in 12c version then use the AOB based connector. You can refer to the Table below, which provides snapshot comparison of the requirements for the two types of connectors

Following are the available OIG 12c Connectors implemented through AOB:
Box, Concur, Database User Management, Dropbox, Eloqua, Flat File, GoToMeeting, Google Apps, Microsoft Active Directory User Management, Microsoft Exchange, Office 365 (O365), Oracle E-Business HRMS, Oracle E-Business Suite User Management, Oracle Identity Cloud Services, Oracle Internet Directory, SAP SuccessFactors, SAP User Management, SAP User Management Engine, Salesforce, ServiceNow, WebEx, UNIX

You can start with referring to this Oracle guide for Difference between AOB and CI-based connector
https://docs.oracle.com/en/middleware/idm/identity-governance-connectors/12.2.1.3/index.html  (this page provides the AOB connectors for OIG)

 Oracle Identity Governance 12c connectors support both Application Onboarding (AOB) and Connector Installer (CI) based implementations.

For CI-based connectors, refer to Oracle Identity Manager Connectors, Release 11.1.1. Oracle Identity Governance 12c PS3 supports most of the Oracle Identity Manager 11g connectors through CI-based implementation. However, if you are in 12c version then go for AOB connectors. 
Here is directly from Oracle "Although Oracle Identity Governance 12c connectors support both Application Onboarding (AOB) and Connector Installer (CI) based implementations, it is recommended to use the application onboarding capability to install the 12c connector."

 From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the Application onboarding capability of Oracle Identity Self Service. This capability lets business users to onboard applications with minimum details and effort.
What is Application onboarding: Application onboarding is the process of registering or associating an application with Oracle Identity Governance and making that application available for provisioning and reconciliation of user information.

 The connector that is deployed using the Applications option on the Manage tab of Identity Self Service is referred to as an AOB application. The connector that is deployed using the Manage Connector option in Oracle Identity System Administration is referred to as a CI-based connector (Connector Installer-based connector).

 See below table which provides snapshot comparison of the requirements for the two types of connector.
CI-based connector vs AOB application

If you are using Oracle Identity Manager (OIM) release 11.1.x, then you can install and use the connector only in the CI-based mode. If you want to use the AOB application, then you must upgrade to Oracle Identity Governance release 12.2.1.3.0
Note: AOB connector is only available for 12.2.1.3.0 version

If you are using Oracle Identity Governance 12c (12.2.1.3.0) and want to integrate it with any of the following target systems, then use the latest 12.2.1.x version of this connector and deploy it using the Applications option on the Manage tab of Identity Self Service:
Supported target systems for AOB connector
 OID release 9.x, 10.1.4.x, and 11g release 1 (11.1.1.5.0, 11.1.1.6.0, 11.1.1.7.0 and 11.1.1.9.0)
 OUD 11g release (11.1.1.5.0, 11.1.2.0.0, 11.1.2.2.0, and 11.1.2.3.0)
 ODSEE 11g release 1 (11.1.1.5.0 and 11.1.1.7.2)
 An LDAPv3-compliant directory server

Refer the Usage Considerations for OID connector versions that you can deploy and use depending on the Oracle Identity Governance (OIG) or Oracle Identity Manager (OIM) version that you are using.
Note:If you are using Oracle Identity Manager release 11.1.x, then you can install and use the connector only in the CI-based mode. If you want to use the AOB application, then you must upgrade to Oracle Identity Governance release 12.2.1.3.0.
If you are using Oracle Identity Governance 12c (12.2.1.3.0) and want to integrate it with any of the following target systems, then use the latest 12.2.1.x version of this connector and deploy it using the Manage Connector option in Oracle Identity System Administration. Refer discussion on Oracle Identity Management Forum.

Both connectors support all the features except that Test connection feature is not supported by CI-based Connector.

However, be aware if you are using OUD 12c as a target directory, reconciliation of OUD groups to roles in OIG is not supported. The reason is that OUD connector does not support the Trusted mode of roles/groups reconciliation as in reconciling OUD groups and memberships as roles to OIM. Read this discussion for reference.

The good news is that Oracle Identity Governance (OIG) 12c PS3 supports most of the Oracle Identity Manager (OIM) 11g connectors through CI-based implementation.

Comments

Post a Comment

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Image
Recently we got a OVA file for a virtual machine. The vendor instructions were to import the ova file in vmware Workstation, Player for Windows/Linux, Fusion for Mac, and VirtualBox as well.  The instructions were to take the available package and launch the VM with VMware workstation. The package contained  Module.mf, Module.ovf and Module-disk.vmdk and a Module.ova file. The .mf and .ovf file were 2 KB each whereas the vmdk was several gigs. The package also contained a Module.ova file which was several gigs as well. OVF           Open Virtualization Format MF             Manifest file VMDK       Virtual Machine Disk OVA           Open Virtualization Appliance The ovf file is a xml file that contains metadata for the ovf package The mf file contains the SHA1 hash codes of all files in the package The vmdk file is the disk image of the virtual machine,  VMware Workstation or VirtualBox. (vmdk format was originally developed by VMware and is an open format now). All of
Read more

SOAPUI - import certificate

Image
Note: SoapUI has two versions, one is open source and second Professional version. The open source can be download here . (confirmed link 12/19/2018). SSL Handshake issue:   There is an Issue in SoapUI version 5.3.0 (and 5.2.0 version) with SSL handshake error. It was resolved by updating below in vmoptions file ( refer here ). However, the error that shows up while trying to load wsdl is "Error loading WSDL" as below The fix is to Enable TLS 1.2 protocol for SOAP/REST calls in SoapUI, by ammending the vmoptions file to add the directive for TLS as (-Dsoapui.https.protocols=TLSv1.2). Refer here . Update: Version 5.5.0 does not have this issue. If you are on 5.3.0 better upgrade to 5.5.0 which is available now (Feb 2019). I had above issue as well as another issue reaching to https endpoint. Upgrade to 5.5.0 resolved issue. Select "Check for updates" under the Help menu and you will get option for upgrade. Select upgrade current version and accept all defaul
Read more

Centrally Managed Users (CMU) - New Feature in Oracle Database 18c

Image
Centrally Managed Users (CMU) Centrally Managed Users or CMU is a new feature introduced since Oracle DB 18c which allows simplified database user management through integration with Microsoft Active Directory (AD). Beginning with Oracle Database release 18c, version 18.1 and later supports direct integration with Microsoft Active Directory (AD) using the new centrally managed users capability. CMU allows the Oracle database to perform user authentication and authorization directly against AD. Benefits of CMU With centrally managed users, users accessing the database can be centrally managed to improve an organization's security posture. An enterprise user (a user in Microsoft Active Directory) can be exclusively mapped to a database account, or many enterprise users (in an Microsoft Active Directory group) can be mapped to a shared account in the database. Microsoft Active Directory groups can also be mapped to a database global role, which provides users with additional privilege
Read more