High level flow of how user data flows from trusted into OIM/OIG when the trusted application is onboarded into OIM through new AoB/Application Onboarding approach feature.
In this article, you will learn the sequence of events, data flows, and custom code/out-of-the-box components executed during user reconciliation in chronological order. Understanding this sequence will help you gain valuable insights into OIG 12c and troubleshoot any issues that may arise.
By seeing the complete process from end to end, you will understand how user data moves from a trusted source into OIG, what validation and transformation logic is applied, and how event handlers are triggered throughout the reconciliation. This holistic view will enable you to resolve errors more quickly and ensure accurate, consistent user data in your system.
What is AoB/Application Onboarding approach?
This is new approach which has been introduced in OIM 12c version where installation of connector in OIM is enabled through a new tile named as “Application” in Managed page of OIM. This new feature contains lots of features such as high-level application details, application connection details, application attributes, reconciliation & provisioning configurations, transformation and validation groovy scripts, etc. Through this new approach, the connector installation and maintaining it has become robust and scalable as compared to the older approach of “Manage Connector” in OIM system administration console.
Pre-Requisites
The version of OIM should be 12c PS3/12c PS4.
High Level Flow of User Trusted Reconciliation Data
- When we are onboarding any application OIM as “Authoritative” through new AoB approach, the, application onboarding framework has new components/features in it. The new feature of Validation and Transformation groovy scripts is in Applications à Inside Authoritative Application Configured à Settings à Reconciliation Tab à Validation & Transformation. Refer the below screenshot.
- Application onboarding in 12c version have does provided a scalable approach of writing any connector/application specific validation and transformation scripts in groovy. Previously, in 11g versions, we use to do it writing a Java code and then, uploading that code through a jar in OIM and mapping the field against which we have to run the transformation/validation in lookup. This is something which has been replaced through above mentioned groovy scripts.
- The high-level flow is as follows.
a) The code/logic written in connector specific Validation groovy script gets executed.
b) Then, logic written in connector specific Transformation groovy script gets executed.
c) Then, executions of the event handlers will be resumed with validation action handler.
d) Post validation action handler, pre-process action handlers will be executed followed by post-process action handlers.
4. This flow will help the IAM enthusiast to troubleshoot any issues or logs in OIG 12c while looking into user trusted reconciliation issues in OIM.
Conclusion
Oracle Identity Governance 12c has introduced an improved Application Onboarding feature that provides a robust and scalable way to install and manage connectors.
The sequential flow of groovy scripts and event handlers during user reconciliation helps experts troubleshoot issues, understand the data flow, and resolve any errors. By comprehending this sequence of events, IAM professionals can gain valuable insights into OIG 12c.
Author: Rohit Wekhande, IDMWORKS, Sr AIM Consultant