Oracle Identity Cloud Service Integration with Oracle Identity Manager
An Oracle Identity Manager (OIM) connector is used to synchronize the users and groups from on-premise OIM to Oracle Identity Cloud Service in a hybrid cloud solution. This integration allows to manage Oracle Identity Cloud Service users directly from OIM and to leverage OIM enterprise governance features, such as Certification and Segregation of Duties with closed loop remediation for a complete identity governance.This post explains steps for Oracle Identity Cloud Service Integration with Oracle Identity Manager using connector.
1. Register the OIM Application in Oracle Identity Cloud Service
- Login to Identity Domain as Administrator and click on Applications
- Click on Add to new Application
- Select Trusted Application in the next screen
- In the next page, Enter the Application Name and description and Click Next
- Select Configure this Application as a Client Now and Select Client Credentials as Grant Types. Also select Grant the client access to Identity Cloud Service Admin APIs and Add User Administrator Group .
- In the Resouces page, click Next
- In the Authorization page, click Finish.
- Application Added message will be displayed. Note down the Client ID and Secret ID and Close
The Client ID and Client Secret is required to Configure the OIM IT Resource and OIM connector use this to connect to Oracle Identity Cloud Service.
2. Install IDCS Connector in OIM
The steps to install IDCS connector in OIM is explained here.
3. Configure IDCS IT Resource
The steps configure IDCS IT resource is explained here.
4. Import IDCS SSL certificate to OIM Trust Store
1.Export the IDCS https certificate and Copy it to OIM server
2.Import the certificate into the OIM JDK trust store
eg: keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file /app/MiddleWare/idcs.cer -storepass changeit -alias idcs
3.Enter “Yes” when prompted. Certificate was added to keystore message will be displayed.
4.Import the IDCS certificate to OIM Server trust store .
eg: keytool -import -keystore $WL_HOME/server/lib/DemoTrust.jks -file /app/MiddleWare/idcs.cer -storepass DemoTrustKeyStorePassPhrase -alias idcs
5.Enter “Yes” when prompted. Certificate was added to keystore message will be displayed.
5. Create Form for IDCS Resource Object
- Click on Create a SandBox and activate the SandBox.
- Click on Form Designer and create a form with below details.
Form Tye: Parent Form + Child Tables (Master/Detail)
Resource Type : IDCS User
6. Attach the IDCS Form to Identity Cloud Service Application Instance
- Click on Application Instances and and search for “Identity Cloud Service Application Instance”
- Attach the IDCSForm created earlier to this application instance.
- Save the changes and Publish the sand box.
7. Running the IDCS schedulers
- Run the IDCS Group Lookup Reconciliation
- IDCS Groups will be added to the Lookup.IDCS.Groups lookup.
- Run the Catalog Synchronization Job to expose the Identity Cloud Application Instance to users.
8.Testing the Integration
- Login to Self Service Console as system Administrator and Click on Request .
- Select Request for Others
- In the next page, Search for the user and add the user to selected list.
- Select SelfRegisteredUsers and Identity Cloud Service Application Instance to the cart
- In the checkout page, enter the details and Submit the request.
- Login to IDCS as Administrator.
- Click on User and Search for the user
- Click on the user to view details.
- Click on the groups tab to see the assigned group for the user.