How to configure Disconnected Resource in OIM PS3

Disconnected Resource

Disconnected resources are targets for which there is no connector. Therefore, the provisioning fulfillment for disconnected resources is not automated, but manual.

In earlier releases of Oracle Identity Manager, disconnected provisioning is not supported as a first class use case, it is supported by using manual tasks in the provisioning process. This approach has a number of limitations, which are taken care in Disconnected Resources model.

 In Oracle Identity Manager 11g Release 2 (11.1.2.3.0), disconnected resources are an enhanced configuration for manual provisioning that leverage SOA integration to provide higher flexibility and configurability of the manual provisioning workflow

Creating a Disconnected Application Instance

Log in to Oracle Identity System Administration

Create and activate a sandbox

1.  Click on Sandbox and click on the Create link
2.  Provide the details of Sandbox Name and Sandbox Description
3.  By Default the activate Sandbox is checked
4.  Save and Close

In the left pane, under Configuration, click Application Instances. The Application Instances page is displayed

When Click on Application Instance, it would display the below screen

From the Actions menu, select Create. Alternatively, click Create on the toolbar. The Create Application Instance page is displayed.

Enter the Name, Display Name, Description and check the Disconnected checkbox

Click Save, and then click OK on the information dialog box. The application instance is created, and the details of the application instance is displayed.

The UI form for the disconnected resource is automatically created and set, click Apply.

Publish the sandbox.

In addition to the application instance, in the back end, the following provisioning artifacts are automatically created

Resource Object Of Type Disconnected

IT Resource Type with following parameters

1. Configuration Lookup
2. Connector Server Name
3. Identity Gateway Name         

IT resource of type definition
Parent process form with the following fields:

• Account ID
• Password
• Account login
• IT resource

Process definition with workflows for the following operations:

• Provision Account
• Enable Account
• Disable Account
• Revoke Account
• Modify Account Attributes

Adapters

• Manual Provisioning
• Manual Entitlement Provisioning

From the System Administration UI, search for schedule job called "Catalog Synchronization Job" and execute it

The Application Instance available to request from catalog in the Identity Console

To cross check and request for self or other then click on Request Access
Make sure SOA Server is running and request the application instance

---Nagaraju Gorrepati

How to create Oracle Identity Manager 11gR2 PS2 Disconnected Resource and provision user

In this post we will learn about how to create OIM Disconnected Resource and test provisioning user to disconnected resource up on user request

Steps:

- Login to http://pokuri.demo.com:14000/sysadmin/ console with XELSYSADM account

- Click on Sandboxes

- Click on Create Sandbox

- Name Sandbox and click on "Save and Close"

- Click on "OK"

-- Check Sandbox status as "Active"

- Double Click on "Application Instances" in the left panel

- Click on "Create"

- Enter Disconnected Resource Name and select Disconnected Check Box and click on "Save"

- Click "OK" 

- Notice message "Application Instance AdminApp created successfully" on top.

- Search if the Application instance created or not.

- As we are dealing with "Disconnected Resource" below change in "Process Definition" needed.

- Login to OIM Design Console with "XELSYSADM" account and double click on "Process Definition" 

- Click on "Search" icon as shown in the below screen shot. 

- Click on "Process Definition Table" tab at the bottom.

- Select the Disconnected application entry and double click on sequence number associated to it.

- Double click on "ManualProvisioningStart" Task.

- Click on "Yes"

- Click on "Task to Object Status Mapping" tab as shown in the below screen shot.

- Select status "C" row and double click in "Object Status" column which opens another pop up window.

- Select "Provisioned" and click on "OK"

- Click on "Save" button as shown in the below screen shot.

- Click on "Close" symbol as shown in the below screen shot.

- Click "Save" button again at the "Process Definition"

- Click "Publish Sandbox" to activate the changes.

- Click "Yes" to complete publishing sandbox.

- Disconnected resource configuration is completed.

Now, Lets test it by provisioning user to that disconnected resource.

- Login as an end user in to http://<<hostname>>:14000/identity

- Double Click on "Catalog"

- Click on the Search button as shown in the below screen shot.

- Make sure new disconnected resource just created appears here then click on "Add to Cart" button next to it

- Resource is added to cart

- Click on "Checkout"

 - Add the details as needed and click on "Ready to submit"

- Click on "Submit"

- Check the request id and the request sent to administrator for approval

- Login as "xelsysadm" into identity console

 - Double Click on "Home"

- In the dashboard, check "Pending Approvals" section and notice that there is a request for approval. Click on that request

- Click on "Approve" (if appropriate access)

- As it is disconnected resource, request will be sent to the concerned resource Inbox for fulfillment. In this case i just have "XELSYSADM" and so request comes to "XELSSYADM" Inbox. Click on "Inbox" 

- Click on the "My Tasks" and see new task is waiting for "Complete" status. Once the Manual work is completed click on "Complete" button.

Now, Lets go and check the User Accounts and it's status

-- As shown in the below screen shot "AdminApp" is "Provisioned" successfully.

Hope this helps some one out there.

-- Siva Pokuri.