Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
Previous |
Next |
Provisioning refers to the process of providing users, groups, and other objects with access to applications and other resources that may be available in an enterprise environment. A provisioning-integrated application refers to an application that has registered for provisioning events and registered a provisioning-integration profile in Oracle Internet Directory. At times, you may want to synchronize all user entries in an application-specific directory with those in Oracle Internet Directory, but provision a particular application to receive notification about only some of them. For example, the directory for Oracle Human Resources typically contains data for all employees in an enterprise, and you would probably want to synchronize all of that data with Oracle Internet Directory. However, you might want to provision another application, such as Oracle Email, to be notified only when members join or leave a particular group.
Before a user account can be provisioned for applications in an Oracle Identity Management deployment, it must first be created in Oracle Internet Directory. User accounts can be created in Oracle Internet Directory with any of the following tools or methods:
Oracle Internet Directory Provisioning Console
The Directory Integration and Provisioning Assistant's bulkprov
operation
Synchronization with third-party directories
Command-line LDAP tools
The Oracle Provisioning Service can be invoked for any user entries, regardless of how they were created in Oracle Internet Directory. However, simply creating a user entry in Oracle Internet Directory does not necessarily mean that the user entry will have access to all applications in the Oracle Identity Management environment. The user account must be manually provisioned by an administrator or automatically provisioned according to an application's provisioning policies. An application's default provisioning policy can be one of the following:
Provision all users
Do not provision users
Provision users after evaluating a provisioning policy
Provisioning policies are entirely dependent on the needs and requirements within each enterprise environment. For example, an organization may choose to provision all users with access to an e-mail application, but may restrict the users that are provisioned to access a human resources application.