Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)

In this post I am going to cover two modes (Target Resource or Trusted Source) that OIM uses to integrate with applications like LDAP (OID, AD, OVD, iPlanet), HR (EBS, SAP, etc), Unix (Linux, Solaris), etc.

1. Oracle Identity Manager (OIM) can be integrated with Applications (LDAP, AD, OID, HR etc) in one of two modes
a) Target Resource Mode
or
b) Trusted Source Mode

2. You configure application (AD, OID, OVD, HR) etc in Trusted Source Mode if that application is source of truth for user provisioning (All users are created in Application and OIM reconcile data from application).

3. You configure application (AD, OID, OVD, HR) etc in Target Resource Mode if that OIM is source of truth for user provisioning (All users are created in OIM and OIM then provision accounts in Application. Any changes in Application are reconciled back to OIM).

To know more about provisioning and reconciliation click here

4. Target Resource mode is also called as Managed Resource mode or Account Management mode

5. Trusted Source mode is also called as Authoritative Source mode or Identity Reconciliation mode

6. To find out in what mode (Trusted Source or Target Resource) OIM 11gR1 is integrated with application

a) Login to OIM Advanced Console and click on Manage IT Resource under configuration
b) Click on Edit Link against IT Resource (that is integrated with OIM and for which you wish to see configuration)
c) Check value of Configuration Lookup

Note: Navigation is slightly different in OIM 11gR2 

Value Lookup.Configuration.ActiveDirectory mean Active Directory is configured in Managed Resource Mode 
Value Lookup.Configuration.ActiveDirectory.Trusted mean Active Directory is configured in Trusted Source Mode 

 

 

7. In both modes (Trusted Source or Target Resources) you can reconcile data from target system in to OIM. To reconcile data from target systems, you run reconciliation schedules jobs in OIM. To reconcile data in to OIM from target system (configured in trusted source mode) you run different job like [Active Directory] User Trusted Recon scheduled job where as to reconcile data in to OIM from target system (configured in target resource mode) you run different job like [Active Directory] User Target Recon scheduled job .


 

8. In Target Resource mode, if a user record is deleted on the target system and Scheduled Job “[Application] Target Delete Recon” is run  then the corresponding [Application] User resource is revoked from the OIM User.

Note: Target System or Application are system that is integrated with OIM like Active Directory  

9. In Trusted Source mode, if a user record is deleted on the target system and Scheduled Job “[Application] Trusted Delete Recon” is run then the corresponding OIM User is deleted.

Note: Target System or Application are system that is integrated with OIM like Active Directory  

 

 

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

5 comments
vicky says March 10, 2014

Hi Atul,

It is a good post. Can you please elaborate if there are any OOTB connector to reconcile data from OVD into OID?

Reply
    Atul Kumar says March 10, 2014

    @ Vicky,
    There is not connector required between OVD and OID. OVD acts as proxy in front of OID (there is no repository for OVD) so all you need to do is create adapters in OVD to point to users/groups in OID.

    Reply
vicky says March 10, 2014

Hi Atul,
Thanks for the reply.
There was a typo in my earlier post… I actually meant to ask if thete is an OOTB connector for reconciliation of user entries from OVD to OIM (i.e. Oracle Identity Manager). We are using two hybrid data sources to expose the user enyries and the associated DIT on OVD.

Reply
Basha says March 14, 2014

Hi Atul,
We are also having the same kind of requirement as vicky. We have one join adapter in OVD which collects data from two diff adapters.
Now, we have to do trusted reconciliation from this join adapter of OVD to OIM.
Can you let us know which connector and procedure (may be web links) to follow?
thanks in advance..

Reply
rajesh says September 24, 2015

Hi Atul,

As per our requirement, we need to configure both trusted and target recon on AD, can you help how to configure both at a time, as it requires 2 different resource instance. can you please help me on it?

thanks in advance…

Reply
Add Your Reply