Loading Identity Data Into Oracle Identity Cloud Services: A Broad High-level Survey

Introduction

Oracle Identity Cloud Services (IDCS) – Oracle’s comprehensive Identity and Access Management platform for the cloud – was released recently. Populating identity data – such as user identities, groups and group memberships – is one of most important tasks that is typically needed initially and on an on-going basis in any identity management system.

IDCS provides multiple ways for uploading identity data. The purpose of this post is to provide a high-level survey of these options. Customers who are starting to use IDCS can use this information to select the mechanism(s) that is (are) best suited for their specific requirements and use-cases.

Please note that any particular method isn’t described in great detail in this article. The goal is to present all the available methods at once and in front of the readers for quick and handy reference. However, links (documentation, tutorials etc) where more information can be found are provided. Also, this post doesn’t describe the authentication and authorization needed for delegated administrators to be able to perform these operations against the IDCS platform. It is assumed that administrators performing these operations have taken necessary steps to gain appropriate privileges.

IDCS supports the following methods for loading identity data:

Bulk Identity Data Upload Using CSV Files

Delegated administrators can perform bulk import of identity data in the CSV format from IDCS Administration Console. CSV for importing user profiles should contain users’ attributes. Groups and user-group memberships can be imported by using a CSV file that contains groups’ attributes and a list of their members. Please refer to the following documentation links for more detailed information:

Bulk Identity Data Upload Using REST APIs

Bulk REST end points can also be used to manage IDCS resources. Bulk end points can be used to mix different kinds of requests together. Please refer to REST API documentation for more information.

AD ID Bridge

Microsoft Active Directory (AD) is a popular identity data store used by enterprises. Customers interested in synchronizing their on-premise AD with IDCS can use IDCS Identity (ID) Bridge to perform initial and on-going (schedule based) automatic identity data synchronization. Please note that as of this writing this is a one-way synchronization – from AD to IDCS and it doesn’t synchronize user passwords. More information about IDCS ID Bridge is available at:

OIM Connector for IDCS

OIM Customers can use the OIM IDCS connector for bi-directional integration with IDCS. Identity information can be reconciled from IDCS into OIM. Identity information can also be managed in IDCS from OIM using OIM’s provisioning capabilities. Other use-cases like hybrid certification and reporting are also possible as a result of integration between OIM and IDCS. More information about IDCS and OIM integration could be found in the following tutorials and videos:

IDCS REST APIs

IDCS exposes all of its identity management capabilities over REST APIs. These APIs are the most generic and flexible way to integrate with IDCS. In fact, all the above IDCS identity management mechanisms use the REST APIs to provide their functionality. IDCS REST APIs can be used to implement custom solutions (for example – custom UIs based on various JavaScript frameworks) that integrate with or make use of IDCS functionality. IDCS REST API documentation is available at:

More IDCS documentation links:

IDCS Getting Started – http://docs.oracle.com/cloud/latest/identity-cloud/index.html

IDCS Tutorials – http://docs.oracle.com/en/cloud/paas/identity-cloud/tutorials.html

IDCS Video Tutorials – http://docs.oracle.com/en/cloud/paas/identity-cloud/videos.html

IDCS Manuals – http://docs.oracle.com/en/cloud/paas/identity-cloud/books.html

IDCS REST APIs – http://docs.oracle.com/cloud/latest/identity-cloud/IDCSA/index.html

Add Your Comment