Managing Provisioning Bridges
The provisioning bridge provides a link between your on-premises apps and IAM. Through synchronization, account data that's created and updated directly on the apps is pulled into an identity domain and stored for the corresponding identity domain users and groups. As a result, any changes to these records are transferred into an identity domain. So, if a user is deleted in one of your apps, then this change is propagated into the identity domain. Because of this, the state of each record is synchronized between your apps and the identity domain.
Suppose you're using an on-premises app such Oracle Internet Directory as an authoritative source for your company's users and groups. This app lies within your company's firewall. For a provisioning bridge to communicate with on-premises apps such as Oracle Internet Directory, it must use Identity Connector Framework (ICF) connectors to access the associated apps. As a result, the provisioning bridge can poll the on-premises apps for changes to users and groups in the apps, and synchronize these changes with the identity domain. You can configure a provisioning bridge so that IAM can synchronize users and groups from one or multiple apps.
The following image shows directory synchronization:
Both the provisioning bridges and your on-premises apps are in your Microsoft Windows or generic environment. A generic environment consists of any machine that has Java 8 installed on it and supports Bash shell.
Each provisioning bridge uses a client network to access the on-premises apps with which you want to synchronize identity domain users and groups. Because IAM is in a different environment, a bridge is needed to span the networks.
The following image shows provisioning bridge security:P
- Be a member of the Administrators group
- Be granted the Identity Domain Administrator role or the Security Administrator role
- Be a member of a group granted
manage
domains
To understand more about policies and roles, see The Administrators Group, Policy, and Administrator Roles, Understanding Administrator Roles, and IAM Policies Overview.
Statuses
-
Started: The provisioning bridge started successfully.
-
Stopped: The provisioning bridge stopped unexpectedly or the identity domain administrator or security administrator stopped it. See Stop a Provisioning Bridge.
-
Active: The provisioning bridge is installed, started, and activated. It's available to poll the apps to which the provisioning bridge is assigned for changes to users and groups in the apps, and synchronize these changes with the identity domain. See Activate Provisioning Bridges.
-
Inactive: The provisioning bridge is installed and configured, but it's deactivated. It's not available to retrieve users and groups from the apps to which the provisioning bridge is assigned. For performance reasons, this is done. See Deactivate Provisioning Bridges.
- Creating a Provisioning Bridge
- Starting a Provisioning Bridge on a Generic Machine
- Starting a Provisioning Bridge on a Windows Machine
- Stopping a Provisioning Bridge
- Activating Provisioning Bridges
- Deactivating Provisioning Bridges
- Viewing Details about a Provisioning Bridge
- Modifying a Provisioning Bridge
- Assigning a Provisioning Bridge to Apps
- Changing the Provisioning Bridge Assigned to Apps
- Managing Log Files for a Provisioning Bridge