Connectors
Who is this guide for?
- Administrators and integrators who want to configure and deploy available connectors
- Developers who want to develop new connectors or extend existing connectors
What is a connector?
A connector is a software component that allows RAC/M Identity to communicate with external systems such as LDAP directories, databases, and cloud services. It acts as a bridge between RAC/M Identity and the external system, facilitating data exchange and performing operations.
Connectors are essential for integrating and synchronizing data in RAC/M Identity. They enable retrieval of data from external applications and make it available in the solution without the need to export it beforehand as a data file such as CSV. Connectors can also be used to perform operations on external systems, such as creating, modifying, or deleting objects.
Connectors are particularly used by synchronization and provisioning tasks in RAC/M Identity. Synchronization tasks maintain data consistency between RAC/M Identity and external systems by retrieving data modifications from external systems and applying them in RAC/M Identity. Provisioning tasks create, modify, or delete objects in external systems based on actions performed in RAC/M Identity.
Please refer to the Collector for an ICF Connector section for more information on importing data from an ICF connector and the About Provisioning section to learn more about provisioning in RAC/M Identity.
Configuration
Adding the connector files to the solution
The solution does not currently allow installing the connector files right from the interface. The files must be added to the [Install directory]/server/ICF/server/connectors. SaaS instances already have a large number of connectors, but if you need other connectors, contact OKIOK support, they will install it in the right location.
A connector is usually delivered as a single JAR file and has a name in this format app-name-1.2.3.4.jar where 1.2.3.4 is the version of the connector.
Note
The solution supports having multiple versions of the same connector.
However, in some rare cases, this caused intermittent issues that were hard to diagnose. To avoid this issue, OKIOK recommends that when a connector is upgraded, all existing configurations using the old version of the connector be upgraded to the new version and the old version be removed from the filesystem.
Configuring the connector in the solution
- In the menu bar, click on CONFIGURATION > ICF Connectors.
- In the top right corner of the page, click on the button
. - Under Details, in the Name text box, enter the desired name for the connector.
- In the Description text box, enter the purpose of the connector.
- Under Connector, follow these steps:
| Field | Description |
|---|---|
| Type | Select the type of connector you want to configure. |
| ICF Server | From the list, you can select a pre-configured ICF server instance. If you need a new server, click on New ICF Server. You will need its host, port, and key information. If you want to modify an existing server, click on Edit ICF Server. |
- Under Server, the host, port, and key will be displayed.
- Under Settings, enter the connector's configuration information. These settings vary depending on the connector. Please refer to the connector's documentation for more details.
- Click on Save to save the connector.
Important
Once you have saved the connector, you won't be able to modify its name and type.
- You can now test the connection by clicking on Test. If there is an error, make sure the configuration is valid. You can also check the logs for more details (see Viewing Logs). If you need assistance, please contact RAC/M Identity technical support.
- If the connection is successful, you can now use the connector to create sequences. For example, you can create a sequence to import users (see Importing People and Identities).
Available Connectors
The following connectors are available in RAC/M Identity. Some have dedicated documentation pages, click on the connector name to access them.
| Connector | Notes |
|---|---|
| Active Directory LDAP | |
| AS400 | |
| AWS IAM Identity | |
| Cisco ISE | |
| Confluence | |
| CSV | |
| Dynamics 365 | |
| eDirectory | |
| Employee Central | |
| GLPI | |
| GuideWire | Uses Scripted API |
| HubSpot | Uses Scripted API |
| Input-Kit | Uses Scripted API |
| JDBC | Named "Database Table Connector" |
| LDAP | |
| MS Graph | |
| Nethris | |
| Office 365 | |
| PeopleSoft | |
| Proxy Connector | |
| RSA Authentication Manager | |
| SAP Success Factors | Uses Scripted API |
| SCIM | |
| Scripted API | Base connector for certain connectors |
| Scripted AS400 | |
| Scripted SQL | |
| Unix | |
| Workday | Uses Scripted API |
| XML |
Concept
In an ICF connector, there are three key concepts for data movement:
- Data Import from the source system.
- Data Materialization for provisioning.
- Data Provisioning to the target system.
The SYNC_STATUS column identifies the cycle of the account or profile in the import table.
Import
Import is used to copy information from the source application to the RACM import tables.
- Module used:
ModuleICFImportData - Imported cycle:
SYNC_STATUS = NULL
Materialization
Materialization is used to create the information specific to each type of provisioning: Modify, Activate, Terminate, Deactivate. It uses the RACM repository with access requests to materialize the data into the RACM import tables.
Some data may need to come from the identity to complete the materialization. Although this is not yet supported, it is possible to use an SQL query or to preemptively copy the identity information onto the account to then create or update the materialization.
- Module used:
ModuleModifyAccountFromAccountMng - To be provisioned cycle:
SYNC_STATUS = 0
Provisioning
Each ICF connector must have its own provisioning module configured for accounts and groups. It will use the materialization to provision the data to the target.
Note
If the connectors are generic and can be used with multiple types of applications, Groovy scripts will be necessary to perform the provisioning. On the other hand, connectors specific to an application are generally coded directly into the connector. We will review each connector configuration to determine whether the use of Groovy scripts is necessary or not.
- Modules used:
ModuleModifyAccountFromAccountMng,ModuleICFProfileProvisionning - Provisioned cycle:
SYNC_STATUS = 1