Example: A Deployment of the Oracle Directory Integration and Provisioning Platform
This section describes a deployment in which the Oracle Directory Integration and Provisioning platform integrates various applications in the MyCompany enterprise.
This section contains these topics:
Components in the MyCompany Enterprise
This hypothetical enterprise has the following components:
- Oracle Human Resources, in which all employees and contractors are managed
- An SunONE Directory Server, which is being used by certain applications
- An installation of OracleAS Portal, which is used as the intranet portal for all employees
- An installation of Oracle Content Management Software Development Kit, which is used as a document repository for all corporate documents
Requirements of the MyCompany Enterprise
The MyCompany enterprise requires that:
- All employees and contractors are created in Oracle Human Resources. Once created, all applications in the enterprise must share this information through Oracle Internet Directory.
- All applications in the enterprise, including single sign-on services, can honor any employee created in Oracle Human Resources
- All applications interested in changes to user properties are notified when such changes occur
- A user's access rights are revoked when the user is terminated in Oracle Human Resources
Overall Deployment in the MyCompany Enterprise
Figure 32-4 illustrates the various components and their relationships to each other.
Figure 32-4 Example of Oracle Directory Integration and Provisioning Platform in the MyCompany Deployment
Text description of the illustration oidag075.gif
In the example in Figure 32-4:
- Oracle Internet Directory is the central user repository for all enterprise applications.
- Oracle Human Resources is the source of truth for all user-related information. It is synchronized with Oracle Internet Directory by using the Oracle Directory Synchronization Service.
- SunONE Directory Server, which is already deployed in the enterprise, is synchronized with Oracle Internet Directory by using the Oracle Directory Synchronization Service
- OracleAS Portal is notified of changes in Oracle Internet Directory by using the Oracle Directory Provisioning Integration Service
- Oracle Content Management Software Development Kit is notified of changes in Oracle Internet Directory by using the Oracle Directory Provisioning Integration Service.
User Creation and Provisioning in the MyCompany Enterprise
In this example, the MyCompany enterprise requires that all users be created in Oracle Human Resources. The Oracle Directory Integration and Provisioning platform must propagate new user records to all other repositories in the enterprise.
Figure 32-5 shows how the Oracle Directory Integration and Provisioning platform performs this task.
Figure 32-5 User Creation and Provisioning
Text description of the illustration oidag076.gif
Figure 32-5 shows the creation of a new user in Oracle Human Resources, which, in turn, causes an entry for that user to be created in Oracle Internet Directory and the SunONE Directory Server. It also shows the process of provisioning the user to access two applications in the enterprise: OracleAS Portal and Oracle Content Management Software Development Kit. User creation and provisioning occur in the following manner:
- The Oracle Human Resources administrator creates the user in the Oracle Human Resources database.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Synchronization Service, detects the new-user creation.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Synchronization Service creates the entry for the user in Oracle Internet Directory.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Synchronization Service, creates an entry in the SunONE Directory Server.
- Because the user entry is available in Oracle Internet Directory, the OracleAS Portal administrator can now provision the user to use the services of OracleAS Portal. During this task, the OracleAS Portal software automatically retrieves the user details from Oracle Internet Directory.
- The Oracle Content Management Software Development Kit administrator also provisions the user to use Oracle Content Management Software Development Kit services by using a similar process.
Note that the Oracle Directory Integration and Provisioning platform does not directly notify OracleAS Portal or Oracle Content Management Software Development Kit about new users. This is because not all users created in Oracle Human Resources need access to all services. In this case, the deployment must explicitly provision the users to use these services, as in steps 5 and 6.
Modification of User Properties in the MyCompany Enterprise
In this example, the MyCompany enterprise requires that any modification to user properties must be communicated to all components interested in such changes. Figure 32-6 illustrates the actions that Oracle Directory Integration and Provisioning platform takes to meet this requirement.
Figure 32-6 Modification of User Properties
Text description of the illustration oidag077.gif
The process is as follows:
- The user is first modified in Oracle Human Resources.
- The Oracle Directory Integration and Provisioning platform retrieves these changes through the Oracle Directory Synchronization Service.
- The Oracle Directory Integration and Provisioning platform makes the corresponding user modification in Oracle Internet Directory.
- The Oracle Directory Synchronization Service modifies the user in the SunONE Directory Server.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Provisioning Integration Service, notifies OracleAS Portal about the change in user properties.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Provisioning Integration Service, notifies Oracle Content Management Software Development Kit about the same change in user properties.
Deletion of Users in the MyCompany Enterprise
In this example, the MyCompany enterprise requires that a user being deleted or terminated in Oracle Human Resources be automatically denied access to all enterprise resources that are based on the directory service.
Figure 32-7 shows the flow of events during the deletion of users:
Figure 32-7 Deletion of Users from the Corporate Human Resources
Text description of the illustration oidag078.gif
Figure 32-7 shows the process by which Oracle Directory Integration and Provisioning platform communicates the deletion of users to all systems in the enterprise. The process is as follows:
- The user is first deleted in the Oracle Human Resources.
- The Oracle Directory Integration and Provisioning platform retrieves these changes through the Oracle Directory Synchronization Service.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Synchronization Service, makes the corresponding user deletion in Oracle Internet Directory.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Synchronization Service, deletes the users in the SunONE Directory Server.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Provisioning Integration Service, notifies OracleAS Portal about the deletion of the user.
- The Oracle Directory Integration and Provisioning platform, through the Oracle Directory Provisioning Integration Service, notifies Oracle Content Management Software Development Kit about the deletion of the user.
Once all of the steps are completed, a deleted user in Oracle Human Resources can no longer access OracleAS Portal or Oracle Content Management Software Development Kit.
