Considering Various Active Directory and Oracle Identity Manager Integration Options

There are a number of different ways of integrating different versions of Microsoft’s Active Directory (including ADFS & FIM) with different versions of Oracle’s Identity Management suite. Unfortunately for the implementer there is very little published architecture best practice covering identity migration / integration. This is surprising because of both vendors’ large market share and the annual number of organisations’ switching products or adding new features using the other vendors software. As an example the following migration / integration options are available when moving from AD to Oracle.

  • You can choose to keep the existing AD as a master identity repository and use Oracle Identity Manager connector between the two products.
    • The connector supports Active Directory and Active Directory Lightweight Directory Services (AD LDS), formerly known as Microsoft Active Directory Application Mode (ADAM) as either a managed target resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager
    • Depending on this approach you may wish to synchronise user’s password from Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) then you must install Microsoft Active Directory Password Synchronization connector

Continue reading “Considering Various Active Directory and Oracle Identity Manager Integration Options”

Salesforce Identity Connect to Other Directory Services

Identity Connect is a charged extension to Salesforce Identity that enables an organisation to use their existing directory services.  It specifically allows integration to Active Directory and enables the upload of user data from Active Directory to one or more Salesforce organisations, and automatically to synchronise this data when user entries are added, changed, or removed. In addition, Identity Connect enables single sign-on (SSO) to Salesforce, using the Security Assertion Markup Language (SAML)


Identity Connect is built on top of ForgeRock Bridge Service Provider Edition which is deployed as an on-premise identity service with a browser-based admin UI and acts as an identity bridge between Salesforce and the Enterprise’s active directory.   The ForgeRock Bridge Service Provider Edition does not only support Active Directory Synchronisation but can provide Identity Synchronisation to other Directory Services and provide “Real-time, automated user account synchronisation between enterprise and cloud services”.

The majority of Active Directory usage is for internal enterprise staff and as such partners may be managed in other directory services.  Therefore it is not unreasonable to ask when Salesforce will extend Identity Connect to support other directory services.