Connector reference
Installation and configuration reference for the connectors that are supported with ForgeRock® Identity Cloud software. This reference includes installation and configuration instructions for each connector, and examples that demonstrate how to use the connectors in a deployment.
Connectors let you connect to external resources such as LDAP, Active Directory, flat files, and others. This guide describes all the connectors supported with Identity Cloud, and how to configure them.
Connector Configuration
Learn how to configure connectors, and how to control what the connector synchronizes.
Remote Connector Configuration
Manage connectors on remote systems, with connector servers.
ICF Interfaces
Discover the ICF interfaces implemented by each connector.
Operation Options
Discover the operation options implemented by each connector.
Configurations shown in this guide are simplified to show essential aspects. Not all resources support all Identity Cloud operations; however, the resources shown here support most of the CRUD operations, reconciliation, and liveSync.
Resources are external systems, databases, directory servers, and other sources of identity data, that are managed and audited by Identity Cloud. To connect to resources, Identity Cloud loads the ForgeRock Open Identity Connector Framework (ICF). ICF avoids the need to install agents to access resources, instead using the resources' native protocols. For example, ICF connects to database resources using the database’s Java connection libraries or JDBC driver, to directory servers over LDAP, and to UNIX systems over ssh
.
Identity Cloud built-in connectors
Identity Cloud provides these built-in connectors, for synchronization with the respective data stores.
Adobe Marketing Cloud ConnectorThe Adobe Marketing Cloud connector lets you manage profiles in an Adobe Campaign data store. |
Google Apps ConnectorThe Google Apps connector lets you interact with Google’s web applications. |
Marketo ConnectorThe Marketo connector lets you synchronize between Identity Cloud user identities and a Marketo Lead Database. |
MS Graph API ConnectorThe Microsoft Graph API connector lets you manage users and groups in a Microsoft Azure tenant, and lets you synchronize users and groups between Identity Cloud and Azure. |
Salesforce ConnectorThe Salesforce connector enables provisioning, reconciliation, and synchronization between Salesforce and the Identity Cloud repository. |
ServiceNow ConnectorThe ServiceNow connector lets you manage objects in the ServiceNow platform, integrating with ServiceNow’s REST API. |
SuccessFactors ConnectorThe SAP SuccessFactors connector lets you synchronize user accounts between Identity Cloud and the SAP SuccessFactors HR system. |
Workday ConnectorThe Workday connector lets you synchronize user accounts between Identity Cloud and Workday’s cloud-based HR system. |
Remote Connector Server (RCS) connectors
The remote connectors are used for synchronization with data stores on premises, in a private cloud, or in a public cloud. Remote connectors are available as:
- RCS bundled connectors
-
Remote connectors that are bundled with the ForgeRock remote connector server (RCS).
- Additional connectors
-
Connectors that are available for download from the ForgeRock Download Center.
RCS bundled connectors
ForgeRock provides a number of connectors that are bundled with RCS.
CSV File ConnectorThe CSV file connector is useful when importing users, either for initial provisioning or for ongoing updates. When used continuously in production, a CSV file serves as a change log, often containing only user records that have changed. |
Database Table ConnectorThe Database Table connector enables provisioning to a single table in a JDBC database. |
Groovy ConnectorThe Groovy Connector Toolkit lets you run a Groovy script for any ICF operation, such as search, update, create, and others, on any external resource. |
Kerberos ConnectorThe Kerberos connector is an implementation of the SSH connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you manage Kerberos user principals from Identity Cloud. |
LDAP ConnectorThe LDAP connector is based on JNDI, and can be used to connect to any LDAPv3-compliant directory server, such as ForgeRock Directory Services (DS), Active Directory, SunDS, Oracle Directory Server Enterprise Edition, IBM Security Directory Server, and OpenLDAP. |
SCIM ConnectorThe SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol, and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce. |
Scripted REST ConnectorThe Scripted REST connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any REST API, using Groovy scripts for the ICF operations. |
Scripted SQL ConnectorThe Scripted SQL connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any SQL database, using Groovy scripts for the ICF operations. |
SSH ConnectorThe SSH connector is an implementation of the Scripted Groovy Connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you interact with any SSH server, using Groovy scripts for the ICF operations. |
Additional connectors
In addition to the built-in and RCS bundled connectors, ForgeRock supports a number of additional connectors that you can download from the ForgeRock Download Center.
AWS ConnectorThe AWS connector lets you interact with the AWS IAM service. |
Cerner ConnectorThe Cerner connector lets you interact with Cerner healthcare IT systems. |
DocuSign ConnectorThe DocuSign connector lets you manage DocuSign service accounts and synchronize accounts between DocuSign and the Identity Cloud managed user repository. |
Epic ConnectorThe Epic connector lets you interact with Epic health systems. |
HubSpot ConnectorThe HubSpot connector lets you synchronize HubSpot contacts and companies with managed objects in an Identity Cloud repository. |
MongoDB ConnectorThe MongoDB connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with a MongoDB document database, using Groovy scripts for the ICF operations. |
PeopleSoft ConnectorThe PeopleSoft connector lets you interact with Oracle PeopleSoft systems. |
SAP ConnectorThe SAP connector is an implementation of the Scripted Groovy Connector that connects to any SAP system using the SAP JCo Java libraries. |
SAP S/4HANA ConnectorThe SAP S/4HANA connector lets you synchronize user accounts between Identity Cloud and the SAP S/4HANA service. |