ICF 1.5.20.19

Connector reference

Connectors let you connect to external resources such as LDAP, Active Directory, flat files, and others. This guide describes all the connectors supported with Identity Cloud, IDM, and RCS, and how to configure them.

Any available connector works with IDM, either directly or using RCS. Identity Cloud can use any available connector through RCS.

All connectors are available for download from Backstage, but some connectors are already bundled with Identity Cloud, IDM, and RCS:

  • Identity Cloud

  • IDM

  • RCS

  • Backstage

The following connectors are bundled with Identity Cloud and can be accessed using the IDM admin UI (native console).

Identity Cloud can use any available connector through RCS.
Adobe Marketing Cloud

The Adobe Marketing Cloud connector lets you manage profiles in an Adobe Campaign data store.

Google Apps

The Google Apps connector lets you interact with Google’s web applications.

Marketo

The Marketo connector lets you synchronize between IDM user identities and a Marketo Lead Database.

Microsoft Graph API

The Microsoft Graph API Java connector lets you manage users and groups in a Microsoft Azure tenant, and lets you synchronize users and groups between IDM and Azure.

Salesforce

The Salesforce connector enables provisioning, reconciliation, and synchronization between Salesforce and the IDM repository.

SCIM

The SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce.

ServiceNow

The ServiceNow connector lets you manage objects in the ServiceNow platform, integrating with ServiceNow’s REST API.

SuccessFactors

The SAP SuccessFactors connector lets you synchronize user accounts between IDM and the SAP SuccessFactors HR system.

Workday

The Workday connector lets you synchronize user accounts between IDM and Workday’s cloud-based HR system.

The following connectors are bundled with IDM:

Adobe Marketing Cloud

The Adobe Marketing Cloud connector lets you manage profiles in an Adobe Campaign data store.

CSV file

The CSV file connector is useful when importing users, either for initial provisioning or for ongoing updates. When used continuously in production, a CSV file serves as a change log, often containing only user records that have changed.

Database table

The Database Table connector enables provisioning to a single table in a JDBC database.

Google Apps

The Google Apps connector lets you interact with Google’s web applications.

Groovy connector toolkit

The Groovy Connector Toolkit lets you run a Groovy script for any ICF operation, such as search, update, create, and others, on any external resource.

Kerberos

The Kerberos connector is an implementation of the SSH connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you manage Kerberos user principals from IDM.

LDAP

The LDAP connector is based on JNDI, and can be used to connect to any LDAPv3-compliant directory server, such as ForgeRock Directory Services (DS), Active Directory, SunDS, Oracle Directory Server Enterprise Edition, IBM Security Directory Server, and OpenLDAP.

Marketo

The Marketo connector lets you synchronize between IDM managed users and a Marketo Leads Database.

Microsoft Graph API

The Microsoft Graph API Java connector lets you manage users and groups in a Microsoft Azure tenant, and lets you synchronize users and groups between IDM and Azure.

MongoDB

The MongoDB connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with a MongoDB document database, using Groovy scripts for the ICF operations.

Salesforce

The Salesforce connector enables provisioning, reconciliation, and synchronization between Salesforce and the IDM repository.

SCIM

The SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce.

Scripted REST

The Scripted REST connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any REST API, using Groovy scripts for the ICF operations.

Scripted SQL

The Scripted SQL connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any SQL database, using Groovy scripts for the ICF operations.

ServiceNow

The ServiceNow connector lets you manage objects in the ServiceNow platform, integrating with ServiceNow’s REST API.

SSH

The SSH connector is an implementation of the Scripted Groovy Connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you interact with any SSH server, using Groovy scripts for the ICF operations.

The following connectors are bundled with RCS:

CSV file

The CSV file connector is useful when importing users, either for initial provisioning or for ongoing updates. When used continuously in production, a CSV file serves as a change log, often containing only user records that have changed.

Database table

The Database Table connector enables provisioning to a single table in a JDBC database.

Groovy connector toolkit

The Groovy Connector Toolkit lets you run a Groovy script for any ICF operation, such as search, update, create, and others, on any external resource.

Kerberos

The Kerberos connector is an implementation of the SSH connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you manage Kerberos user principals from IDM.

LDAP

The LDAP connector is based on JNDI, and can be used to connect to any LDAPv3-compliant directory server, such as ForgeRock Directory Services (DS), Active Directory, SunDS, Oracle Directory Server Enterprise Edition, IBM Security Directory Server, and OpenLDAP.

SCIM

The SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce.

Scripted REST

The Scripted REST connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any REST API, using Groovy scripts for the ICF operations.

Scripted SQL

The Scripted SQL connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any SQL database, using Groovy scripts for the ICF operations.

SSH

The SSH connector is an implementation of the Scripted Groovy Connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you interact with any SSH server, using Groovy scripts for the ICF operations.

The following connectors are not bundled with any product but are available for download from Backstage:

AS400

The AS400 connector lets you interact with AS400.

AWS

The AWS connector lets you interact with the AWS IAM service.

Cerner

The Cerner connector lets you interact with Cerner healthcare IT systems.

DocuSign

The DocuSign Connector lets you manage DocuSign service accounts and synchronize accounts between DocuSign and the IDM managed user repository.

Dropbox

The Dropbox Connector lets you interact with and manage user and group accounts on the Dropbox service.

Epic

The Epic connector lets you interact with Epic health systems.

Google Cloud Platform (GCP)

The Google Cloud Platform connector lets you interact with the Google Cloud Platform service.

HubSpot

The HubSpot connector lets you synchronize HubSpot contacts and companies with managed objects in an IDM repository.

Oracle EBS

The Oracle EBS connector lets you interact with Oracle E-Business Suite (EBS).

PeopleSoft

The PeopleSoft connector lets you interact with Oracle PeopleSoft systems.

PowerShell

The PowerShell Connector Toolkit is not a complete connector in the traditional sense, but a framework within which you write your own PowerShell scripts to address the requirements of your Microsoft Windows ecosystem. Use this connector to create custom connectors that can provision any Microsoft system, such as Active Directory, Microsoft SQL, MS Exchange, SharePoint, Azure, and Office365.

RACF

The RACF connector lets you interact with IBM RACF systems.

SAP

The SAP connector is an implementation of the Scripted Groovy Connector that connects to any SAP system using the SAP JCo Java libraries.

SAP S/4HANA

The SAP S/4HANA connector lets you synchronize user accounts between IDM and the SAP S/4HANA service.

SAP HANA Database

The SAP HANA Database connector lets you synchronize user accounts between IDM and a SAP HANA Database.

Configurations in this guide are simplified to show essential aspects. Not all resources support all IDM operations; however, the resources shown here support most of the CRUD operations, reconciliation, and liveSync.

Resources are external systems, databases, directory servers, and other sources of identity data, that are managed and audited by IDM. To connect to resources, IDM loads the ForgeRock Open Identity Connector Framework (ICF). ICF avoids the need to install agents to access resources, instead using the resources' native protocols. For example, ICF connects to database resources using the database’s Java connection libraries or JDBC driver, to directory servers over LDAP, and to UNIX systems over ssh.

ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.

The ForgeRock Common REST API works across the platform to provide common ways to access web resources and collections of resources.

Copyright © 2010-2023 ForgeRock, all rights reserved.