Connector reference
Connectors let you connect to external resources such as LDAP, Active Directory, flat files, and others. This guide describes all the connectors supported with Identity Cloud, IDM, and RCS, and how to configure them.
| Any available connector works with IDM, either directly or using RCS. Identity Cloud can use any available connector through RCS. |
All connectors are available for download from Backstage, but some connectors are already bundled with Identity Cloud, IDM, and RCS:
The following connectors are bundled with Identity Cloud and can be accessed using the IDM admin UI (native console).
| Identity Cloud can use any available connector through RCS. |
Adobe Marketing Cloud
The Adobe Marketing Cloud connector lets you manage profiles in an Adobe Campaign data store. |
Google Apps
The Google Apps connector lets you interact with Google’s web applications. |
Marketo
The Marketo connector lets you synchronize between IDM user identities and a Marketo Lead Database. |
Microsoft Graph API
The Microsoft Graph API Java connector lets you manage users and groups in a Microsoft Azure tenant, and lets you synchronize users and groups between IDM and Azure. |
Salesforce
The Salesforce connector enables provisioning, reconciliation, and synchronization between Salesforce and the IDM repository. |
SCIM
The SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce. |
ServiceNow
The ServiceNow connector lets you manage objects in the ServiceNow platform, integrating with ServiceNow’s REST API. |
SuccessFactors
The SAP SuccessFactors connector lets you synchronize user accounts between IDM and the SAP SuccessFactors HR system. |
Workday
The Workday connector lets you synchronize user accounts between IDM and Workday’s cloud-based HR system. |
The following connectors are bundled with IDM:
Adobe Marketing Cloud
The Adobe Marketing Cloud connector lets you manage profiles in an Adobe Campaign data store. |
CSV file
The CSV file connector is useful when importing users, either for initial provisioning or for ongoing updates. When used continuously in production, a CSV file serves as a change log, often containing only user records that have changed. |
Database table
The Database Table connector enables provisioning to a single table in a JDBC database. |
Google Apps
The Google Apps connector lets you interact with Google’s web applications. |
Groovy connector toolkit
The Groovy Connector Toolkit lets you run a Groovy script for any ICF operation, such as search, update, create, and others, on any external resource. |
Kerberos
The Kerberos connector is an implementation of the SSH connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you manage Kerberos user principals from IDM. |
LDAP
The LDAP connector is based on JNDI, and can be used to connect to any LDAPv3-compliant directory server, such as ForgeRock Directory Services (DS), Active Directory, SunDS, Oracle Directory Server Enterprise Edition, IBM Security Directory Server, and OpenLDAP. |
Marketo
The Marketo connector lets you synchronize between IDM managed users and a Marketo Leads Database. |
Microsoft Graph API
The Microsoft Graph API Java connector lets you manage users and groups in a Microsoft Azure tenant, and lets you synchronize users and groups between IDM and Azure. |
MongoDB
The MongoDB connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with a MongoDB document database, using Groovy scripts for the ICF operations. |
Salesforce
The Salesforce connector enables provisioning, reconciliation, and synchronization between Salesforce and the IDM repository. |
SCIM
The SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce. |
Scripted REST
The Scripted REST connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any REST API, using Groovy scripts for the ICF operations. |
Scripted SQL
The Scripted SQL connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any SQL database, using Groovy scripts for the ICF operations. |
ServiceNow
The ServiceNow connector lets you manage objects in the ServiceNow platform, integrating with ServiceNow’s REST API. |
SSH
The SSH connector is an implementation of the Scripted Groovy Connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you interact with any SSH server, using Groovy scripts for the ICF operations. |
The following connectors are bundled with RCS:
CSV file
The CSV file connector is useful when importing users, either for initial provisioning or for ongoing updates. When used continuously in production, a CSV file serves as a change log, often containing only user records that have changed. |
Database table
The Database Table connector enables provisioning to a single table in a JDBC database. |
Groovy connector toolkit
The Groovy Connector Toolkit lets you run a Groovy script for any ICF operation, such as search, update, create, and others, on any external resource. |
Kerberos
The Kerberos connector is an implementation of the SSH connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you manage Kerberos user principals from IDM. |
LDAP
The LDAP connector is based on JNDI, and can be used to connect to any LDAPv3-compliant directory server, such as ForgeRock Directory Services (DS), Active Directory, SunDS, Oracle Directory Server Enterprise Edition, IBM Security Directory Server, and OpenLDAP. |
SCIM
The SCIM connector is based on the Simple Cloud Identity Management (SCIM) protocol and lets you manage user and group accounts on any SCIM-compliant resource provider, such as Slack, Facebook, or SalesForce. |
Scripted REST
The Scripted REST connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any REST API, using Groovy scripts for the ICF operations. |
Scripted SQL
The Scripted SQL connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with any SQL database, using Groovy scripts for the ICF operations. |
SSH
The SSH connector is an implementation of the Scripted Groovy Connector, and is based on Java Secure Channel (JSch) and the Java implementation of the Expect library (Expect4j). This connector lets you interact with any SSH server, using Groovy scripts for the ICF operations. |
The following connectors are not bundled with any product but are available for download from Backstage:
AS400
The AS400 connector lets you interact with AS400. |
AWS
The AWS connector lets you interact with the AWS IAM service. |
Cerner
The Cerner connector lets you interact with Cerner healthcare IT systems. |
DocuSign
The DocuSign Connector lets you manage DocuSign service accounts and synchronize accounts between DocuSign and the IDM managed user repository. |
Dropbox
The Dropbox Connector lets you interact with and manage user and group accounts on the Dropbox service. |
Epic
The Epic connector lets you interact with Epic health systems. |
Google Cloud Platform (GCP)
The Google Cloud Platform connector lets you interact with the Google Cloud Platform service. |
HubSpot
The HubSpot connector lets you synchronize HubSpot contacts and companies with managed objects in an IDM repository. |
Oracle EBS
The Oracle EBS connector lets you interact with Oracle E-Business Suite (EBS). |
PeopleSoft
The PeopleSoft connector lets you interact with Oracle PeopleSoft systems. |
PowerShell
The PowerShell Connector Toolkit is not a complete connector in the traditional sense, but a framework within which you write your own PowerShell scripts to address the requirements of your Microsoft Windows ecosystem. Use this connector to create custom connectors that can provision any Microsoft system, such as Active Directory, Microsoft SQL, MS Exchange, SharePoint, Azure, and Office365. |
RACF
The RACF connector lets you interact with IBM RACF systems. |
SAP
The SAP connector is an implementation of the Scripted Groovy Connector that connects to any SAP system using the SAP JCo Java libraries. |
SAP S/4HANA
The SAP S/4HANA connector lets you synchronize user accounts between IDM and the SAP S/4HANA service. |
Configurations in this guide are simplified to show essential aspects. Not all resources support all IDM operations; however, the resources shown here support most of the CRUD operations, reconciliation, and liveSync.
Resources are external systems, databases, directory servers, and other sources of identity data, that are managed and audited by IDM. To connect to resources, IDM loads the ForgeRock Open Identity Connector Framework (ICF). ICF avoids the need to install agents to access resources, instead using the resources' native protocols. For example, ICF connects to database resources using the database’s Java connection libraries or JDBC driver, to directory servers over LDAP, and to UNIX systems over ssh.
ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.
The ForgeRock Common REST API works across the platform to provide common ways to access web resources and collections of resources.