Brief Description

In a provisioning system, the lack of widely adopted standards makes integration across a wide range of IDMSs and SPs difficult. The general solution has been to develop a connector framework between the engine and the IDMS and SPs. These connectors translate from the provisioning engine protocols to the target system protocols (often via REST-like APIs and execution of shell scripts).

However, each engine generally has its own connector framework. This increases lock-in, making it more difficult for institutions to leverage connectors built by others, and to switch provisioning engines when requirements change.

Generic Functional Requirements

  • Must support robust and timely data synchronization with a range of external systems
  • If using a vendor solution, should come delivered with a standard set of connectors for provisioning data to common target systems, such as LDAP, Active Directory, and RDMS
  • Should support message queues both for notifying external systems of changes and for receiving notification of changes from external systems

Standards Support and Integration Considerations

Where possible, avoid non-standard technologies which require specifically integrated vendor components to be deployed.

Unfortunately, there are currently no standards for connector API between the provisioning engine and the connectors that are widely adapted. It may make sense to abstract out local connector integrations to allow for easier swap out of the provisioning engine should such a change become desirable.

Connectors implementing SPML are desirable, but the number of SPs supporting SPML is low.

Key Design Considerations

See the Data Integration section for general principles that apply to this section as well.

Enumerating the number and types of downstream systems to be provisioned may help determine how much any given solution will work "out of the box" and how much will need to be locally developed.

Technical Solutions

  1. Most vendor IdM products come with a suite of connectors
  2. See the Data Integration section for additional possible solutions
  • No labels