It's all about IAM

Identity Manager Terminologies

Reconciliation:

It is the process of bringing identities and accounts into IDM from some resource is known as reconciliation.

There are two types of Reconciliation:

  1. Trusted Reconciliation (Authoritative)
  2. Target Reconciliation (Non Authoritative)
Trusted (Authoritative) Reconciliation >

Process of loading identities into IDM is known as Trusted or Authoritative Reconciliation. In the process we load user profiles into IDM. User gets created into IDM.


Example: User data is stored in Active Directory. If we run trusted reconciliation against Active Directory then user will get created into IDM. If user already exists in IDM with that user id then his profile will get updated with new values from Active Directory (If any).


Target (Non Authoritative) Reconciliation >

Process of loading account profile into IDM is known as Target or Non Authoritative Reconciliation. In this process we load user’s account profile i.e. user’s target account information. In this reconciliation only Resource profile of user is created not user profile.

Example: User data is stored in Active Directory. If we run target reconciliation against Active Directory then his Resource Profile will get created into OIM. Resource profile shows that User has account into Active Directory. For creation of resource profile, it is required that user must be present in IDM before.


Provisioning:

Process of creating account of user into target resource is known as Provisioning.


Example: User is created into OIM. When we create user in any target resources like AD, OID etc from OIM, is known as User provisioning.


Resource Object:

Virtual representation of a target resource is known as Resource Object in OIM.

Example: Client has Active Directory as target resource in which users have to be provisioned from OIM. But OIM doesn’t understand Active Directory. So we make a virtual identity of Active Directory in OIM which is understandable by OIM. It is known as Resource Object.