Contributed by: Atul Goyal, Senior Principal Product Manager, Oracle, Harish Jangada, Managing Partner, Kapstone LLC, and Saurabh Sharma, Managing Partner, Kapstone LLC
Working closely with our strategic partner, Kapstone Technologies LLC (KP), Oracle Identity Cloud Service now provides its customers greater flexibility and control over user lifecycle management activities through out of the box integration with 100+ cloud, on premise and legacy applications and platforms.
Kapstone Provisioning Gateway (an Oracle Identity Cloud Service certified integration) extends your ability to connect with 100+ cloud, on premise and legacy applications and platforms. The KP Provisioning gateway comes with Out of the Box (OOTB) connectors that perform user LCM activities like Create, Update, Disable, Delete user.
Simplifying User Management in Oracle Fusion Applications, EPM with Identity Cloud Service
The KP Provisioning gateway provides an Out of the Box (OOTB) connector for Oracle Fusion HCM Cloud that automates manual user life cycle management processes. Based on the HR event, Kapstone Gateway can provision users and assign roles to target applications like Oracle Fusion Applications, Oracle EPM, Oracle Analytics Cloud, Oracle Cloud Infrastructure and various on-premises and cloud applications. Kapstone Provisioning Gateway can also detect segregation of duties (SOD) policy violation in Oracle Fusion Applications.
Oracle Fusion HCM Cloud and Oracle Identity Cloud Service integration leveraging Kapstone Integration Service provides the ability to automatically onboard employees/workers and help ensure that access to all apps and roles is as per the business policy and compliant on their first day.
Improve IT productivity:
Compliance / Enhanced Security:
Streamline User Experience:
Made available natively as a cloud service, the KP Provisioning Gateway is deployed on Oracle Cloud Infrastructure and is built as a highly resilient, fault tolerant architecture. The Key Design principles for the Kapstone Provisioning Gateway are outlined below:
The unique capabilities of KP Provisioning Gateway that extend across all connected systems are outlined below:
1. Integration Service
Predefined connectors are designed for enterprise applications and its architecture is based on the APIs that the target system supports. There may be scenarios in which custom integration is needed to link the target system and IGA or IdaaS system. Kapstone’s gateway provides a simple way, leveraging generic REST/SQL/Script connectors, to integrate with the target applications.
Kapstone Provisioning Gateway enables customers to add custom logic before the create, update, or delete an account provisioning operation on the target application. Extend provisioning operation with custom logic to modify and validate target application account data before completing operations on the target application. Common customizations using the customization hook include operations like derive values, validate database against another database, validate if pre-requisites are met, service account password operations handling, move user to different organization unit based on various criteria.
3. Not Linked/Orphan account detection and reporting: Once the KP Provisioning Gateway is connected to target applications/platforms – it pulls the account information in the target system and verifies it against the identity information in Oracle Identity Cloud Service. In case accounts are detected in the target system, which don’t correlate to a user identity in the governance platform (Oracle Identity Cloud Service), then those accounts are marked as Not Linked/Orphan accounts. The customer admins can view a detailed report on all Orphan accounts, segregated by target application(s).
4. Inbuilt (Automated) error handling / Auto Retry Option for Failed User Operations: The KP Provisioning gateway provides customer administrators the flexibility to configure the system for re-trying the user CRUD operations in case it fails during the original operation. The admins can setup the number of automated system attempts and the time gap between those attempts uniquely for each application. This feature alone helps resolve nearly 60% of the failed CRUD operations that are typically encountered in governance solutions.
5. Intuitive Graphical interface for Application attribute mapping: On deployment, the KP Provisioning Gateway connectors perform an auto-discovery on the connected application and provide an easy, intuitive UI for customer admins to map the application attributes. Even custom attributes can easily be pulled and mapped through the user interface.
6. Application Maintenance Mode: During periods when the connected application might be unavailable due to a system failure/planned downtime/upgrade etc., the KP Provisioning Gateway provides “Maintenance Mode” feature for each application. Once the customer admin turns on the “Maintenance Mode” for a particular application, then all user operations (CRUD) performed for that application would be stored in a queue. The operations would be executed once the application is back up and made available
7. Single Click Connector Cloning: Once a connector is deployed for a lower environment (Dev/Test/Staging), then it can be cloned for the new environment through a single click. KP Provisioning Gateway provides connector cloning option in the user interface, thereby greatly reducing the time to deployment
Kapstone Provisioning Gateway is certified with Oracle Identity Cloud Service and are available through the Oracle Cloud Infrastructure Marketplace
Kapstone is a leading Cloud Identity Security Solution Provider that focuses on providing intelligent, simple and cost-effective Identity Governance and Administration solutions and services.