The document outlines a design pattern for identity provisioning architecture, detailing the architecture's role in providing security services within identity governance systems. It emphasizes the need for end-to-end security in applications while addressing risks related to communications, unauthorized access, and data management. Additionally, it describes the interactions and components involved in identity management, including various data sources and processes for reconciliation.

1. Core Identity Provisioning
Identity
Self-Service
Design Pattern – Identity Provisioning
Architecture Design Pattern Version: 1.0 Author: Mike Reams Last Modified: 11/20/2015 11:25:06 AM
Authoritative Identity Ecosystem
Design Pattern
Identity Provisioning A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes
commonly recurring structure of communicating components that solves a general design problem within a particular context . Architectural patterns are
similar to software design patterns but have a broader scope.
Identity Provisioning is a service within the Identity Governance stack that provides various provisioning services to the business. Authoritative identity data
is based person data from the HCM (Human Capital Management) and is reconciled and aggregated with other user data associated based on business rules.
The goal is deliver end-to-end security in J2EE applications, Web services, identity management, and service provisioning. These security patterns differ from
traditional infrastructure security design patterns in terms of addressing the end-to-end security requirements of an application by mitigating security risks at
the functional and deployment level, securing business objects and data across logical tiers, securing communications, and protecting the application from
unauthorized internal and external threats and vulnerabilities
Technology Domains Identity Management | Security | Middleware | Networking
HCM Employee Process
Application
On/Off-Boarding
Manager
Portal
Identity Data Store
Access Management
Web Server
uses
Oracle Access ManagerAccess Policy
General Downstream Architecture
HCM
Talent
Mgmt
Staffing
Agency
Talend
HCM Contractor Process
ETL Process
Get Data
Oracle
API Gateway Oracle Identity Manager
Employee Data
Contractor Data
Active
Directory
Reconciliation (phone & email)
Exchange
Provision
Database
Views
Authoritative Role Providers
TimeSheet HCM Badging
Authoritative Providers of User Data
Merger’s
Active
Directory
Active
Directory
Oracle
Internet
Directory
Services
Provision to Database Provision to Web ServiceProvision to LDAP Provision to Flat FileIdentity Management Portal
Help Desk /
End-User
Identity Portal
ETL
Collective Identities
Reconciliation
Reconciliation
Reconciliation
uses
Provisioning Channel Core IdM Processing Person Interaction
Provides Services