ICF 1.5.20.30

Connector reference

Connectors let you connect to external resources such as LDAP, Active Directory, flat files, and others. This guide describes all the connectors supported with Advanced Identity Cloud, PingIDM, and RCS, and how to configure them.

Any available connector works with IDM, either directly or using RCS. Advanced Identity Cloud can use any available connector through RCS.

If you are looking for Advanced Identity Cloud applications, refer to:

All connectors are available for download from Backstage, but some connectors are included in the default deployment for Advanced Identity Cloud, IDM, and RCS. The following table identifies which connectors are included in the default deployments:

Connector included in default deployment
Connector IDM RCS

No

No

Yes

No

No

No

No

No

No

Yes

Box

No

No

No

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Duo

No

No

No

Yes

Yes

No

No

No

Yes

Yes

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

No

Yes

Yes

No

No

No

Yes

No

Yes

No

No

No

No

No

No

Yes

No

SAP

No

Yes

No

Yes

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SSH

Yes

Yes

No

No

No

No

Configurations in this guide are simplified to show essential aspects. Not all resources support all IDM operations; however, the resources shown here support most of the CRUD operations, reconciliation, and liveSync.

Resources are external systems, databases, directory servers, and other sources of identity data, that are managed and audited by IDM. To connect to resources, IDM loads the ForgeRock Open Identity Connector Framework (ICF). ICF avoids the need to install agents to access resources, instead using the resources' native protocols. For example, ICF connects to database resources using the database’s Java connection libraries or JDBC driver, to directory servers over LDAP, and to UNIX systems over ssh.

SaaS common connectors

Software as a Service (SaaS) common connectors enable connection to cloud-based apps, data, and services. SaaS common connectors share certain code and configuration templates. When a procedure, feature, or release notes specify something as SaaS common, it applies to all SaaS common connectors.

SaaS common connectors version 1.5.20.29 and later support OAuth JWT Bearer flow with:

  • Connector framework 1.5.20.24 or later

  • RCS 1.5.20.24 or later

Learn more in Changed functionality.

Scripted Groovy connectors

Scripted Groovy connectors are based on the Scripted Groovy connector toolkit and share certain code and configuration templates. When a procedure, feature, or release note specifies something as Scripted Groovy, it applies to all Scripted Groovy connectors.