Scripted Groovy

The Scripted Groovy application template allows you to provision users with the Groovy Connector Toolkit.

Register the application

In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.
In the Browse App Catalog modal, select an application, and click Next.

Select the latest application version.
Review the Application Integration information, and click Next.
In the Application Details window, specify the name, description, application owners, and logo for the application.
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
Click Create Application.

Configure provisioning

The generic Groovy Connector Toolkit runs a Groovy script for any operation, such as search, update, create, and others, on any external resource. The Groovy Connector Toolkit is not a complete connector in the traditional sense. Rather, it is a framework you use to write your own Groovy scripts to address the requirements of your implementation. For more information, refer to Groovy Connector Toolkit.

In the Advanced Identity Cloud admin console, on the Provisioning tab:
- If setting up provisioning for the first time:
  1. If you have not done so already, create an application.
  2. On the Provisioning tab, click Set up Provisioning.
  3. Choose a server or server cluster.
- When editing existing settings in the Connection area, click Settings.

Configure the following fields:

Field	Description
Script Base Class	Base class name for scripts (must derive from Script).
Script Roots	The root folder that stores the scripts. If the value is null or empty, the classpath value is used.
Custom Sensitive Configuration	Custom Sensitive Configuration script for Groovy ConfigSlurper.
Schema Script	The name of a connector file that uses a custom Groovy script to implement the ICF schema operation. The ICF schema operation lets a connector describe the types of objects that it can handle on the target system and the operations and options that the connector supports foreach object type.
Test Script	The name of a connector file that uses a custom Groovy script to implement the ICF test operation. The ICF test operation lets a connector test the connector configuration against the target system.
Create Script	The name of a connector file that uses a custom Groovy script to implement the ICF create operation. The ICF create operation lets a connector create objects on the target system.
Update Script	The name of a connector file that uses a custom Groovy script to implement the ICF update operation. The ICF update operation lets a connector update (modify or replace) objects on the target system.
Authenticate Script	The name of a connector file that uses a custom Groovy script to implement the ICF authenticate operation. The ICF authenticate operation lets a connector authenticate an object on the target system, usually with a unique identifier (username) and a password.
Delete Script	The name of a connector file that uses a custom Groovy script to implement the ICF delete operation. The ICF delete operation lets a connector delete objects on the target system.
Resolve Username Script	The name of a connector file that uses a custom Groovy script to implement the ICF resolve username operation. The ICF resolve username operation lets a connector resolve an object to its UID, based on its username.
Search Script	The name of a connector file that uses a custom Groovy script to implement the ICF search operation. The ICF search operation lets a connector search for objects on the target system.
Customizer Script	The name of the file that lets you customize the Apache HTTP client connection pool, proxy, default headers, timeouts, and so on.
Target Directory	Directory into which to write classes.

Field

Description

Script Base Class

Base class name for scripts (must derive from Script).

Script Roots

The root folder that stores the scripts. If the value is null or empty, the classpath value is used.

Custom Sensitive Configuration

Custom Sensitive Configuration script for Groovy ConfigSlurper.

Schema Script

The name of a connector file that uses a custom Groovy script to implement the ICF schema operation. The ICF schema operation lets a connector describe the types of objects that it can handle on the target system and the operations and options that the connector supports foreach object type.

Test Script

The name of a connector file that uses a custom Groovy script to implement the ICF test operation. The ICF test operation lets a connector test the connector configuration against the target system.

Create Script

The name of a connector file that uses a custom Groovy script to implement the ICF create operation. The ICF create operation lets a connector create objects on the target system.

Update Script

The name of a connector file that uses a custom Groovy script to implement the ICF update operation. The ICF update operation lets a connector update (modify or replace) objects on the target system.

Authenticate Script

The name of a connector file that uses a custom Groovy script to implement the ICF authenticate operation. The ICF authenticate operation lets a connector authenticate an object on the target system, usually with a unique identifier (username) and a password.

Delete Script

The name of a connector file that uses a custom Groovy script to implement the ICF delete operation. The ICF delete operation lets a connector delete objects on the target system.

Resolve Username Script

The name of a connector file that uses a custom Groovy script to implement the ICF resolve username operation. The ICF resolve username operation lets a connector resolve an object to its UID, based on its username.

Search Script

The name of a connector file that uses a custom Groovy script to implement the ICF search operation. The ICF search operation lets a connector search for objects on the target system.

Customizer Script

The name of the file that lets you customize the Apache HTTP client connection pool, proxy, default headers, timeouts, and so on.

Target Directory

Directory into which to write classes.

Optionally, click Show advanced settings to set any of the following options:

Field Description

Field	Description
Warning Level	The warning level of the compiler. If not set, the default value is `1`.
Min. Recompilation Interval	Sets the minimum amount of time after a script can be recompiled. If not set, the default value is `100`.
Custom Configuration	Custom Configuration script for Groovy ConfigSlurper.
Tolerance	The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. If not set, the default value is `10`.
Debug	If true, debugging code should be activated.
Classpath	The classpath for use during compilation.
Disabled Global AST Transformations	Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none are disabled.
Verbose	If true, the compiler should produce action information.
Source Encoding	The encoding for source files. If not set, the default value is `UTF-8`.
Recompile Groovy Source	If set to true, recompilation is enabled.
Exclude Unmodified	Select this option to synchronize only the modified properties on a target resource.

Warning Level

The warning level of the compiler. If not set, the default value is 1.

Min. Recompilation Interval

Sets the minimum amount of time after a script can be recompiled. If not set, the default value is 100.

Custom Configuration

Custom Configuration script for Groovy ConfigSlurper.

Tolerance

The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. If not set, the default value is 10.

Debug

If true, debugging code should be activated.

Classpath

The classpath for use during compilation.

Disabled Global AST Transformations

Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none are disabled.

Verbose

If true, the compiler should produce action information.

Source Encoding

The encoding for source files. If not set, the default value is UTF-8.

Recompile Groovy Source

If set to true, recompilation is enabled.

Exclude Unmodified

Select this option to synchronize only the modified properties on a target resource.

Click Connect.
Verify the information in the Details tab.

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Provisioning tab	Description	Related sections
Details	View and manage an application, including name, ID, and native type.	Select the specific application from Provision settings for an application.
Properties	View and manage properties for the selected object type.	Manage application attributes
Data	View data about the selected object type.	View user access data
Mapping	View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.	Manage mappings
Reconciliation	Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation.	Reconcile and synchronize end-user accounts
Privacy & Consent	Manage end-user data sharing and synchronization.	Configure end-user data sharing
Rules	View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.	Manage provisioning rules
Advanced Sync	Create and manage mappings between an identity profile and an application or between applications.	Manage advanced sync

Provisioning tab

Description

Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync