Distributed high availability agent architecture

US 10,341,354 B2
Filed: 09/15/2017
Issued: 07/02/2019
Est. Priority Date: 09/16/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide an Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS), the providing comprising:

establishing a connection to an AD, coupled to a first network, the AD including a plurality of organizational units (OUs), a plurality of groups and a plurality of users, each group being a member of an OU, and each user being a member of an OU and a group;

establishing a connection to an IDCS, coupled to a second network, the IDCS including a System for Cross-domain Identity Management (SCIM) directory having a plurality of user resource entries and a plurality of group resource entries;

displaying the plurality of OUs in a graphical user interface (GUI), each OU being selectable by a user;

receiving a selection of one or more OUs;

displaying each member group of the selected OUs in the GUI, each group being selectable by the user;

receiving a selection of one or more member groups of the selected OUs;

monitoring the users of the selected OUs to identify users that have been added, modified or deleted;

monitoring the selected member groups of the selected OUs to identify groups that have been added, modified or deleted;

synchronizing the identified users to the SCIM directory; and

synchronizing the identified groups to the SCIM directory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A high availability (HA) Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS) is provided. A connection to an AD, coupled to a first network, is established. A connection to an IDCS, coupled to a second network, is established, the IDCS including a System for Cross-domain Identity Management (SCIM) directory. A plurality of selectable AD OUs are displayed in a GUI, and a selection of one or more OUs is then received. Each member group of the selected OUs is displayed in the GUI, and a selection of one or more member groups of the selected OUs is then received. The users of the selected OUs and the selected member groups of the selected OUs are monitored to identify users and groups that have been added, modified or deleted. The identified users and groups are then synchronized to the SCIM directory.

308 Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide an Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS), the providing comprising:
- establishing a connection to an AD, coupled to a first network, the AD including a plurality of organizational units (OUs), a plurality of groups and a plurality of users, each group being a member of an OU, and each user being a member of an OU and a group;
  
  establishing a connection to an IDCS, coupled to a second network, the IDCS including a System for Cross-domain Identity Management (SCIM) directory having a plurality of user resource entries and a plurality of group resource entries;
  
  displaying the plurality of OUs in a graphical user interface (GUI), each OU being selectable by a user;
  
  receiving a selection of one or more OUs;
  
  displaying each member group of the selected OUs in the GUI, each group being selectable by the user;
  
  receiving a selection of one or more member groups of the selected OUs;
  
  monitoring the users of the selected OUs to identify users that have been added, modified or deleted;
  
  monitoring the selected member groups of the selected OUs to identify groups that have been added, modified or deleted;
  
  synchronizing the identified users to the SCIM directory; and
  
  synchronizing the identified groups to the SCIM directory.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer readable medium of claim 1, wherein the connection to the AD is read-only.
  - 3. The non-transitory computer readable medium of claim 1, wherein the AD is a single domain.
  - 4. The non-transitory computer readable medium of claim 1, wherein the OUs are displayed in a hierarchical tree in the GUI.
  - 5. The non-transitory computer readable medium of claim 1, wherein the identified users are synchronized to the SCIM directory without transmitting AD password information over the second network.
  - 6. The non-transitory computer readable medium of claim 1, wherein the identified users and the identified groups are synchronized incrementally and periodically at a pre-determined time interval.
  - 7. The non-transitory computer readable medium of claim 1, wherein the identified users and the identified groups are synchronized using Representational State Transfer (REST) post, patch and delete operations to the SCIM directory.

8. A method for providing an Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS), the method comprising:
- establishing a connection to an AD, coupled to a first network, the AD including a plurality of organizational units (OUs), a plurality of groups and a plurality of users, each group being a member of an OU, and each user being a member of an OU and a group;
  
  establishing a connection to an IDCS, coupled to a second network, the IDCS including a System for Cross-domain Identity Management (SCIM) directory having a plurality of user resource entries and a plurality of group resource entries;
  
  displaying the plurality of OUs in a graphical user interface (GUI), each OU being selectable by a user;
  
  receiving a selection of one or more OUs;
  
  displaying each member group of the selected OUs in the GUI, each group being selectable by the user;
  
  receiving a selection of one or more member groups of the selected OUs;
  
  monitoring the users of the selected OUs to identify users that have been added, modified or deleted;
  
  monitoring the selected member groups of the selected OUs to identify groups that have been added, modified or deleted;
  
  synchronizing the identified users to the SCIM directory; and
  
  synchronizing the identified groups to the SCIM directory.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the connection to the AD is read-only.
  - 10. The method of claim 8, wherein the AD is a single domain.
  - 11. The method of claim 8, wherein the OUs are displayed in a hierarchical tree in the GUI.
  - 12. The method of claim 8, wherein the identified users are synchronized to the SCIM directory without transmitting AD password information over the second network.
  - 13. The method of claim 8, wherein the identified users and the identified groups are synchronized incrementally and periodically at a pre-determined time interval.
  - 14. The method of claim 8, wherein the identified users and the identified groups are synchronized using Representational State Transfer (REST) post, patch and delete operations to the SCIM directory.

15. A system for providing an Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS), the system comprising:
- a memory; and
  
  a processor, coupled to the memory, a first network and a second network, the processor being configured to;
  
  establish a connection to an AD, coupled to the first network, the AD including a plurality of organizational units (OUs), a plurality of groups and a plurality of users, each group being a member of an OU, and each user being a member of an OU and a group;
  
  establish a connection to an IDCS, coupled to the second network, the IDCS including a System for Cross-domain Identity Management (SCIM) directory having a plurality of user resource entries and a plurality of group resource entries;
  
  display the plurality of OUs in a graphical user interface (GUI), each OU being selectable by a user;
  
  receive a selection of one or more OUs;
  
  display each member group of the selected OUs in the GUI, each group being selectable by the user;
  
  receive a selection of one or more member groups of the selected OUs;
  
  monitor the users of the selected OUs to identify users that have been added, modified or deleted;
  
  monitor the selected member groups of the selected OUs to identify groups that have been added, modified or deleted;
  
  synchronize the identified users to the SCIM directory; and
  
  synchronize the identified groups to the SCIM directory.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the connection to the AD is read-only and the AD is a single domain.
  - 17. The system of claim 15, wherein the OUs are displayed in a hierarchical tree in the GUI.
  - 18. The system of claim 15, wherein the identified users are synchronized to the SCIM directory without transmitting AD password information over the second network.
  - 19. The system of claim 15, wherein the identified users and the identified groups are synchronized incrementally and periodically at a pre-determined time interval.
  - 20. The system of claim 15, wherein the identified users and the identified groups are synchronized using Representational State Transfer (REST) post, patch and delete operations to the SCIM directory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Murugesan, Anand, Lander, Vadim, Ramasamy, Loganathan, Sridhar, Sudarsan
Primary Examiner(s)
Chang, Kenneth W

Application Number

US15/705,590
Publication Number

US 20180083977A1
Time in Patent Office

655 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 21/6218   to a system of files or obj...

G06F 3/0482   Interaction with lists of s...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

Distributed high availability agent architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

308 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed high availability agent architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

308 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links