Source: projects/identity-management/knowledge-base/oneim-10-lts-technical-documents.md
> Source: projects/identity-management/knowledge-base/oneim-10-lts-technical-documents.md
One Identity Manager 10.0 LTS Technical Documents Index
Source: One Identity Manager 10.0 LTS technical documents
Captured: 2026-04-26
Purpose: durable workspace index of the official 10.0 LTS document set, with routing notes for OIM sandbox, IT Shop, role, synchronization, and developer work.
High-Value Reading Order
For the current sandbox and IT Shop entitlement work:
1. Identity management fundamentals: core objects, inheritance model, identity/resource concepts.
2. IT Shop structure and functionality: shelves, shops, products, requests, service items, request lifecycle.
3. System roles: ESet concepts, inheritance, assignment, exclusions, IT Shop publication.
4. Business roles: role hierarchy and assignment semantics distinct from system roles.
5. Connecting to Active Directory: ADSGroup, AD synchronization, containers, group scope/type, service-account needs.
6. Basics of target system synchronization: synchronization project behavior, object matching, provisioning, and troubleshooting.
7. One Identity Manager REST API and API Development: API-driven operations and custom APIs.
8. Configuring One Identity Manager and Operational guide: configuration parameters, transport, services, operations.
9. Process monitoring and troubleshooting: job queue, DBQueue, service/process health.
10. Web Portal / Working with the Web Portal: request UX and self-service verification.
Current Sandbox-Relevant Interpretation
Live OneIM DB checks on 2026-04-26 showed:
| OneIM area | Live sandbox state | Documentation route |
|---|---|---|
| IT Shop tree | ITShopOrg exists with Identity & Access Lifecycle root and AD group / role request nodes. Live semantics: ITShopInfo = SH for shop root, BO for direct shelves, PR for product nodes, CU for customer nodes. | IT Shop structure and functionality |
| Products/service items | AccProduct exists with predefined AD group and system-role request products | IT Shop structure and functionality |
| AD groups | ADSGroup exists, but current groups are not IT Shop published (IsForITShop = 0) | Connecting to Active Directory, IT Shop |
| System roles | ESet and ESetHasEntitlement are empty, but schema and ESetType exist | System roles |
| AD sync | Groups seeded under OU=OIM-Managed must later sync into ADSGroup | Connecting to Active Directory, Basics of target system synchronization |
For the AD shop-seeding project, create AD groups first. In a later OIM-side phase, sync them into ADSGroup, publish direct app groups as service items, and model SR_* bundle markers as OIM ESet system roles linked to included ADSGroup entitlements through ESetHasEntitlement. Do not model deep nested shelves in ITShopOrg; OneIM trigger logic rejects BO below BO, so application/domain grouping should use AccProductGroup, service item names, and metadata.
Documents by Type
Administration Guides
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Accounting | Cost/accounting contexts for service items and reporting. |
| One Identity Manager - Administration Guide for Connecting to Cloud HR Systems | HR source-system integration patterns; relevant for later demo identities. |
| One Identity Manager - Administration Guide for Database Systems Integration | Generic database target integration. |
| One Identity Manager - Attestation | Attestation workflows for access review and policy confirmation. |
| One Identity Manager - Basics for managing target systems in One Identity Manager | Core target-system administration model; useful before any connector-specific work. |
| One Identity Manager - Behavior Driven Governance | Governance automation concepts and behavior-driven controls. |
| One Identity Manager - Business roles | Business role hierarchy, role assignment, inheritance, and role-based resource allocation. |
| One Identity Manager - Company policies | Policy modeling and policy violation handling. |
| One Identity Manager - Compliance rules | Compliance-rule modeling for separation-of-duties and access controls. |
| One Identity Manager - Connecting a Privileged Account Management Systems | PAM integration patterns. |
| One Identity Manager - Connecting custom target systems | Custom connector/target system modeling. |
| One Identity Manager - Connecting to a Universal Cloud Interface | UCI connector patterns. |
| One Identity Manager - Connecting to Active Directory | Primary reference for ADSAccount, ADSGroup, AD containers, synchronization, and provisioning. |
| One Identity Manager - Connecting to Active Directory with One Identity Active Roles | Active Roles integration for AD management through ARS. |
| One Identity Manager - Connecting to Cloud applications using the SCIM connector | SCIM provisioning connector. |
| One Identity Manager - Connecting to Exchange Online | Exchange Online target-system integration. |
| One Identity Manager - Connecting to Google Workspace | Google Workspace integration. |
| One Identity Manager - Connecting to HCL Domino | HCL Domino integration. |
| One Identity Manager - Connecting to LDAP | LDAP target-system integration, distinct from AD. |
| One Identity Manager - Connecting to Microsoft Entra ID | Microsoft Entra ID integration. |
| One Identity Manager - Connecting to Microsoft Exchange | On-prem Exchange integration. |
| One Identity Manager - Connecting to Microsoft Teams | Teams integration. |
| One Identity Manager - Connecting to Oracle E-Business Suite | Oracle EBS integration. |
| One Identity Manager - Connecting to SAP R/3 | SAP R/3 integration. |
| One Identity Manager - Connecting to SAP R/3 HR | SAP HR integration. |
| One Identity Manager - Connecting to SAP R/3 with BI analysis authorizations | SAP BI authorization analysis. |
| One Identity Manager - Connecting to SharePoint | SharePoint integration. |
| One Identity Manager - Connecting to SharePoint Online | SharePoint Online integration. |
| One Identity Manager - Connecting to Unix | Unix target-system integration. |
| One Identity Manager - Data archiving | Archiving operational and history data. |
| One Identity Manager - Identity management fundamentals | Foundational model for identities, resources, roles, inheritance, and processes. |
| One Identity Manager - Integration with OneLogin Cloud Directory | OneLogin Cloud Directory integration. |
| One Identity Manager - IT Shop structure and functionality | IT Shop, shelves, products, service items, request lifecycle, and publication mechanics. |
| One Identity Manager - Operational guide | Operations, service health, maintenance, and runtime administration. |
| One Identity Manager - Report subscriptions | Report subscription management. |
| One Identity Manager - Risk assessment | Risk index and risk analysis concepts; currently out of scope for AD seeding v1. |
| One Identity Manager - SAP functions | SAP-specific function handling. |
| One Identity Manager - Software management | Software/resource management. |
| One Identity Manager - Starling Connect Connector Administration Guide | Starling Connect integration. |
| One Identity Manager - System roles | ESet system role concepts, inheritance, exclusions, direct assignment, role nesting, and IT Shop publication. |
| One Identity Manager and Epic Integration - Administration Guide for Connecting to Epic Target System | Epic integration. |
| One Identity Manager and Service Now Integration - Administration Guide | ServiceNow integration. |
| One Identity Manager - Administration Guide for Azure Cloud Access Governance | Cloud Access Governance integration. |
Configuration Guides
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Authorizing and authenticating in One Identity Manager | Authentication modules, authorization, and access to tools/APIs. |
| One Identity Manager - Configuration of Password Synchronization with the Password Capture Agent | Password sync using Password Capture Agent. |
| One Identity Manager - Configuration of Secure Password Extension | Secure Password Extension setup. |
| One Identity Manager - Configuring One Identity Manager | Core configuration parameters and system configuration. |
| One Identity Manager - Web application configuration | Web Portal and web application configuration. |
Deployment Guide
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Intelligent Query Chatbot Deployment | Deployment of the Intelligent Query Chatbot. |
General
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Glossary | Canonical terminology lookup. |
Getting Started Guide
| Document | Workspace relevance |
|---|---|
| One Identity Manager - One Identity Manager tools user interface | UI orientation for Manager, Designer, Launchpad, and related tools. |
Installation Guide
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Installing the One Identity Manager | Installation, database setup, and initial components. |
Reference Guides
| Document | Workspace relevance |
|---|---|
| One Identity Manager - API Development | Custom API development and API Server extensibility. |
| One Identity Manager - Basics of target system synchronization | Synchronization project architecture, mappings, object matching, provisioning, and sync troubleshooting. |
| One Identity Manager - Glossary | Duplicate listing; use as terminology reference. |
| One Identity Manager - One Identity Manager REST API | REST API endpoints and API usage. |
| One Identity Manager - Setting Up the LDAP Connector for CA ACF2 | Mainframe LDAP connector setup. |
| One Identity Manager - Setting Up the LDAP Connector for CA Top Secret | Mainframe LDAP connector setup. |
| One Identity Manager - Setting Up the LDAP Connector for IBM i | IBM i LDAP connector setup. |
| One Identity Manager - Setting Up the LDAP Connector for IBM RACF | IBM RACF LDAP connector setup. |
| One Identity Manager - Web application development | Web application customization/development. |
Release Notes
| Document | Workspace relevance |
|---|---|
| One Identity Manager - DSI Release Notes | Database Systems Integration release notes. |
| One Identity Manager - Release Notes | Core 10.0 LTS release changes and known issues. |
| One Identity Manager - Starling Connect Connector Release Notes | Starling Connect release notes. |
| One Identity Manager and Cloud HR Systems Integration - Release Notes | Cloud HR release notes. |
| One Identity Manager and Epic Integration - Release Notes | Epic integration release notes. |
| One Identity Manager and Service Now Integration - ServiceNow Integration Release Notes | ServiceNow integration release notes. |
| One Identity Manager - Cloud Access Governance Release Notes | CAG release notes. |
Troubleshooting Guide
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Process monitoring and troubleshooting | DBQueue, JobQueue, process monitoring, and troubleshooting. Critical for sandbox health work. |
User Guides
| Document | Workspace relevance |
|---|---|
| One Identity Manager - Connecting a database using the One Identity Manager connector | User-facing database connector setup. |
| One Identity Manager - Connecting a target system using the CSV connector | CSV connector usage. |
| One Identity Manager - Connecting a target system using the PowerShell connector | PowerShell connector usage. |
| One Identity Manager - Connecting to a database using the generic ADO.NET provider | ADO.NET connector usage. |
| One Identity Manager - Connecting to a DB2 (LUW) database | DB2 connector usage. |
| One Identity Manager - Connecting to a MySQL database | MySQL connector usage. |
| One Identity Manager - Connecting to a PostgreSQL Server database | PostgreSQL connector usage. |
| One Identity Manager - Connecting to an Oracle Database | Oracle connector usage. |
| One Identity Manager - Connecting to an SAP HANA database | SAP HANA connector usage. |
| One Identity Manager - Connecting to an SQL Server database | SQL Server connector usage. |
| One Identity Manager - Connecting to an SQLite database | SQLite connector usage. |
| One Identity Manager - Help desk | Help desk user workflows. |
| One Identity Manager - Working with the Application Governance Module | Application Governance workflows. |
| One Identity Manager - Working with the Operations Support Web Portal | Operations Support Web Portal workflows. |
| One Identity Manager - Working with the Web Portal | Web Portal end-user request and approval workflows. |
Topic Routing
| Topic | Read first |
|---|---|
| IT Shop shelves, products, requestability | IT Shop structure and functionality |
| AD groups and AD synchronization | Connecting to Active Directory; Basics of target system synchronization |
| System roles, resource bundles, ESet | System roles |
| Business role hierarchy and assignments | Business roles |
| Service item publication | IT Shop structure and functionality; Active Directory guide |
| API automation | REST API; API Development |
| Process/queue health | Process monitoring and troubleshooting; Operational guide |
| Web Portal verification | Working with the Web Portal; Web application configuration |
Local Follow-Ups
- Create focused notes after reading the full PDFs for IT Shop structure and functionality, System roles, Business roles, Connecting to Active Directory, and Basics of target system synchronization.
- For OIM sandbox implementation, map these concepts to live tables already observed:
ITShopOrg,AccProduct,ADSGroup,ESet,ESetHasEntitlement,PersonWantsOrg. - Keep risk documentation indexed but out of the AD shop-seeding v1 scope until Viktor reintroduces it.