Last modified 15 Nov 2021 14:56 +01:00
This page is outdated, it contains information that was not updated in a long time. The described functionality may or may not work. Do not rely on information provided on this page.

Resource represents a system or component external to the IDM system, which the IDM system will manage. It is sometimes called IT resource, target system, source system, provisioning target, etc. IDM system connects to it to create accounts, assign accounts to groups, etc. But it also may be an authoritative source of data, system that maintains lookup tables, database that contains organizational structure, etc. The Resource provides a combination of several functions (e.g. both provisioning and authoritative data for some attributes).

Resource definition is perhaps the most complex object in midPoint. It contains several parts, each part has its specific meaning and purpose. The complex parts are described in a separate sections below.

Property Type Description

connectorRef (connector)

ObjectReference (ConnectorType)

Reference to the connector that implements specified resource. The connector is used to connect to the resource.




Resource private namespace. This is the namespace that is private for a specific resource instance. It may be used by the connector e.g. to generate instance-specific resource schema or for other purposes. If not set a default namespace is assumed (see XML Namespace List)



Resource configuration (hostname, port, …​). Specific for each resource type. See below.




XSD definition of resource schema for the resource instance. It defines data types for accounts, groups, roles, entitlements, organizational units or any other objects related to identity management that the resource supports. See below and also Resource Schema.



Specification of handling the objects defined in resource schema. E.g. read-only or read-write attributes, account object classes, expressions to determine values, etc. See Resource Schema Handling.




The capabilities natively supported by the connector without any simulation or any other workaround. This may not be stored in the repository, as this can be fetched any time from the connector. If this element is not present then the data were not yet retrieved from the resource. If it is present, but the inner capability list is empty then the connector provides no capabilities. The value of this element indicates what the connector can do.




The capabilities supported by the resource, including both native capabilities of the connector and simulated capabilities. If this element is not present at all, the value of nativeCapabilities element is assumed. The value of this element is not generated, it should be set by the administrator. The value of this element indicates administrator decisions what connector capabilities to use, what capabilities to simulate and how to simulate them. The valus of this element indicates what the connector is allowed to do.




Collection of scripts to be executed for various provisioning operations.




Defines a synchronization properties (configuration) for a resource. This applies to all flavors of synchronization (live sync, reconciliation, import, …​)

Resource Definition Sections