Came across some confusion in the configuration documentation for integrating OIM with OAM11g. We noticed after the integration that all of our user modify orchestrations were failing at the UpdateUserNotification step. This is an eventhandler that is part of the OAM installation that sends a message to the OAM server to invalid the user cache. After some testing we figured out the issue, the documentation indicates in your oim-config.xml that you need to set the accessServerHost and accessServerPort to the OAM Loadbalancer VIP address. The documents seem to indicate this as sso.mycompany.com and 443. If you do this the UpdateNotification will fail as it is trying to contact the Access Server with a message and not an HTTP-type call.
Instead these values should point to the same host and port that the WebGates connect. To determine this, open one of the WebGate configurations in the /oamconsole. Look in the Server Lists section, this has the hostname and port that you should use instead in the oim-config.xml file. In our case the port is 5575 which seems to be the default.
So to repair, update your oim-config.xml in the ssoConfig section and import into MDS.