1 Design Console Overview

You can use the Design Console to configure system settings that control the systemwide behavior of Oracle Identity Manager and affect its users. The Design Console allows you to perform user management, resource management, process management, and other administration and development tasks.

This chapter contains an overview of the Oracle Identity Manager Design Console and describes the basic operations of the console. It is recommended that you review this information before proceeding to subsequent chapters that describe in-depth Design Console features.

This chapter contains the following sections:

• Starting the Design Console

• Navigating Around the Design Console

• Special Field and Form Types

• Assignment Windows

• Search Operations

• Forms Accessible from the Design Console

1.1 Starting the Design Console

To start the Design Console:

1. Double-click the Oracle Identity Manager client icon on the desktop.

   The Login window is displayed.

2. Enter your user ID and password.

3. Click Login.

   The Design Console main screen is displayed.

Note:

You can also access the basic features of Oracle Identity Manager by using the Oracle Identity Manager Administrative and User Console.

1.2 Navigating Around the Design Console

You can create, track, and analyze a business process by using the main screen in the Design Console. Figure 1-1 shows the main screen of the Design Console.

Figure 1-1 Design Console Main Screen

The Design Console main screen consists of these regions:

• Design Console Menu Bar

• Design Console Toolbar

• Design Console Explorer

• Design Console Workspace

1.2.1 Design Console Menu Bar

The menu bar is displayed at the top of the main screen. It contains menus that enable you to perform all operations in the Design Console user interface.

The Design Console menu bar provides the following menus:

• File Menu

• Edit Menu

• Toolbar Menu

• Help Menu

You can use keyboard shortcuts to use the menu items for performing various operations in the Design Console. See "Keyboard Shortcuts in the Design Console" for information about keyboard shortcuts available in the Design Console.

1.2.1.1 File Menu

The File menu provides the following options:

Menu Item	Action
Print	Prints the active form
Login	Logs out of the Design Console, and log in again
Exit	Exits the Design Console

1.2.1.2 Edit Menu

The Edit menu provides the following options:

Menu Item	Action
Cut	Deletes selected text from editable fields and copies it to the system Clipboard
Copy	Copies the selected text to the system Clipboard
Paste	Pastes text from the system Clipboard to the selected field
Clear	Clears the selected text

1.2.1.3 Toolbar Menu

The Toolbar menu operations are described in the following table.

Menu Item	Action
New	Clears the contents of the active form
Save Changes	Saves all changes made to the active form
Query	Runs a query on the active form
Notes	Displays any notes that are attached to the active form
Refresh	Refreshes the record of the active form
Close	Closes the active form
Delete	Deletes the current record
Next	Displays the next record when you query more than one record
Previous	Displays the previous record when you query more than one record
First	Displays the first record when you query more than one record
Last	Displays the last record when you query more than one record
Close All	Closes all open forms and clears the Design Console Workspace

1.2.1.4 Help Menu

The Help menu provides you with access to the Design Console version number and copyright information. These are displayed when you select About from the Help menu.

1.2.1.5 Keyboard Shortcuts in the Design Console

The Design Console provides the following keyboard shortcuts to help you perform functions quickly and provide you with easy access to menu commands.

Shortcut Name	Keystroke Combination	Description
File menu	Alt+F	Activates the File menu
Edit menu	Alt+E	Activates the Edit menu
Toolbar menu	Alt+T	Activates the Toolbar menu
Help menu	Alt+H	Activates the Help menu
Print	Ctrl+P	Prints the active form
Cut	Ctrl+X	Deletes selected text from editable fields, and copies it to the system Clipboard
Copy	Ctrl+C	Copies the selected text to the system Clipboard
Paste	Ctrl+V	Pastes text from the system Clipboard to the selected field
Clear	Ctrl+Delete	Clears the selected text
New	Ctrl+N	Clears the active form
Save Changes	Ctrl+S	Saves all changes made to the active form
Query	Ctrl+Q	Runs a query on the active form
Notes	Ctrl+Shift+N	Displays notes that are attached to the active form
Refresh	Ctrl+R	Refreshes the active form
Close	Ctrl+W	Closes the active form
Delete	Ctrl+D	Deletes the current record
Next	Number pad + (plus)	Displays the next record, when you have queried more than one record
Previous	Number pad - (minus)	Displays the previous record, when you have queried more than one record
First	Ctrl+F	Display the first record, when you have queried more than one record
Last	Ctrl+L	Displays the last record, when you have queried more than one record
Prepopulate	Ctrl+U	Populates designated fields of a customized form with data
Help	F1	Opens context-sensitive Help for the active form
Explorer	F3	Selects the Design Console icon, which is displayed at the top of the Design Console Explorer
Lookup	F4	Displays the Lookup window for the selected lookup field
Menu	F10	Activates the File menu

1.2.2 Design Console Toolbar

The toolbar consists of a series of buttons below the menu bar. These buttons provide single-click access to frequently used actions. The toolbar buttons apply to the active form.

Figure 1-2 shows the Design Console Toolbar.

Figure 1-2 Design Console Toolbar

When you hold the mouse over a toolbar button for a few seconds, a tool tip that describes the button is displayed.

The following table describes the toolbar buttons:

Button	Action
First	Displays the first record when you have queried more than one record.
Previous	Displays the previous record when you have queried more than one record.
Next	Displays the next record when you have queried more than one record.
Last	Displays the last record when you have queried more than one record.
New	Clears the active form.
Save	Saves all changes made to the active form.
Query	Runs a query on the active form.
Notes	Displays any notes that are attached to the active form.
Refresh	Refreshes the active form.
Close	Closes the active form.
Delete	Deletes the current record.
Prepopulate	Populates designated fields with data. These fields are user defined, and have prepopulate adapters attached to them. Note: For information about prepopulate adapters, see Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

1.2.3 Design Console Explorer

The Design Console Explorer contains a list of icons that represent forms that you have permission to access.

Figure 1-3 shows the Design Console Explorer. You can customize the Explorer. Depending on the permissions assigned to you, you can see different icons in the Explorer. If you want to access a form icon that you do not have permissions for, contact your system administrator.

Figure 1-3 Design Console Explorer

Tip:

• If the system administrator changes your permissions, you must refresh the Explorer window.

• You can adjust the size of the Design Console Explorer by moving the divider to the right or left.

1.2.3.1 Starting a Form

To start a form:

1. Expand the folder that contains the required form.

2. Double-click the form that you want to open.

   The corresponding form is displayed in the Design Console Workspace.

1.2.3.2 Refreshing the List of Forms

To refresh the list of forms:

1. Right-click the Oracle Identity Manager logo at the top of the Oracle Identity Manager Explorer window. A menu is displayed.

2. Click Refresh Explorer.

   The Design Console refreshes the Explorer with all forms that you can access, including any forms that a system administrator recently gave you permission to access.

1.2.4 Design Console Workspace

The Design Console Workspace is the region of the main screen that displays forms that you access using the Explorer.

Figure 1-4 shows the Workspace.

Figure 1-4 Design Console Workspace

If you access multiple forms, the Design Console places the active form on top and layers the remaining forms on tabs along the bottom of the main screen. To switch between forms, click the desired form's tab.

The Design Console can display each form in two views: a form view and a table view.

1.2.4.1 The Form View

The form view provides detailed information about a single record. The form view is displayed when you initially access a form by using the Explorer, for example, before you perform a query.

1.2.4.2 The Table View

The table view lists general information about multiple records of a form. When you submit a query that produces more than one result, the Design Console displays a table that contains the records that match the criteria in the query.

For example, a query of the Organizations form can return several records. Both the form and table view tabs of the Organizations form can be displayed. Figure 1-5 shows the table view of the Design Console.

Figure 1-5 Table View

The following applies to all table views:

• To select a record in a table view, click it.

• The data associated with a record is displayed in cells.

  Cells are also referred to as fields.

• Forms contain column headings, which are boxes with labels above each column.

  Column headings display the name of the column. If a column contains a Lookup dialog box, which provides acceptable values for some field or attribute, then the column heading is displayed in blue.

• The Design Console forms contain row headings, which are boxes with numeric labels at the beginning of each row.

  To view a detailed form view of a record, double-click its row header. To display a record in the form view, select the record in the table view. Then, click the applicable form tab at the bottom of the Workspace.

• If a query returns more records than can be displayed in the Workspace, a vertical scroll bar is displayed along the right edge of the table view.

  Click the up or down arrows in the vertical scroll bar to scroll through the records of the table.

• If the table view contains more columns than can be displayed in the Workspace, then a horizontal scroll bar is displayed along the bottom edge of the table view.

  Click the left or right arrows in the horizontal scroll bar to display additional columns not initially visible in the Workspace.

• You can edit record information in the individual cells (fields) of the table view.

  To edit the information in a particular field, click it and make the desired changes.

• Fields whose column headings are displayed in blue have Lookup dialog boxes.

  You can double-click these fields to access their Lookup dialog boxes, and select the desired value. When you edit the value in any field, the row header for the corresponding record changes to black. This indicates that the data in that field has changed and must be saved.

• To select consecutive records, press the Shift key and use the mouse to select records.

• To select nonconsecutive record rows, press the Ctrl key and use the mouse to select records.

• To export a record, right-click the row heading.

  To select more than one record, press the Shift key before clicking the row heading.

  A dialog box is displayed.

• Select Copy to Clipboard to copy the selected records to the Clipboard.

  You can paste copied records into a Microsoft Excel worksheet or a Microsoft Word document.

• To save the records as a tab-delimited file, select Copy to File.

• You can control the order in which the records in a table view are displayed by using the sort feature.

  To change the sort order of displayed records, click the heading of the column by which you want the records to be sorted. A triangle is displayed beside the column heading text. This indicates the direction, ascending or descending order, in which the records were sorted.

1.3 Special Field and Form Types

The actions of the basic features of the Design Console are standard for all forms. This section describes the standard actions of the Design Console and the field and window types in the Design Console main screen.

1.3.1 Data Fields

Data fields are display areas in forms that present information related to a specific record. For example, First Name can be a data field on the Users form.

The label of a field can be displayed in black or blue.

• A black label indicates that this field is a standard field.

  You can query, create, modify, or delete information in a standard field.

• A blue label indicates that the data in this field is derived from a predefined list of values supplied by using a Lookup or a Date & Time window.

  When you double-click this type of field, the applicable Date & Time window or Lookup window is displayed. You can select a date, time, or a lookup value.

The value of a field can be displayed in black or red.

• If the field value is displayed in black, the data in this field is supplied by the user.

  You can query or edit the information in these types of fields.

• If the field value is displayed in red, the data in this field is supplied by Oracle Identity Manager.

  These values are read-only. This prevents you from overwriting critical information.

1.3.2 Lookup Fields

A lookup field enables you to search for a value. Lookup fields are displayed in blue. The following procedure describes how to use lookup fields.

To use lookup fields:

1. Double click the lookup field. The Lookup dialog box is displayed.

2. In the Lookup dialog box, to select a value, click the field, and then click OK.

   Alternatively, you can select the field and press F4.

   Click Cancel to close the Lookup window without selecting anything.

   Figure 1-6 shows the Lookup dialog box.

   Figure 1-6 Lookup Dialog Box

   
   

3. If the Lookup dialog box contains a long list of values, enter the first few characters of the value in the Find box, followed by an asterisk (*), and click Search. Alternatively, you can scroll through the list of values to locate it.

   The Lookup dialog box displays the results that match your search.

1.3.3 Date and Time Fields

The Date & Time window enables you to select a month, year, day, and time. This window is displayed when you double-click a field that is equipped with a an option to open this window. The Date & Time fields have labels in blue.

To select a date and time:

1. Double-click the field in which you want to enter a date and time.

   You can also display the Date & Time window by selecting a field and pressing F4.

   The Date & Time window is displayed, as shown in Figure 1-7:

   Figure 1-7 The Date & Time Window

   
   Description of "Figure 1-7 The Date & Time Window"
   
   

2. From the menu, select the month.

3. From the Date scroll box, select the year.

4. Click the date on the calendar.

5. From the Time box, select the time.

6. Click OK to save your changes.

   The Date & Time window closes. The field that you double-clicked in Step 1 now displays the date and time you selected.

   Click Cancel to exit without saving.

1.3.4 List

Lists have predefined values. When you click a list, its values are displayed. If the list contains more values that can be displayed at one time, then a vertical scroll bar is displayed to the right of the list. In Figure 1-8, the Employee Type field is a list:

Figure 1-8 The List Field

Description of "Figure 1-8 The List Field"

When you select a value, the list is replaced by a field in which the selected value is displayed.

1.3.5 Notes Window

The Notes window enables you to enter supplemental information for a record. When used with adapters, this window also displays the code that the Design Console generated while compiling the adapter. For more information about adapters, see Chapter 2, "Developing Adapters" and Chapter 3, "Using Adapters".

Note:

In the following procedure, if the Notes button is red, the current record has a note. To view the note, click the button. You can enter supplemental information in this record. Each entry receives a unique date, time, and user stamp.

To use the Notes window:

• 1. Select the required record.

  2. Click Notes.

     The Notes window is displayed, as shown in Figure 1-9:

     Figure 1-9 The Notes Window

     
     Description of "Figure 1-9 The Notes Window"
     
     

  3. Enter information in the text area of the Notes window.

  4. Click the icon that represents a man to store your information in the Notes window.

     Or, click Close to close the Notes window without saving.

  5. From the Toolbar, click Save.

     The information you entered into the Notes window is saved.

1.3.6 Tabs on Forms

Most forms in the Design Console contain multiple tabs. The tabs are usually in the bottom of the form. The tabs display additional information about a record, for example, the users who are employed at an organization, as shown in Figure 1-10.

Figure 1-10 Design Console - Tab on Forms

Each tab has its own tables and function buttons. Usually, the buttons on a tab are grayed out until the information in the upper portion of the form is saved. The table displayed in the tab enables you to view and edit the records associated with that tab item.

To modify information in a row of a tab's table, either double-click the field that contains the information you want to edit, or double-click the associated row heading.

1.4 Assignment Windows

The User Form Assignment windows enable you to select and assign entities to a record. The Assignment window is displayed when you click the Assign button.

Figure 1-11 shows a User Form Assignment window for selecting and assigning roles to a record.

Figure 1-11 User Form Assignment Window

Description of "Figure 1-11 User Form Assignment Window"

The left pane lists items that you can assign to the record, for example, Organization. The right pane lists the items that have already been assigned to the record. Although the values available for selection in the left and right panes are unique to what is being assigned or unassigned, the buttons and general use of this dialog box are consistent throughout the application.

The following are methods for working with this window:

• To select multiple unconsecutive items, hold down the Ctrl key while selecting items with the mouse.

  For example, you can select the User Group, the IT Resource Type Definition object, and the Form Information object, but not the Process Definition object.

• To select multiple items that are listed consecutively, hold down the Shift key and select the first and last items with the mouse.

• To assign one or more items, select the item and click the right arrow.

• To unassign one or more items, select them, and click the left arrow.

When you are done, click OK. If you click Cancel, all assignment changes are discarded.

1.5 Search Operations

This section describes the search operation that you can perform in the Design Console. It contains the following sections:

• Starting a Search

• Constructing a Search Filter

• Results of a Search

• Working with a Set of Query Results

• Optimizing Query Performance

• Exceeding the Limit for a Result Set

1.5.1 Starting a Search

The Design Console enables you to perform searches (queries) for records in the database. Every form in the Design Console provides a search function. The search function is also available in lookup fields.

To conduct a search on a blank form or after entering a search filter, click the binoculars icon on the toolbar.

After you enter the search criteria in the query fields, click the binoculars symbol or press Ctrl+Q.

1.5.2 Constructing a Search Filter

You can filter the search results in a form field. Filtering limits the results that are returned to only the records that match the criteria you entered. If you leave all form fields blank before conducting the search, all records in the table are returned.

You can use a wildcard character in a search. The asterisk (*) wildcard character represents unspecified portions of the search criteria. You can use a wildcard character at the beginning, middle, or end of the value that you enter in a field. For example, if you enter B* in the Location field of a Design Console form and execute a search, you retrieve all records with locations that begin with the letter B (for example, Burbank, Boston, Bristol, and so on). If the asterisk is placed in the middle of a search value, as in B*on, you retrieve all records that begin with B and end with ON (for example, Brighton, Boston, and so on). If you place the asterisk at the beginning of the search value, as in *A, you retrieve all records that end in A (for example, Philadelphia, Tampa, and so on).

In Figure 1-12, a query is performed on the Organizational Defaults form and the Organization Name field is used to filter the search criteria. The filter Xell* ensures that only organizations with names that begin with Xell are retrieved.

Figure 1-12 Using a Filter in a Search Query

1.5.3 Results of a Search

When you submit a search request by clicking the toolbar icon (Query for records), one of the following occurs:

• No records are returned. No records in the database match your search criteria for this form. Either the record that you are searching for no longer exists in the database, or you must modify your search criteria.

• One record is returned. One record in the database matches your search criteria. The Form view displays that record.

• More than one record is returned. Multiple records in the database match your search criteria. A Table view is displayed, listing all records that meet your search criteria. The first record is displayed in the Form view, as shown in Figure 1-13.

  Figure 1-13 Multiple Records Returned

  
  

1.5.4 Working with a Set of Query Results

If multiple records in the database match your search criteria, you can view details about each record. Several buttons can assist you when viewing these records in the Form view. These directional buttons, referred to as VCR buttons, are located in the toolbar. The following table describes the VCR buttons:

Buttons	Description
Description of the illustration arr.gif	Click this button to display the first record in the result set in the Form view.
Description of the illustration rtarr.gif	Click this button to display the preceding record according to the display sequence in the Table view. The record is displayed in the result set in the Form view.
Description of the illustration ltarr.gif	Click this button to display the next record (according to the display sequence in the Table view) in the result set in the Form view.
	Click this button to display the last record in the result set in the Form view.

1.5.5 Optimizing Query Performance

A query that returns a large result set can require significant time to run and can affect your computer's performance. To optimize performance, use the following search techniques:

• Define the scope of a search strategy as precisely as possible.

  Enter the most specific information that you can when constructing your query. For example, if the first name of a contact is JOHN and the last name is JACKSON, enter both pieces of information, rather than searching only for contacts with the last name JACKSON.

• Use the asterisk (*) wildcard character where possible.

  If you place the asterisk in front of an alphabetic character (for example, *A), fewer records are returned as compared to when you leave a field blank.

1.5.6 Exceeding the Limit for a Result Set

If you have both read and write access to all forms and records in the Design Console (that is, if you are a system administrator), you can set the maximum number of records that are displayed in the result set for a search. If the number of records retrieved for a search exceeds this value, the Design Console displays the Query size exceeded dialog box, as shown in Figure 1-14.

Figure 1-14 Query Size Exceeded Dialog Box

You are prompted to enter a specific range or subset of the result set to be viewed. In Figure 1-14, the maximum result set of 100 has been exceeded. Only records 1 through 100 will be displayed.

1.6 Forms Accessible from the Design Console

The left side of the Design Console main screen is the Design Console Explorer. The Explorer consists of a list of icons that represent forms that you have permissions to access. These icons are grouped under folders based on functionality and are displayed to the users according to the access rights that you assign to them. Figure 1-15 shows the Explorer in the Design Console main screen.

Figure 1-15 The Design Console Main Screen

Description of "Figure 1-15 The Design Console Main Screen"

The forms in the various folders in the Design Console Explorer are described in the following sections:

• User Management

• Resource Management

• Process Management

• Administration

• Development Tools

• Business Rule Definition

1.6.1 User Management

The User Management folder provides tools to create and manage information about organizations, users, and roles. This folder contains the following forms:

• Organizational Defaults: This form is used to specify the default values that the organization users should have for certain resources. The organization hierarchy is considered while getting the values specified on the organization defaults by traversing from the bottom of the hierarchy to the top.

• Policy History: This form is used to view resources that are allowed and disallowed for users through policies.

• Roles: This form is used to specify which Design Console forms are available for which roles.

1.6.2 Resource Management

The Resource Management folder provides you tools for managing Oracle Identity Manager resources. This folder contains the following forms:

• IT Resources Type Definition: This form is used to create resource types that are displayed as lookup values on the IT Resources form.

  IT resource types store the set of fields that are used to specify connectivity and other configuration of a particular target type. For example, the AD Server IT resource type indicates what fields must be specified for conneting to Microsoft Active Directory. This can include the host, port, username, password, and root context. This is essentially a list of parameters. From this type, you can create an IT resource instance by specfying concrete values for all the parameters. While provisioning an Active Directory account, one of the fields on the process form is of type AD Server, and the value of this field is the IT resource instance that points to the actual target where the account is created.

• Rule Designer: This form is used to create rules that can be applied to password policy selection, auto-group membership, provisioning process selection, task assignment, and prepopulating adapters.

• Resource Objects: This form is used to create and manage resource objects. These objects represent resources that you want to make available to users and organizations.

  Resource objects specify account types in Oracle Identity Manager. Resource objects encapsulate the following:

  • The type of the entity that the resource objects are representing in the target, for example AD User and AD Group.

  • The provisioning mechanism. This is not a configuration specific to resource objects but a provisioning process definition. However, the process definition itself is tied to the resource object.

  • Flags related to permissioning that determines who is the resource allowed for, if the user can get more than one instances of this resource, and who can provision the resource.

  • Object administrator and object authorizer configuration.

  • Reconciliation fields, action rules and other reconciliation related flags.

  • Resource dependency.

  • Status flags for a resource, which determines the states that a resource can go through.

  • Resource audit objectives used in attestation.

  Examples of resource objects are AD User, SAP User, and LDAP Account.

See Also:

Chapter 11, "Developing Resource Objects" for more information about the forms in the Resource Management folder

1.6.3 Process Management

The Process Management folder provides you tools for creating and managing Oracle Identity Manager processes and e-mail templates.

This folder contains the following forms:

• Email Definition: This form is used to create templates for e-mail notifications.

• Process Definition: This form is used to create and manage approval and provisioning processes. It also lets you start the Workflow Definition Renderer that displays your workflow definition in a graphical presentation.

See Also:

Chapter 12, "Developing Provisioning Processes" for more information about the forms in the Process Management folder

1.6.4 Administration

The Design Console Administration folder provides you tools for managing Oracle Identity Manager administrative features. This folder contains the following forms:

• Lookup Definition: This form is used to create and manage lookup definitions. A lookup definition represents a lookup field and the values you can access from that lookup field.

• User Defined Field Definition: This form is used to create and manage user-defined fields. A user-defined field enables you to store additional information, such as user, request, and resource information.

• Remote Manager: This form is used to display information about the servers that Oracle Identity Manager uses to communicate with third-party programs. These servers are known as remote managers.

• Password Policies: This form is used to set password restrictions for the users and view the rules and resource objects that are associated with a password policy.

See Also:

Chapter 15, "Developing Lookup Definitions, UDFs, and Remote Manager" for more information about the forms in the Administration folder

1.6.5 Development Tools

The Design Console provides a suite of development tools that enable system administrators or developers to customize Oracle Identity Manager. This folder contains the following forms:

• Adapter Factory: This form is used to create and manage the code that enables Oracle Identity Manager to communicate with any IT Resource by connecting to that resource's API. This code is known as an adapter.

• Adapter Manager: This form is used to compile multiple adapters simultaneously.

• Form Designer: This form is used to create process and resource object forms that do not come packaged with Oracle Identity Manager.

• Error Message Definition: This form is used to create error messages that can be used for reporting when certain problems occur while using Oracle Identity Manager. This form also enables a system administrator or developer to define the error messages that users can access when they create error handler tasks by using the Adapter Factory form.

• Reconciliation Rules: This form is used to create and manage reconciliation rules in Oracle Identity Manager.

1.6.5.1 Business Rule Definition

The Development Tools folder consists of the Business Rules Definition subfolder. The Business Rule Definition folder provides system administrators and developers with tools to manage the event handlers and data objects of Oracle Identity Manager. This folder contains the following forms:

• Event Handler Manager: This form is used to create and manage the event handlers that are used with Oracle Identity Manager.

• Data Object Manager: This form is used to define a data object, assign event handlers and adapters to it, and map any adapter variables associated with it.

See Also:

Chapter 5, "Developing Rules" for more information about the forms in the Business Rule Definition folder