|Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager
11g Release 2 (11.1.2)
Part Number E27150-17
|PDF · Mobi · ePub|
This section describes how to use the Design Console to administer Oracle Identity Manager. It contains the following topics:
The Design Console Administration folder provides system administrators with tools for managing Oracle Identity Manager administrative features. This folder contains the following forms:
Oracle Identity Manager recommends that you create and manage lookups by using the Oracle Identity System Administration. See "Managing Lookups" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for details.
A lookup definition represents one of the following:
The name and description of a text field
A lookup field and the values that are accessible from that lookup field by double-clicking it
A box, and the commands that can be selected from that box
These items, which contain information pertaining to the text field, lookup field, or box, are known as lookup values. Users can access lookup definitions from one of two locations:
A form or tab that comes packaged with Oracle Identity Manager
A user-created form or tab built by using the Form Designer form
The Lookup Definition form shown in Figure 7-1 is in the Design Console Administration folder. You use this form to create and manage lookup definitions.
Table 7-1 describes the data fields of the Lookup Definition form.
Table 7-1 Fields of the Lookup Definition Form
The name of the lookup definition.
The name of the table column of the form or tab from which the text field, lookup field, or box field will be accessible.
Lookup Type/Field Type
These options designate if the lookup definition is to represent a text field, a lookup field, or a box.
If you select the Field Type option, the lookup definition will represent a text field.
If you select the Lookup Type option, the lookup definition is to represent either a lookup field or a box, along with the values that are to be accessible from that lookup field or box.
Note: For forms or tabs that come packaged with Oracle Identity Manager, the lookup definition has already been set as either a lookup field or a box. This cannot be changed. However, you can add or modify the values that are accessible from the lookup field or box.
For forms or tabs that are user defined, the user determines whether the lookup definition represents a lookup field or a box through the Additional Columns tab of the Form Designer form.
For more information about specifying the data type of a lookup definition, see "Additional Columns Tab".
By selecting this check box, the lookup definition is designated as required. As a result, Oracle Identity Manager will not allow the contents of the corresponding form or tab to be saved to the database until the field or box, represented by the lookup definition, is supplied with data.
The name of the Oracle Identity Manager or user-defined form on which the lookup definition is to be displayed.
The following sections describe how to create a lookup definition.
To create a lookup definition:
Open the Lookup Definition form.
In the Code field, enter the name of the lookup definition.
In the Field field, enter the name of the table column of the Oracle Identity Manager or user-created form or tab, from which the text field, lookup field, or box field will be accessible.
If the lookup definition is to represent a lookup field or box, select the Lookup Type option.
If the lookup definition is to represent a text field, select the Field Type option.
Optional. To save the contents of this form or tab only when the field or box represented by the lookup definition is supplied with data, select the Required check box. Otherwise, go to Step 6.
In the Group field, enter the name of the Oracle Identity Manager or user-defined form on which the lookup definition is displayed.
You must follow naming conventions for the text you enter into the Code, Field, and Group fields.
See "Lookup Definition Form" for more information about naming conventions
The lookup definition is created. The associated text field, lookup field, or box will be displayed in the Oracle Identity Manager or user-defined form or tab you specified.
The Lookup Code Information tab is in the lower half of the Lookup Definition form. You use this tab to create and manage detailed information about the selected lookup definition. This information includes the names, descriptions, language codes, and country codes of a value pertaining to the lookup definition. These items are known as lookup values.
The following procedures show how to create, modify, and delete a lookup value.
To create or modify a lookup value:
For internationalization purpose, you must provide both a language and country code for a lookup value.
When creating a new lookup definition, you must save it before adding lookup values to it.
Open the Lookup Definition form.
Access a lookup definition.
If you are creating a lookup value, click Add.
A blank row is displayed in the Lookup Code Information tab.
If you are modifying a lookup value, select the lookup value that you want to edit.
Add or edit the information in the Code Key field.
This field contains the name of the lookup value.
In addition, if the Lookup Type option is selected, this field also represents what is displayed in the lookup field or box once the user makes a selection.
Add or edit the information in the Decode field.
This field contains a description of the lookup value.
The decode value is a humanly readable description of the field. The encode value is the actual code value that is used for provisioning. For example, decode value can be an LDAP group name, and encode value is the LDAP group GUID.
If the Lookup Type option is selected, this field also represents one of the following:
The items that is displayed in a lookup window after the user double-clicks the corresponding lookup field
The commands that are to be displayed in the associated box
The lookup value you created or modified now reflects the settings you have entered.
To delete a lookup value:
Deleting a lookup value might cause problems depending on what the lookup represents. For example, if a lookup value represents an entitlement and it is deleted, then it must be removed from various locations, such as any access policy with that entitlement or any user account having that entitlement granted. Therefore, Oracle recommends that you check all the possible effects before deleting a lookup value.
Open the Lookup Definition form.
Search for a lookup definition.
Select the lookup value that you want to remove.
Click Delete. The selected lookup value is deleted.
You can configure challenge questions for the users by using the Lookup Definition Form. These challenge questions are prompted if the user forgets the password and tries to retrieve it. The user must enter the same answers provided while creating a password.
To configure challenge questions for the user:
Login to Oracle Identity Manager Design Console.
Navigate to Administration, Lookup Definition.
Search for the Lookup for challenge questions, that is, lookup Code = Lookup.WebClient.Questions.
In the Lookup Code Information tab, add questions by entering the appropriate values in the Code Key and Decode fields.
Add this key to the custom resource bundle.
The Remote Manager is a lightweight network server that enables you to integrate with target systems whose APIs cannot communicate over a network, or that have network awareness but are not secure. The Remote Manager works as a server on the target system, and an Oracle Identity Manager server works as its client. The Oracle Identity Manager server sends a request for the Remote Manager to instantiate the target system APIs on the target system itself, and invokes methods on its behalf.
The Remote Manager form shown in Figure 7-2 is in the Design Console Administration folder. It displays the following:
The names and IP addresses of the remote managers that communicate with Oracle Identity Manager
Whether or not the remote manager is running
Whether or not it represents IT resources that Oracle Identity Manager can use
For this example, you can define only one remote manager that can communicate with Oracle Identity Manager: RManager.
Although this remote manager can handshake with Oracle Identity Manager, it is unavailable because the Running check box is deselected. Since the IT Resource check box is selected, this remote manager represents an IT resource or resources that can be used by Oracle Identity Manager.