1/63
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in this Guide?
Changes for Oracle Adaptive Access Manager 11g Release 2 (11.1.2)
Changes for Oracle Adaptive Access Manager 11
g
Release 1 (11.1.1)
Changes for Oracle Adaptive Access Manager from 10g to 11
g
Part I Getting Started with Oracle Adaptive Access Manager
1
Introduction to Oracle Adaptive Access Manager
1.1
Overview of Oracle Adaptive Access Manager
1.2
Oracle Adaptive Access Manager Features
1.2.1
Autolearning
1.2.2
Configurable Risk Engine
1.2.3
Virtual Authentication Devices
1.2.4
Device Fingerprinting
1.2.5
Knowledge-Based Authentication
1.2.6
Answer Logic
1.2.7
OTP Anywhere
1.2.8
Mobile Access Security
1.2.9
Universal Risk Snapshot
1.2.10
Fraud Investigation Tools
1.2.11
Policy Management
1.2.12
Dashboard
1.2.13
Reports
1.3
Oracle Adaptive Access Manager Component Architecture
1.4
Deployment Options
1.5
Oracle Adaptive Access Manager 11g Release 2 (11.1.2) Features
1.6
Oracle Adaptive Access Manager 11.1.2.0 vs. Oracle Adaptive Access Manager 11.1.1.3.0 Feature Comparison
1.7
System Requirements and Certification
2
Setting Up the OAAM Environment
2.1
About Setting Up the Base Environment
2.2
Prerequisites
2.3
Setting Up the CLI Environment
2.3.1
Setting Up the CLI Work Folder
2.3.2
Specifying Properties for CLI Script Startup (Optional)
2.3.3
Setting Up the Credential Store Framework (CSF) Configuration
2.3.3.1
Configure OAAM Database Details with CSF without MBeans
2.3.3.2
Configure OAAM Database Details with CSF with MBeans
2.3.4
Setting Up Oracle Adaptive Access Manager Database Credentials
2.3.5
Using Persistence Instead of Setting Database Credentials in the Credential Store Framework
2.4
Setting Up Encryption and Database Credentials
2.4.1
Prerequisites for Setting Up Encryption and Database Credentials
2.4.2
Setting Up the Encoded Secret Key for Encrypting Configuration Values
2.4.3
Setting Up Encoded Secret Key for Encrypting Database Values
2.4.4
Generating an Encoded Secret Key
2.4.5
Adding the Encoded Symmetric Key to the Credential Store Framework
2.4.6
Setting Up Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
2.4.7
Backing Up Database Credentials and Encoded Secret Keys for Encrypting the Database and Configuration Values
2.5
Creating Users and Groups
2.5.1
Creating OAAM Users
2.5.2
Creating OAAM Administrative Roles and User in an External LDAP Store
2.6
Importing the OAAM Snapshot
2.7
Importing IP Location Data
2.8
Setting the Time Zone Used for All Time Stamps in the OAAM Administration Console
2.9
Enabling OTP
2.10
Securing OAAM Web Service Access
3
Getting Started with Common Administration and Navigation
3.1
Starting and Stopping Components in Your Deployment
3.2
About Access Level to the OAAM Admin Console
3.3
Signing In to Oracle Adaptive Access Manager 11
g
3.4
Using the OAAM Administration Console and Controls
3.4.1
About the Navigation Panel
3.4.2
About the Navigation Tree
3.4.2.1
Navigation Tree Structure
3.4.2.2
Navigation Tree Menu and Toolbar
3.4.3
About the Policy Tree
3.4.4
About the Management Pages
3.4.4.1
Search Pages
3.4.4.2
Detail Pages
3.4.5
About the Dashboard
3.4.6
About Online Help
3.5
Using Search, Create, and Import
3.6
Exporting Results to a Microsoft Excel Spreadsheet
Part II Customer Service and Forensics
4
Managing and Supporting CSR Cases
4.1
Introduction and Concepts
4.1.1
Case
4.1.1.1
CSR Cases
4.1.1.2
Escalated Cases
4.1.2
Customer Service Representative (CSR)
4.1.3
CSR Manager
4.1.4
Locked Status
4.1.5
Temporary Allow
4.1.6
Case Status
4.1.7
Severity Level
4.1.8
Expiration Date
4.1.9
Customer Resets
4.2
About CSR and CSR Manager Role Permissions
4.3
Getting Started
4.4
Using the Cases Search Page
4.4.1
Searching for Cases
4.4.2
Viewing a List of Cases
4.4.3
Viewing a List Cases You are Currently Working On
4.4.4
Searching for Open and Closed Cases
4.4.5
Searching Case by Description Keyword
4.4.6
Viewing a List of Cases
4.5
Using the Case Details Page
4.5.1
Case Actions
4.5.2
Viewing Case Details
4.5.3
Viewing User Details
4.6
Viewing Case Activity
4.6.1
Viewing the Case History
4.6.2
Searching the Log of a Case
4.6.3
Viewing Escalated Case Logs and Notes
4.7
Viewing Customer's Sessions
4.7.1
Viewing a Customer's Session History
4.7.2
Searching for a Customer's Sessions
4.7.3
Searching for a Customer's Sessions by Device ID or Date Range
4.7.4
Filtering the Session History by Authentication Status or Alert Level
4.7.5
Viewing Transactions in the Sessions History
4.8
Creating a CSR Case
4.8.1
Creating a Case
4.8.2
Creating a Case Like Another Case
4.9
Performing Customer Resets
4.9.1
Resetting Image
4.9.2
Resetting Phrase
4.9.3
Resetting Image and Phrase
4.9.4
Unregistering Devices
4.9.5
Resetting OTP Profile
4.9.6
Resetting Virtual Authentication Device
4.9.7
Unlocking OTP
4.9.8
Resetting All Registration Data, Challenge Counters, and OTP Contact and Delivery Information
4.10
Performing Challenge Question Resets
4.10.1
Performing Challenge Questions Related Actions
4.10.2
Resetting Challenge Questions
4.10.3
Resetting Challenge Questions and the Question Set
4.10.4
Incrementing a Customer to the Next Question
4.10.5
Unlocking a Question (KBA)
4.10.6
Performing KBA Phone Challenge
4.11
Enabling a Temporary Allow
4.12
Performing Case Actions
4.12.1
Adding Notes to Cases
4.12.2
Changing Severity Level of a Case
4.12.3
Changing Status of a Case
4.12.3.1
Changing Case Status to Pending
4.12.3.2
Closing a Case
4.12.3.3
Open Closed Cases
4.12.4
Extending Expiration
4.12.5
Escalating a CSR Case to an Agent Case
4.12.6
Bulk-Editing CSR Cases
4.13
Using Reporting
4.14
About Multitenancy
4.14.1
Enabling Multitenancy
4.14.2
Changing Permissions
4.14.3
About Access to Cases
4.14.4
Searching Sessions
4.14.5
Examples of Multitenancy in OAAM
4.14.5.1
CSR Creates a Case
4.14.5.2
CSR Cannot Create Case Successfully for Organization and Login Combination
4.14.5.3
CSR Can Create Case Successfully for Organization and Login Combination
4.14.5.4
CSR Has Access to More Than One Organization ID Cannot Create Case
4.14.5.5
CSR Has Access to More Than One Organization ID Can Create Case Successfully
4.14.5.6
CSR Who Cannot Access Any Organization Tries to Create Case
4.14.5.7
CSR Acts On Case
4.14.5.8
CSR Views Case Details
4.14.5.9
CSR Searches Sessions
4.14.5.10
Agent Creates a Case
4.14.5.11
CSR Searches Cases
4.15
CSR Case Scenarios
4.15.1
Customer Session Search and Case Creation Scenario
4.15.2
Resetting Challenge Questions Scenario
4.15.3
Resetting Image and Phrase Scenario
4.15.4
Bulk Editing CSR Case Scenario
4.15.5
CSR Manager Bulk Case Editing Scenario
4.15.6
Ask Questions Flow Scenario
4.16
Best Practices and Recommendations
5
Investigation Using OAAM
5.1
About Fraud Investigation
5.1.1
About Fraud Investigation
5.1.2
About Fraud Investigation Roles
5.1.3
About Multitenant Access Control
5.1.4
About Agent Cases
5.1.5
About Agent Cases Creation
5.1.5.1
Manually Created Case
5.1.5.2
Auto-Generated Case
5.1.5.3
Escalated Cases
5.1.6
About Investigation Workflow
5.1.7
About Case Ownership
5.1.8
About Using Agent Cases for Investigation
5.1.9
About Closing a Case
5.1.10
About Agent Case Feedback
5.2
Understanding OAAM Investigation and Analysis Using the Investigation Console
5.2.1
About the Agent Case Search Page
5.2.2
About Sessions and Transactions Search Pages
5.2.2.1
Sessions Search
5.2.2.2
Transaction Search
5.2.3
About the Utility Panel
5.2.4
About the Case Notes Panel
5.2.5
About the Compare Transactions Tab
5.2.6
About Adding and Removing Fields
5.2.7
About Adding to a Group Option
5.2.7.1
Adding Data to Group Scenario
5.2.8
About Linking Sessions to an Agent Case
5.2.9
About Agent Case Tabs
5.3
Using the Investigation Console
5.3.1
Searching for High Alerts in Sessions and Transactions
5.3.2
Searching for Suspect Transactions to Review
5.3.3
Viewing Transaction and Entity Data
5.3.4
Identifying Related Sessions and Transaction
5.3.5
Viewing Transactions from the Filtered Transaction Page
5.3.6
Comparing Parameters of Transactions and Customer Details
5.3.6.1
Comparing Transaction Data Scenario
5.3.7
Adding the Data Element Utilized in the Fraudulent Transactions to a Group
5.3.7.1
Search from existing group
5.3.7.2
Create New Group to Add Data Element to
5.3.8
Selecting a Transaction to Link Sessions to a Case
5.3.9
Closing a Case with a Disposition
5.3.10
Searching for Auto-Generated Agent Cases with Current Status "New" and Open Case
5.3.11
Viewing Linked Sessions
5.3.12
Viewing Relevant Transaction's Details Such Transactional and Summary Data
5.3.12.1
View Summary Information
5.3.12.2
View Transaction Data
5.3.12.3
View Session Data
5.3.13
Viewing Transaction or Session Oriented Results
5.3.14
Comparing Multiple Instances of the Same Transactions
5.3.14.1
Comparing Transaction Data Scenario
5.3.15
Adding Case Notes
5.3.16
Closing a Case with a Disposition
5.3.17
Opening a Newly Escalated Case
5.3.18
Viewing Case Logs
5.3.19
Viewing User Data
5.3.20
Viewing Case Details
5.3.21
Searching for Potentially Suspicious Sessions Based on Various Criteria
5.3.22
Viewing a List of Sessions Matching Specified Criteria
5.3.23
Viewing Forensic Record and General Details of a Session
5.3.23.1
Session Summary
5.3.23.2
Checkpoints
5.3.23.3
Session Transactions
5.3.23.4
Session User
5.3.23.5
Session Device
5.3.23.6
Session Location
5.3.23.7
Query By Example
5.3.24
Searching for Transactions
5.3.25
Searching for Transactions by Entities of a Single Transaction Type
5.3.25.1
Searching by Entity Fields Scenario
5.3.25.2
Searching for ATM Transactions By ATM Card Scenario
5.3.25.3
Listing All Account Numbers and Amount Transferred Each Time Scenario
5.3.26
Searching Transactions by a Combination of Entities and Transaction Data
5.3.26.1
Searching by Entity and Transaction Data Scenario
5.3.27
Searching Transactions by Entities Across Multiple Transaction Types
5.3.27.1
Search Credit Card in Different Transactions (Shopping Cart and Retail Ecommerce) Scenario
5.3.28
Opening Details Pages from Sessions Search Page
5.3.29
Viewing a Particular Alert for a Session
5.3.30
Viewing Transaction Search Results
5.3.30.1
Viewing Transaction Details Scenario
5.3.31
Linking Sessions to a New Case
5.3.32
Linking Sessions to a Case from Case Details
5.3.33
Verifying Entities in a Group
5.3.34
Exporting Linked Session for Further Analysis
5.3.35
Unlinking Linked Sessions
5.3.36
Saving Case Details for Later Reference, Portability and Offline Investigation
5.3.37
Using OAAM BI Publisher Reports for Investigation and Forensics
5.3.37.1
Session Activity Aggregates
5.3.37.2
Search Sessions By Case Disposition
5.4
Managing Cases
5.4.1
Searching for Agent Cases
5.4.2
Creating Agent Cases
5.4.2.1
Creating an Agent Case Manually
5.4.2.2
Creating a Case Like Another Agent Case
5.4.2.3
Search and Select and Create a New Case Feature
5.4.2.4
Setting Up OAAM to Create an Agent Case Automatically
5.4.3
Closing Multiple Cases
5.4.4
Changing Severity Level of a Case
5.4.5
Changing Status of a Case
5.4.5.1
Changing the Status of a Case Manually
5.4.6
Bulk-Editing Agent Cases
5.5
Best Practices and Recommendations
6
Viewing Additional Details for Investigation
6.1
Details Pages Overview
6.2
About Details Page Structure
6.3
Prerequisites for Viewing Details Pages
6.3.1
Multitenant Access
6.3.2
View Transactions in Session Details
6.4
Searching for Sessions
6.5
Exporting Sessions to a Microsoft Excel Spreadsheet
6.6
Adding to Group
6.6.1
Add to Group From Sessions
6.6.2
Add to Group from Details Pages
6.7
Using the Session Details Page
6.8
Looking at Events from a Higher Level with Session Details
6.8.1
Policy Explorer
6.8.2
Using Session Details to View Runtime Information
6.9
About Investigation and the Importance of Details Pages
6.10
Viewing Alerts
6.11
Using the User Details Page
6.11.1
User Details: Summary Tab
6.11.2
User Details: Groups Tab
6.11.3
User Details: Devices Tab
6.11.4
User Details: Locations Tab
6.11.5
User Details: Sessions Tab
6.11.6
User Details: Alerts Tab
6.11.7
User Details: Fingerprint Data
6.11.8
User Details: Policies Tab
6.11.9
User Details Tasks
6.11.9.1
View general user information, registration information, and profile information
6.11.9.2
View the actions performed by the user during registration
6.11.9.3
View statistics about the user
6.11.9.4
Search and view different devices used for a user to obtain additional information
6.11.9.5
Search and view the different user groups with which a user is associated
6.11.9.6
Search and view different locations used for a user to obtain additional information
6.11.9.7
Search and view all the alerts triggered and generated for the user
6.11.9.8
Search and view all the login sessions or search login sessions for a particular period for the user
6.11.9.9
View the rules run on the user
6.11.9.10
Search and view the fingerprints created for the user
6.11.9.11
Add user to user group
6.11.9.12
Create a new user group and add user to the newly created group
6.11.9.13
Remove user from user group
6.11.9.14
Navigate to other details pages for groups, alerts, devices, locations, sessions, policy, rules and fingerprints
6.12
Using the IP or Locations (Country, State, or City) Details Page
6.12.1
Location Details: Summary Tab
6.12.2
Location Details: Groups Tab
6.12.3
Location Details: Users Tab
6.12.4
Location Details: Devices Tab
6.12.5
Location Details: Alerts Tab
6.12.6
Location Details: Sessions Tab
6.12.7
Location Details: Fingerprints Tab
6.12.8
Location (Country, State, City, or IP) Details Tasks
6.12.8.1
View general information about the location
6.12.8.2
Search and view the different location groups to which a location is associated or belongs
6.12.8.3
Add location to existing location group
6.12.8.4
Create a location group and add location to it
6.12.8.5
Search and view the different users that logged in from the location obtain additional information
6.12.8.6
Search and view the different devices that logged in from the location obtain additional information
6.12.8.7
Search and view all the alerts triggered and generated for the location
6.12.8.8
Search and view all the login sessions or search login sessions for a particular period for the location
6.12.8.9
Search and view the fingerprints created for the location
6.12.8.10
Navigate to other details pages for groups, alerts, devices, users, sessions and fingerprints
6.13
Using the Device Details Page
6.13.1
Device Details: Summary Tab
6.13.2
Device Details: Groups Tab
6.13.3
Device Details: Users Tab
6.13.4
Device Details: Locations Tabs
6.13.5
Device Details: Alerts Tab
6.13.6
Device Details: Sessions Tab
6.13.7
Device Details: Fingerprint Data Tab
6.13.8
Device Details Tasks
6.13.8.1
View general information about the device
6.13.8.2
View flash and browser fingerprint information created for the device
6.13.8.3
Search and view the different device groups to which a device is associated or belongs
6.13.8.4
Add/Remove Device from a Device Group
6.13.8.5
Create a device group and add device to it
6.13.8.6
Search and view the different users that used the device to log in to obtain additional information
6.13.8.7
Search and view the different locations from which the device was used for log in to obtain additional information
6.13.8.8
Search and view all the alerts triggered and generated for the device
6.13.8.9
Search and view all the login sessions or search login sessions for a particular period for the device
6.13.8.10
Search and view the fingerprints created for the device
6.13.8.11
Navigate to other details pages for groups, alerts, users, locations, sessions and fingerprints
6.14
Using the Fingerprint Details Page
6.14.1
Fingerprint Details: Summary Tab
6.14.2
Fingerprint Details: Users Tab
6.14.3
Fingerprint Details: Devices Tab
6.14.4
Fingerprint Details: Locations Tab
6.14.5
Fingerprint Details: Sessions Tab
6.14.6
Fingerprint Details: Alerts Tab
6.14.7
Fingerprint Details Tasks
6.14.7.1
View digital fingerprint details
6.14.7.2
View browser fingerprint details
6.14.7.3
Search and view the different users for which the fingerprint was used
6.14.7.4
Search and view the different devices for which the fingerprint was used
6.14.7.5
Search and view the different locations for which the fingerprint was used
6.14.7.6
Search and view all the login sessions or search login sessions for a particular period for the fingerprint
6.14.7.7
Navigate to other details pages for users, devices, sessions and locations
6.15
Using the Alert Details Page
6.15.1
Alert Details: Summary Tab
6.15.2
Alert Details: Users Tab
6.15.3
Alert Details: Devices Tab
6.15.4
Alert Details: Locations Tab
6.15.5
Alert Details: Sessions Tab
6.15.6
Alerts Details: Fingerprint Data
6.15.7
Alert Details Tasks
6.15.7.1
View general information about the alert
6.15.7.2
View alert groups with which an alert is associated
6.15.7.3
Add alert from alert groups
6.15.7.4
Create an alert group and add an alert to it
6.15.7.5
Search and view the different users for which the alert was generated
6.15.7.6
Search and view the different devices for which the alert was generated
6.15.7.7
Search and view the different locations for which the alert was generated
6.15.7.8
Search and view all the login sessions or search login sessions for a particular period for the alert
6.15.7.9
Search and view the fingerprints created
6.15.7.10
Navigate to other details pages for groups, users, devices, locations, sessions and fingerprints
6.16
Using Session Details Scenarios
6.16.1
Searching Sessions Scenario
6.16.2
Using Session Details Page Scenario
6.16.3
Checking for Fraudulent Devices and Adding Them to a Group Scenario
6.16.4
Exporting the Sessions from the Last One Week
6.16.5
Using User Details, Fingerprint Details Scenario
6.16.6
Using Device and Location Details Scenario
6.16.7
Reviewing IP Details and Adding to Group Scenario
6.16.8
Viewing the Sessions from a Range of IP Addresses
6.16.9
Checking If a User Failed to Login From a Particular Device or IP
6.16.10
Checking If Users Logging In from This IP Used Spanish Browsers
6.16.11
Adding Devices Used for Fraud from a Location To a Risky Group Scenario
6.16.12
Adding Suspicious Device to High Risk Device Group Scenario
6.16.13
Marking Devices and IP Addresses as High Risk Scenario
6.16.14
Searching for Suspicious Sessions and Adding Devices to High Risk Group Scenario
6.16.15
Searching Sessions by Alert Message Scenario
6.16.16
Searching Sessions by Geography Scenario
6.16.17
Searching by Comma Separated Values Scenario
6.16.18
Exporting Rows from Search Sessions Results to Microsoft Excel Spreadsheet Scenario
6.16.19
Exporting Columns from Search Sessions Results to Microsoft Excel Spreadsheet Scenario
Part III Configuring and Managing Knowledge-Based Authentication and One-Time Password
7
Managing Knowledge-Based Authentication
7.1
Introduction and Concepts
7.1.1
Knowledge-Based Authentication
7.1.2
KBA User Flows
7.1.3
Registration
7.1.4
Challenge Response Process
7.1.5
Challenge Response Configuration
7.1.6
Challenge Questions
7.1.7
Question Set
7.1.8
Registration Logic
7.1.9
Validations
7.1.10
Answer Logic
7.1.11
Failure Counters
7.1.12
KBA Resets
7.1.12.1
Reset Challenge Questions
7.1.12.2
Reset Challenge Questions and the Set of Questions to Choose From
7.1.12.3
Increment User to the Next Question
7.1.12.4
Unlock a User
7.1.12.5
Ask Question (KBA Phone Challenge)
7.1.13
Disable Question and Category Logic
7.1.14
Locked Status
7.2
Accessing Configurations in KBA Administration
7.3
Setting Up KBA
7.3.1
Setting KBA Properties
7.3.1.1
Enabling KBA
7.3.1.2
Controlling the Listing of Questions
7.3.1.3
Randomizing KBA Questions
7.3.2
Importing the OAAM Snapshot
7.3.3
Linking Policies to User Groups
7.3.4
Configuring Registration and Challenge Actions
7.3.5
Creating New Categories
7.3.6
Creating New Questions
7.3.7
Configuring Registration of Challenge Questions
7.3.8
Configuring Question Answers Validation
7.3.9
Configuring Answer Logic
7.3.9.1
Common Response Errors
7.3.9.2
Level of Answer Logic
7.3.9.3
Configuring Answer Validation
7.4
Managing Challenge Questions
7.4.1
Searching for a Challenge Question
7.4.2
Viewing Question Details and Statistics
7.4.3
Creating a Question Like Another Question
7.4.4
Editing a Question
7.4.5
Importing Questions
7.4.6
Exporting Questions
7.4.7
Deleting a Question
7.4.8
Disabling a Question
7.4.9
Activating Questions
7.4.10
Deleting or Deactivating Challenge Questions (Migration)
7.5
Managing Validations in the System for Answer Registration
7.5.1
Using the Validations Page
7.5.2
Adding a New Validation
7.5.3
Editing an Existing Validation
7.5.4
Importing Validations
7.5.5
Exporting Validations
7.5.6
Deleting Validations
7.6
Managing Categories
7.6.1
Searching for a Category
7.6.2
Editing a Category
7.6.3
Deleting Categories
7.6.4
Activating Categories
7.6.5
Deactivating Categories
7.7
Deleting Global Validations In Registration Logic
7.8
Customizing English Abbreviations and Equivalences for Answer Logic
7.9
KBA Scenarios
7.9.1
Create Challenge Question Scenario
7.9.2
Setting Up KBA Registration Logic Scenario
7.9.3
CSR Authenticating a User by KBA Phone Challenge Scenario
7.9.4
KBA Question Edits
7.9.5
KBA Answer Logic Edits
7.10
KBA Guidelines and Recommended Requirements
7.10.1
How Often to Challenge Users
7.10.2
Designing Challenge Questions
7.10.3
Tips for Managing Questions
7.10.4
Answer Input Recommended Requirements
7.10.5
Other KBA Recommended Requirements
8
Setting Up OTP Anywhere
8.1
Introduction and Concepts
8.1.1
What is a One-Time Password?
8.1.2
About Out-of-Band OTP Delivery
8.1.3
How Does OTP Work?
8.1.4
OTP Failure Counters
8.1.5
Challenge Type
8.1.6
KBA vs. OTP
8.2
Quick Start
8.3
OTP Setup Roadmap
8.4
Prerequisites for Configuring OTP
8.4.1
Install SOA Suite
8.4.2
Configure the Delivery Channels
8.4.2.1
Email Driver
8.4.2.2
SMPP Driver
8.5
Setting Properties in OAAM for User Messaging Service (UMS) Integration
8.6
Enabling OTP Challenge
8.7
Enabling Registration and Preferences
8.8
Setting Up the Registration Page
8.8.1
Enabling the Opt-Out for OTP Registration and Challenge
8.8.2
Configuring Checkboxes and Fields on the Registration Pages
8.8.2.1
Configure Terms and Conditions Checkboxes
8.8.2.2
Configuring Text Fields on Registration and Preference Pages
8.9
Configuring Your Policies and Rules to Use OTP Challenge
8.10
Customizing OTP Registration Text and Messaging
8.10.1
Customizing Terms and Conditions
8.10.2
Customizing Mobile Input Registration Fields
8.10.3
Customizing Registration Page Messaging
8.10.4
Customizing Challenge Messaging
8.10.5
Customizing the OTP Messaging
8.11
Other Configuration Tasks
8.11.1
Configuring One-Time Password Expiry Time
8.11.2
Configure One-Time Password Generation
8.11.3
Configuring Failure Counter
8.11.4
Configuring Challenge Type Devices for OTP
9
KBA and OTP Challenges
9.1
Using KBA and OTP
9.2
Risk Range for KBA and OTP
9.3
KBA and OTP Scenarios
9.3.1
Always Challenge by Group
9.3.2
CSR OTP Profile Reset with High Risk Always Challenge by Group
9.3.3
Unregistered Low Risk User (Risk Score 500 or Below)
9.3.4
Registered Low Risk User (Risk Score 500 or Below)
9.3.5
Unregistered High Risk User (Risk Score Above 500)
9.3.6
Registered High Risk User (Risk Score Above 500)
9.3.7
Register High Risk Lockout
9.3.8
High Risk Exclusion
9.3.9
OTP Challenge with Multi-Bucket Patterns
Part IV Managing Policy Configuration
10
OAAM Policy Concepts and Reference
10.1
About Policies Available with OAAM
10.2
Basic Concepts
10.2.1
What Are Rules?
10.2.2
How Do Rules Work?
10.2.3
Security Administrator Role in Rule-Related Activity
10.2.4
What are Conditions?
10.2.5
What are Policies?
10.2.6
What are Action and Alerts?
10.2.7
What is a Policy Set?
10.2.8
What is a Scoring Engine?
10.2.9
What is a Score?
10.2.10
What is Weight?
10.2.11
What is Score Propagation?
10.2.12
How Does Risk Scoring Work?
10.2.13
What are Trigger Combinations?
10.2.14
How Do Trigger Combinations Work?
10.2.15
What are Nested Policies?
10.2.16
What is a Scoring Override?
10.2.17
What are Action and Alert Overrides?
10.2.18
What are Groups?
10.2.18.1
Using Groups
10.2.18.2
User Group Linking
10.2.18.3
Using Action and Alert Groups
10.3
About Rule Processing
10.3.1
Rules Engine
10.3.2
Order of Condition
10.3.3
Condition Evaluation
10.3.4
Checkpoints
10.3.5
Controlling the Application Flow
10.3.6
Messaging
10.3.7
Rule Processing Example: How the OAAM Device Max Velocity Rule Settings Work?
10.3.8
How "Then Trigger" Setting Works
10.3.9
Condition Evaluation Example: User: Velocity from Last Success
10.4
About OAAM Authentication, Password Management and Customer Care Flows
10.4.1
Authentication Flow
10.4.2
Forgot Password Flow
10.4.3
Reset Password (KBA-Challenge) Flow
10.4.4
Mobile Service Flows with OAAM
10.5
About OAAM Security and Autolearning Policies
10.5.1
Pre-Authentication Policies
10.5.1.1
OAAM Pre-Authentication
10.5.2
Device Identification Policies
10.5.2.1
OAAM Base Device ID Policy
10.5.2.2
OAAM Mobile Device ID Policy
10.5.3
Authentipad Policy
10.5.3.1
OAAM AuthentiPad
10.5.4
Post-Authentication Policies
10.5.4.1
OAAM Post-Authentication Security
10.5.4.2
OAAM Predictive Analysis
10.5.4.3
Autolearning (Pattern-Based) Policy: OAAM Does User Have Profile
10.5.4.4
Autolearning (Pattern-Based) Policy: OAAM Users vs. Themselves
10.5.4.5
Autolearning (Pattern-Based) Policy: OAAM Users vs. All Users
10.5.5
Registration Policies
10.5.5.1
OAAM Registration
10.5.6
Challenge Policies
10.5.6.1
OAAM Challenge
10.5.7
Customer Care Policies
10.5.7.1
OAAM Customer Care Ask Question
10.6
Use Cases
10.6.1
Use Case: WebZIP Browser
10.6.2
Use Case: IP Address Risky User OTP Challenge
10.6.3
Use Case: Anonymizer IP Address - From the Group
10.6.4
Use Case: Pattern Based Evaluation
11
Managing Policies, Rules, and Conditions
11.1
Familiarizing Yourself with OAAM Policies
11.2
About Discovery and Policy Development
11.2.1
Security Policy Development Process
11.2.1.1
Overview
11.2.1.2
Edit Policy: Research and Troubleshooting
11.2.1.3
New Policy: Discovery and Research
11.2.1.4
Edit Existing or Create New Policy: Requirements and Planning
11.2.1.5
Edit Existing or Create New Policy: Configuration
11.2.1.6
Edit Existing or Create New Policy: Testing
11.2.1.7
Edit Existing or Create New Policy: Deployment to Production
11.2.2
Discovery Process Overview
11.2.3
Example Scenario: Transaction Security
11.2.3.1
Problem Statement
11.2.3.2
Inputs Available
11.2.3.3
Evaluation
11.2.3.4
Outcomes
11.2.3.5
Translation
11.2.3.6
Alert
11.2.4
Example Scenario: Login Security
11.2.4.1
Problem Statement
11.2.4.2
Inputs Available
11.2.4.3
Evaluation
11.2.4.4
Outcome
11.2.4.5
Translation
11.2.4.6
Action
11.2.5
Evaluation and Deployment
11.3
Creating Policies
11.4
Linking a Policy to All Users or a User ID Group
11.5
Creating Rules
11.5.1
Starting the Rule Creation Process
11.5.2
Specifying General Rule Information
11.5.3
Configuring Preconditions
11.5.4
Adding Conditions to a Rule
11.5.5
Specifying Results for the Rule
11.5.6
Adding or Copying a Rule to a Policy
11.6
Setting Up Trigger Combinations
11.7
Using Groups in Policies, Rules, and Conditions
11.8
Managing Policies
11.8.1
Navigating to the Policies Search Page
11.8.2
Searching for a Policy
11.8.3
Viewing a Policy or a List of Policies
11.8.4
Viewing Policy Details
11.8.5
Editing a Policy's General Information
11.8.6
Activate/Disable Policies
11.8.7
Deleting Policies
11.8.8
Copying a Policy to Another Checkpoint
11.8.9
Copying a Rule to a Policy
11.8.10
Changing the Sequence of the Trigger Combination
11.8.11
Deleting a Trigger Combination
11.9
Managing Rules
11.9.1
Navigating to the Rules Search Page
11.9.2
Searching for Rules
11.9.3
Viewing More Details of a Rule
11.9.4
Editing Rules
11.9.5
Editing Rule Parameters
11.9.6
Activate/Disable Rule
11.9.7
Deleting Rules
11.9.8
Deleting Conditions from a Rule
11.10
Managing Conditions
11.10.1
Searching Conditions
11.10.2
Viewing the Condition Details of a Rule
11.10.3
Changing the Order of Conditions in a Rule
11.10.4
Deleting Conditions
11.11
Exporting and Importing
11.11.1
Exporting a Policy
11.11.2
Importing Policies
11.11.3
Importing a Policy With the Same Name as an Existing Policy
11.11.4
Importing Conditions
11.11.5
Exporting a Condition
11.12
Evaluating a Policy within a Rule
11.13
Best Practices
12
Managing Groups
12.1
About Groups
12.1.1
About Group Types
12.1.2
About Group Characteristics
12.1.3
About Group Usage
12.1.4
About the Group Create and Edit User Flows
12.2
Navigating to the Groups Search Page
12.3
Searching for a Group
12.4
Viewing Details about a Group
12.5
Creating a Group
12.5.1
Defining a Group
12.5.2
Adding Members to a Group
12.5.3
Adding ASN, Generic Integers, Generic Longs, Generic Strings, IP Carriers, Second-Level Domains, and Top Level Domains to a Group
12.5.4
Adding Cities, States, and Countries to a Group
12.5.4.1
Adding a City to a Cities Group
12.5.4.2
Adding a State to a States Group
12.5.4.3
Adding a Country to a Country Group
12.5.5
Adding IP Range, User ID, Devices, User Names, IP Addresses, and Internet Service Providers to a Group
12.5.5.1
Selecting an Element to Add as a Member to the Group
12.5.5.2
Creating an Element (Member) to Add to the Group
12.5.6
Adding Alerts to a Group
12.5.6.1
Selecting an Existing Alert to Add to the Alert Group
12.5.6.2
Creating a New Alert to Add to the Alert Group
12.5.7
Adding Authentication Status, Connection Type, Connection Speed, Routing Type, Transaction Status, and Actions to a Group
12.5.7.1
Selecting an Element to Add as a Member to the Group
12.5.7.2
Adding Actions to an Action Group
12.5.8
Adding an Entity to a Group
12.6
Managing Groups
12.6.1
Editing a Member of a Group
12.6.2
Removing Members of a Group
12.6.3
Removing a User from a User Group
12.6.4
Exporting and Importing a Group
12.6.4.1
Exporting a Group
12.6.4.2
Importing a Group
12.6.5
Deleting Groups
12.6.6
Updating a Group Directly
12.7
Use Cases
12.7.1
Use Case: Migration of Groups
12.7.2
Use Case: Create Alert Group and Add Members
12.7.3
Use Case: Remove User from Group
12.7.4
Use Case: Block Users from a Black-listed Country
12.7.5
Use Case: Company Wants to Block Users
12.7.5.1
Create Country Blacklist Policy (1): Create Fraudulent Country Policy and Rule
12.7.5.2
Create Country Blacklist Policy (2): Create Country Group
12.7.5.3
Create Country Blacklist Policy (3): Create Fraud High Alert Group
12.7.5.4
Create Country Blacklist Security Policy (4 of 5): Create Block Action Group
12.7.5.5
Create Country Blacklist Security Policy (5 of 5): Attach Groups to Fraudulent Country Rule
12.7.6
Use Case: Block Users from Certain Countries
12.7.7
Use Case: Allow Only Users from Certain IP Addresses
12.7.8
Use Case: Check Users from Certain Devices
12.7.9
Use Case: Monitor Certain Users
12.8
Best Practices
13
Managing the Policy Set
13.1
Introduction and Concepts
13.1.1
Policy Set
13.1.2
Action and Score Overrides
13.1.3
Before You Begin
13.2
Navigating to the Policy Set Details Page
13.3
Viewing Policy Set Details
13.4
Adding or Editing a Score Override
13.5
Adding or Editing an Action Override
13.6
Editing a Policy Set
13.7
Use Cases
13.7.1
Use Case: Policy Set - Overrides
13.7.2
Policy Set - Overrides (Order of Evaluation)
13.8
Best Practices for the Policy Set
14
Managing System Snapshots
14.1
Concepts
14.1.1
Snapshots
14.1.2
Snapshot Storage
14.1.3
Snapshot Metadata
14.1.4
Backup
14.1.5
Restore
14.1.6
How Restore Works
14.2
About the Limitations of Snapshots
14.3
Navigating to the System Snapshot Search Page
14.4
Searching for a Snapshot
14.5
Importing a Snapshot
14.6
Viewing Details of a Snapshot
14.7
Creating a Backup
14.7.1
Backing Up the Current System to the System Database
14.7.2
Backing Up the System Configuration in Database and File
14.7.3
Backing Up the Current System to a File
14.8
Restoring a Snapshot
14.8.1
Steps to Restore Selected Snapshot
14.8.2
Loading and Restoring a Snapshot
14.8.3
Snapshot Restore Considerations
14.8.3.1
Snapshot in Live System (Single Server)
14.8.3.2
Snapshot Restore in Multi-Server System (Connected to the Same Database)
14.8.3.3
Snapshot Restore in Multi-Server Running Different Versions
14.9
Deleting a Snapshot
14.10
Use Cases
14.10.1
System Snapshot Import/Export
14.10.2
Use Case: User Exports Policy Set as a Record for Research
14.10.3
Use Case: User Replaces Entire System
14.10.4
Use Case: User Identifies Policy Set to Import
14.11
Best Practices for Snapshots
Part V Autolearning
15
Managing Autolearning
15.1
Introduction and Concepts
15.1.1
Autolearning
15.1.2
Patterns
15.1.3
Member Types and Attributes
15.1.4
Buckets
15.1.5
Pattern Rules Evaluations
15.1.6
Bucket Population
15.2
Autolearning Properties
15.3
Pattern Attributes
15.4
Pattern Attributes Operators
15.4.1
For Each
15.4.2
Equals
15.4.3
Less Than
15.4.4
Greater Than
15.4.5
Less Than Equal To
15.4.6
Greater Than Equal To
15.4.7
Not Equal
15.4.8
In
15.4.9
Not In
15.4.10
Like
15.4.11
Not Like
15.4.12
Range
15.4.12.1
Fixed Range
15.4.12.2
Fixed Range with Steps (or Increment)
15.4.12.3
Upper Unbound Ranges with Steps
15.5
Quick Start for Enabling Autolearning for Your System
15.6
Before You Begin to Use Autolearning
15.6.1
Importing Base Authentication-Related Entities
15.6.2
Enabling Autolearning Properties
15.6.3
Importing Autolearning Policies into the Server
15.6.4
Using Autolearning in Native Integration
15.7
User Flows
15.7.1
Creating a New Pattern
15.7.2
Editing a Pattern
15.8
Navigating to the Patterns Search Page
15.9
Searching for a Pattern
15.10
Navigating to the Patterns Details Page
15.11
Viewing Pattern Details
15.11.1
Viewing Details of a Specific Pattern
15.12
Creating and Editing Patterns
15.12.1
Creating a Pattern
15.12.2
Adding Attributes
15.12.3
Activating and Deactivating Patterns
15.12.3.1
Activating Patterns
15.12.3.2
Deactivating Patterns
15.12.4
Editing the Pattern
15.12.5
Changing the Status of the Pattern
15.12.6
Adding or Changing Member Types
15.12.7
Changing the Evaluation Priority
15.12.8
Editing Attributes
15.12.9
Deleting Attributes
15.13
Importing and Exporting Patterns
15.13.1
Importing Patterns
15.13.2
Exporting Patterns
15.14
Deleting Patterns
15.15
Using Autolearning Data/Profiling Data
15.15.1
Create a Policy that Uses Autolearning Conditions
15.15.2
Associate Autolearning Condition with Policy
15.15.3
Check Session Details
15.16
Using Transaction-Based Patterns
15.17
Checking if Autolearning Pattern Analysis Functioning
15.18
Checking if Autolearning Rules are Functioning
15.19
Debugging Autolearning
15.20
Use Cases
15.20.1
Use Case: Challenge Users If Log In Different Time Than Normally
15.20.2
Use Case: Test a Pattern
15.20.3
Use Case: Track Off-Hour Access
15.20.4
Use Case: User Logs in During a Certain Time of Day More Than X Times
15.20.5
Use Case: Patterns Can have Multiple Member Types
15.20.6
Use Case: City Usage
15.20.7
Use Case: Autolearning Adapts to Behavior of Entities
15.20.8
Use Case: Single Bucket Pattern
15.20.9
Use Case: Using Pattern
15.20.10
Use Case: Logins from Out of State
15.20.11
Use Case: Wire Transfer Dollar Amount Pattern
15.20.12
Use Case: HR Employee Record Access Pattern per User
15.20.13
Use Case: HR Employee Record Access Pattern for All Users
15.20.14
Use Case: Shipping Address Country Pattern
15.20.15
Use Case: Shipping Address Country Pattern and Billing Mismatch
15.20.16
Use Case: Shipping Address Country IP Pattern
15.20.17
Use Case: Browser Locale Pattern
15.20.18
Use Case: Credit Card by Shipping Address Country Pattern
15.20.19
Use Case: Credit Card by Dollar Amount Range and Time Pattern
16
Managing Configurable Actions
16.1
Introduction and Concepts
16.1.1
Configurable Actions
16.1.2
Action Templates
16.1.3
Deploying a Configurable Action
16.2
Creating Configurable Actions
16.2.1
Define New Action Template
16.2.2
Use Existing Action Template
16.2.3
Create Action Instance
16.3
Navigating to the Action Templates Search Page
16.4
Searching for Action Templates
16.5
Viewing Action Template Details
16.6
Creating a New Action Template
16.7
Navigating to the Action Instances Search Page
16.8
Searching for Action Instances
16.9
Creating an Action Instance and Adding it to a Checkpoint
16.10
Creating a Custom Action Instance
16.11
Editing an Action Template
16.12
Exporting Action Templates
16.13
Importing Action Templates
16.14
Moving an Action Template from a Test Environment
16.15
Deleting Action Templates
16.16
Viewing a List of Configurable Action Instances
16.17
Viewing the Details of an Action Instance
16.18
Editing an Action Instance
16.19
Deleting an Existing Action Instance
16.20
Standard Configurable Actions
16.20.1
Defining CaseCreationAction
16.20.2
Defining AddItemtoListAction
16.20.3
Add to Group
16.20.4
Defining MoveItemBetweenLists Action
16.21
Use Cases
16.21.1
Use Case: Add Device to Black List
16.21.2
Add Device to Watch-list Action Example
16.21.3
Custom Configuration Action Example
16.21.4
Use Case: Create Case
17
Predictive Analysis
17.1
Important Terms
17.1.1
Predictive Analysis
17.1.2
Data Mining
17.1.3
ODM
17.1.4
Predictive Models
17.2
Prerequisites
17.3
Initial Setup
17.4
Rebuilding the ODM Models to Provide Feedback and Updating the Training Data
17.5
Evaluating the Policy
17.6
Tuning the Predictive Analysis Rule Conditions
17.7
Adding Custom Database Views
17.8
Adding Custom Grants
17.9
Adding the New ODM Models
17.10
Adding the Custom Input Data Mappings
17.10.1
When to Use
17.10.2
Using OAAM Attributes to Build a Custom Input Data Mapping
17.10.3
Using Custom Attributes to Build a Custom Input Data Mapping
Part VI Managing Transactions
18
Modeling the Transaction in OAAM
18.1
Introduction
18.2
Use Case
18.3
Set Up the Use Case
18.4
Determine How to Model the Transaction in OAAM in Terms of OAAM Entities and Transactions
18.5
After Creating Entities and Transaction Definitions
18.6
Healthcare Domain Deployment
19
Creating and Managing Entities
19.1
Concepts
19.2
Creating the Entity Definitions
19.2.1
Entity Elements
19.2.1.1
Data Elements
19.2.1.2
Display Element
19.2.1.3
ID Scheme
19.2.1.4
Linked Entities
19.2.1.5
Entity Key
19.2.2
Overview of Creating a Simple Entity Definition
19.2.3
Overview of Creating a Complex Entity Definition
19.2.4
Creating an Entity Definition
19.2.4.1
Initial Steps
19.2.4.2
Adding and Editing Data Elements
19.2.4.3
Selecting Elements for the ID Scheme
19.2.4.4
Specifying Data for the Display Scheme
19.2.4.5
Creating Associations to Reflect Relationships between Entities
19.2.4.6
Setting Up Entity Purging During Entity Creation
19.2.4.7
Activating Entities
19.2.5
What Happens When You Create an Entity Definition
19.3
Managing Entities
19.3.1
Managing Entity Associations
19.3.2
Searching for Entity Definitions
19.3.3
Viewing Details of a Specific Entity
19.3.4
Viewing Entity Usage
19.3.5
Editing the Entity
19.3.6
Removing or Unlinking Entities
19.3.7
Changing the Relationship Name
19.3.8
Importing and Exporting Entities
19.3.8.1
Exporting Entities
19.3.8.2
Importing Entities
19.3.9
Deactivating and Deleting Entities
19.3.9.1
Deactivating Entities
19.3.9.2
Deleting Entities
19.4
Setting Up Targeted Purging for Entity Data
19.5
Best Practices
20
Managing Transactions
20.1
Transaction Handling
20.2
Overview of Creating a Transaction Definition
20.3
Prerequisites for Performing Analysis on Transactions
20.4
Creating and Using Transaction Definitions
20.4.1
Open the Transactions Page
20.4.2
Create the Transaction Definition
20.4.3
Add an Existing Entity to the Transaction
20.4.4
Add a New Entity to the Transaction
20.4.5
Define Transaction Data for OAAM
20.4.6
Source Data for the Transaction from the Client's End
20.4.7
Map the Source Data
20.4.7.1
Mapping Transaction Data to the Source Data
20.4.7.2
Mapping Entities to the Source Data
20.4.7.3
Editing Mapping
20.4.8
Activate the Definition
20.4.9
Model a Policy
20.4.10
Configure Trigger Results
20.4.11
Integrate the Client Application
20.5
Managing Transaction Definitions
20.5.1
Searching for a Transaction Definition
20.5.2
Viewing Transaction Definitions
20.5.3
Editing a Transaction Definition
20.5.4
Deleting Transaction Definitions
20.5.5
Exporting Transaction Definitions
20.5.6
Importing Transaction Definition
20.5.7
Activating a Transaction Definition
20.5.8
Deactivating a Transaction Definition
20.6
Setting Targeted Purging for Transaction Data Per Transaction Definition
20.7
Mapping Values to Show Transaction Status in Session Details
20.8
Transaction Searches
20.9
OAAM Transaction Use Cases
20.9.1
Implementing a Transaction Use Case
20.9.2
Use Case: Transaction Frequency Checks
20.9.3
Use Case: Transaction Frequency and Amount Check against Suspicious Beneficiary Accounts
20.9.4
Use Case: Transaction Check Against Blacklisted Deposit and Beneficiary Accounts
20.9.5
Use Case: Transaction Pattern
Part VII OAAM Offline Environment
21
OAAM Offline
21.1
Concepts
21.1.1
What is OAAM Offline?
21.1.2
OAAM Offline Architecture
21.1.3
Jobs
21.1.4
What is a Load Job and How Do You Set One Up
21.1.5
What is a Run Job and How Do You Set One Up?
21.1.6
Load and Run Job
21.1.7
Data Loaders
21.1.8
Run Type
21.1.9
OAAM Offline User Interface
21.1.9.1
Dashboard Differences
21.1.9.2
Job Interface for Load, Run, and Load and Run
21.1.9.3
Job Queue
21.2
Access Control
21.3
Installation and Configuration of OAAM Offline System
21.3.1
Overview
21.3.2
Install OAAM Offline
21.3.3
Create the Offline Database Schema
21.3.4
Configure Database Connectivity
21.3.5
Log In to OAAM Offline
21.3.6
Environment Set Up
21.3.6.1
Import the Snapshot
21.3.6.2
Set Up Encryption and Database Credentials for Oracle Adaptive Access Manager
21.3.6.3
Enable Autolearning
21.3.6.4
Enable Configurable Actions
21.3.6.5
Import IP Location Data
21.3.6.6
Configure How Checkpoint Data Is Handled in Load and Run Jobs
21.4
Scheduling Jobs
21.5
Testing Policies and Rules
21.5.1
New Deployment Using OAAM Offline
21.5.2
Existing Deployment Using OAAM Offline
21.6
What to Expect in OAAM Offline
21.7
Monitoring OAAM Offline
21.7.1
Using Dashboard to Monitor the Loader Process
21.7.2
Enable Rule Logging
21.7.3
Database Query Logs for Performance Monitoring
21.7.4
Oracle Adaptive Access Manager Server Logs
21.7.5
Database Tuning
21.7.6
Manageability
21.8
Loading from Non-Oracle or Non-Microsoft Server SQL Server Database
21.8.1
Specifying Offline Loader Database Platforms for Non-Oracle or Non-Microsoft Server SQL Server Databases
21.8.2
Creating a View of a Non-OAAM Database
21.8.2.1
The OAAM_LOAD_DATA_VIEW
21.8.2.2
Schema Examples
21.9
Changing the Checkpoints to Run
21.10
Migration
21.11
Use Cases
21.11.1
Use Case: Upgrading a Deployment with Multiple Scheduled Jobs
21.11.2
Use Case: Configure a Solution to Run Risk Evaluations Offline
21.11.3
Use Case: Run Login Analysis on the Same Data Multiple Times (Reset Data)
21.11.4
Use Case: Monitor Data Rollup
21.11.5
Use Case: Consolidation of the Dashboard Monitor Data
21.11.6
Use Case: Load Transactional Data and Run Risk Evaluations from Multiple Sources
21.11.7
Use Case: Using OAAM Offline (Standard Loading)
21.12
Best Practices
21.12.1
Configuring Worker/Writer Threads
21.12.2
Database Server with Good I/O Capability
21.12.3
Database Indexes
21.12.4
Setting Memory Buffer Size
21.12.5
Quality of Input Data
21.12.6
Configuring Device Data
21.12.7
Availability
21.12.8
OAAM Loader vs. File-based and Custom Loaders
21.12.9
Custom Loader Usage
Part VIII Scheduling Jobs
22
Scheduling and Processing Jobs in OAAM
22.1
Access Control
22.2
Introduction to OAAM Jobs
22.2.1
Job Interface
22.2.2
Job Queue
22.2.3
Searching for Jobs
22.3
Launching the Job Creation Wizard
22.3.1
Create Job: General
22.3.2
Create Job: Load Details (for Load and Load and Run Jobs)
22.3.3
Create Job: Run Details (for Run and Load and Run Jobs)
22.3.4
Create Job: Data Filters
22.3.5
Create Job: Schedule
22.3.5.1
Job Priority
22.3.5.2
Schedule Type
22.3.5.3
Cancel Time
22.3.6
Create Job: Summary
22.4
Creating Jobs
22.4.1
Creating Load Jobs
22.4.1.1
Selecting Load Job Type and Providing Job Details
22.4.1.2
Providing Load Details for Custom Loader
22.4.1.3
Providing Load Details for OAAM Data Loader
22.4.1.4
Specifying to Load All Data Created After a Given Date
22.4.1.5
Specifying to Load Data Created within a Date Range
22.4.1.6
Scheduling a Load Job that Runs Once
22.4.1.7
Scheduling a Load Job that Runs on a Regular Basis (Recurring)
22.4.1.8
Checking the Summary Details of Load Job
22.4.2
Creating Run Jobs
22.4.2.1
Selecting Run Job Type and Providing Job Details
22.4.2.2
Choosing Default or Custom Run as Run Type
22.4.2.3
Specifying Which Set of Records to Analyze
22.4.2.4
Scheduling Analysis to Run
22.4.2.5
Checking the Summary Details of the Run Job
22.4.3
Creating Load and Run Jobs
22.4.3.1
Selecting Load and Run Job Type and Providing Details
22.4.3.2
Selecting Loader Type for Load and Run Job
22.4.3.3
Specifying Data Filters for Load and Run Job
22.4.3.4
Scheduling a Load and Run Job that Runs Once
22.4.3.5
Scheduling a Load and Run Job that Runs on a Regular Basis (Recurring)
22.4.3.6
Checking the Summary Details of the Load and Run Job
22.4.4
Creating Monitor Data Rollup Jobs
22.4.4.1
About Monitor Data Rollup Jobs
22.4.4.2
Selecting Monitor Data Rollup Type and Providing Details
22.4.4.3
Specifying Rollup Unit and Cutoff Time
22.4.4.4
Scheduling a Monitor Data Rollup Job that Runs Once
22.4.4.5
Scheduling a Monitor Data Rollup that Runs on a Regular Basis (Recurring)
22.4.4.6
Checking the Summary Details of the Monitor Data Rollup
22.5
Managing Jobs
22.5.1
About Running Jobs
22.5.1.1
Bulk Risk Analytics Job Execution
22.5.1.2
Run Data Reset
22.5.1.3
Group Populations
22.5.1.4
Pattern Buckets and Memberships
22.5.1.5
Actions, Alerts, Scores
22.5.2
Notes About Rescheduling Jobs
22.5.3
Processing a Job Immediately
22.5.4
Pausing a Job
22.5.5
Resuming a Paused Job
22.5.6
Canceling a Job
22.5.7
Enabling Jobs
22.5.8
Disabling Jobs
22.5.9
Deleting Jobs
22.5.10
Viewing Job Details
22.5.11
Viewing Instances of a Job
22.5.12
Viewing the Job Log
22.5.13
Viewing and Sorting the Job Queue
22.5.13.1
Viewing the Job Queue
22.5.13.2
Sorting the Job Queue
22.6
Editing Jobs
22.6.1
Editing Jobs
22.6.2
Editing the Monitor Data Rollup
22.7
Migration
22.8
Use Cases
22.8.1
Use Case: Load OAAM Login Data and Run Checkpoints on a Recurring Basis
22.8.2
Use Case: Load Transaction Data and Run Checkpoints on a Recurring Basis
22.8.3
Use Case: Create a Job for Immediate Execution
22.8.4
Use Case: Create a Job for Future Execution
22.8.5
Use Case: Create a Job With Recurring Execution
22.8.6
Use Case: View the Job Queue
22.8.7
Use Case: View the Logs from a Job Execution
22.8.8
Use Case: Check If the Job Ran Successfully
22.8.9
Use Case: View the Order of Execution of Jobs
Part IX Reporting and Auditing
23
Monitoring OAAM Administrative Functions and Performance
23.1
Monitoring Performance Data and Administrative Functions Using the Oracle Adaptive Access Manager Dashboard
23.1.1
What is a Dashboard?
23.1.2
Common Terms and Definitions
23.1.3
Navigation
23.1.4
Using the Dashboard in Oracle Adaptive Access Manager
23.1.4.1
Performance
23.1.4.2
Summary
23.1.4.3
Dashboards
23.2
Monitoring Performance Using the Dynamic Monitoring System
23.2.1
Login Information (Counts Only)
23.2.2
Rules Engine Execution Information (Count and Time Taken to Execute)
23.2.3
APIs Execution Information (Count and Time Taken to Execute)
23.3
Monitoring Performance Data and Administrative Functions Using Fusion Middleware Control
23.3.1
Displaying the Fusion Middleware Control
23.3.2
Displaying Base Domain 11
g
Farm Page
23.3.3
Oracle Adaptive Access Manager Cluster Home Page
23.3.4
Oracle Adaptive Access Manager Server Home Page
23.4
Use Cases
23.4.1
Use Case: Trend Rules Performance on Dashboard
23.4.2
Use Case: View Current Activity
23.4.3
Use Case: View Aggregate Data
23.4.4
Use Cases: Additional Security Administrator and Fraud Investigator Use Cases
23.4.5
Use Cases Additional Business Analyst Use Cases
23.4.6
Use Case: Viewing OTP Performance Data
24
Reporting and Auditing
24.1
Configuring OAAM Reports
24.1.1
What is Oracle BI Publisher?
24.1.2
Setting Up Oracle BI Publisher for OAAM Reports and Fusion Middleware Audit
24.1.2.1
Acquiring and Installing Oracle BI Publisher
24.1.2.2
Copying OAAM Reports to the Reporting Database
24.1.2.3
Set Up the Data Source for OAAM Reports
24.1.3
Viewing/Running Reports
24.1.4
Setting Preferences
24.1.5
Adding Translations for the Oracle BI Publisher Catalog and Reports
24.1.6
Localizing Reports
24.1.7
Scheduling a Report
24.1.8
OAAM Reports
24.1.8.1
Common Reports
24.1.8.2
Devices Reports
24.1.8.3
KBA Reports
24.1.8.4
Location Reports
24.1.8.5
Performance Reports
24.1.8.6
Security Reports
24.1.8.7
Summary Reports
24.1.8.8
Users Reports
24.1.9
Creating Custom OAAM Reports
24.1.9.1
Creating a Data Model
24.1.9.2
Mapping User Defined Enum Numeric Type Codes to Readable Names
24.1.9.3
Adding Lists of Values
24.1.9.4
Adding Geolocation Data
24.1.9.5
Adding Sessions and Alerts
24.1.9.6
Example
24.1.9.7
Adding Layouts to the Report Definition
24.1.10
Building OAAM Transactions Reports
24.1.10.1
Getting Entities and Transactions Information
24.1.10.2
Discovering Entity Data Mapping Information
24.1.10.3
Discovering Transaction Data Mapping Information
24.1.10.4
Building Transaction Reports
24.2
Auditing OAAM Events
24.2.1
Introduction to Auditing
24.2.2
About Audit Record Storage
24.2.3
Oracle Adaptive Access Manager Events You Can Audit
24.2.3.1
Customer Care Events
24.2.3.2
KBA Questions Events
24.2.3.3
Policy Management Events
24.2.3.4
Policy Set Management Events
24.2.3.5
Group/List Management Events
24.2.3.6
Pattern Management Events
24.2.3.7
Dynamic Action Management Events
24.2.3.8
Entity Management Events
24.2.3.9
Transaction Management Events
24.2.3.10
Snapshot Management Events
24.2.3.11
OAAM Server Administration Events
24.2.3.12
User Detail Events
24.2.3.13
Import Events
24.2.4
Setting Up Auditing for Oracle Adaptive Access Manager
24.2.4.1
Create the Audit Schema using Repository Creation Utility
24.2.4.2
Configure a Data Source for the Audit Database
24.2.4.3
Enable Auditing
24.2.4.4
Set Up Oracle Business Intelligence Publisher Audit Reports
24.2.4.5
Restart the WebLogic Server
24.2.5
Generate Fusion Middleware Audit Framework Reports
24.2.6
Run the Fusion Middleware Common User Activities Reports
24.2.7
Set Up Audit Report Filters
24.2.8
Configure Scheduler in Oracle Business Intelligence Publisher
24.2.9
Design and Create Custom Reports
24.3
Use Cases
24.3.1
Use Case: BIP Reports
24.3.1.1
Description
24.3.1.2
Steps
24.3.2
Use Case: LoginSummary Report
Part X Deployment Management
25
Using the Properties Editor
25.1
Navigating to the Properties Search Page
25.2
Searching for a Property
25.3
Viewing the Value of a Property
25.4
Viewing Enumerations
25.5
Creating a New Database Type Property
25.6
Editing the Values for Database and File Type Properties
25.7
Deleting Database Type Properties
25.8
Exporting Database and File Type Properties
25.9
Importing Database Type Properties
25.10
Editing Enums in the Property Editor
Part XI Command-Line Interface
26
Oracle Adaptive Access Manager Command-Line Interface Scripts
26.1
CLI Overview
26.2
Using CLI
26.2.1
Obtaining Usage Information for Import or Export
26.2.2
Command-Line Options
26.2.2.1
What is the Syntax for Commands?
26.2.2.2
CLI Parameters
26.2.2.3
Supported Modules for Import and Export
26.2.2.4
Import of Files
26.2.2.5
Export of Files
26.2.2.6
Import Options
26.2.2.7
Importing Multiple Types of Entities in One Transaction
26.2.2.8
Multiple Modules and Extra Options (Common vs. Specific)
26.2.2.9
Transaction Handling
26.2.2.10
Upload Location Database
26.3
Importing IP Location Data
26.3.1
Loading the Location Data to the Oracle Adaptive Access Manager Database
26.3.1.1
Setting Up for SQL Server Database
26.3.1.2
Setting Up IP Location Loader Properties
26.3.1.3
Setting Up for Loading MaxMind IP data
26.3.1.4
Setting Up Encryption
26.3.1.5
Loading Location Data
26.3.2
System Behavior
26.3.3
Quova/Neustar File Layout
26.3.3.1
Routing Types Mapping
26.3.3.2
Connection Types Mapping
26.3.3.3
Connection Speed Mapping
26.3.4
Oracle Adaptive Access Manager Tables
26.3.4.1
Anonymizer
26.3.4.2
Tables in Location Loading
26.3.5
Verifying When the Loading was a Success
26.3.6
Troubleshooting Tip on Loading IP Location Data
Part XII Multitenancy
27
Multitenancy Access Control for CSR and Agent Operation
27.1
Multitenancy Access Control
27.2
Mapping of Application ID (Client-Side) to Organization ID (Administration Side)
27.3
Set Up Access Control for Multitenancy
27.3.1
Set Access Control for Multitenancy
27.3.2
Providing CSR Access to Particular Organizations
27.3.2.1
Using WebLogic
27.3.2.2
Adding Users and Groups to Oracle Internet Directory
27.3.2.3
Adding Users and Groups in the LDAP Store
27.4
What to Expect
27.5
Multitenancy Access Control Use Case
27.5.1
CSR and CSR Manager Access Controls
27.5.2
Agent Access Controls
27.5.3
CSR Case API Data Access Controls
27.6
Troubleshooting/FAQ
27.6.1
I thought I had set up multitenancy access control but CSRs and Investigators still have access to all cases
27.6.2
I have set up multitenancy access control and I have verified that the property is set to true but the CSRs and Investigators are able to access to all cases
27.6.3
Are Security and System Administrators affected when I set up multitenancy access control?
27.6.4
Can CSRs and Investigators have access to multiple organizations?
27.6.5
Can I limit access of a CSR or Investigator to certain organizations even though he had access before?
27.6.6
My CSRs and Investigators have no access to cases. What is wrong?
Part XIII Troubleshooting
28
Performance Considerations and Best Practices
28.1
Performance Troubleshooting
28.2
Performance Monitoring and Troubleshooting Tools
28.3
Performance Best Practices
28.3.1
Policies and Rules
28.3.2
Logging
28.3.3
Database
28.3.4
Memory
28.3.5
Network
28.3.6
Hardware
29
FAQ/Troubleshooting
29.1
Techniques for Solving Complex Problems
29.1.1
Simple Techniques
29.1.2
Divide and Conquer
29.1.3
Rigorous Analysis
29.1.4
Process Flow of Analysis
29.1.4.1
State the Problem
29.1.4.2
Specify the Problem
29.1.4.3
What It Never Worked
29.1.4.4
IS and IS NOT but COULD BE
29.1.4.5
Develop Possible Causes
29.1.4.6
Test Each Candidate Cause Against the Specification
29.1.4.7
Confirm the Cause
29.1.4.8
Failures
29.2
Troubleshooting Tools
29.3
Policies, Rules, and Conditions
29.4
Groups
29.5
Autolearning
29.6
Configurable Actions
29.7
Entities and Transactions
29.8
KBA
29.9
Case Management
29.10
Jobs
29.11
Dashboard
29.12
Command-Line Interface
29.13
Import/Export
29.14
Location Loader
29.15
Device Registration
29.16
Time Zones
29.17
Encryption
29.18
Localization
29.19
Using Different Encryption Algorithms and Adding New Encryption Extensions
29.20
Virtual Authentication Devices
29.20.1
Timeout Session Option in Oracle WebLogic
29.21
OAAM Schema
29.22
Upgrades
29.23
OAAM Sessions are Not Recorded When IP Address from Header is an Invalid IP Address
Part XIV Appendixes
A
Using OAAM
A.1
Investigation - Alert Centric Flow
A.2
Investigation - Session Centric Flow
A.3
Investigation - Auto-generated Agent Case Flow
A.4
Escalated Agent Case
A.5
Search Transactions: Add Filter 1
A.6
Search Transactions: Add Filter 2
A.7
Wire Transfer Dollar Amount Pattern
A.8
Shipping Address Country Pattern and Billing Mismatch
A.9
Browser Locale Pattern
A.10
Credit Card by Shipping Address Country Pattern
A.11
Linked Entities
B
Conditions Reference
B.1
Available Conditions
B.2
Descriptions
B.3
Autolearning Conditions
B.3.1
Pattern (Authentication): Entity is Member of Pattern Bucket for First Time in Certain Time Period
B.3.2
Pattern (Authentication): Entity is a Member of the Pattern Less Than Some Percent of Time
B.3.3
Pattern (Authentication): Entity is a Member of the Pattern Bucket Less Than Some Percent with All Entities in the Picture
B.3.4
Pattern (Authentication): Entity is Member of Pattern N Times
B.3.5
Pattern (Authentication): Entity is a Member of the Pattern N Times in a Given Time Period
B.3.6
Pattern (Transaction): Entity is Member of Pattern N Times
B.3.7
Pattern (Transaction): Entity is a Member of the Pattern N Times in a Given Time Period
B.3.8
Pattern (Transaction): Entity is a Member of the Pattern Bucket for the First Time in a Certain Time Period
B.3.9
Pattern (Transaction): Entity is a Member of the Pattern Less Than Some Percent of Time
B.3.10
Pattern (Transaction): Entity is a Member of the Pattern Bucket Less than Some Percent with All Entities in the Picture
B.3.11
Pattern (Transaction): Entity is Member of Pattern X% More Frequently All Entities' Average Over Last N Time Periods
B.3.12
Pattern (Transaction): Entity is Member of Pattern X% More Frequently Than Entity's Average Over Last N Time Periods
B.4
Device Conditions
B.4.1
Device: Browser Header Substring
B.4.2
Device: Check if Device is of Given Type
B.4.3
Device: Device First Time for User
B.4.4
Device: Excessive Use
B.4.5
Device: In Group
B.4.6
Device: Is Registered
B.4.7
Device: Timed Not Status
B.4.8
Device: Used Count for User
B.4.9
Device: User Count
B.4.10
Device: User Status Count
B.4.11
Device: Velocity from Last Login and Ignore IP Group
B.4.12
Device: Check if Device is Using Mobile Browser
B.5
Location Conditions
B.5.1
Location: ASN in Group
B.5.2
Location: in City Group
B.5.3
Location: In Carrier Group
B.5.4
Location: In Country Group
B.5.5
Location: IP Connection Type in Group
B.5.6
Location: IP in Range Group
B.5.7
Location: IP Line Speed Type
B.5.8
Location: IP Maximum Users
B.5.9
Location: IP Routing Type in Group
B.5.10
Location: Is IP from AOL
B.5.11
Location: In State Group
B.5.12
Location: IP Connection Type
B.5.13
Location: IP Maximum Logins
B.5.14
Location: IP Excessive Use
B.5.15
Location: Timed Not Status
B.5.16
Location: IP in Group
B.5.17
Location: Domain in Group
B.5.18
Location: IP Connection Speed in Group
B.5.19
Location: ISP in Group
B.5.20
Location: Top-Level Domain in Group
B.5.21
Location: IP Multiple Devices
B.5.22
Location: IP Routing Type
B.5.23
Location: IP Type
B.5.24
Location: User Status Count
B.6
Session Conditions
B.6.1
Session: Check Parameter Value
B.6.1.1
Session: Check Parameter Value Parameters
B.6.1.2
Example Usage
B.6.2
Session: Check Parameter Value in Group
B.6.3
Session: Check Parameter Value for Regular Expression
B.6.3.1
Session: Check Parameter Value for Regular Expression Parameters
B.6.3.2
Example Usage
B.6.4
Session: Check Two String Parameter Values
B.6.5
Session: Check String Value
B.6.5.1
Session: Check String Value Parameters
B.6.5.2
Example Usage
B.6.6
Session: Time Unit Condition
B.6.7
Session: Compare Two Parameter Values
B.6.8
Session: Check Current Session Using the Filter Conditions
B.6.9
Session: Check Risk Score Classification
B.6.10
Session: Cookie Mismatch
B.6.11
Session: Mismatch in Browser Fingerprint
B.6.12
Session: Compare with Current Date Time
B.6.13
Session: IP Changed
B.6.14
Session: Check Value in Comma Separated Values
B.7
System Conditions
B.7.1
System - Check Boolean Property
B.7.1.1
System - Check Boolean Property Parameters
B.7.1.2
Example Usage
B.7.2
System - Check Enough Pattern Data
B.7.3
System - Check If Enough Data is Available for Any Pattern
B.7.4
System - Check Integer Property
B.7.5
System - Check Request Date
B.7.6
System - Check String Property
B.8
Transactions Conditions
B.8.1
About Duration Types
B.8.2
Transaction: Check Count of Any Entity or Element of a Transaction Using Filter Conditions
B.8.3
Transaction: Check Current Transaction Using Filter Condition
B.8.4
Transaction: Check if Consecutive Transactions in Given Duration Satisfy the Filter Conditions
B.8.5
Transaction: Check Number of Times Entity Used in Transaction
B.8.6
Transaction: Check Transaction Aggregrate and Count Using Filter Conditions
B.8.7
Transaction: Check Transaction Count Using Filter Condition
B.8.8
Transaction: Compare Transaction Aggregrates (Sum/Avg/Min/Max) Across Two Different Durations
B.8.9
Transaction: Compare Transaction Counts Across Two Different Durations
B.8.10
Transaction: Compare Transaction Entity/Element Counts Across Two Different Durations
B.8.11
Transaction: Check Unique Transaction Entity Count with the Specified Count
B.9
User Conditions
B.9.1
User: Stale Session
B.9.2
User: Devices Used
B.9.3
User: Check If Devices Of Certain Type Are Used
B.9.4
User: Check Number of Registered Devices Of Given Type
B.9.5
User: Velocity from Last Success
B.9.6
User: Velocity from Last Successful Login
B.9.7
User: Velocity from Last Successful Login within Limits
B.9.8
User: Distance from Last Successful Login
B.9.9
User: Distance from Last Successful Login within Limits
B.9.10
User: Authentication Image Assigned
B.9.11
User: Authentication Mode
B.9.12
User: Status Count Timed
B.9.13
User: Challenge Timed
B.9.14
User: Challenge Channel Failure
B.9.15
User: Challenge Questions Failure
B.9.16
User: Challenge Failure - Minimum Failures
B.9.17
User: Challenge Maximum Failures
B.9.18
User: Challenge Failure Is Last Challenge Before
B.9.19
User: Check OTP Failures
B.9.20
User: Multiple Failures
B.9.21
User: In Group
B.9.22
User: Login in Group
B.9.23
User: User Group in Group
B.9.24
User: Action Count
B.9.25
User: Action Count Timed
B.9.26
User: Check Last Session Action
B.9.27
User: Account Status
B.9.28
User: Client And Status
B.9.29
User: Question Status
B.9.30
User: Image Status
B.9.31
User: Phrase Status
B.9.32
User: Preferences Configured
B.9.33
User: Check Information
B.9.34
User: Check User Data
B.9.35
User: User Agent Percentage Match
B.9.36
User: Is User Agent Match
B.9.37
User: Check Fraudulent User Request
B.9.38
User: Check Anomalous User Request
B.9.39
User: User is Member of Pattern N Times
B.9.40
User: User Country for First Time
B.9.41
User: Country First Time for User
B.9.42
User: Country First Time from Group
B.9.43
User: User State for First Time
B.9.44
User: State First Time for User
B.9.45
User: User City for First Time
B.9.46
User: City First Time for User
B.9.47
User: Login for First Time
B.9.48
User: IP Carrier for First Time
B.9.49
User: User IP for First Time
B.9.50
User: User ISP for First Time
B.9.51
User: Check First Login Time
B.9.52
User: ASN for First Time
B.9.53
User: User Carrier for First Time
B.9.54
User: Maximum Countries
B.9.55
User: Maximum States
B.9.56
User: Maximum Cities
B.9.57
User: Maximum Locations Timed
B.9.58
User: Maximum IPs Timed
B.9.59
User: Country Failure Count for User
B.9.60
User: Check Login Count
B.9.61
User: Last Login Status
B.9.62
User: Last Login within Specified Time
B.9.63
User: Check Login Time
B.9.64
User: Login Time Between Specified Times
B.9.65
User: Is Last IP Match with Current IP
B.9.66
User: Location Used Timed
B.9.67
User: Checkpoint Score
C
OAAM Properties
C.1
OAAM Properties
C.1.1
Access Manager and Oracle Adaptive Access Manager Integration
C.1.2
Agent Cases Properties
C.1.3
Autolearning Properties
C.1.4
Configurable Action Properties
C.1.5
Cookie Properties
C.1.6
Customer Care Properties
C.1.7
Database Activity
C.1.8
Device Registration Properties
C.1.9
Digital Fingerprint Properties
C.1.10
Encrypted Data Masking Properties
C.1.11
Encryption
C.1.12
Entities and Transactions Properties
C.1.13
Fuzzy Logic
C.1.14
Groups Properties
C.1.15
Investigation Properties
C.1.16
KBA Properties
C.1.17
Mobile Properties
C.1.18
Offline Scheduler Properties
C.1.19
OTP Properties
C.1.20
Performance
C.1.21
Policies, Rules, and Conditions Properties
C.1.22
Properties Editor Properties
C.1.23
Proxy Properties
C.1.24
SOAP Configuration Properties
C.1.25
Status: Account Status Properties
C.1.26
Status: Authentication Status
C.1.27
Step-up Authentication Properties
C.1.28
Time Zone Properties
C.1.29
User Interface Properties
C.1.30
Virtual Authentication Devices Properties
C.2
Enumerations
C.2.1
Adding a New Case Status
C.2.2
Adding New Alert Levels
C.2.3
Adding Canned Notes to Case Status
C.2.4
Adding New Case Severity
C.2.5
Configuring Auto Change for Case Status
C.2.6
Configuring Expiry Behavior for CSR Cases
C.2.6.1
Disable Expiry Behavior for CSR Cases
C.2.6.2
Set Expiry Behavior of CSR Cases
C.2.7
Configuring Expiry Behavior for Agent Cases
C.2.7.1
Disable Expiry Behavior for Agent Cases
C.2.7.2
Set Expiry Behavior for Agent Cases
C.2.8
Configuring Agent Case Access
D
Setting Up Archive and Purge Procedures
D.1
Overview
D.2
Setting Up the Scripts in Database
D.2.1
Non-EBR Schema
D.2.2
EBR Schema
D.3
Running the Archive and Purge Scripts
D.4
Running Partition Maintenance Scripts
D.4.1
Dropping Weekly Partitions
D.4.2
Dropping Monthly Partitions
D.5
Minimum Data Retention Policy for OLTP (Online Transaction Processing) Tables
D.6
Best Practices/Guidelines for Running Purge Scripts
D.7
Details of Data that is Archived and Purged
D.7.1
Login and Device Data
D.7.2
Rules and Policy Log Data
D.7.3
Transactions and Entities Data
D.7.4
Autolearning Data
D.7.5
Profile Data
D.7.6
Cases-Related Data
D.7.7
Monitor Data
D.8
List of Related Stored Procedures
E
Device Fingerprinting and Identification
E.1
OAAM Device Fingerprinting
E.1.1
Fingerprinting Types
E.1.1.1
Web Browser-Based Fingerprinting
E.1.1.2
Flash Fingerprinting
E.1.1.3
Mobile Device Fingerprinting
E.1.1.4
Custom Client Fingerprinting
E.1.2
What Makes Up a Device Fingerprint?
E.1.2.1
Secure Cookie and Browser Characteristics
E.1.2.2
Flash Shared Object and Device Characteristics
E.1.2.3
Native Mobile Application
E.1.2.4
IP Intelligence and Historical Context
E.1.3
Setting Up Standard Fingerprinting
E.1.4
Native Integration and Device Fingerprinting
E.1.5
Setting Up Flash Fingerprinting in a Native Integration
E.1.6
Setting Up Custom Fingerprinting
E.1.7
Modifying the Mobile Device Fingerprint in a Native Integration
E.1.8
Viewing Fingerprinting Data
E.1.8.1
Session Details
E.1.8.2
User Details: Fingerprint Data
E.1.8.3
Location Details: Fingerprints Tab
E.1.8.4
Device Details
E.1.8.5
Fingerprint Details Page
E.1.8.6
Alerts Details: Fingerprint Data
E.2
Device Identification
E.2.1
Assigning the Device ID
E.2.2
Device Identification Policies
E.2.2.1
OAAM Base Device ID Policy
E.2.2.2
OAAM Mobile Device ID Policy
E.2.2.3
OAAM Device ID Policy
E.2.3
Native Integration and Device ID
E.2.4
Extending Device Identification
E.2.4.1
Prerequisites
E.2.4.2
Developing a Custom Device Identification Extension
E.2.4.3
Overview of Interactions
E.2.4.4
Compile, Assemble and Deploy
E.2.4.5
Important Note About Implementing the Extension
E.3
Use Cases
E.4
Device Fingerprinting Troubleshooting
E.5
Device Identification and Fingerprinting Frequently Asked Questions
E.5.1
Custom Attribute Use Cases
E.5.1.1
Custom Attribute Available
E.5.1.2
Custom Attribute Not Available and Flash Not Installed
E.5.1.3
Custom Attribute Search
E.5.1.4
Flash cookie Cleared
E.5.1.5
Secure Cookies Deleted?
F
Globalization Support
F.1
Supported Languages
F.2
Dashboard
F.3
Knowledge-Based Authentication
F.3.1
Answer Logic Phonetics Algorithms
F.3.2
Keyboard Fat Fingering
F.3.3
Adding Registration Questions
G
OAAM Access Roles
G.1
Understanding Users and Roles for OAAM
G.2
CSR (OAAMCSRGroup)
G.3
CSR Managers (OAAMCSRManagerGroup)
G.4
Fraud Investigator (OAAMInvestigatorGroup)
G.5
Fraud Investigation Managers (OAAMInvestigationManagerGroup)
G.6
Security Administrator (OAAMRuleAdministratorGroup)
G.7
System Administrator (OAAMEnvAdminGroup)
G.8
OAAMSOAPServicesGroup
G.9
Auditor
H
Pattern Processing
H.1
Pattern Data Processing
H.2
APIs for Triggering Pattern Data Processing
H.2.1
updateTransaction
H.2.2
updateAuthStatus
H.2.3
processPatternAnalysis
I
Configuring SOAP Web Services Access
I.1
Web Services Access
I.2
Requirements
I.3
Configuring SOAP Web Services Access Overview
I.4
Enabling Web Services Authentication
I.5
Creating User and Group
I.6
Configuring Web Services Authorization
I.7
Setting Up Client Side Keystore to Secure the SOAP User Password
I.8
Setting SOAP Related Properties in oaam_custom.properties
I.9
Setting Up the Base Environment in OAAM Native SOAP Integration
I.10
Disabling SOAP Service Authentication on the Server
J
Configuring Logging
J.1
Logging Configuration File
J.2
Oracle Adaptive Access Manager Loggers
J.3
Logging Levels
J.4
Handlers
J.4.1
Configuring the File Handler
J.4.2
Configuring Both Console Logging and File Logging
J.5
Redirecting oracle.oaam Logs
J.6
Setting Logging Levels
K
Rule and Fingerprint Logging
K.1
About Rule Logging
K.1.1
Fingerprint Rule Logging
K.1.2
Detailed Rule Logging
K.1.3
Status Columns in the VR_RULE_LOGS Table
K.2
Rule Logging Properties
K.3
Enabling Rule Logging
K.4
Enabling Rule Logging for a Specific Checkpoint
K.5
Enabling Logging of Untriggered Rules
K.6
Enabling Detailed Logging
K.7
Enabling Fingerprint Rule Logging
K.8
Other Fingerprint and Detailed Logging Properties
K.9
Archiving and Purging Rule Log Data
L
VCryptUser Table
L.1
VCryptUser
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.