PK
Hoa, mimetypeapplication/epub+zipPK H META-INF/container.xml
Oracle Identity Navigator is an administrative portal designed to act as a launch pad for Oracle Identity Management products. This book describes how to configure and use Oracle Identity Navigator.
This document is intended for Oracle Identity Navigator administrators and Oracle Identity Management component administrators.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc
.
Access to Oracle Support
Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info
or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs
if you are hearing impaired.
For more information, see the following documents in the Oracle Fusion Middleware 11g documentation set.
Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher
Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite
Oracle Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory
Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory
Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager
The following text conventions are used in this document:
Convention | Meaning |
---|---|
boldface |
Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. |
italic |
Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. |
|
Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. |
Administrator's Guide for Oracle Identity Navigator
11g Release 2 (11.1.2.2)
E27135-05
December 2013
Oracle Identity Navigator is an administrative portal designed to act as a launch pad for Oracle Identity Management products. This book describes how to configure and use Oracle Identity Navigator.
Oracle Fusion Middleware Administrator's Guide for Oracle Identity Navigator 11g Release 2 (11.1.2.2)
E27135-05
Copyright © 2010, 2013, Oracle and/or its affiliates. All rights reserved.
Primary Author: Trish Fuzesy
Contributor: Fannie Ho, Himanshu Sharma, Daniel Shih, Olaf Stullich
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
This chapter describes how to access and use Oracle Identity Navigator as a component administrator. For information about managing Oracle Identity Navigator as an Oracle Identity Navigator administrator, see Chapter 2, "Managing Oracle Identity Navigator." It contains the following topics:
Oracle Identity Navigator is installed as part of Oracle Identity and Access Management installation. To launch Oracle Identity Navigator, first start Oracle WebLogic Server, then enter the following URL in a browser:
http://host:port/oinav
where port is the Managed Server port.
Note: In a dual-stack, IPv4 and IPv6 environment, some URLs might be inaccessible from your browser. Consult your network administrator for more information. |
Different login accounts might have different roles. If you log in as a user who does not have the Oracle Access Management administrator role, for example, you will not be able to create Oracle Access Management reports, and you won't have single sign-on access to the Oracle Access Management console.
To log in:
Supply the User ID and Password for the administrator account you want to log in to.
Click Log In.
Click the Dashboard tab
Under Identity Management Product Launcher, click the entry.
If a product has been integrated with single sign-on, and you are logged in as an administrator with the appropriate role, you can access its console without logging in again.
Adding a report to the My Reports portlet enables you to designate a filter, view, and name for a report. Running the report results in real time retrieval of data.
Note: Oracle BI Publisher 11.1.1.5.0, or higher, reports are supported. You cannot open reports in BI Publisher 10g format. For information about how to remove any 10g reports, see Section 2.5.2.1.1, "Removing BI Publisher 10g Reports." |
Click the Dashboard tab.
If necessary, expand My Reports.
Under My Reports, click the Create icon.
In the Create Report dialog, select the desired report type in the left panel.
Expand the folder in the tree to locate the desired report.
Click the report.
In the Create Report dialog, supply the required information in the fields.
Note: In the Create Report dialog, Report Details, Report Name, Template, and Format labels are translated as specified by your browser |
Click Create Report to create the report.
When you are finished adding reports, click Close.
The report icon for each report you have created is now available under My Reports.
Click the Dashboard tab.
Under My Reports, highlight the report you want to edit.
Click the Edit icon.
In the Edit dialog, make desired changes.
Click Save to save the changes or Cancel to cancel the changes.
The report icon is now available under My Reports.
Click the Dashboard tab.
Under My Reports, highlight the report you want to clone.
Click the Create Like icon.
In the Clone Report dialog, make the desired changes to the report name, template and output format.
Click Save to save the new report or Cancel to abandon adding the report.
The report icon is now available under My Reports.
Click the Dashboard tab.
Under My Reports, highlight the report you want to delete.
Click the Remove icon.
In the Confirmation dialog, click OK to continue with the removal or Cancel to abandon the removal.
Click the Dashboard tab.
Under My Reports, navigate to the desired report
Click the icon for the report you want to generate.
The report runs, then appears in a separate browser tab or window.
Note: If you encounter problems viewing PDF reports with Adobe Acrobat Reader in a browser, either upgrade to a newer version of Reader or configure Reader to run directly, not as an embedded function within the browser. See your Adobe Reader documentation for more information. |
Click the Dashboard tab.
Under My Profile Information, click the Profile tab. Your profile is listed.
Click the Dashboard tab.
Under My Profile Information, click the Common Admin Roles tab.
All common admin role types are listed. Administration role assignments are indicated by a checkmark in the column corresponding to product name.
Go to the News and Announcements portal on the Dashboard.
Click the desired topic, Oracle Security Alerts, Oracle New Downloads, or Identity Management Discussion Forum.
Oracle Identity Navigator uses Oracle Composer to enable runtime customization of the Dashboard page. Changes are stored in Metadata Services and are available only to the user who made them.
You can personalize the Dashboard in either View or Edit mode.
View mode is the normal state when you are running Oracle Identity Navigator in a browser. In View mode, you can rearrange page components by dragging and dropping them or by using the Actions menus. You can change the page layout by clicking the Change Layout icon and selecting a layout option.
You enter Edit mode by clicking Customize in the global navigation links. In Edit mode, you can add page resources by clicking Add Content and selecting which resource to add. You can remove content from a page section by clicking the Remove icon. You can edit a page section by clicking the Edit icon. A Component Properties Dialog with multiple tabs enables you to customize the page section.
For more information about using Oracle Composer to customize pages, see the "Enabling Runtime Editing of Pages Using Oracle Composer" chapter in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.
Note: In the Component Properties dialog, the display name and values of attributes shown on the Display Options tab are in English, even if your Locale is set to a non-English value. |
You can change the layout of the Dashboard.
Click the Customize icon on the upper right.
To add content to a column, click Add Content at the top of the column.
Select the type of portal you want to add and click Add.
To change the layout, click Change Layout.
Select the layout you want. Click the triangle in the upper right to change the layout.
When you have finished customizing the page, click Close on the upper right.
To move a portal to a different position on the page, click the View Actions Menu icon next to the portal.
Oracle Identity Navigator is an administrative portal designed to act as a single launch pad for accessing the administration consoles for other Oracle Identity Management components. It does not replace the individual component consoles. Rather, it allows you to access the Oracle Identity Management consoles centrally from one location. This chapter contains the following topics:
Oracle Identity Navigator is installed with other Oracle Identity Management components and centralizes access to product administration consoles, as well as other identity services. Oracle Identity Navigator can be installed with other Oracle Identity Management components in the same domain or in different domains. It is a web-based application that you access through a browser.
Starting with 11g Release 2 (11.1.2.2), Oracle Identity Navigator is deployed in a managed server after installation. The default server name is opam_server1
. However, Oracle Privileged Account Manager will not be configured unless selected in the configuration wizard.
You can use Oracle Identity Navigator to access the following product administration consoles and identity services:
Oracle Access Management Access Manager
Oracle Adaptive Access Manager
Oracle Authorization Policy Manager
Oracle Directory Services Manager
Oracle Directory Integration Platform
Oracle Enterprise Manager
Oracle Entitlements Server
Oracle Identity Analytics
Oracle Access Management Identity Federation
Oracle Identity Manager
Oracle Privileged Account Manager
Oracle Role Manager
Oracle WebLogic Server
Oracle Web Services Manager
Figure 1-1 shows the following relationships between Oracle Identity Navigator and the Oracle Identity Management components:
Each administration console launches in its own separate browser window. You configure Oracle Identity Navigator to connect to these consoles either by specifying the URLs directly, or by employing the product discovery feature.
Like Oracle Enterprise Manager Fusion Middleware Control, Oracle Identity Navigator is a Java EE application deployed on an Oracle WebLogic Server. It uses Oracle Metadata Service.
The Oracle Identity Navigator report feature relies on Oracle Business Intelligence Publisher and requires configuration to communicate with an Oracle Business Intelligence Publisher server.
You can access Oracle RSS feeds and view them in the Dashboard. You might need to configure a proxy to connect through your company's firewall.
Oracle Identity Navigator is integrated with 11g Oracle Platform Security Services for single sign-on (SSO) support. Some of the component consoles accessible from Oracle Identity Navigator are single sign-on enabled and can be configured to authenticate against the same authentication service in the Oracle Identity Navigator operation environment. Single sign-on enabled consoles include Oracle Access Management, Oracle Identity Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Privileged Account Manager. Double sign-on occurs for other components, such as Oracle Directory Services Manager and Oracle Enterprise Manager Fusion Middleware Control. For more information, see Section 2.3, "Configuring Single Sign-On (SSO)".
Common Admin Roles are a set of predefined standardized application roles for securing administrative access to Oracle Identity Management applications. These roles encapsulate the common administrative tasks across the Oracle Identity Management Suite.
Note: You must configure enterprise roles to support the Common Admin Roles before you can begin using them. For more information, see Section 2.2, "Configuring the Enterprise Roles". |
Common Admin Roles can be assigned to users from the Oracle Identity Navigator Administration page. Each administrative role enables a corresponding set of rights that are common across the Identity Management Suite components.
Table 1-1 describes the responsibilities each role type supports and the skills and expertise required in order to perform typical duties associated with that role. You can assign any of the roles described in Table 1-1 to a user as a component role. Once a role assignment is made, the user is granted the corresponding administrative capabilities for that component.
Table 1-1 Summary of the Common Admin Roles
Common Admin Role Name | Responsibility | Skills and Expertise Required |
---|---|---|
Application Configurator |
|
|
Application Auditor |
|
|
Application Troubleshooter |
|
|
Security Auditor |
|
|
Security Admin |
|
|
User Manager |
|
|
Helpdesk Admin |
|
|
Actions that an authenticated user can perform are based on the roles assigned. Oracle Identity Navigator supports two types of administrative roles:
Administrators with Common Admin Roles
Administrators with Common Admin Roles specific to Oracle Identity Navigator can administer Oracle Identity Navigator as summarized in Table 1-2.
A component administrator manages a specific Identity Management component. These role types can be finer grained than the Common Admin Role. For more information, see Section 2.9, "Advanced: Configuring Component Administrative Role-Based Access".
Table 1-2 describes the Common Admin Roles that are specific to Oracle Identity Navigator and the access rights each conveys. All authenticated users can access My Profile and News and Announcements.
Table 1-2 Summary of Oracle Identity Navigator Common Admin Roles
Common Admin Role Name | Access Rights |
---|---|
Security Admin |
|
Security Auditor |
|
Application Configurator |
|
After installation, all users who are members of the Oracle WebLogic Server Administrators
group are granted all superuser privileges required to administer Oracle Identity Navigator. The default administrator is the weblogic
user (also known as the bootstrap user) who is a member of the Administrators
group.
The weblogic
user, as the bootstrap user, can be used to map the users from the domain identity store to the Oracle Identity Navigator Common Admin Roles detailed in Table 1-2. Users mapped to the Security Admin role can assign the Common Admin Roles to other users, and can later replace the weblogic
user in your environment. After the initial user mapping is completed, replace the default weblogic
user by mapping the Security Admin role to at least one administrator user defined in your domain identity store.
Note: Administration roles specific to Oracle Privileged Account Manager are managed in Oracle Identity Navigator. For information about managing Oracle Privileged Account Manager roles, see Oracle Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager. |
Oracle Identity Navigator supports a set of default reports. These reports provide meaningful information to auditors for examining the security practices of the component as deployed, as well as enabling a check of the component health status.
All reports are generated using Oracle Business Intelligence Publisher. Oracle BI Publisher 11.1.1.5.0, or higher, must be installed separately. See Section 2.5.2, "Configuring Oracle Business Intelligence Publisher" for more information on installing and configuring Oracle BI Publisher.
My Reports is a portlet used to view Oracle Identity Management BI Publisher Reports. In addition, the My Reports portlet allows you to save a report query so you can run the report again. Every administrative user has their own My Reports portlet in the Dashboard page. You can add report categories to My Reports and save different reports under different categories. Reports are categorized by the component name.
The following tasks can be performed in My Report:
Show a list of Oracle Identity Management BI Publisher Reports in a portlet configuration page.
Select, add configuration parameters to query the data, and add the report to My Reports list from a portlet configuration page.
View and run any report that the you have access to.
For more information about using My Reports, see Section 3.4, "Managing Your Reports".
Oracle Identity Navigator supports the following three Oracle RSS feeds:
Identity Management Discussion Forum
Oracle New Downloads
Oracle Security Alerts
The RSS feeds can not be changed.
Refer to the system requirements and certification documentation for information about hardware and software requirements, platforms, databases, and other information. Both of these documents are available on Oracle Technology Network (OTN).
The system requirements document covers information such as hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html
The certification document covers supported installation types, platforms, operating systems, databases, JDKs, and third-party products:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html