Go to main content
1/47
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New In This Guide
Updates in July 2018 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in April 2018 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in January 2018 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in December 2017 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in October 2016 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in July 2016 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in April 2016 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in January 2016 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in August 2015 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
Updates in June 2015 Documentation Refresh for 11
g
Release 2 (11.1.2.3.0)
New and Changed Features for 11
g
Release 2 (11.1.2.3.0)
Other Significant Changes in this Document for 11
g
Release 2 (11.1.2.3.0)
Part I Overview
1
Product Overview
1.1
What is Oracle Identity Manager?
1.2
What are the Different Modes of Oracle Identity Manager?
1.3
How does Oracle Identity Manager Interact with Other IT Systems?
1.4
How does Oracle Identity Manager Interact with Other Oracle Identity and Access Management Products?
1.5
How do Users Interact with Oracle Identity Manager?
2
Product Architecture
2.1
Oracle Identity Manager Components
2.2
Multi-tiered Architecture
2.2.1
Understanding the User Interface Tier
2.2.2
Understanding the Application Tier
2.2.3
Understanding the Database Tier
2.2.4
Understanding the Connector Tier
3
Oracle Identity System Administration Interface
3.1
Logging in to Oracle Identity Manager System Administration Console
3.2
Overview of the Oracle Identity Manager System Administration Console
3.2.1
Links
3.2.1.1
Accessibility
3.2.1.2
Sandboxes
3.2.1.3
Help
3.2.1.4
Sign Out
3.2.2
Left and Right Panes
3.2.2.1
Policies
3.2.2.2
Provisioning Configuration
3.2.2.3
System Entities
3.2.2.4
System Configuration
3.2.2.5
Upgrade
3.2.2.6
Workflows
Part II Policy Administration
4
Managing Workflows
4.1
Understanding Workflow Rules
4.1.1
Request Process Flow
4.1.2
Request Lifecycle
4.1.2.1
Request Stages
4.1.2.2
Single Request Lifecycle
4.1.2.3
Bulk Request Lifecycle
4.2
Configuring Approval Workflow Rules
4.2.1
Understanding Rule Conditions
4.2.2
Understanding System-Defined Operations and Rules
4.2.3
Creating Approval Workflow Rules
4.2.4
Configuring Custom Rule Conditions
4.2.5
Modifying Approval Workflow Rules
4.2.6
Deleting Approval Workflow Rules
4.2.7
Understanding Approval Workflow Rule Evaluation
4.3
Managing Request Approval in an Upgraded Deployment of Oracle Identity Manager
4.3.1
Understanding Request Process Flow With Approval Workflow Rules Disabled
4.3.2
Migrating Approval Policies to Approval Workflow Rules
4.3.3
Enabling Approval Workflow Rules
4.3.3.1
Enabling the Approval Workflow Rules Feature
4.3.3.2
Understanding In-Flight Request Lifecycle
4.4
Moving Workflow Policies From Test to Production
4.5
Running Oracle Identity Manager Without Workflows
4.5.1
Disabling SOA Server
4.5.2
Understanding the Impact of Disabling Workflows
5
Managing Access Policies
5.1
Terminologies Used in Access Policies
5.2
Features of Access Policies
5.2.1
Direct Provisioning
5.2.2
Revoking or Disabling the Policy
5.2.3
Denying a Resource
5.2.4
Evaluating Policies
5.2.5
Evaluating Policies for Reconciled and Bulk Load-Created Accounts
5.2.6
Access Policy Priority
5.2.7
Access Policy Data
5.2.8
Provisioning Multiple Instances of the Same Resource via Access Policy by Using Account Discriminator
5.3
Creating Access Policies
5.4
Managing Access Policies
5.5
Provisioning Multiple Instances of the Same Resource via Access Policy
5.5.1
Enabling Multiple Account Provisioning
5.5.2
Creating Separate Accounts for the Same User and Same Resource on a Single Target System
5.5.3
Provisioning Multiple Instances of a Resource to Multiple Target Systems
5.5.4
Limitation of Provisioning Multiple Instances of a Resource via Access Policy
5.6
Troubleshooting Issues with Evaluate User Policy Scheduled Job
Part III Form Management
6
Managing Forms
6.1
Creating Forms By Using the Form Designer
6.2
Searching Forms By Using the Form Designer
6.3
Modifying Forms By Using the Form Designer
6.3.1
Removing or Hiding Form Attributes
Part IV System Entities
7
Configuring Custom Attributes
7.1
Creating a Custom Attribute
7.2
Creating a Custom Child Form
7.3
Creating a Custom Child Form Attribute
7.4
Modifying a Custom Attribute
7.5
Adding a Custom Attribute
7.5.1
Enabling the Submit Button After Adding a UDF to the Modify User Form
7.5.2
Adding a Custom Attribute Category into Create User Form
7.5.3
Customizing Unauthenticated Page
7.6
Adding a Custom Attribute to an Application Instance Form
7.6.1
Regenerating View
7.6.2
Updating the Application Instance Form By Using WebCenter Composer
7.7
Moving UDFs from Test to Production
7.7.1
Moving UDFs Added to Entities
7.7.1.1
Exporting the UDF from the Test Environment
7.7.1.2
Importing the UDF into the Production Environment
7.7.2
Moving UDFs Added to Catalog Entities
7.8
Synchronizing User-Defined Fields Between Oracle Identity Manager and LDAP
7.9
Creating Cascaded LOVs
7.10
Localizing Display Labels of UDFs
7.11
Configuring a Field as Mandatory Attribute in the Request Catalog
Part V Application Management
8
Managing IT Resources
8.1
Creating IT Resources
8.2
Managing IT Resources
8.2.1
Viewing IT Resources
8.2.2
Modifying IT Resources
8.2.3
Deleting IT Resources
9
Managing Generic Connectors
9.1
Creating Generic Technology Connectors
9.1.1
Determining Provider Requirements
9.1.2
Selecting the Providers to Include
9.1.3
Addressing the Prerequisites
9.1.4
Using Identity System Administration to Create the Connector
9.1.4.1
Step 1: Provide Basic Information Page
9.1.4.2
Step 2: Specify Parameter Values Page
9.1.4.3
Step 3: Modify Connector Configuration Page
9.1.4.4
Step 4: Verify Connector Form Names Page
9.1.4.5
Step 5: Verify Connector Information Page
9.1.5
Configuring Reconciliation
9.1.6
Configuring Provisioning
9.1.7
Creating the Form and Publishing the Application Instance
9.1.8
Enabling Logging
9.2
Managing Generic Technology Connectors
9.2.1
Modifying Generic Technology Connectors
9.2.2
Exporting Generic Technology Connectors
9.2.3
Importing Generic Technology Connectors
10
Managing Application Instances
10.1
Application Instance Concepts
10.1.1
Multiple Accounts Per Application Instance
10.1.2
Entitlements
10.1.3
Disconnected Application Instances
10.1.4
Application Instance Security
10.2
Managing Application Instances
10.2.1
Creating Application Instances
10.2.2
Searching Application Instances
10.2.3
Modifying Application Instances
10.2.3.1
Modifying Application Instance Attributes
10.2.3.2
Managing Organizations Associated With Application Instances
10.2.3.3
Managing Entitlements Associated With Application Instances
10.2.4
Deleting Application Instances
10.2.5
Creating and Modifying Forms
10.2.5.1
Creating Forms Associated With Application Instances
10.2.5.2
Modifying Forms Associated With Application Instances
10.2.5.3
Localizing Application Instance Form
10.3
Configuring Application Instances
10.3.1
Configuring an Resource Object
10.3.2
Configuring IT Resource
10.3.3
Configuring Password Policies for Application Instances
10.4
Developing Entitlements
10.4.1
Available Entitlements and Assigned Entitlements
10.4.2
Entitlement Data Capture Process
10.4.3
Marking Entitlement Attributes on Child Process Forms
10.4.4
Duplicate Validation for Entitlements or Child Data
10.4.5
Configuring Scheduled Tasks for Working with Entitlement Data
10.4.5.1
Entitlement List
10.4.5.2
Entitlement Assignments
10.4.6
Deleting Entitlements
10.4.7
Refreshing the Entitlement List Post Delete for New Entries
10.4.8
Disabling the Capture of Modifications to Assigned Entitlements
10.4.9
Entitlement-Related Reports
10.4.9.1
Entitlement Access List
10.4.9.2
Entitlement Access List History
10.4.9.3
User Resource Entitlement
10.4.9.4
User Resource Entitlement History
10.5
Managing Disconnected Resources
10.5.1
Disconnected Resources Architecture
10.5.2
Managing Disconnected Application Instance
10.5.2.1
Creating a Disconnected Application Instance
10.5.2.2
Creating a Disconnected Application Instance for an Existing Disconnected Resource
10.5.3
Provisioning Operations on a Disconnected Application Instance
10.5.3.1
Process Form Updates
10.5.4
Managing Entitlement for Disconnected Resource
10.5.4.1
Configuring Entitlement Grant
10.5.5
Status Changes in Manual Process Task Action
10.5.6
Customizing Provisioning SOA Composite
10.5.6.1
Customizing Human Task Assignment via SOA Composer
10.5.6.2
Customizing by Modifying the Out of the Box Composite
10.5.7
Troubleshooting Disconnected Resources
11
Managing Connector Lifecycle
11.1
Lifecycle of a Connector
11.2
Connector Lifecycle and Change Management Terminology
11.3
Viewing Connector Details
11.4
Installing Connectors
11.4.1
Overview of the Connector Deployment Process
11.4.2
Creating the User Account for Installing Connectors
11.4.3
Installing a Connector
11.4.4
Post Installation Steps
11.5
Defining Connectors
11.6
Cloning Connectors
11.6.1
Guidelines for Cloning a Connector
11.6.2
Cloning a Connector
11.6.3
Postcloning Steps
11.7
Exporting Connector Object Definitions in Connector XML Format
11.8
Upgrading Connectors
11.8.1
Upgrade Use Cases Supported by the Connector Upgrade Feature
11.8.2
Connector Object Changes Supported by the Upgrade Connectors Feature
11.8.2.1
Resource Object Changes
11.8.2.2
Process Definition Changes
11.8.2.3
Resource Bundle Changes
11.8.2.4
Process Form Changes
11.8.2.5
Lookup Definition Changes
11.8.2.6
Adapter Changes
11.8.2.7
Rule Changes
11.8.2.8
IT Resource Type Changes
11.8.2.9
IT Resource Changes
11.8.2.10
Scheduled Task Changes
11.8.3
What Happens When You Upgrade a Connector
11.8.4
Summary of the Upgrade Procedure
11.8.5
Procedure to Upgrade a Connector
11.8.5.1
Preupgrade Procedure
11.8.5.2
Upgrade Procedure
11.8.5.3
Postupgrade Procedure
11.8.6
Procedure to Upgrade a 9.
x
Connector Version to an ICF Based Connector
11.9
Uninstalling Connectors
11.9.1
Use Cases Supported by the Uninstall Connectors Utility
11.9.2
Overview of the Connector Uninstall Process
11.9.3
Setting Up the Uninstall Connector Utility
11.9.4
Uninstalling Connectors and Removing Connector Objects
11.9.4.1
Uninstalling a Connector
11.9.4.2
Removing Adapters, Lookup Definitions, Resource Objects, and Scheduled Tasks
11.9.4.3
Running the Script to Uninstall Connectors and Connector Objects
11.10
Troubleshooting Connector Management Issues
12
Managing Reconciliation
12.1
Types of Reconciliation
12.1.1
Reconciliation Based on the Object Being Reconciled
12.1.1.1
Trusted Source Reconciliation
12.1.1.2
Account Reconciliation
12.1.1.3
Reconciliation Process Flow
12.1.2
Mode of Reconciliation
12.1.3
Approach Used for Reconciliation
12.2
Managing Reconciliation Events
12.2.1
Searching Events
12.2.1.1
Performing a Simple Search for Events
12.2.1.2
Performing an Advanced Search for Events
12.2.2
Displaying Event Details
12.2.3
Determining Event Actions
12.2.4
Re-evaluating Events
12.2.5
Closing Events
12.2.6
Linking Reconciliation Events
12.2.6.1
Ad Hoc Linking
12.2.6.2
Manual Linking
12.2.6.3
Linking Orphan Accounts
Part VI Requests
13
Managing the Access Request Catalog
13.1
Access Request Catalog
13.1.1
Access Request Challenges
13.1.2
Concepts
13.1.3
Catalog Use cases
13.2
About the Access Request Catalog
13.2.1
Features and Benefits
13.2.2
Architecture
13.3
Configuring the Access Request Catalog
13.3.1
Adding More Attributes to the Default Search Form
13.3.2
Configuring Application Selection Limit in Entitlement Search
13.3.3
Configuring Catalog to Use a Custom Search Form
13.4
Administering the Access Request Catalog
13.4.1
Pre-requisites
13.4.1.1
Setting up the Catalog System Administrator
13.4.1.2
Defining the Catalog Metadata
13.4.2
Common Tasks
13.4.2.1
Onboard Applications and Roles
13.4.2.2
Bootstrapping the Catalog
13.4.2.3
Ongoing Synchronization
13.4.2.4
Enriching the Catalog
13.4.2.5
Managing Catalog Items
13.4.3
Configuring Catalog Auditing
13.4.4
Configuring Hierarchical Attributes of Entitlements
13.4.5
Database Best Practices for Access Request Catalog
13.4.5.1
One-Time Optimizations for Oracle Text Index
13.4.5.2
Text Index Optimization
13.5
Managing the Lifecycle of the Catalog
13.5.1
Overview of Catalog Customization
13.5.2
Test to Production procedures for Catalog customizations
13.5.2.1
Exporting using the Sandbox and Deployment Manager
13.5.2.2
Importing Using the Deployment Manager and Sandbox
13.5.3
Limitations of the Test to Production procedures
13.6
Troubleshooting
13.6.1
Catalog synchronization issues
13.6.2
Catalog security issues
13.6.3
Catalog Search Issues
13.6.4
Common Reasons for Request Failure
Part VII System Configuration
14
Managing Home Organization Policy
14.1
Features of Home Organization Policy
14.1.1
Self Registration Use Case Using Default Rule
14.1.2
Self Registration Use Case Using Simple Rule
14.1.3
Self Registration Use Case Using Complex Rule
14.1.4
Rule Evaluation Order
14.1.5
Self Registration Use Case When SOA is OFF
14.2
Creating a Rule in Home Organization Policy
14.3
Modifying a Rule in Home Organization Policy
14.4
Deleting a Rule in Home Organization Policy
15
Managing Self Service Capability Policy
15.1
Default Self Service Capability Rule
15.2
Example of Self Service Capability Rules and Rule Evaluation Order
15.3
Creating a Rule in Self Service Capability Policy
15.4
Modifying a Rule in Self Service Capability Policy
15.5
Deleting a Rule in Self Service Capability Policy
16
Managing Lookups
16.1
Searching a Lookup Type
16.2
Creating a Lookup Type
16.3
Modifying a Lookup Type
17
Managing Role Categories
17.1
Creating a Role Category
17.2
Searching Role Categories
17.3
Modifying a Role Category
17.4
Deleting a Role Category
18
Managing the Scheduler
18.1
Configuring the oim-config.xml File
18.2
Starting and Stopping the Scheduler
18.2.1
Controlling Scheduler Start or Stop in a Clustered Environment
18.2.1.1
Adding the Server Side Property for Oracle Identity Manager
18.2.1.2
Restarting Oracle Identity Manager Managed Servers from the Node Manager
18.2.1.3
Modifying the Server Side Property for Oracle Identity Manager
18.3
Scheduled Tasks
18.3.1
Predefined Scheduled Tasks
18.3.2
Creating Custom Scheduled Tasks
18.4
Jobs
18.4.1
Creating Jobs
18.4.2
Searching Jobs
18.4.2.1
Performing a Simple Search for Jobs
18.4.2.2
Performing an Advanced Search for Jobs
18.4.3
Viewing Jobs
18.4.4
Modifying Jobs
18.4.5
Disabling and Enabling Jobs
18.4.6
Starting and Stopping Jobs
18.4.7
Deleting Jobs
18.5
Diagnosing Scheduled Jobs
19
Managing Notification Service
19.1
Managing Notification Providers
19.1.1
Using UMS for Notification
19.1.1.1
Enabling Oracle Identity Manager to Use UMS for Notification
19.1.1.2
Applying OWSM Policy to the UMS Web Service
19.1.1.3
Changing UMS Client Connection Pooling
19.1.2
Using SMTP for Notification
19.1.3
Using SOA Composite for Notification
19.1.4
Configuring Custom Notification Provider
19.1.5
Disabling and Enabling Notification Providers
19.2
Managing Notification Templates
19.2.1
Searching for a Notification Template
19.2.2
Creating a Notification Template
19.2.3
Modifying a Notification Template
19.2.4
Disabling a Notification Template
19.2.5
Enabling a Notification Template
19.2.6
Adding and Removing Locales from a Notification Template
19.2.7
Deleting a Notification Template
19.2.8
Configuring Notification for a Proxy
19.3
Configuring Email in Provisioning Workflow
19.4
Configuring SOA Email Notification
19.4.1
Configuring Actionable Email Notification on SOA
19.4.2
Troubleshooting SOA Email Notification
19.5
Disabling Oracle Identity Manager Email Notifications
19.6
Troubleshooting Notification
19.6.1
Issues Related to Incorrect URL
19.6.2
Incorrect Outgoing Server EMail Driver Properties
19.6.3
Error Generated at the SOA Server
19.6.4
Authentication Failure
19.6.5
Issues Related to Failed Email Delivery Not Reported Through EM
20
Configuring Oracle Identity Manager
20.1
Managing System Properties
20.1.1
System Properties in Oracle Identity Manager
20.1.2
Creating and Managing System Properties
20.1.2.1
Searching for System Properties
20.1.2.2
Modifying System Properties
20.1.2.3
Purging Cache
20.2
Configuring Oracle Identity Manager Components
20.2.1
Configuring Product Options
20.2.2
Configuring the URL for Challenge Questions
20.2.3
Configuring the URL for Change Password
20.2.4
Enabling Challenge Questions
20.2.5
Configuring Username Generation
20.2.6
Configuring User ID Reuse
20.2.7
Configuring Delayed Delete Interval
20.3
Configuring the Access Catalog
20.3.1
Configuring Additional Information
20.3.2
Configuring Search Results
20.3.3
Configuring the Sort By Attributes
20.3.4
Configuring Custom Search
20.4
Configuring the Identity Provider
20.4.1
Configuring Attribute Reservation
20.4.2
Configuring Common Name Generation
20.4.3
Configuring LDAP Reservation
20.4.4
Configuring Referential Integrity
21
Moving From Test to Production
21.1
Migrating Incrementally Using the Deployment Manager
21.1.1
Features of the Deployment Manager
21.1.2
Exporting Deployments
21.1.3
Importing Deployments
21.1.4
Best Practices Related to Using the Deployment Manager
21.1.4.1
Do Not Export System Objects
21.1.4.2
Exporting Related Groups of Objects
21.1.4.3
Using Logical Naming Conventions for Versions of a Form
21.1.4.4
Exporting Root to Preserve a Complete Organizational Hierarchy
21.1.4.5
Providing Clear Export Descriptions
21.1.4.6
Checking All Warnings Before Importing
21.1.4.7
Checking Dependencies Before Exporting Data
21.1.4.8
Matching Scheduled Task Parameters
21.1.4.9
Deployment Manager Actions on Reimported Scheduled Tasks
21.1.4.10
Compiling Adapters and Enable Scheduled Tasks
21.1.4.11
Checking Permissions for Roles
21.1.4.12
Creating a Backup of the Database
21.1.4.13
Importing Data When the System Is Quiet
21.1.4.14
Exporting and Importing Data in Bulk
21.1.4.15
Exporting Entity Publications
21.1.5
Troubleshooting the Deployment Manager
21.1.5.1
Troubleshooting Deployment Manager Issues
21.1.5.2
Enabling Logging for the Deployment Manager
21.2
Moving from a Test to a New Production Environment Using Movement Scripts
21.2.1
Troubleshooting Movement From Test to Production Environment Using Movement Scripts
Part VIII Auditing and Reporting
22
Configuring Auditing
22.1
Overview
22.2
User Profile Auditing
22.2.1
Data Collected for Audits
22.2.1.1
Capture of User Profile Audit Data
22.2.1.2
Storage of Snapshots
22.2.1.3
Trigger for Taking Snapshots
22.2.2
Post-Processor Used for User Profile Auditing
22.2.3
Tables Used for User Profile Auditing
22.2.4
Archival
22.3
Role Profile Auditing
22.3.1
Data Collected for Audits
22.3.1.1
Capture and Archiving of Role Profile Audit Data
22.3.1.2
Storage of Snapshots
22.3.1.3
Trigger for Taking Snapshots
22.4
Catalog Auditing
22.5
Enabling and Disabling Auditing
22.5.1
Disabling Auditing
22.5.2
Enabling Auditing
22.6
Lightweight Audit
23
Using Reporting Features
23.1
Reporting Features
23.2
Starting Oracle Identity Manager Reports
23.3
Supported Output Formats
23.4
Reports for Oracle Identity Manager
23.4.1
Access Policy Reports
23.4.1.1
Access Policy Details
23.4.1.2
Access Policy List by Role
23.4.2
Request and Approval Reports
23.4.2.1
Approval Activity
23.4.2.2
Request Details
23.4.2.3
Request Summary
23.4.2.4
Task Assignment History
23.4.3
Role and Organization Reports
23.4.3.1
Role Membership History
23.4.3.2
Role Membership Profile
23.4.3.3
Role Membership
23.4.3.4
Organization Details
23.4.3.5
User Membership History
23.4.4
Password Reports
23.4.4.1
Password Expiration Summary
23.4.4.2
Password Reset Summary
23.4.4.3
Resource Password Expiration
23.4.5
Resource and Entitlement Reports
23.4.5.1
Account Activity In Resource
23.4.5.2
Delegated Admins and Permissions by Resource
23.4.5.3
Delegated Admins by Resource
23.4.5.4
Entitlement Access List
23.4.5.5
Entitlement Access List History
23.4.5.6
Financially Significant Resource Details
23.4.5.7
Resource Access List History
23.4.5.8
Resource Access List
23.4.5.9
Resource Account Summary
23.4.5.10
Resource Activity Summary
23.4.5.11
User Resource Access History
23.4.5.12
User Resource Access
23.4.5.13
User Resource Entitlement
23.4.5.14
User Resource Entitlement History
23.4.6
User Reports
23.4.6.1
User Creation
23.4.6.2
User Profile History
23.4.6.3
User Summary
23.4.6.4
Users Deleted
23.4.6.5
Users Disabled
23.4.6.6
Users Unlocked
23.4.7
Certification Reports
23.4.8
Identity Audit Reports
23.4.9
Exception Reports
23.4.9.1
Fine Grained Entitlement Exceptions By Resource
23.4.9.2
Orphaned Account Summary
23.4.9.3
Rogue Accounts By Resource
23.5
Required Scheduled Tasks for BI Publisher Reports
23.6
Best Practices for Running Oracle Identity Manager Reports
24
Using the Archival and Purge Utilities for Controlling Data Growth
24.1
Understanding Archival and Purge Concepts
24.1.1
Categorization: Purge Only Solution Versus Purge and Archive Solution for Entities
24.1.2
Archival of Data
24.1.3
Purge
24.1.4
Real-Time Purge
24.1.5
Retention Period
24.1.6
Modes of Archival Purge Operations
24.2
Using Real-Time Purge and Archival Option in Oracle Identity Manager
24.2.1
Understanding Real-Time Data Purge and Archival
24.2.2
Configuring Real-Time Purge and Archival
24.2.3
Understanding the Orchestration Purge Utility
24.2.4
Collecting Diagnostic Data of the Online Archival and Purge Operations
24.3
Using Command-Line Option of the Archival Purge Utilities in Oracle Identity Manager
24.3.1
Understanding Command-Line Utilities
24.3.2
Using the Reconciliation Archival Utility
24.3.2.1
Understanding the Reconciliation Archival Utility
24.3.2.2
Prerequisite for Running the Reconciliation Archival Utility
24.3.2.3
Archival Criteria
24.3.2.4
Running the Reconciliation Archival Utility
24.3.2.5
Log File Generated by the Reconciliation Archival Utility
24.3.2.6
Troubleshooting Scenario
24.3.3
Using the Task Archival Utility
24.3.3.1
Understanding the Task Archival Utility
24.3.3.2
Preparing Oracle Database for the Task Archival Utility
24.3.3.3
Running the Task Archival Utility
24.3.3.4
Reviewing the Output Files Generated by the Task Archival Utility
24.3.4
Using the Requests Archival Utility
24.3.4.1
Understanding the Requests Archival Utility
24.3.4.2
Prerequisites for Running the Requests Archival Utility
24.3.4.3
Input Parameters
24.3.4.4
Running the Requests Archival Utility
24.3.4.5
Log Files Generated by the Utility
24.4
Using the Audit Archival and Purge Utility
24.4.1
Audit Data Growth Control Measures in Lightweight Audit Framework
24.4.1.1
Overview of Partition Based Approach
24.4.1.2
Prerequisites for Partitioning the AUDIT_EVENT Table
24.4.1.3
Preparing the AUDIT_EVENT Table for Archival and Purge
24.4.1.4
Archiving or Purging the AUDIT_EVENT Data Using Partitions
24.4.1.5
Ongoing Partition Maintenance
24.4.2
Audit Data Growth Control Measures in Legacy Audit Framework
24.4.2.1
Prerequisites for Using the Utility
24.4.2.2
Preparing the UPA Table for Archival and Purge
24.4.2.3
Archiving or Purging the UPA Table
24.5
Using the Real-Time Certification Purge in Oracle Identity Manager
24.5.1
Understanding Real-Time Certification Purge Job
24.5.2
Configuring Real-Time Certification Purge Job
Part IX Lifecycle Management
25
Handling Lifecycle Management Changes
25.1
URL Changes Related to Oracle Identity Manager
25.1.1
Oracle Identity Manager Host and Port Changes
25.1.1.1
Changing OimFrontEndURL in Oracle Identity Manager Configuration
25.1.1.2
Changing backOfficeURL in Oracle Identity Manager Configuration
25.1.1.3
Changing Task Details URL in Human Task Configuration
25.1.2
Oracle Identity Manager Database Host and Port Changes
25.1.3
Oracle Virtual Directory Host and Port Changes
25.1.4
BI Publisher Host and Port Changes
25.1.5
SOA Host and Port Changes
25.1.6
OAM Host and Port Changes
25.2
Password Changes Related to Oracle Identity Manager
25.2.1
Changing Oracle WebLogic Administrator Password
25.2.2
Changing Oracle Identity Manager Administrator Password
25.2.3
Changing Oracle Identity Manager Administrator Database Password
25.2.3.1
Resetting System Administrator Database Password in Oracle Identity Manager Deployment
25.2.3.2
Resetting System Administrator Database Password When Oracle Identity Manager Deployment is Integrated With Access Manager
25.2.4
Changing Oracle Identity Manager Database Password
25.2.5
Changing Oracle Identity Manager Passwords in the Credential Store Framework
25.2.6
Changing OVD Password
25.2.7
Changing Oracle Identity Manager Administrator Password in LDAP
25.2.8
Unlocking Oracle Identity Manager Administrator Password in LDAP
25.2.9
Changing Schema Passwords
25.3
Configuring SSL for Oracle Identity Manager
25.3.1
Generating Custom Key Stores (Optional)
25.3.1.1
Generating Keys
25.3.1.2
Signing the Certificates
25.3.1.3
Exporting the Certificate
25.3.1.4
Importing the Certificate
25.3.2
Configuring Custom Key Stores (Optional)
25.3.3
Enabling SSL for Oracle Identity Manager and SOA Servers
25.3.3.1
Enabling SSL for Oracle Identity Manager
25.3.3.2
Changing OimFrontEndURL to Use OIM SSL Port
25.3.3.3
Changing backOfficeURL to Use SOA SSL Port
25.3.3.4
Changing SOA Server URL to Use SOA SSL Port
25.3.4
Enabling SSL for Oracle Identity Manager DB
25.3.4.1
Creating KeyStores and Certificates
25.3.4.2
Setting Up DB in Server-Authentication SSL Mode
25.3.4.3
Updating Oracle Identity Manager
25.3.4.4
Updating WebLogic Server
25.3.5
Enabling SSL for SOA Approval Composites
25.3.6
Enabling SSL for LDAP Synchronization
25.3.6.1
Enabling Oracle Internet Directory or Oracle Virtual Directory with SSL
25.3.6.2
Configuring Oracle Internet Directory
25.3.6.3
Configuring Oracle Unified Directory
25.3.6.4
Updating Oracle Identity Manager for libOVD details
25.3.6.5
Enabling SSL between libOVD and OID/OUD
25.3.7
Configuring SSL for Design Console
25.3.8
Configuring SSL for Oracle Identity Manager Utilities with TLS
26
Securing a Deployment
26.1
Authorizing and Hardening
26.2
Configuring Secure Cookies
26.2.1
Configuring a New Deployment Plan
26.2.2
Updating an Existing Deployment Plan
Part X Diagnostics and Troubleshooting
27
Using Enterprise Manager for Managing Oracle Identity Manager
27.1
Managing Oracle Identity Manager Configuration
27.1.1
Using MBeans for Configuration Changes
27.1.2
Exporting and Importing Configuration Files
27.2
Using the OrchestrationEngine MBean
27.2.1
Accessing the OrchestrationEngine MBean
27.2.2
Understanding the Operations Supported by the MBean
27.2.3
Diagnosing Operation Failures Using the Orchestration Engine
27.3
Configuring Logging
27.3.1
Logging in Oracle Identity Manager By Using ODL
27.3.1.1
Message Types and Levels
27.3.1.2
Log Handler and Logger Configuration
27.3.1.3
Configuring Log Handlers
27.3.1.4
Configuring Loggers
27.3.1.5
Sample ODL Log Output
27.3.2
Logging in Oracle Identity Manager By Using log4j
27.3.2.1
Log Levels
27.3.2.2
Loggers
27.3.2.3
Configuring and Enabling Logging
27.3.3
Setting Warning State
27.3.4
Switching Down the Log Level
Part XI Appendixes
A
Default User Accounts
B
Configuring SSO Providers for Oracle Identity Manager
B.1
Common Prerequisites for Integration With Third-Party SSO Solutions
B.2
Enabling Oracle Identity Manager to Work With OpenSSO
B.2.1
Prerequisites
B.2.2
Integrating Oracle Identity Manager with OpenSSO
B.2.3
Running Validation Tests to Verify the Configuration
B.3
Enabling Oracle Identity Manager to Work With IBM Tivoli Access Manager
B.3.1
Prerequisites
B.3.2
Integrating Oracle Identity Manager with IBM Tivoli Access Manager
B.3.3
Running Validation Tests to Validate the Configuration
B.4
Enabling Oracle Identity Manager to Work With CA SiteMinder
B.4.1
Prerequisites
B.4.2
Integrating Oracle Identity Manager with CA SiteMinder
B.4.3
Running Validation Tests to Validate the Configuration
B.5
Configuring Basic SSO Using OAM
B.5.1
Prerequisites
B.5.2
Configuring SSO Logout and the Authenticator
B.5.3
Running Validation Tests to Validate the Configuration
B.6
Simplifying Third-Party SSO Integration
B.7
Using Configurable Login ID Support for SSO Integration
C
Using Database Roles/Grants for Oracle Identity Manager Database
D
Enabling Transparent Data Encryption
D.1
Configuring TDE for New Installation of Oracle Identity Manager
D.2
Configuring TDE for an Existing Installation of Oracle Identity Manager
D.3
Deconfiguring TDE for Oracle Identity Manager
E
Troubleshooting Clustered OIM and Eclipselink Cache Coordination
E.1
Startup Procedure for Clustered Installation of Oracle Identity Manager
E.2
Clustered Deployment Mode
E.3
Multicast Addressing for Oracle Identity Manager
E.4
Multicast Addressing for Eclipselink
E.5
Testing Multicast Network Testing
E.6
Enabling Additional Logging for Eclipselink
E.7
Testing Multicast Connectivity Between Oracle Identity Manager Nodes
Scripting on this page enhances content navigation, but does not change the content in any way.