2 What's New in Oracle Identity Management 12c (12.2.1.3.0)

This topic lists the new features for all the products in Oracle Identity Management Release 12c (12.2.1.3.0).

2.1 What's New in Oracle Access Management

Oracle Access Management 12c (12.2.1.3) includes the following new features:

  • OAuth MDC

    Provides support for OAuth in a Multi Data Center environment. This feature supports the following:

    • OAuth Artifacts (such as Identity Domains, Clients, Resources, and so on) created on Data Center1(DC1) are visible and are seamlessly synchronized across data centers.

    • OAuth trust artifacts (such as trust certificates used to sign and issue JWT tokens) are visible across other data centers.

    • An OAuth token generated on DC1 will be validated on other data centers. Runtime will work seamlessly with different DCs.

    • A session created on DC1 associated with a validated token is seamlessly validated by other DCs when the request reaches them.

    • Refresh token generated on DC1 will be valid on DC2. When played against DC2, it is validated and an access token is generated on DC2.

    See Configuring OAuth Services in Oracle® Fusion Middleware Administering Oracle Access Management

  • MDC Lifecycle simplification

    Simplifies the process of setting up and administering OAM Multi-data Center Topologies without using T2P tooling. New REST based APIs introduced for administrative and diagnostic purposes significantly reduce the number of configuration steps performed in the MDC environment. Migration of OAM system configuration and policy artifacts from one Data Center to another is now simplified and done through MDC Admin REST APIs.

    See Implementing Multi-data centres in Oracle® Fusion Middleware Administering Oracle Access Management

  • OAM Caching Simplification

    This feature supports the following:

    • OAM 12c supports database-backed server-side session management to synchronize the session state across multiple nodes of an OAM 12c server cluster.

      See Maintaining Access Manager Sessions in Oracle® Fusion Middleware Administering Oracle Access Management

    • It implements database-based authentication plugin import, distribution and activation.

      See Custom Plug-ins Actions in Oracle® Fusion Middleware Administering Oracle Access Management

    • The configuration and policy is propagated through the configuration and policy store using periodic polling.

      See Policy Interval for System and Policy Configuration in Oracle® Fusion Middleware Administering Oracle Access Management

  • TLS1.2 and SHA2

    OAM 12c supports TLS1.2 to provide communications security over the internet. All the simple mode certificates that are generated out-of-the-box for WebGate SSL communication are upgraded to SHA2.

    See TLS 1.2 support in Oracle Access Management in Oracle® Fusion Middleware Administering Oracle Access Management

  • Password policy

    This feature supports the following:

    • OAM 12c supports multiple password policies for setting up varied levels of password based complexity protection for users belonging to different groups.

      See Multiple Password Policies in Oracle® Fusion Middleware Administering Oracle Access Management

    • Forgot Password feature in OAM can be experienced using One Time Pin generation by using password change REST API’s.

      See Setting up the Forgot Password Module in Oracle® Fusion Middleware Administering Oracle Access Management

    • Forced Password change can be administered using REST API’s.

      See Forced Password Change Policy in Oracle® Fusion Middleware Administering Oracle Access Management

  • OMA

    • Experience a new enhanced enrollment process for adding your accounts to the OMA app.

    • Use App Protection feature to protect your OMA app with a fingerprint identity sensor such as Touch ID for iOS and Fingerprint for Andriod.

    • Windows 10 platform is now supported.

    See Configuring the Oracle Mobile Authenticator in Oracle® Fusion Middleware Administering Oracle Access Management

  • REST API

    REST API’s are introduced in 12c for Federation Management, Multi Data Center, OAuth,, Password Management, Multifactor authentication OTP, Password Policy and Session Management. They are documented in REST API’s reference documents.

    See,

2.2 What's New in Oracle Identity Governance

Oracle Identity Governance 12c (12.2.1.3.0) has the following key new features:

  • Oracle Identity Governance enables you to define your own custom access reviewer for user certifications. See Custom Reviewer for User Certifications in Performing Self Service Tasks with Oracle Identity Governance.

  • Group or certifier assignments must be claimed by a user to take actions on it and released by the user for other users in the group to view the actions taken. See Claiming and Releasing Group Certifier Assignments in Performing Self Service Tasks with Oracle Identity Governance. Group certifier assignments can be defined while creating the certification definitions. See Creating Certification Definitions in Performing Self Service Tasks with Oracle Identity Governance.

  • New options have been introduced under the Limit the entitlement-assignments to certify for each user option for creating a user certification definition. See Creating a User Certification Definition in Performing Self Service Tasks with Oracle Identity Governance.

  • New option Include entitlements provisioned by access policy has been introduced for creating an entitlement certification definition. See Creating an Entitlement Certification Definition in Performing Self Service Tasks with Oracle Identity Governance.

  • The Certification Dashboard enables sorting and listing the certifications by the percentage completion of the certifications. See Sorting Certification Search Results in Performing Self Service Tasks with Oracle Identity Governance.

  • Oracle Identity Governance supports inheriting the access granted via access policies from the parent role to child role. See Evaluating Policies for Role Inheritance in Performing Self Service Tasks with Oracle Identity Governance.

  • Access Policy can be created and managed from the Manage tab in Identity Self Service. See Managing Access Policies in Performing Self Service Tasks with Oracle Identity Governance.

  • The application onboarding capability in Identity Self Service allows you to create and manage applications, templates, and instances of applications, and clone applications. See Managing Application Onboarding in Performing Self Service Tasks with Oracle Identity Governance.

  • In Identity System Administration, the Import and Export options for incremental migration of deployments by using the Deployment Manager have a new interface and flow. See Migrating Incrementally Using the Deployment Manager in Administering Oracle Identity Governance.

  • Oracle Identity Governance provides a new real-time certification purging solution. See Using the Real-Time Certification Purge in Oracle Identity Governance in Administering Oracle Identity Governance.

  • The user interface for defining connectors and upgrading connectors have been enhanced. See Defining a Connector and Wizard Mode Upgrade in Staging Environment in Administering Oracle Identity Governance.

  • SCIM resources are secured by custom Oracle Web Services Manager (OWSM) policy, custom request headers, and a origin whitelist. See Securing SCIM Resources in Developing and Customizing Applications for Oracle Identity Governance.

  • Oracle Identity Governance provides a JSON Web Token (JWT) service to simplify the use of Oracle Identity Governance SCIM-REST service. See Using the JSON Web Token (JWT) Service.

  • Oracle Identity Governance provides policy sets containing attached OWSM policies on application path that make Restful and SOAP services secure. See Understanding Global Policy Attachments in Developing and Customizing Applications for Oracle Identity Governance.

  • Multiple sandboxes can be published in bulk and in a specified sequence. See Understanding Sandbox Operations and Publishing Sandboxes in Bulk and Sequence in Developing and Customizing Applications for Oracle Identity Governance.

2.3 What's New in Oracle Unified Directory

Oracle Unified Directory 12c (12.2.1.3.0) has the following key features:

2.4 What’s New in Oracle Internet Directory

Oracle Internet Directory 12c Release 2 (12.2.1.3.0) has the following key new features:

  • Oracle Internet Directory now uses WebLogic Management Framework for basic administrative tasks through a common command line, API and user interface. See What is the WebLogic Management Framework? in Understanding Fusion Middleware.

  • Diagnostic log messages are captured in OID server log files that includes database SQL statements and other operational time metrics. From this release, oiddiag tool is capable of generating HTML summary reports. See Oracle Internet Directory Debug Logs in Oracle Fusion Middleware Administering Oracle Internet Directory and About Oracle Internet Directory Server Diagnostic Command-Line Tool in Oracle Fusion Middleware Reference for Oracle Identity Management.

  • Replication improvements including additional debug statements for change log processing and retry_cnt updates, range fix for HIQ processing, reversed order of search results for subtree deletes, replication queue stats and replication dn info in oiddiag report are added. See Managing and Monitoring Replication in Oracle Fusion Middleware Administering Oracle Internet Directory.

    Replication server now supports one-way or two-way authentication SSL mode. See Use of SSL Encryption in Oracle Internet Directory Replication in Oracle Fusion Middleware Administering Oracle Internet Directory

  • Out-of-box default SSL configuration of OID server instance has the value of orclcryptoversion is set to 24. This means, only TLSv1.2 and TLSv1.1 are enabled. See Configuring Secure Sockets Layer (SSL) for other configuration settings in Oracle Fusion Middleware Administering Oracle Internet Directory.

    To enable no-auth mode of SSL, anonymous cipher should be configured in Oracle Internet Directory. See Configuring ODSM Connection with SSL Enabled in Oracle Fusion Middleware Administering Oracle Internet Directory