| Oracle® Identity Manager Administrative and User Console Guide Release 9.0 B25936-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Administrative and User Console Guide Release 9.0 B25936-01 |
|
Previous |
Next |
This appendix is designed to provide information relevant to settings that administrators may want to enable and records they may need to create depending on the features of the Administrative and User Console they plan to enable within their environment. This includes the configuration of resource definitions, process forms, approval processes (and other records that will affect provisioning) within the Oracle Identity Manager Design Console and the editing of the relevant configuration files to support the desired functionality within Oracle Identity Manager Administrative and User Console. Not all of these settings will be relevant for all users. Review this section prior to deploying your Oracle Identity Manager Administrative and User Console to ensure that you have configured the product to function as intended.
|
Note: To customize the "look and feel" of Oracle Identity Manager Administrative and User Console within your environment, refer to the Oracle Identity Manager Administrative and User Console Customization Guide. |
| Administrative and User Console functionality | Configuration Items |
|---|---|
| If you want to allow users to Self register within Oracle Identity Manager | |
| To allow users to self register within Oracle Identity Manager | Set the Is Self-Registration Allowed property in the System Configuration form to TRUE. The System Configuration form is available in the Oracle Identity Manager Design Console. |
| To require users to select their verification questions and provide answers to these question when registering | Set the Does user have to provide challenge information during registration property in the System Configuration form to TRUE. The System Configuration form is available in the Oracle Identity Manager Design Console. |
| To designate the number of verification questions to which the user must provide answers. | Set the Number of Questions property in the System Configuration form to the number of questions to which you want to require users to provide answers. Be sure that the number of questions you supply within the Lookup.WebClient.Questions lookup definition is equal to or greater than the value of the Number of Questions property (you may need to create additional questions).
The System Configuration form is available in the Oracle Identity Manager Design Console. |
| To designate the list of questions from which user may select when setting their verification questions and answers. | Define a row on the Lookup.WebClient.Questions lookup definition for each question you wish to allow (in the Lookup Definition form).
The Lookup Definition form is available in the Oracle Identity Manager Design Console. |
| To require an approval for self registration | You must define an approval task in the User Registration approval process. |
| To allow separate workflow approvals for self registration depending on user profile information | You must define additional approval processes for the Request resource definition. You must also create a rule (of type process determination) containing a rule element that (at least) requires that the request object action is Create Entity. You must then associate the rule with the particular approval process on the Request resource definition to allow Oracle Identity Manager to determine which process to select. |
| To automatically add a user to groups based on self registration | You must define rules (of type general) and attach them to the user group definitions to which you want users automatically added upon registration. This enables Oracle Identity Manager to determine which groups to add users to based on the criteria they enter upon registration. The criteria in the rules must match the user-entered criteria. |
| If you wish to prevent certain users from accessing particular pages in the Oracle Identity Manager Administrative and User Console. | |
| To designate the pages to which all users are to be allowed access | You must specify these pages on the Menu Items tab of the All Users user group. |
| To designate the pages to which various administrative groups are to be allowed access. | You must specify these pages on the Menu Items tab of the applicable administrative user groups (for example, System Administrators, AdminGroup1, and so on). |
| If you wish to allow administrators to create Oracle Identity Manager accounts for other users | |
| To allow administrators to create an Oracle Identity Manager account for other users | Ensure that the groups of which these administrators are members are added to the Administrators tab of the Organizations that contain the users they are to administer. |
| To specify the fields for which values can be entered (for example, are visible) when creating the user account. | You must designate the fields for which you are allowing values to be entered when creating user accounts within the FormMetaData.xml file. Refer to the Oracle Identity Manager Administrative and User Console Customization Guide for the section of the file to be edited. |
| To specify the fields for which values will be required when creating the user account. | You must designate the fields for which you must specify values when creating user accounts within the FormMetaData.xml file. Refer to the Oracle Identity Manager Administrative and User Console Customization Guide for the section of the file to be edited. |
| To specify the groups of which a user is automatically made a member. | You must define rules (of type general) and attach them to the user group definitions to which you want users automatically added upon registration. This enables Oracle Identity Manager to determine which groups to add users to based on the criteria entered when their account was created. The criteria in the rules must match the entered criteria. |
| To designate the groups to which administrators can add users who they administer | Ensure that the groups of which these administrators are members are added to the Administrators tab of the group definitions to which you wish to allow them to add users. |
| If you want to allow users to edit their Oracle Identity Manager profile | |
| To require an approval for user-initiated Oracle Identity Manager profile updates | You must define an approval task in the User Profile Edit approval process |
| To allow separate workflow approvals for user-initiated profile updates | You must define additional approval processes for the Request resource definition. You must also create a rule (of type process determination) containing a rule element that (at least) requires that the request object action is Modify Entity. You must then associate the rule with the particular approval process on the Request resource definition to allow Oracle Identity Manager to determine which process to select. |
| To control which fields you want to allow users to be able to edit in their own profile | You must designate which fields you want to allow user to edit in their own profile in the FormMetaData.xml file. Refer to the Oracle Identity Manager Administrative and User Console Customization Guide for the section of the file to be edited. |
| If you want to allow administrators to edit the Oracle Identity Manager accounts of other users | |
| To control which users can edit the profiles of other users | You must designate the forms to which members of the various administrative groups are to have access. You must also add these groups to the Administrators tab of the Organizations that contain the users they are to administer. |
| To control which Oracle Identity Manager system fields (for example user ID, first name, and so on) administrators can edit. | You must designate which fields you want to allow administrators to edit for other users. The fields you want to make editable must be specified in the FormMetaData.xml file. Refer to the Oracle Identity Manager Administrative and User Console Customization Guide for the section of the file to be edited. |
| To control which User-Defined fields (for example Social Security number, local identity, and so on) administrators can edit. | You must designate which fields you want to allow administrators to edit for other users. Depending on the pages in the Administrative and User Console on which these fields will appear, you may need to edit the FormMetaData.xml file to add attribute definitions and references for these fields. Refer to the Oracle Identity Manager Administrative and User Console Customization Guide for a list of the pages that will require this and the section of the file to be edited. |
