| Oracle® Identity Manager Administrative and User Console Guide Release 9.0 B25936-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Administrative and User Console Guide Release 9.0 B25936-01 |
|
Previous |
Next |
Oracle Identity Manager is an advanced, yet flexible, provisioning system for automatically granting and revoking access to enterprise applications and managed systems. Oracle Identity Manager is used to provide access to enterprise resources to staff and partners and enforce any access policies that may be associated with these resources
With Oracle Identity Manager, you can:
View your Oracle Identity Manager user account (group memberships, e-mail address, and so on).
Modify your profile.
Review the resources to which you have been granted access.
View requests that have been made by you and for you.
Make requests for additional resources for yourself.
Reset your password.
View and modify login challenge question and answer (Q&A).
Set up your user proxy.
View and manage your pending requests, if you are the authorized approver.
In addition, depending on the rights that have been granted to you within Oracle Identity Manager, you may also be able to:
Update passwords and user IDs for accounts on resources with which you have been provisioned.
Create requests for resources for any users you manage.
Complete draft requests for resources for any users you may manage.
Approve the provisioning of resources for other users.
Respond to request for more information.
The remainder of this manual will describe the various actions you can perform within Oracle Identity Manager in the following sections:
|
Note: Not all functions are available to all users. The features you can view and use within Oracle Identity Manager will depend on the privileges and rights that you have been assigned.If you are the system administrator for the Oracle Identity Manager system, be sure to read Appendix B, "System Configuration Considerations for Administrators" in this document before running your product within a production environment. If you wish to customize additional functionality associated with your Oracle Identity Manager Administrative and User Console, refer to the Oracle Identity Manager Administrative and User Console Customization Guide. |
Table 1-1 lists important user roles and capabilities associated with Oracle Identity Manager.
Table 1-1 User Roles and Capabilities
| Role | What they can do |
|---|---|
|
A person who is responsible for management of users, organizations, user groups, resources, and policies. |
|
|
A person who is responsible for approving and denying access to resources. |
|
|
A person using self-service features of Oracle Identity Manager and who is not an administrator. |
Oracle Identity Manager allows for resources to be requested and provisioned to enterprise users. The resource you or your users are provisioned with can be an application, access to a database, and rights to a directory structure on a network, or any other entity to which access is vital. The manner in which access to that resource is granted and the rights and permissions you will ultimately be provided with on that resource are all governed by the provisioning processes defined by your Oracle Identity Manager Administrator. Access to a resource may be provisioned uniformly for all users or in a unique fashion, based on variables such as your role (for example, administrator, accountant), location, employment status (for example, full time, consultant), group or department designation or other criteria that have been deemed relevant by the resource-specific and Oracle Identity Manager administrators.
Once a resource is successfully provisioned to you, you will be able to access that resource without further interaction with Oracle Identity Manager. For example, if you request access to Microsoft Exchange application and that resource was successfully provisioned to you, you would then be able to login to that application directly, using the user ID and password (if one was required) established for you by Oracle Identity Manager
Oracle Identity Manager controls the provisioning of resources using processes (and the tasks that comprise them). It also uses a specific kind of process, called an approval process, to govern the approvals that must be obtained before the provisioning of a resource may occur. As a result, Oracle Identity Manager has two different types of resource-related processes: approval processes and provisioning processes.
An approval process is used to determine whether a resource is to be approved or not for provisioning to the user(s) or organization(s) for whom it was requested. Approval processes are comprised of a series of tasks that require responses from the users responsible for approving the provisioning of the resource. Because these responses are manually provided, these will be assigned to an approver or a group of approvers.
Approvers are able to act upon all tasks within an approval process that are assigned to them. In addition, if an approver has a task within a request assigned to them, he/she will be able to view all tasks within that request. If you are an approver on a request, that request ID will be displayed when you click the Pending Approvals link under To-Do List.
|
Note: Approval processes are optional. Some resources can be configured by the Oracle Identity Manager administrator to be provisioned without requiring approval. In this case, access to the resource would be granted as soon as the request was submitted. |
A provisioning process is the process used to actually provision the resource to the user(s) or organization(s) for whom it was requested. Provisioning processes are comprised of a series of automated tasks that perform the steps necessary to grant access to a given resource.
The provisioning process cannot be initiated until the approval process is complete (except in cases where an approval process has not been defined for the resource).
The provisioning process can also utilize a special form to prompt users for, and capture, data required to grant access to a resource.
