Skip Headers
Oracle® Identity Manager Design Console Guide
Release 9.0
B25940-01
  Go To Documentation Library
Home
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
 
Next
Next
 

8 Oracle Identity Manager (Xellerate) Administration

This chapter describes the administration of Oracle Identity Manager (Xellerate). It contains the following topics:

Overview

The Oracle Identity Manager (Xellerate) Administration folder provides System Administrators with the tools necessary to manage Oracle Identity Manager administrative features. This folder contains the following forms:

The Form Information Form

The Form Information form, as shown in Figure 8-1, is located in the Oracle Identity Manager Administration folder. It is used to specify the class name, label (that appears in the Oracle Identity Manager Explorer), form type, graphic icon, and help context to be associated with a given Oracle Identity Manager form. You can also use this form to modify the folders and folder items that appear within the Oracle Identity Manager Explorer.

Figure 8-1 The Form Information Form

Form information form
Description of "Figure 8-1 The Form Information Form"

The following table describes the data fields of this form.

Field Name Description
Key The system-generated ID for the form or folder.
Class Name The name of the class associated with the form or folder. For the forms and folders that are pre-installed with Oracle Identity Manager, this will be a Thor class.
Description The label that appears for this form or folder within the Oracle Identity Manager Explorer. For forms of childform type, this value must include the name of the parent form and adhere to the following naming convention: <parent_form_name>.<child_form_name>.
Type The form type associated with the form or folder. For folders, this must be folder. Valid selections are folder, export, processform, childform, javaform, import, and menuitem.
Graphic Filename The name of the graphic file that appears as an icon next to the form or folder in the Oracle Identity Manager Explorer.
Context Sensitive Help URL The URL of the online Help topic that appears if the user presses F1 when this form is active.

Add an Oracle Identity Manager Form/Folder

To add an Oracle Identity Manager form or folder, perform the following steps:

  1. Access the Form Information form.

  2. Enter the name of the class that will be used to render the form in the Class Name field.

  3. Enter the label you wish to be displayed for the form or folder in the Oracle Identity Manager Explorer in the Description field.


    Note:

    For forms of childform type, this value must include the name of the parent form and adhere to the following naming convention: <parent_form_name>.<child_form_name>.

  4. Select the desired item from the Type combo box.

    • For folders, select folder.

    • For forms related to export procedures, select export.

    • For forms related to a process, select processform.

    • For tabs that appear within other forms, or for forms that are nested within other forms, select childform.

    • For general forms, select javaform.

    • For forms related to import procedures, select import.

    • For menu items associated with the Oracle Identity Manager Administrative and User Console, select menuitem.


      Note:

      For more information on the Oracle Identity Manager Web Guide, refer to Oracle Identity Manager Administrative and User Console Guide.

  5. Enter the name of the icon or graphic image file to be used within the Oracle Identity Manager Explorer for the form or folder in the Graphic Filename field.

  6. Enter the URL of the online Help topic for the form in the Context Sensitive Help URL field. This will be the file displayed if the user presses F1 when the form is active.

  7. Click Save. The form is added. In addition, a system-generated ID for the form or folder appears within the Key field.

Modify the Oracle Identity Manager Explorer

The Oracle Identity Manager Explorer and layout of its folders and folder items can be modified based on different user group levels.


Note:

Click the plus sign (+) to expand a folder, and show folder items, or click the minus sign (-) to hide folder items.

The folders and folder items that a user can access are based on the user groups of which the user is a member. For example, suppose the IT DEPARTMENT user group can open the System Configuration form, and the HR DEPARTMENT user group is able to launch the Lookup Definition form. If a user belongs to both user groups, he or she can access the System Configuration form and the Lookup Definition form.

The Lookup Definition Form

The Lookup Definition form, as shown in Figure 8-2, is located within the Oracle Identity Manager Administration folder. It is used to create and manage lookup definitions.

Figure 8-2 The Lookup Definition Form

Lookup definition form
Description of "Figure 8-2 The Lookup Definition Form"

A lookup definition represents:

Users can access lookup definitions from one of two locations:

The following table describes the data fields of the Lookup Definition form.

Field Name Description
Code The name of the lookup definition.
Field The name of the table column of the form or tab from which the text field, lookup field, or combo box field will be accessible.
Lookup Type/Field Type These radio buttons are used to designate whether the lookup definition is to represent a text field, a lookup field, or a combo box.

By selecting the Field Type radio button, the lookup definition will represent a text field.

If you select the Lookup Type radio button, the lookup definition is to represent either a lookup field or a combo box, along with the values that are to be accessible from that lookup field or combo box.

Note: For forms or tabs that come packaged with Oracle Identity Manager, the lookup definition has already been set as either a lookup field or a combo box. This cannot be changed. However, you can add or modify the values that are accessible from the lookup field or combo box.

For forms or tabs that are user-defined, the user determines whether the lookup definition will represent a lookup field or a combo box through the Additional Columns tab of the Form Designer form.

For more information on specifying the data type of a lookup definition, refer to "Additional Columns".

Required By selecting this check box, the lookup definition is designated as required. As a result, Oracle Identity Manager will not allow the contents of the corresponding form or tab to be saved to the database until the field or combo box, represented by the lookup definition, is supplied with data.
Group The name of the Oracle Identity Manager or user-defined form on which the lookup definition is to appear.

Now that we have reviewed the data fields of this form, you will learn how to create a lookup definition.

Create a Lookup Definition

To create a lookup definition, perform the following steps:

  1. Open the Lookup Definition form.

  2. In the Code field, enter the name of the lookup definition.

  3. In the Field field, enter the name of the table column of the Oracle Identity Manager or user-created form or tab, from which the text field, lookup field, or combo box field will be accessible.

  4. If the lookup definition is to represent a lookup field or combo box, select the Lookup Type radio button.


    Note:

    For more information on specifying whether the lookup definition will represent a lookup field or a combo box, refer to the table that appears earlier in this section.

    If the lookup definition is to represent a text field, select the Field Type radio button.

  5. Optional. If you want to set Oracle Identity Manager to save the contents of the corresponding form or tab to the database only when the field or combo box, represented by the lookup definition, is supplied with data, select the Required check box. Otherwise, proceed to Step 6.

  6. In the Group field, enter the name of the Oracle Identity Manager or user-defined form on which the lookup definition appears.


    Note:

    You must adhere to certain naming conventions for the text you enter into the Code, Field, and Group text boxes.

    For more information on these naming conventions, refer to Chapter8, "The Lookup Definition Form".


  7. Click Save. The lookup definition is created. The associated text field, lookup field, or combo box will now appear in the Oracle Identity Manager or user-defined form or tab you specified.

The Lookup Code Information Tab

The Lookup Code Information tab is located in the lower half of the Lookup Definition form. It is used to create and manage detailed information related to the selected lookup definition. This information, which includes the names, descriptions, language codes, and country codes of a value pertaining to the lookup definition, is known as a lookup value.

The following procedures show how to create, modify, and delete a lookup value.


Caution:

For internationalization purposes, a lookup value must be supplied with both a language and country code.

When creating a new lookup definition, ensure to save it before adding lookup values to it.


Create or Modify a Lookup Value

To create or modify a lookup value, perform the following steps:

  1. Open the Lookup Definition form.

  2. Access a lookup definition.

  3. If you are creating a lookup value, click Add. A blank row appears within the Lookup Code Information tab.

    If you are modifying a lookup value, highlight the lookup value that you want to edit.

  4. Add or edit the information in the Code Key field. This field contains the name of the lookup value.

    In addition, if the Lookup Type radio button is selected, this field also represents what appears within the lookup field or combo box once the user makes a selection.

  5. Add or edit the information in the Decode field. This field contains a description of the lookup value.

    Also, if the Lookup Type radio button is selected, this field also represents:

    • The items that appears within a lookup window (once the user double-clicks the corresponding lookup field); or

    • The commands that are to be displayed within the associated combo box.

  6. Add or edit the information in the Language field. This field contains a two-character language code for the lookup value.

  7. Add or edit the information in the Country field. This field contains the lookup value's two-character country code.

  8. Click Save. The lookup value you created or modified will now reflect the settings you have entered.

Delete a Lookup Value

To delete a lookup value, perform the following steps:

  1. Open the Lookup Definition form.

  2. Access a lookup definition.

  3. Highlight the lookup value that you want to remove.

  4. Click Delete. The selected lookup value is deleted.

The User Defined Field Definition Form

Sometimes, other than the fields that Oracle Identity Manager provides by default, you may need to store additional information. When this occurs, you can create the fields that will contain this information, and add them to various Oracle Identity Manager forms. These fields, which you create, are known as user-defined fields.

The User Defined Field Definition form, as shown in Figure 8-3, is located in the Oracle Identity Manager Administration folder. It is used to create and manage user-defined fields for the Organizations, Users, Requests, Resource Objects, User Groups, and Form Designer forms.

Figure 8-3 The User Defined Field Definition Form

User defined field definition form
Description of "Figure 8-3 The User Defined Field Definition Form"


Note:

The user-defined field appears on the User Defined Fields tab of the form that appears in the Form Name data field. For this example, the Access Code Number user-defined field will be added to the User Defined Fields tab of the Organizations form.

Now that we have reviewed user-defined fields, you will learn about the data fields of the User Defined Field Definition form. The following table describes the fields of this form.

Field Name Description
Form Name The name of the form that the user-defined fields, which are displayed within the User Defined Columns tab, appears.

Important: Since the user-defined fields for a user pertain to the user's profile information, they are displayed within the User Profile tab of the Users form.

Description Additional information about the user-defined field definition.
Auto Pre-Population This check box designates whether the user-defined fields for a form, which have pre-populated adapters attached to them, will be populated by Oracle Identity Manager or a user.

If the Auto Pre-Population check box is selected, the user-defined fields that have pre-populate adapters attached to them will be populated by Oracle Identity Manager.

When this check box is cleared, these fields must be populated by a user (by clicking the Pre-Populate button on the Toolbar or by a user manually entering the data).

Important: This setting does not control the triggering of the pre-populate adapter. It merely determines whether the contents resulting from the execution of the adapter appear within the associated user-defined field (s) because of Oracle Identity Manager or a user.

For more information on pre-populate adapters, refer to Oracle Identity Manager Tools Reference Guide.

Note: Setting this checkbox is relevant only if you have created a user-defined field, and a pre-populate adapter is associated with that field.


Now that we have reviewed the data fields of this form, you will learn how to select a target form for the user-defined fields you will be creating.

Select the Target Form for a User-Defined Field

To select the target form for a user-defined field, perform the following steps:

  1. Open the User Defined Field Definition form.

  2. Double-click the Form Name lookup field. From the Lookup window that appears, select the Oracle Identity Manager form (Organizational Defaults, Policy History, Group Entitlements, Resource Objects, or Form Designer) that will display the user-defined field you will be creating.

  3. Click Query. The form to which you will be adding the user-defined field is selected.

Tabs on the User Defined Field Definition Form

Once you launch the User Defined Field Definition form, and select a target form for the user-defined fields you will be creating, the tabs of this form become functional.

The User Defined Field Definition form contains the following tabs:

Each of these tabs is covered in greater detail in the sections that follow.

User Defined Columns

Figure 8-4 displays the User Defined columns tab of the User Defined Field Definition Form.

Figure 8-4 User Defined Columns Tab of the User Defined Field Definition Form

User defined columns tab
Description of "Figure 8-4 User Defined Columns Tab of the User Defined Field Definition Form"

This tab is used to:

  • Create a user-defined field.

  • Set the variant type, length, and field type for the user-defined field.

  • Specify the order in which the user-defined field appears on the User Defined Fields tab of the target form.

  • Determine whether the information, which is associated with the user-defined field, is to be encrypted when it is exchanged between the Client and the Server.

  • Remove a user-defined field, when it is no longer valid.


Caution:

the field's order number determines the order in which a user-defined field appears on a form. For this example, the Access Code Number user-defined field has an order number of 1. Therefore, this field appears first on the User Defined Fields tab of the Organizations form.

Now that we have reviewed the User Defined Columns tab, you will learn how to add a user-defined field to an Oracle Identity Manager form, and remove a user-defined field from an Oracle Identity Manager form.

Add a User-Defined Field to an Oracle Identity Manager Form

  1. Click Add. The User Defined Fields dialog box is displayed, as shown in Figure 8-5.

    Figure 8-5 The User Defined Fields Dialog Box

    User defined fields window
    Description of "Figure 8-5 The User Defined Fields Dialog Box"

    Field Name Description
    Label The label that is associated with the user-defined field. This label appears next to the user-defined field on the User Defined Fields tab of the target form.

    Important: The maximum length for a label is 30 characters.

    Data Type From this combo box, select one of the following data types for the user-defined field:
    • String. A series of alphanumeric characters can be entered into this user-defined field.

    • Date. When this user-defined field appears on a form, and a user double-clicks it, the Date and Time dialog box appears.

    • Integer. A number without a decimal point (3) can be entered into this user-defined field.

    • Boolean. When this user-defined field appears on a form, a user can enter two values into it: True (1) or False (0).

    • Double. A double-precision floating-point number (or a "double" number) can be entered into this user-defined field.

    Field Size In this text field, enter the maximum amount of numbers or characters that a user can enter into the user-defined field.

    Note: The Field Size text field is enabled only for the String data type.

    Field Type From this combo box, select one of the following field types for the user-defined field:
    • Text Field. The user-defined field appears on the User Defined Fields tab of the target form as a text field.

    • Lookup Field. The user-defined field appears on the User Defined Fields tab of the target form as a Lookup field.

    • Combo Box. The user-defined field appears on the User Defined Fields tab of the target form as a combo box.

    • Text Area. The user-defined field appears on the User Defined Fields tab of the target form as a text area.

    • Password Field. The user-defined field appears on the User Defined Fields tab of the target form as a text field. From this text field, a user can either query for an encrypted password (it appears as a series of asterisks [*]), or populate the field with an encrypted password, and save it to the database.

    • Check Box. The user-defined field appears on the User Defined Fields tab of the target form as a check box.

    • Date Field with Dialog. This data field appears on the User Defined Fields tab of the target form as a Lookup field. Once the user double-clicks this Lookup field, a Date & Time window appears. Oracle Identity Manager will then populate the data field with the date and time that the user selects from this window.

    Note: The field types that appear within this combo box reflect the data type that is displayed within the Data Type combo box.

    Column Name The name of the user-defined field that is recognized by the database.

    Note: This name is comprised of the <TABLE NAME_UDF_> prefix, followed by the label, which is associated with the user-defined field.

    So, if the Table Name field of the Organizations form is ACT, and the name for the data field is ACN, the name of the user-defined field, which the database recognizes, would be ACT_UDF_ACN.

    Important: The name that you enter into the Column Name field cannot contain any spaces.

    Default Value This value appears within the user-defined field once it appears on the target form.
    Encrypted This check box is used to determine whether the information, which appears within the associated user-defined field, is to be encrypted when it is exchanged between the Client and the Server.

    If this check box is selected, the information that is displayed within the user-defined field is encrypted when it is exchanged between the Server and the Client.

    When this check box is cleared, the information that appears in the user-defined field will not be encrypted as it is exchanged between the Client and the Server.

    Sequence This field represents the order in which the user-defined field appears on the designated form. For example, if a 2 appears in the Sequence field, it appears below the user-defined field with a sequence number of 1.

  2. Set the parameters for the user-defined field you are adding to a form, as shown in Figure 8-6.

    Figure 8-6 The User Defined Fields Dialog Box - Filled

    User defined fields window
    Description of "Figure 8-6 The User Defined Fields Dialog Box - Filled "

    For this example, the Access Code Number user-defined field appears first on the User Defined Fields tab of the Organizations form. The data type of this field is String, and a user can enter up to 25 digits into it.

  3. From this window, click Save.

  4. Click Close. The user-defined field appears within the User Defined Columns tab. Once the target form is launched, this user-defined field appears within the User Defined Fields tab of that form.


Caution:

Since the user-defined fields for a user pertain to the user's profile information, they are displayed within the User Profile tab of the Users form.

Remove a User-Defined Field from an Oracle Identity Manager Form

  1. Highlight the desired user-defined field.

  2. Click Delete. The user-defined field is removed.

Properties

Figure 8-7 displays the Properties tab of the User Defined Field Definition form.

Figure 8-7 The Properties Tab of the User Defined Field Definition Form

Properties tab
Description of "Figure 8-7 The Properties Tab of the User Defined Field Definition Form"

This tab is used to assign properties and property values to the data fields, which appear on the User Defined Fields tabs of various Oracle Identity Manager forms.

For this example, the User Defined Fields tab of the Requests form displays one data field: Issue Tracking Item. This data field contains the following properties:

  • Required, which determines whether the data field needs to be populated for the Requests form to be saved. The default property value for the Required property is false.

  • Visible Field, which establishes whether the data field appears on the Requests form. The default property value for the Visible Field property is true.

Since the property values for the Required and Visible Field properties are true for this data field, once the Requests form is launched, the Issue Tracking Item data field appears within the User Defined Fields tab. In addition, this field needs to be populated for the form to be saved.

The following section describes how to add and remove a property and property value to a data field.


Note:

To learn how to add a property and property value to a data field, or remove a property and property value from a data field, refer to "The Form Designer Form".

Administrators

Figure 8-8 displays the Administrators tab of the User Defined Field Definition form.

Figure 8-8 Administrators Tab of the User Defined Field Definition Form

Administrators tab
Description of "Figure 8-8 Administrators Tab of the User Defined Field Definition Form"

This tab is used to specify the user groups that have administrative privileges over the current record of the User Defined Field Definition form. In addition, the Write and Delete check boxes on this form are used to designate whether these administrative groups can modify and/or delete information pertaining to the current user-defined field (UDF) definition.

Now that we have reviewed the Administrators tab, you will learn how to assign administrative privileges to a user group for a UDF definition, and remove administrative privileges from a user group for a UDF definition.

Assign Administrative Privileges to a User Group for a UDF Definition

  1. Click Assign. The Assignment dialog box is displayed.

  2. Select the user group, and assign it to the UDF definition.

  3. Click OK. The user group appears in the Administrators tab.

  4. If you want this user group to be able to view and/or modify information pertaining to the current definition, double-click the corresponding Write check box. Otherwise, proceed to Step 5.

  5. If you want this user group to be able to delete information contained within the current definition, double-click the associated Delete check box. Otherwise, proceed to Step 6.

  6. Click Save. The user group is assigned to the UDF definition. The members of this user group can view, modify, and/or delete information contained within this definition.

Remove Administrative Privileges From a User Group for a UDF Definition

  1. Highlight the user group that you want to remove.

  2. Click Delete. The user group is removed from the UDF definition. Its members no longer have administrative privileges for the definition.

The System Configuration Form

The System Configuration form, as shown in Figure 8-9, is located in the Oracle Identity Manager Administration folder. It is used to define and set the value of properties that control the behavior of the Oracle Identity Manager Client and/or Server. In addition, you may specify the users and/or user groups to which the value of a property setting applies. Alternately, you may specify that the value of a property setting apply to all users.

Figure 8-9 The System Configuration Form

System configuration form
Description of "Figure 8-9 The System Configuration Form"

The following table describes the data fields of this form:

Field Name Description
Key The system-generated ID for one instance of the property definition. There may be more than one instance of a definition (for example, one for System Administrators, another for all users).
System This check box is used to designate whether this instance of the property definition applies to all users in Oracle Identity Manager (i.e., it is a system-wide instance) or only to select users and user groups.

To apply this setting to all users, select this check box (the Users and Groups tabs will be disabled).

To specify that an instance of the property apply to certain users and groups, clear this check box.

Note: The System check box will be disabled if the Server radio button (described below) is selected.

Client

Client/Server

Server

[Radio buttons]

These three radio buttons are used to designate whether this instance of the property definition applies to the Client, the Server, or both.

If the Client radio button is selected, the property value only applies to the Client.

If the Client/Server radio button is selected, the property value applies to both the Client and Server.

If the Server radio button is selected, the property value only applies to the Server. Selecting this option will disable the System checkbox (since system-wide settings do not apply to the Server).

Name The name of the property. This should be an intuitive description of what the property controls. It does not need to be unique.
Keyword The property's unique ID.

This must be identical for each instance of this property. For example, if you wish to set the Record Read Limit property (the maximum number of records a user's query may retrieve) differently for two separate users, you would need to create two instances of this property definition.

Note: For more information on the various properties you can set for the Client and/or the Server, refer to the "System Properties".

Value The value to which this instance of the property definition has been set. This will be the value applied to those users/groups assigned to this instance of the property (unless the System checkbox is selected, denoting that the instance applies to all users).

Now that we have reviewed the basic characteristics of a system property, you are ready to define instances of property definitions, and assign users or groups to these instances. Also, when an instance of a property definition no longer applies to a user or group, you will learn how to remove the user or group from this instance.

Create or Edit an Instance of a Property Definition

To create a new instance or edit an existing instance of a property definition, perform the following steps:

  1. Access the System Configuration form.

  2. If you are creating a new instance of a property definition, click New on the Toolbar. Ensure that the values in the Name and Keyword fields are the same for all instances of this property definition (for example, Record Read Limit, XL.READ_LIMIT).


    Note:

    It is recommended that you copy these values from the other instances of this property definition to minimize any chance of a typing error.

    If you are editing an existing instance of a property definition, query for the property definition.

  3. Select the Client, Client/Server, or Server radio button depending on whether the instance of this property definition will apply to the Client only, both the Client and the Server, or just the Server.

  4. Designate whether you wish this instance of the property definition to apply to all users or only to select users and user groups by selecting or clearing the System check box.


    Note:

    If you selected the Server radio button in Step 3, the System check box will be disabled. When this occurs, proceed to Step 5.

  5. Enter the desired value in the Value field. This will be the value of the property for this instance of the definition.

  6. Click Save. The instance of the property definition is created or modified.

Now that you have added or edited an instance of a property definition, you will learn how to assign users and groups to this instance.

Assign a User or Group to an Instance of a Property Definition

To assign a user or group to an instance of a property definition, perform the following steps:


Caution:

If this is a system-wide instance (i.e., the System check box is selected), it will be applied to all users and groups. As a result, you do not need to assign it to a particular user or group.

  1. Access the System Configuration form.

  2. Query for the instance of the property definition you wish to assign to a user or group.


    Note:

    To learn more about the various property definitions to which you can assign users and groups, refer to "System Properties".

  3. Select the Client, Client/Server, or Server radio button, depending on whether the instance of this property definition will apply to the Client only, both the Client and the Server, or just the Server.

  4. To assign the property instance to one or more users, click the Users tab. Otherwise, to assign the property instance to one or more user groups, click the Groups tab.

  5. Click Assign. The Assignment dialog box is displayed.

  6. Select and assign the desired users or groups and then, click OK.

  7. Click Save. The instance of the property definition is assigned to the user(s) and/or group(s) you selected in Step 6.

Remove a User or Group From an Instance of a Property Definition

To remove a user or group from an instance of a property definition, perform the following steps:

  1. Access the System Configuration form.

  2. Query for the instance of the property definition from which you wish to remove a user or group.

  3. Highlight the desired user or group (from the Users or Groups tabs, respectively).

  4. Click Delete. The user or group is removed from the instance of the property definition. As a result, the property is no longer associated with the user or group.

The Remote Manager Form

The Remote Manager is a light-weight network component (server) that enables to integrate with target systems whose APIs do not have the ability to communicate over a network, or do have network awareness but are not secure. This is accomplished by having a Remote Manager work as a server on the target system, and an Oracle Identity Manager Server work as its client, such that the Oracle Identity Manager Server sends a request for the Remote Manager to instantiate the target system APIs on the target system itself, and invokes methods on its behalf.

The Remote Manager form, as shown in Figure 8-10, is located in the Oracle Identity Manager Administration folder. It is used to display the following:

Figure 8-10 The Remote Manager Form

Remote manager form
Description of "Figure 8-10 The Remote Manager Form"

For this example, there are two remote managers that can communicate with Oracle Identity Manager: Australia Server and UKSERVER.

The Australia Server remote manager has an IP address of 215.0.255.192. Though it can handshake with Oracle Identity Manager, because the Running check box is cleared, the remote Server is down. Lastly, the IT Resource check box is selected, signifying that this remote manager represents IT resource(s) that can be used by Oracle Identity Manager.

The UKSERVER remote manager has an IP address of 192.168.0.45. Since the Running check box is selected, the remote Server is operable. However, because the IT Resource check box is cleared, this remote manager does not represent IT resource(s) that Oracle Identity Manager can use.


Note:

To learn how the Remote Manager form is used with other Oracle Identity Manager forms, refer to Oracle Identity Manager Tools Reference Guide.

The Password Policies Form

The Password Policies form, as shown in Figure 8-11, is located in the Oracle Identity Manager Administration/Policies folder. It is used to:

Figure 8-11 The Password Policies Form

password policies form
Description of "Figure 8-11 The Password Policies Form"

You will now learn about the data fields of the Password Policies form. The following table describes the data fields of this form.

Field Name Description
Policy Name The password policy's name.
Policy Description Explanatory information about the password policy.

Now that we have reviewed password policies and the data fields of the Password Policies form, you are ready to create a password policy.

Create a Password Policy

To create a password policy, perform the following steps:

  1. Open the Password Policies form.

  2. In the Policy Name field, enter the name of the password policy 3.

  3. In the Policy Description field, enter explanatory information about the password policy.

  4. Click Save. The password policy is created.


Note:

Once a password policy is created, it must be supplied with criteria and associated with a resource. To supply your password policy with criteria, use the Policy Rules tab of this form. To associate your password policy with a resource, use the Password Policies Rule tab of the Resource Object form to create a password policy/rule combination that will be evaluated when accounts are created or updated on the resource. The password policy will then be invoked and applied when that rule's criteria are satisfied. Multiple resources can use each password policy.

Tabs on the Password Policies Form

Once you launch the Password Policies form, and create a password policy, the tabs of this form become functional.

The Password Policies form contains the following tabs:

Each of these tabs is covered in greater detail in the following sections.

Policy Rules

Figure 8-12 displays the Policy Rules tab of the Password Policies Form.

Figure 8-12 The Policy Rules Tab of the Password Policies Form

Policy rules tab
Description of "Figure 8-12 The Policy Rules Tab of the Password Policies Form"

This tab is used to specify the criteria of your password policy (for example, defining a password's minimum and maximum length).

You may use either or both of the following methods to set password restrictions:

  • Enter information into the appropriate text boxes or select the desired check boxes. As an example, to indicate that a password must have a minimum length of four characters, type 4 into the Minimum Length text box. For another example, to prohibit Oracle Identity Manager from accepting a user's first name as a valid password, select the Disallow First Name check box.

  • Enter a path and filename into the Password File text box (for example, c:\xellerate\userlimits.txt). This file contains pre-defined terms that are not allowed as passwords. The delimiter specified in the Password File Delimiter field separates these terms.

Now that we have reviewed password restrictions, you will learn about the data fields of the Policy Rules tab. These are the fields into which you will specify the password limitations.


Note:

If a data field is empty, the password does not have to meet the criteria of that field for it to be valid. For example, when the Minimum Numeric Characters and Maximum Numeric Characters data fields are blank, Oracle Identity Manager will accept the password, regardless of how many digits it has.

The following table describes the data fields of the Policy Rules tab.

Field Name Description
Minimum Length The fewest number of characters that a password can have for it to be valid.

For example, if 4 appear in the Minimum Length text box, the password must have at least four characters for it to be accepted.

Maximum Length The highest number of characters that a password can have for it to be valid.

As an example, if 8 appear in the Maximum Length text box, the password will not be accepted if it has more than eight characters.

Minimum Alphabet Characters The fewest number of letters that a password can have for it to be valid.

For example, if 2 appear in the Minimum Alphabet Characters text box, the password will not be accepted if it has fewer than two letters.

Minimum Numeric Characters The fewest number of digits that a password can have for it to be valid.

As an example, if 1 appears in the Minimum Numeric Characters text box, the password must have at least one number for it to be accepted.

Minimum Alphanumeric Characters The fewest number of letters or digits that a password can have for it to be valid.

For example, if 6 appear in the Minimum Alphanumeric Characters text box, the password must be comprised of at least six letters or numbers for it to be accepted.

Minimum Special Characters The fewest number of non-alphanumeric characters (for example, #, %, or &) that a password can have for it to be valid.

As an example, if 1 appears in the Minimum Special Characters text box, the password must have at least one non-alphanumeric character for it to be accepted.

Maximum Special Characters The highest number of non-alphanumeric characters that a password can have for it to be valid.

For example, if 3 appear in the Maximum Special Characters text box, the password will not be accepted if it has more than three non-alphanumeric characters.

Maximum Repeated Characters The highest number of duplicate characters that a password can have for it to be valid.

As an example, if 2 appear in the Maximum Repeated Characters text box, the password will not be accepted if more than two characters are repeated. So, for this example, RL112233 would not be a valid password (three characters of the password are repeated).

Minimum Unique Characters The fewest number of non-repeating characters that a password can have for it to be valid.

As an example, if 1 appears in the Minimum Unique Characters text box, the password will not be accepted if every character of the password is repeated at least once. Therefore, for this example, 1a23a321 would not be a valid password (each character of the password is repeated).

Minimum Uppercase Characters The fewest number of uppercase letters that a password can have for it to be valid.

For example, if 8 appear in the Minimum Uppercase Characters text box, the password will not be accepted if it has fewer than eight uppercase letters.

Minimum Lowercase Characters The fewest number of lowercase letters that a password can have for it to be valid.

As an example, if 8 appear in the Minimum Lowercase Characters text box, the password will not be accepted if it has fewer than eight lowercase letters.

Expires After (Days) The maximum number of days for which a password is valid.

For example, if 30 appear in the Expires After (Days) text box, and the password is created on November 1, it will not be valid on December 1 (31 days will have elapsed).

Warn After (Days) The number of days that will pass before a user is notified that a password will expire on a designated date.

As an example, suppose 30 appear in the Expires After (Days) text box, 10 is displayed in the Warn After (Days) text box, and the password is created on November 1. On November 11, the user will be informed that the password will expire on December 1.

Characters Required The characters that a password must have for it to be valid.

For example, if x appears in the Characters Required text box, the password will be accepted only if it contains an "x".

Characters Not Allowed The characters that a password must not have for it to be valid.

As an example, if ! appears in the Characters Not Allowed text box, the password will not be accepted if it contains an "!".

Characters Allowed The characters that a password can have for it to be valid.

For example, if % appears in the Characters Allowed text box, the password will be accepted if it contains a "%".

Substrings Not Allowed A series of consecutive alphanumeric characters that a password must not have for it to be valid.

As an example, if IBM appears in the Substrings Not Allowed text box, the password will not be accepted if it contains the letters "I", "B", and "M", in successive order.

Start With Character This check box is used to specify whether a password is to begin with a character.

By selecting this check box, the password must start with a character for it to be valid.

If you clear this check box, the password will be accepted, even if it does not begin with a character.

Disallow First Name This check box is used to specify whether the user's first name is to be accepted as all or a portion of the password.

By selecting this check box, the password will not be valid if the user's first name is entered into the Password field.

If you clear this check box, the password will be accepted, even if it contains the user's first name.

Disallow User ID This check box is used to specify whether the User ID is to be accepted as all or a portion of the password.

By selecting this check box, the password will not be valid if the User ID is entered into the Password field.

If you clear this check box, the password will be accepted, even if it contains the User ID.

Disallow Last Name This check box is used to specify whether the user's last name is to be accepted as all or a portion of the password.

By selecting this check box, the password will not be valid if the user's last name is entered into the Password field.

If you clear this check box, the password will be accepted, even if it contains the user's last name.

Password File The path and name of a file that contains pre-defined terms, which are not allowed as passwords.

Note: If any settings in the Policy Rules tab differ from the specifications in the password file, Oracle Identity Manager will defer to the tab's settings.

Password File Delimiter The character used to separate terms in the password file from one another.

For example, if a "," appears in the Password File Delimiter text box, the terms of the password file will be separated by commas.


Now that we have reviewed the data fields of the Policy Rules tab, you are ready to specify the criteria (or rules) for the password policy.

Set the Criteria for a Password Policy

  1. Access the desired password policy definition.

  2. Click the Policy Rules tab.

  3. Enter information into the appropriate text boxes.

    AND/OR

    Select the desired check boxes.

  4. Click Save. The rules for the password policy are set.

Usage

Figure 8-13 displays the Usage tab of the Password Policies form.

Figure 8-13 The Usage Tab of the Password Policies Form

Usage tab
Description of "Figure 8-13 The Usage Tab of the Password Policies Form"

Within this tab, you can see the rules and resource objects that are associated with the current password policy.

For this example, the Solaris password policy and the Password Validation Rule have been assigned to The Solaris Resource Object.


Note:

For more information on the relationship between password policies and resource objects, refer to "Password Policies Rule".

The Task Scheduler Form

The Task Scheduler form, as shown in Figure 8-14, is located in the Oracle Identity Manager Administration/Job Scheduling Tools folder. It is used to define:

Figure 8-14 The Task Scheduler Form

Task scheduler form
Description of "Figure 8-14 The Task Scheduler Form"


Caution:

As stated above, the Task Scheduler form is used to determine when a task is scheduled to be run. However, the Oracle Identity Manager program that triggers the execution of this task is referred to as the scheduler daemon.

Since the scheduler daemon cannot perform its designated function if it is not running, you must verify that is it active.

For more information on modifying the value of a system property, refer to "The System Configuration Form".


The following table lists and describes the data fields of the Task Scheduler form.

Field Name Description
Scheduled Task The name of the task that is scheduled to be run.
Class Name The name of the Java class that executes the scheduled task.

Important: The scheduler daemon triggers the execution of a scheduled task. The Java class actually executes the task.

Status The task's status. Currently, a scheduled task has four status levels:
  • INACTIVE. The scheduled task is not running. Also, a task's status is INACTIVE if it has been executed successfully, and it is set to run again (at the date and time specified in the Next Start Time field).

  • RUNNING. The scheduled task is being executed.

  • COMPLETED. The scheduled task has been executed successfullyThe task will not run again (the Once radio button is selected).

  • ERROR. A problem occurred while the task was being executed.

Max Retries If the task is not completed, the number of times that Oracle Identity Manager attempts to complete the task before assigning a status of ERROR to it.
Disabled This check box is used to designate whether the scheduler daemon triggers a scheduled task.

If this check box is selected, the scheduler daemon does not trigger the task, even when the date and time that appears in the Start Time or Next Start Time fields matches the current date and time.

When this check box is cleared, and the date and time that is displayed in the Start Time or Next Start Time fields matches the current date and time, the scheduler daemon triggers the task.

Stop Execution This check box is used to designate whether the scheduler daemon can stop a scheduled task with a status of RUNNING.

If this check box is selected, and the task's status is RUNNING, the scheduler daemon stops the task from being executed. In addition, the task's status changes to INACTIVE.

When this check box is cleared, the scheduler daemon does not stop a task with a status of RUNNING from being executed.

Start Time The date and time of when the task is scheduled to run for the first time.

Note: If the task is set to be run more than once, the scheduler daemon refers to the date and time that appears in the Next Start Time field.

Last Start Time The latest date and time of when the task started to run.
Last Stop Time The most recent date and time of when the task stopped running.
Next Start Time The subsequent date and time of when the task is scheduled to run.

Note: If the task is set to be run only once, the scheduler daemon refers to the date and time that is displayed in the Start Time field.

Daily, Weekly, Monthly, Yearly These radio buttons are used to designate whether the task is to be run daily, weekly, monthly, or annually, respectively.

If one of these radio buttons are selected, the scheduler daemon triggers the associated task once a day, week, month, or year, at the date and time specified in the Start Time field.

When all of these radio buttons are cleared, the scheduler daemon does not trigger the associated task on a daily, weekly, monthly, or annual basis.

Recurring Intervals This radio button is used to designate that the task is to be run on a fixed, recurring basis.

If this radio button is selected, the scheduler daemon triggers the associated task on a recurring basis.

When this radio button is cleared, the scheduler daemon does not trigger the associated task on a recurring basis.

Note: If the Recurring Intervals radio button is selected, you must set the interval by entering a value into the text field below the radio button, and selecting a unit of measure from the adjacent combo box.

Once This radio button is used to designate that the task is to be run only once.

If this radio button is selected, the scheduler daemon triggers the associated task once, at the date and time specified in the Start Time field.

When this radio button is cleared, the scheduler daemon triggers the associated task more than once.


Create a Task Schedule

To create a task schedule, perform the following steps:

  1. Access the Task Scheduler form.

  2. Enter the name of the scheduled task in the Scheduled Task field.

  3. Enter the name of the Java class that executes the scheduled task in the Class Name field.

  4. Enter a number into the Max Retries field. This number represents how many times Oracle Identity Manager attempts to complete the task before assigning a status of ERROR to it.

  5. Ensure that the Disabled and Stop Execution check boxes are cleared.

  6. Double-click the Start Time field. From the Date & Time window that appears, set the date and time that the task is scheduled to run. If you have specified that the task is to be executed on a recurring basis (by selecting the Recurring Intervals radio button), the date and time that is displayed in this field is referenced to determine when next to run the associated task.

  7. Set the scheduling parameters (in the Interval region):

    • To set the task to run on a recurring basis, select the Daily, Weekly, Monthly, or Yearly radio buttons.

    • To set the task to run only once, select the Once radio button.

    • To set the task to run on a fixed, recurring basis, select the Recurring Intervals radio button. Then, set the interval by entering a value into the text field below the radio button. Then select a unit of measure from the adjacent combo box.

  8. Click Save. The task schedule is created. In addition, INACTIVE is displayed within the Status field (since the task is not currently running). However, once the date and time that you set in Step 6 matches the current date and time, the scheduler daemon triggers the scheduled task.

Now that you have defined a schedule for a task, if the task needs attributes, you must set them. Otherwise, the task schedule is not functional.

Also, when an existing task attribute is no longer relevant, you must remove it from the task schedule.

The following procedures show you how to add an attribute to a task schedule, and remove a task attribute from the task schedule.

Add a Task Attribute

To add a task attribute, perform the following steps:

  1. Click Add.

  2. Within the Attribute Name field, enter the name of the task attribute.

  3. Within the Attribute Value field, type the attribute's value.

  4. From the Toolbar, click Save. The task attribute is added to the task schedule.

Remove a Task Attribute

To remove a task attribute, perform the following steps:

  1. Highlight the task attribute that you want to remove.

  2. Click Delete. The attribute is removed from the task schedule.