Oracle® Identity Manager Administrative and User Console Guide Release 9.0 Part Number B32136-01 |
|
|
View PDF |
Oracle Identity Manager is an advanced, flexible provisioning system for automatically granting and revoking access to enterprise applications and managed systems. You use Oracle Identity Manager to provide access to enterprise resources to staff and partners, and to enforce access policies that are associated with these resources.
Oracle Identity Manager enables you to do the following:
View your Oracle Identity Manager user account (group memberships, e-mail address, and so on).
Modify your profile.
Review the resources that you have permission to access.
View requests that you made and requests made for you.
Make requests for additional resources for yourself.
Change your password.
View and modify login challenge question and answer (Q&A).
Set up your user proxy.
View and manage your pending requests, if you are the authorized approver.
In addition, depending on your privileges in Oracle Identity Manager, you may also be able to do the following:
Update passwords and user IDs for accounts on resources that you have been provisioned.
Create requests for resources for any users you manage.
Complete draft requests for resources for any users you may manage.
Approve the provisioning of resources for other users.
Respond to request for more information.
The rest of this manual describes the actions you can perform in Oracle Identity Manager. The following topics are discussed:
Note: Not all functions are available to all users. The features you can view and use in Oracle Identity Manager depend on the privileges that you are assigned.If you are the system administrator for the Oracle Identity Manager system, read Appendix B, "System Configuration Considerations for Administrators" in this document before running your product in a production environment. |
See Also:
|
Table 1-1 lists important user roles and capabilities associated with Oracle Identity Manager.
Oracle Identity Manager allows resources to be requested and provisioned to enterprise users. The resource can be an application, access to a database, rights to a directory structure on a network, or other entities to which access is vital. The manner in which access to the resource is granted and the permissions that you are given on that resource are governed by a provisioning processes that an Oracle Identity Manager Administrator defines. Access to a resource may be provisioned uniformly for all users. Or, Access may be provisioned in a unique fashion, based on variables such as the following:
Your role, for example, administrator, accountant
Your location
Your employment status, for example, full time, consultant
Your group or department designation
Other criteria that are deemed relevant by the resource-specific and Oracle Identity Manager administrators
Once a resource is successfully provisioned to you, you can access that resource without further interaction with Oracle Identity Manager. For example, if you request access to Microsoft Exchange application and that resource was successfully provisioned to you, you can log in to that application using the user ID and password, if one was required, established for you by Oracle Identity Manager
Oracle Identity Manager controls the provisioning of resources using processes and the tasks that comprise them. It also uses a specific kind of process, called an approval process, to govern the approvals that must be obtained before the provisioning of a resource may occur. Oracle Identity Manager has two different types of resource-related processes: approval processes and provisioning processes.
An approval process determines if a resource is to be approved or not for provisioning to one or more users or organizations for whom it was requested. Approval processes consist of a series of tasks that require responses from the users responsible for approving the provisioning of the resource. Because these responses are manually provided, these are assigned to an approver or a group of approvers.
Approvers can act upon all tasks in an approval process that are assigned to them. If an approver is assigned to a task in a request, he or she can view all tasks in the request. If you are an approver for a request, the request ID appears when you click the Pending Approvals link under To-Do List.
Note: Approval processes are optional. Some resources can be configured by the Oracle Identity Manager administrator to be provisioned without requiring approval. In this case, access to the resource is granted as soon as the request is submitted. |
A provisioning process is the process used to actually provision the resource to one or more users or organizations for whom it was requested. Provisioning processes consist of a series of automated tasks that perform the steps necessary to grant access to a given resource. The provisioning process cannot be initiated until the approval process is complete, except in cases where an approval process has not been defined for the resource. The provisioning process can also use a special form to prompt users for, and capture, data required to grant access to a resource.
Oracle Identity Manager's exception capabilities allow you to handle problems that may occur during the provisioning process. For example, you can add business logic to a provisioning process that prevents the transaction from stopping or failing if a resource is unavailable. Oracle Identity Manager also includes a state engine that allows the system to roll back to the last known consistent state in the event that a provisioning transaction fails. The state engine also rolls back the system to its original state if a provisioning request is rejected.