Oracle® Identity Manager Design Console Guide Release 9.0 Part Number B32143-01 |
|
|
View PDF |
This chapter describes the administration of Oracle Identity Manager. It contains the following topics:
The Oracle Identity Manager Administration folder provides System Administrators with tools for managing Oracle Identity Manager administrative features. This folder contains the following forms:
Form Information: You use this form to specify the class name, form label, form type, menu item, graphic icon, and online Help topic to be associated with a given Oracle Identity Manager form.
You can also use this form to modify the folders and folder items that appear in the Oracle Identity Manager Explorer.
Lookup Definition: You use this form to create and manage lookup definitions. A lookup definition represents a lookup field and the values you can access from that lookup field.
User Defined Field Definition: You use this form to create and manage user-defined fields.
A user-defined field enables you to store additional information for Oracle Identity Manager forms.
System Configuration: You use this form to define and set the value of properties that control the behavior of the Client and/or Server.
You can specify the users and user groups that a property value applies to, or you can specify that the value applies to all users.
Remote Manager: You use this form to display information about the servers that Oracle Identity Manager uses to communicate with third-party programs.
These servers are known as remote managers.
Task Scheduler: You use this form to set up the schedules that determine when scheduled tasks are to be run.
The Form Information form, shown in Figure 8-1, is located in the Oracle Identity Manager Administration folder. You use this form to specify the class name, the label that appears in the Oracle Identity Manager Explorer, the form type, form icon, and Help to be associated with an Oracle Identity Manager form. You can also use this form to modify the folders and folder items that appear in the Oracle Identity Manager Explorer.
The following table describes the data fields of this form.
The following procedure describes how to add a form or folder.
To add an Oracle Identity Manager form or folder:
Access the Form Information form.
Enter the name of the class that will be used to render the form in the Class Name field.
Enter the label you wish to be displayed for the form or folder in the Oracle Identity Manager Explorer in the Description field.
For forms of type childform, this value must include the name of the parent form and adhere to the following naming convention: <parent_form_name>.<child_form_name>.
Select the desired item from the Type box.
For folders, select folder.
For forms related to export procedures, select export.
For forms related to a process, select processform.
For tabs that appear in other forms, or for forms that are nested within other forms, select childform.
For general forms, select javaform.
For forms related to import procedures, select import.
For menu items associated with the Oracle Identity Manager Administrative and User Console, select menuitem.
Tip: For more information on the Oracle Identity Manager Web Guide, refer to Oracle Identity Manager Administrative and User Console Guide. |
Enter the name of the icon or graphic image file to be used in the Oracle Identity Manager Explorer for the form or folder in the Graphic Filename field.
Enter the URL of the online Help topic for the form in the Context Sensitive Help URL field.
This file is displayed if the user presses F1 when the form is active.
Click Save.
The form is added and a system-generated ID for the form or folder appears in the Key field.
The Oracle Identity Manager Explorer and layout of its folders and folder items can be modified based on different user group levels.
Note: Click the plus sign (+) to expand a folder, and show folder items, or click the minus sign (-) to hide folder items. |
The folders and folder items that a user can access are based on the user groups of which the user is a member. For example, suppose the IT DEPARTMENT user group can open the System Configuration form, and the HR DEPARTMENT user group is able to launch the Lookup Definition form. If a user belongs to both user groups, he or she can access the System Configuration form and the Lookup Definition form.
A lookup definition represents one of the following:
The name and description of a text field
A lookup field and the values that are accessible from that lookup field by double-clicking it
A box, and the commands that can be selected from that box
These items, which contain information pertaining to the text field, lookup field, or box, are known as lookup values. Users can access lookup definitions from one of two locations:
A form or tab that comes packaged with Oracle Identity Manager
A user-created form or tab built using the Form Designer form
The Lookup Definition form shown in Figure 8-2 is located in the Oracle Identity Manager Administration folder. You use this form to create and manage lookup definitions.
The following table describes the data fields of the Lookup Definition form.
Field Name | Description |
---|---|
Code | The name of the lookup definition. |
Field | The name of the table column of the form or tab from which the text field, lookup field, or box field will be accessible. |
Lookup Type/Field Type | These radio buttons designate if the lookup definition is to represent a text field, a lookup field, or a box.
If you select the Field Type radio button, the lookup definition will represent a text field. If you select the Lookup Type radio button, the lookup definition is to represent either a lookup field or a box, along with the values that are to be accessible from that lookup field or box. Note: For forms or tabs that come packaged with Oracle Identity Manager, the lookup definition has already been set as either a lookup field or a box. This cannot be changed. However, you can add or modify the values that are accessible from the lookup field or box. For forms or tabs that are user-defined, the user determines whether the lookup definition represents a lookup field or a box through the Additional Columns tab of the Form Designer form. For more information on specifying the data type of a lookup definition, refer to "Additional Columns Tab". |
Required | By selecting this check box, the lookup definition is designated as required. As a result, Oracle Identity Manager will not allow the contents of the corresponding form or tab to be saved to the database until the field or box, represented by the lookup definition, is supplied with data. |
Group | The name of the Oracle Identity Manager or user-defined form on which the lookup definition is to appear. |
The following sections describe how to create a lookup definition.
To create a lookup definition:
Open the Lookup Definition form.
In the Code field, enter the name of the lookup definition.
In the Field field, enter the name of the table column of the Oracle Identity Manager or user-created form or tab, from which the text field, lookup field, or box field will be accessible.
If the lookup definition is to represent a lookup field or box, select the Lookup Type radio button.
See the table that appears earlier in this section for more information.
If the lookup definition is to represent a text field, select the Field Type radio button.
Optional. To save the contents of this form or tab only when the field or box represented by the lookup definition is supplied with data, select the Required check box.
Otherwise, proceed to Step 6.
In the Group field, enter the name of the Oracle Identity Manager or user-defined form on which the lookup definition appears.
You must follow naming conventions for the text you enter into the Code, Field, and Group text boxes.
Click Save.
The lookup definition is created. The associated text field, lookup field, or box will appear in the Oracle Identity Manager or user-defined form or tab you specified.
The Lookup Code Information tab is located in the lower half of the Lookup Definition form. You use this tab to create and manage detailed information on the selected lookup definition. This information includes the names, descriptions, language codes, and country codes of a value pertaining to the lookup definition. These items are known as lookup values.
The following procedures show how to create, modify, and delete a lookup value.
The following procedure describes how to create and modify a lookup value.
Caution: For internationalization purposes, you must provide both a language and country code for a lookup value.When creating a new lookup definition, you must save it before adding lookup values to it. |
To create or modify a lookup value:
Open the Lookup Definition form.
Access a lookup definition.
If you are creating a lookup value, click Add.
A blank row appears in the Lookup Code Information tab.
If you are modifying a lookup value, highlight the lookup value that you want to edit.
Add or edit the information in the Code Key field.
This field contains the name of the lookup value.
In addition, if the Lookup Type radio button is selected, this field also represents what appears in the lookup field or box once the user makes a selection.
Add or edit the information in the Decode field.
This field contains a description of the lookup value.
Also, if the Lookup Type radio button is selected, this field also represents one of the following:
The items that appears in a lookup window after the user double-clicks the corresponding lookup field
The commands that are to be displayed in the associated box
Add or edit the information in the Language field.
This field contains a two-character language code for the lookup value.
Add or edit the information in the Country field.
This field contains the lookup value's two-character country code.
Click Save.
The lookup value you created or modified now reflects the settings you have entered.
You may need to augment the fields that Oracle Identity Manager provides by default. You can create new fields and add them to various Oracle Identity Manager forms. These fields are known as user-defined fields.
User-defined fields appear on the User Defined Fields tab of the form that appears in the Form Name data field. For example, Figure 8-3 shows an Access Code Number user-defined field added to the User Defined Fields tab of the Organizations form.
The User Defined Field Definition form shown in Figure 8-3 appears in the Oracle Identity Manager Administration folder. You use this form to create and manage user-defined fields for the Organizations, Users, Requests, Resource Objects, User Groups, and Form Designer forms.
Figure 8-3 The User Defined Field Definition Form
The following table describes the data fields of the User Defined Field Definition form.
Field Name | Description |
---|---|
Form Name | The name of the form that contains the user-defined fields. These fields are displayed in the User Defined Columns tab.
Important: Since the user-defined fields for a user pertain to the user's profile information, they are displayed in the User Profile tab of the Users form. |
Description | Additional information about the user-defined field. |
Auto Pre-Population | This check box designates if user-defined fields for a form that have pre-populated adapters attached to them will be populated by Oracle Identity Manager or a user.
Select the Auto Pre-Population check box if these fields will be populated by Oracle Identity Manager. Clear this check box if these fields must be populated by a user by clicking the Pre-Populate button on the toolbar or by manually entering the data. Important: This setting does not control triggering of the pre-populate adapter. It only determines if the contents resulting from the execution of the adapter appear in the associated user-defined field or fields because of Oracle Identity Manager or a user. For more information on pre-populate adapters, see the Oracle Identity Manager Tools Reference Guide. Note: This checkbox is relevant only if you have created a user-defined field, and a pre-populate adapter is associated with that field. |
The following section describes how to select a target form for user-defined fields.
The following procedure describes how to select the target form for a user-defined field.
To select the target form for a user-defined field:
Open the User Defined Field Definition form.
Double-click the Form Name lookup field.
From the Lookup window that appears, select the Oracle Identity Manager form (Organizational Defaults, Policy History, Group Entitlements, Resource Objects, or Form Designer) that will display the user-defined field you will be creating.
Click Query.
The form to which you will be adding the user-defined field is selected.
After you launch the User Defined Field Definition form and select a target form for the user-defined fields, the tabs of this form become functional.
The User Defined Field Definition form contains the following tabs:
Each of these tabs is covered in greater detail in the sections that follow.
You use this tab to do the following:
Create a user-defined field.
Set the variant type, length, and field type for the user-defined field.
Specify the order in which the user-defined field appears on the User Defined Fields tab of the target form.
The field's order number determines the order in which a user-defined field appears on a form. In Figure 8-4, the Access Code Number user-defined field has an order number of 1, so it appears first on the User Defined Fields tab of the Organizations form.
Determine if the information that is associated with the user-defined field is encrypted when it is exchanged between the client and the server.
Remove a user-defined field.
Figure 8-4 displays the User Defined columns tab of the User Defined Field Definition Form.
Figure 8-4 User Defined Columns Tab of the User Defined Field Definition Form
The following sections describe how to add a user-defined field to an Oracle Identity Manager form and remove a user-defined field from an Oracle Identity Manager form.
Adding a User-Defined Field to an Oracle Identity Manager Form
The following procedure describes how to add a user-defined field to a form.
To add a user-defined field:
Click Add.
The User Defined Fields dialog box appears, as shown in Figure 8-5.
Figure 8-5 The User Defined Fields Dialog Box
Set the parameters for the user-defined field you are adding to a form, as shown in Figure 8-6.
Figure 8-6 The User Defined Fields Dialog Box - Filled
In Figure 8-6, the Access Code Number user-defined field appears first on the User Defined Fields tab of the Organizations form. The data type of this field is String, and a user can enter up to 25 digits into it.
From this window, click Save.
Click Close.
The user-defined field appears in the User Defined Columns tab. Once the target form is launched, this user-defined field usually appears in the User Defined Fields tab of that form. Since the user-defined fields for a user pertain to the user's profile information, they are displayed in the User Profile tab of the Users form.
Removing a User-Defined Field from an Oracle Identity Manager Form
The following procedure describes how to remove a user-defined field.
To remove a user-defined field:
Highlight the desired user-defined field.
Click Delete.
The user-defined field is removed.
You use this tab to assign properties and property values to the data fields that appear on the User Defined Fields tabs of various Oracle Identity Manager forms.
For this example, the User Defined Fields tab of the Requests form displays one data field: Issue Tracking Item. This data field contains the following properties:
Required, which determines whether the data field needs to be populated for the Requests form to be saved. The default property value for the Required property is false.
Visible Field, which establishes whether the data field appears on the Requests form. The default property value for the Visible Field property is true.
Since the property values for the Required and Visible Field properties are true for this data field, once the Requests form is launched, the Issue Tracking Item data field appears in the User Defined Fields tab. In addition, this field needs to be populated for the form to be saved.
Figure 8-7 displays the Properties tab of the User Defined Field Definition form.
Figure 8-7 The Properties Tab of the User Defined Field Definition Form
The following section describes how to add and remove a property and property value to a data field.
Note: To learn how to add a property and property value to a data field, or remove a property and property value from a data field, refer to "The Form Designer Form". |
Figure 8-8 displays the Administrators tab of the User Defined Field Definition form.
Figure 8-8 Administrators Tab of the User Defined Field Definition Form
You use this tab to specify the user groups that have administrative privileges over the current record of the User Defined Field Definition form. The Write and Delete check boxes on this form designate if these administrative groups can modify, delete, or modify and delete information bout the current user-defined field (UDF) definition.
The following sections describe how to assign administrative privileges to a user group for a UDF definition, and remove administrative privileges from a user group for a UDF definition.
Assigning Administrative Privileges to a User Group for a UDF Definition
The following procedure describes how to assign administrative privileges to a user group for a UDF definition.
To assign administrative privileges:
Click Assign.
The Assignment dialog box appears.
Select the user group, and assign it to the UDF definition.
Click OK.
The user group appears in the Administrators tab.
To enable this user group to view and modify information pertaining to the current definition, double-click the corresponding Write check box.
Otherwise, proceed to Step 5.
To enable this user group to delete information in the current definition, double-click the associated Delete check box.
Otherwise, proceed to Step 6.
Click Save.
The user group is assigned to the UDF definition.
Removing Administrative Privileges From a User Group for a UDF Definition
The following procedure describes how to remove administrative privileges from a user group for a UDF definition.
To remove administrative privileges:
Highlight the user group that you want to remove.
Click Delete.
The user group is removed from the UDF definition. Its members no longer have administrative privileges for the definition.
The System Configuration form, as shown in Figure 8-9, is located in the Oracle Identity Manager Administration folder. You use this form to define and set the value of properties that control the behavior of the Oracle Identity Manager Client and Server. You can specify the users and user groups that a property value applies to, or you can specify that a property value applies to all users.
The following table describes the data fields of this form:
Field Name | Description |
---|---|
Key | The system-generated ID for one instance of the property definition. There may be more than one instance of a definition, for example, one for System Administrators, another for all users. |
System | This check box designates if this instance of the property definition applies to all users in Oracle Identity Manager, that is, it is a system-wide instance, or only to selected users and user groups.
Select this check box to apply this setting to all users. The Users and Groups tabs will be disabled. Clear this check box to specify that an instance of the property applies to certain users and groups. Note: The System check box is disabled if the Server radio button (described below) is selected. |
Client
Client/Server Server (Radio buttons) |
These radio buttons designate if this instance of the property definition applies to the client, the server, or both.
Select the Client radio button to apply property value only to the client. Select the Client/Server radio button to apply the property value to both the client and server. Select the Server radio button to apply the property value only to the server. Selecting this option disables the System checkbox. System-wide settings do not apply to the server. |
Name | The name of the property. This should be an intuitive description of what the property controls. It does not need to be unique. |
Keyword | The property's unique ID.
This must be identical for each instance of this property. For example, if you want to set the Record Read Limit property (the maximum number of records a user's query may retrieve) differently for two separate users, you would need to create two instances of this property definition. Note: For more information on the various properties you can set for the client and server, see "System Properties". |
Value | The value for this instance of the property definition. This value is applied to the users and groups assigned to this instance of the property unless the System checkbox is selected, denoting that the instance applies to all users. |
The following sections describe how to define instances of property definitions, assign users or groups to these instances, and remove the user or group from this instance.
The following procedure describes how to create or edit a property definition.
To create a new instance or edit an existing instance of a property definition:
Access the System Configuration form.
If you are creating a new instance of a property definition, click New on the Toolbar.
Ensure that the values in the Name and Keyword fields are the same for all instances of this property definition (for example, Record Read Limit, XL.READ_LIMIT).
Note: Oracle recommends that you copy these values from the other instances of this property definition to minimize any chance of a typing error. |
If you are editing an existing instance of a property definition, query for the property definition.
Select the Client, Client/Server, or Server radio button.
Designate whether you want this instance of the property definition to apply to all users or only to select users and user groups by selecting or clearing the System check box.
Enter the desired value in the Value field.
This will be the value of the property for this instance of the definition.
Click Save.
The instance of the property definition is created or modified.
The following section describes how to assign users and groups to this instance.
The following procedure describes how to assign a user or a group to a property definition.
Caution: If this is a system-wide instance (that is, the System check box is selected), it will be applied to all users and groups. As a result, you do not need to assign it to a particular user or group. |
To assign a user or group to an instance of a property definition:
Access the System Configuration form.
Query for the instance of the property definition you wish to assign to a user or group.
Tip: To learn more about the various property definitions to which you can assign users and groups, refer to "System Properties". |
Select the Client, Client/Server, or Server radio button, depending on whether the instance of this property definition will apply to the Client only, both the Client and the Server, or just the Server.
To assign the property instance to one or more users, click the Users tab.
Otherwise, to assign the property instance to one or more user groups, click the Groups tab.
Click Assign.
The Assignment dialog box appears.
Select and assign the desired users or groups and then, click OK.
Click Save.
The instance of the property definition is assigned to the user(s) and/or group(s) you selected in Step 6.
When you remove a user or group from an instance of a property definition, the property is no longer associated with the user or group.
To remove a user or group from an instance of a property definition:
Access the System Configuration form.
Query for the instance of the property definition from which you wish to remove a user or group.
Highlight the desired user or group (from the Users or Groups tabs, respectively).
Click Delete.
The user or group is removed from the instance of the property definition.
The Remote Manager is a lightweight network server that enables you to integrate with target systems whose APIs do not have the ability to communicate over a network, or that have network awareness but are not secure. The Remote Manager works as a server on the target system, and an Oracle Identity Manager Server works as its client. The Oracle Identity Manager Server sends a request for the Remote Manager to instantiate the target system APIs on the target system itself, and invokes methods on its behalf.
The Remote Manager form shown in Figure 8-10 is located in the Oracle Identity Manager Administration folder. It displays the following:
The names and IP addresses of the remote managers that communicate with Oracle Identity Manager.
Whether the remote manager is running.
Whether it represents IT resource(s) that Oracle Identity Manager can use.
For this example, you can define two remote managers that can communicate with Oracle Identity Manager: Australia Server and UKSERVER.
The Australia Server remote manager has an IP address of 215.0.255.192. Though it can handshake with Oracle Identity Manager, because the Running check box is cleared, the remote Server is down. Lastly, the IT Resource check box is selected, signifying that this remote manager represents IT resource or resources that can be used by Oracle Identity Manager.
The UKSERVER remote manager has an IP address of 192.168.0.45. Since the Running check box is selected, the remote Server is operable. However, because the IT Resource check box is cleared, this remote manager does not represent IT resource or resources that Oracle Identity Manager can use.
Note: To learn how the Remote Manager form is used with other Oracle Identity Manager forms, see the Oracle Identity Manager Tools Reference Guide. |
The Password Policies form shown in Figure 8-11 is located in the Oracle Identity Manager Administration/Policies folder. It is used to:
Set password restrictions (for example, defining a password's minimum and maximum length).
See the rules and resource objects that are associated with a password policy.
The following table describes the data fields of the Password Policies form.
Field Name | Description |
---|---|
Policy Name | The password policy's name. |
Policy Description | Explanatory information about the password policy. |
The following section describes how to create a password policy.
The following procedure describes how to create a password policy.
Note: Once a password policy is created, it must be supplied with criteria and associated with a resource. To supply your password policy with criteria, use the Policy Rules tab of this form. To associate your password policy with a resource, use the Password Policies Rule tab of the Resource Object form to create a password policy and rule combination that will be evaluated when accounts are created or updated on the resource. The password policy will then be invoked and applied when that rule's criteria are satisfied. Multiple resources can use each password policy. |
To create a password policy:
Open the Password Policies form.
In the Policy Name field, enter the name of the password policy 3.
In the Policy Description field, enter explanatory information about the password policy.
Click Save.
The password policy is created.
After you launch the Password Policies form and create a password policy, the tabs of this form become functional.
The Password Policies form contains the following tabs:
The following sections describes these tabs.
You use this tab to specify criteria for your password policy, for example, a password's minimum and maximum length.
You can use either or both of the following methods to set password restrictions:
Enter information in the appropriate text boxes or select the desired check boxes. For example, to indicate that a password must have a minimum length of four characters, type 4 into the Minimum Length text box. Or, to prohibit Oracle Identity Manager from accepting a user's first name as a valid password, select the Disallow First Name check box.
Enter a path and filename into the Password File text box (for example, c:\xellerate\userlimits.txt). This file contains pre-defined terms that are not allowed as passwords. The delimiter specified in the Password File Delimiter field separates these terms.
Figure 8-12 displays the Policy Rules tab of the Password Policies Form.
Figure 8-12 The Policy Rules Tab of the Password Policies Form
The following section describes the data fields of the Policy Rules tab. These are the fields into which you will specify the password limitations.
The following table describes the data fields of the Policy Rules tab.
Note: If a data field is empty, the password does not have to meet the criteria of that field for it to be valid. For example, when the Minimum Numeric Characters and Maximum Numeric Characters data fields are blank, Oracle Identity Manager will accept the password, regardless of how many digits it has. |
Field Name | Description |
---|---|
Minimum Length | The fewest number of characters that a password can have for it to be valid.
For example, if you enter 4 in the Minimum Length text box, the password must have at least four characters for it to be accepted. |
Maximum Length | The highest number of characters that a password can have for it to be valid.
As an example, if you enter 8 in the Maximum Length text box, the password is be accepted if it has more than eight characters. |
Minimum Alphabet Characters | The fewest number of letters that a password can have for it to be valid.
For example, if you enter 2 in the Minimum Alphabet Characters text box, the password is not accepted if it has fewer than two letters. |
Minimum Numeric Characters | The fewest number of digits that a password can have for it to be valid.
For example, if you enter 1 in the Minimum Numeric Characters text box, the password must have at least one number. |
Minimum Alphanumeric Characters | The fewest number of letters or digits that a password can have for it to be valid.
For example, if you enter 6 in the Minimum Alphanumeric Characters text box, the password must be have at least six letters or numbers. |
Minimum Special Characters | The fewest number of non-alphanumeric characters (for example, #, %, or &) that a password can have for it to be valid.
As an example, if you enter 1 in the Minimum Special Characters text box, the password must have at least one non-alphanumeric character. |
Maximum Special Characters | The highest number of non-alphanumeric characters that a password can have for it to be valid.
For example, if you enter 3 appear in the Maximum Special Characters text box, the password is not accepted if it has more than three non-alphanumeric characters. |
Maximum Repeated Characters | The highest number of duplicate characters that a password can have for it to be valid.
For example, if you enter 2 in the Maximum Repeated Characters text box, the password is not accepted if more than two characters are repeated. For example, RL112233 would not be a valid password because three characters of the password are repeated. |
Minimum Unique Characters | The fewest number of non-repeating characters that a password can have for it to be valid.
For example, if you enter 1 in the Minimum Unique Characters text box, the password is not accepted if every character of the password is repeated at least once. For example, 1a23a321 would not be a valid password because each character of the password is repeated. |
Minimum Uppercase Characters | The fewest number of uppercase letters that a password can have for it to be valid.
For example, if you enter 8 in the Minimum Uppercase Characters text box, the password is not accepted if it has fewer than eight uppercase letters. |
Minimum Lowercase Characters | The fewest number of lowercase letters that a password can have for it to be valid.
For example, if you enter 8 in the Minimum Lowercase Characters text box, the password is not accepted if it has fewer than eight lowercase letters. |
Expires After (Days) | The maximum number of days for which a password is valid.
For example, if you enter 30 in the Expires After (Days) text box, and the password is created on November 1, it will not be valid on December 1 (31 days will have elapsed). |
Warn After (Days) | The number of days that will pass before a user is notified that a password will expire on a designated date.
For example, suppose that you enter 30 in the Expires After (Days) text box, and 10 in the Warn After (Days) text box, and the password is created on November 1. On November 11, the user will be informed that the password will expire on December 1. |
Characters Required | The characters that a password must have for it to be valid.
For example, if you enter x in the Characters Required text box, the password is accepted only if it contains an "x". |
Characters Not Allowed | The characters that a password must not have for it to be valid.
For example, if you enter ! in the Characters Not Allowed text box, the password is not accepted if it contains an "!". |
Characters Allowed | The characters that a password can have for it to be valid.
For example, if you enter % in the Characters Allowed text box, the password is accepted if it contains a "%". |
Substrings Not Allowed | A series of consecutive alphanumeric characters that a password must not have for it to be valid.
For example, if you enter IBM in the Substrings Not Allowed text box, the password is not accepted if it contains the letters "I", "B", and "M", in successive order. |
Start With Character | This check box specifies if a password is to begin with a character.
By selecting this check box, the password must start with a character for it to be valid. If you clear this check box, the password is accepted even if it does not begin with a character. |
Disallow First Name | This check box specifies if the user's first name is to be accepted as all or a portion of the password.
By selecting this check box, the password will not be valid if the user's first name is entered into the Password field. If you clear this check box, the password will be accepted, even if it contains the user's first name. |
Disallow User ID | This check box specifies if the User ID is to be accepted as all or a portion of the password.
By selecting this check box, the password will not be valid if the User ID is entered into the Password field. If you clear this check box, the password will be accepted, even if it contains the User ID. |
Disallow Last Name | This check box specifies if the user's last name is to be accepted as all or a portion of the password.
By selecting this check box, the password will not be valid if the user's last name is entered into the Password field. If you clear this check box, the password is accepted, even if it contains the user's last name. |
Password File | The path and name of a file that contains pre-defined terms, which are not allowed as passwords.
Note: If any settings in the Policy Rules tab differ from the specifications in the password file, Oracle Identity Manager will defer to the tab's settings. |
Password File Delimiter | The character used to separate terms in the password file from one another.
For example, if a "," appears in the Password File Delimiter text box, the terms of the password file will be separated by commas. |
The following sections describe how to specify the criteria (or rules) for the password policy.
Setting the Criteria for a Password Policy
The following procedure describes how to set the criteria for a password policy.
To set the criteria for a password policy;
Access the desired password policy definition.
Click the Policy Rules tab.
Enter information into the appropriate text boxes.
AND/OR
Select the desired check boxes.
Click Save.
The rules for the password policy are set.
You use this tab to view the rules and resource objects that are associated with the current password policy.
For example Figure 8-13 shows the Solaris password policy and the Password Validation Rule have been assigned to The Solaris Resource Object.
Figure 8-13 illustrates the Usage tab of the Password Policies form.
Figure 8-13 The Usage Tab of the Password Policies Form
Tip: For more information on the relationship between password policies and resource objects, see "Password Policies Rule Tab". |
The Task Scheduler form shown in Figure 8-14 is located in the Administration/Job Scheduling Tools folder. You use this form to define:
When your tasks are scheduled to be run
The attributes of these scheduled tasks
Caution: As stated above, the Task Scheduler form is used to determine when a task is scheduled to be run. However, the Oracle Identity Manager program that triggers the execution of this task is referred to as the scheduler daemon.Since the scheduler daemon cannot perform its designated function if it is not running, you must verify that is it active. For more information on modifying the value of a system property, refer to "The System Configuration Form". |
The following table lists and describes the data fields of the Task Scheduler form.
Field Name | Description |
---|---|
Scheduled Task | The name of the task that is scheduled to be run. |
Class Name | The name of the Java class that executes the scheduled task.
Important: The scheduler daemon triggers the execution of a scheduled task. The Java class actually executes the task. |
Status | The task's status. Currently, a scheduled task has four status levels:
|
Max Retries | If the task is not completed, the number of times that Oracle Identity Manager attempts to complete the task before assigning a status of ERROR to it. |
Disabled | This check box is used to designate whether the scheduler daemon triggers a scheduled task.
If this check box is selected, the scheduler daemon does not trigger the task, even when the date and time that appears in the Start Time or Next Start Time fields matches the current date and time. When this check box is cleared, and the date and time that is displayed in the Start Time or Next Start Time fields matches the current date and time, the scheduler daemon triggers the task. |
Stop Execution | This check box is used to designate whether the scheduler daemon can stop a scheduled task with a status of RUNNING.
If this check box is selected, and the task's status is RUNNING, the scheduler daemon stops the task from being executed. In addition, the task's status changes to INACTIVE. When this check box is cleared, the scheduler daemon does not stop a task with a status of RUNNING from being executed. |
Start Time | The date and time of when the task is scheduled to run for the first time.
Note: If the task is set to be run more than once, the scheduler daemon refers to the date and time that appears in the Next Start Time field. |
Last Start Time | The latest date and time of when the task started to run. |
Last Stop Time | The most recent date and time of when the task stopped running. |
Next Start Time | The subsequent date and time of when the task is scheduled to run.
Note: If the task is set to be run only once, the scheduler daemon refers to the date and time that is displayed in the Start Time field. |
Daily, Weekly, Monthly, Yearly | These radio buttons are used to designate whether the task is to be run daily, weekly, monthly, or annually, respectively.
If one of these radio buttons are selected, the scheduler daemon triggers the associated task once a day, week, month, or year, at the date and time specified in the Start Time field. When all of these radio buttons are cleared, the scheduler daemon does not trigger the associated task on a daily, weekly, monthly, or annual basis. |
Recurring Intervals | This radio button is used to designate that the task is to be run on a fixed, recurring basis.
If this radio button is selected, the scheduler daemon triggers the associated task on a recurring basis. When this radio button is cleared, the scheduler daemon does not trigger the associated task on a recurring basis. Note: If the Recurring Intervals radio button is selected, you must set the interval by entering a value into the text field below the radio button, and selecting a unit of measure from the adjacent box. |
Once | This radio button is used to designate that the task is to be run only once.
If this radio button is selected, the scheduler daemon triggers the associated task once, at the date and time specified in the Start Time field. When this radio button is cleared, the scheduler daemon triggers the associated task more than once. |
In addition to creating a scheduled task, if the task needs attributes, you must set them. Otherwise, the scheduled task is not functional.
When an existing task attribute is no longer relevant, you must remove it from the scheduled task.
The following procedure describes how to create a scheduled task. Later procedures show how to add an attribute to a scheduled task and remove a task attribute from the scheduled task.
To create a scheduled task:
Access the Task Scheduler form.
Enter the name of the scheduled task in the Scheduled Task field.
Enter the name of the Java class that executes the scheduled task in the Class Name field.
Enter a number into the Max Retries field. This number represents how many times Oracle Identity Manager attempts to complete the task before assigning a status of ERROR to it.
Ensure that the Disabled and Stop Execution check boxes are cleared.
Double-click the Start Time field.
From the Date & Time window that appears, set the date and time that the task is scheduled to run. If you have specified that the task is to be executed on a recurring basis (by selecting the Recurring Intervals radio button), the date and time that is displayed in this field is referenced to determine when next to run the associated task.
Set the scheduling parameters (in the Interval region):
To set the task to run on a recurring basis, select the Daily, Weekly, Monthly, or Yearly radio buttons.
To set the task to run only once, select the Once radio button.
To set the task to run on a fixed, recurring basis, select the Recurring Intervals radio button, set the interval by entering a value into the text field below the radio button, then select a unit of measure from the adjacent box.
Click Save.
The scheduled task is created. In addition, INACTIVE is displayed in the Status field since the task is not currently running. However, once the date and time that you set in Step 6 matches the current date and time, the scheduler daemon triggers the scheduled task.
The following procedure describes how to create a task attribute.
To add a task attribute:
Click Add.
In the Attribute Name field, enter the name of the task attribute.
In the Attribute Value field, type the attribute's value.
From the Toolbar, click Save.
The task attribute is added to the scheduled task.
The following procedure describes how to remove a task attribute.
To remove a task attribute:
Highlight the task attribute that you want to remove.
Click Delete. The attribute is removed from the scheduled task.
This section describes how to delete a custom scheduled task.
Note: You cannot delete any internal scheduled tasks, such as Password Expiration Task, that are installed with Oracle Identity Manager. |
To delete a scheduled task:
Access the Task Scheduler form.
Enter the name of the scheduled task in the Scheduled Task field and click the binoculars button or press Ctrl+Q. The scheduled task opens in the Task Definition form.
In the Task Definition form, remove any existing task attributes by following the instructions in "Removing a Task Attribute".
Click the Delete button on the toolbar or press Ctrl+D. A warning message displays, informing you that the current record will be deleted.
Click OK to delete the scheduled task.