| Oracle® Identity Manager Administrative and User Console Guide Release 9.0.3 Part Number B32450-01 |
|
|
View PDF |
| Oracle® Identity Manager Administrative and User Console Guide Release 9.0.3 Part Number B32450-01 |
|
|
View PDF |
This appendix describes settings that you may want to enable and records that you may need to create, depending on what features of the Administrative and User Console that you want to enable. This includes configuring resource definitions, process forms, approval processes, and other records that affect provisioning in the Oracle Identity Manager Design Console and editing the relevant configuration files to support the functionality in the Oracle Identity Manager Administrative and User Console. Not all of these settings are relevant for all users.
Review this section prior to deploying your Oracle Identity Manager Administrative and User Console to ensure that you have configured the product to function as intended.
Note:
To customize the Oracle Identity Manager Administrative and User Console user interface, see the Oracle Identity Manager Administrative and User Console Customization Guide.| Administration and User Console function | Description |
|---|---|
| Registration functions for users | |
| To allow users to self register in Oracle Identity Manager | Set the Is Self-Registration Allowed property in the System Configuration form to true. The System Configuration form is available in the Oracle Identity Manager Design Console. |
| To require users to select their verification questions and provide answers to these question when registering | Set the Does user have to provide challenge information during registration property in the System Configuration form to true. The System Configuration form is available in the Oracle Identity Manager Design Console. |
| To designate the number of verification questions that the user must answer | Set the Number of Questions property in the System Configuration form to the number of questions that you want users to answer. Be sure that the number of questions you supply in the Lookup.WebClient.Questions lookup definition is equal to or greater than the value of the Number of Questions property. You may need to create additional questions.
The System Configuration form is available in the Oracle Identity Manager Design Console. |
| To designate the list of questions that users select from when setting their verification questions and answers. | Define a row on the Lookup.WebClient.Questions lookup definition for each question in the Lookup Definition form.
The Lookup Definition form is available in the Oracle Identity Manager Design Console. |
| To require an approval for self registration | Define an approval task in the User Registration approval process. |
| To configure different workflow approvals for self registration depending on user profile information | Define additional approval processes for the Request resource definition and create a rule of type process determination with a rule element that at least requires that the request object action is Create Entity. Associate the new rule with the approval process on the Request resource definition to enable Oracle Identity Manager to determine which process to select. |
| To automatically add a user to groups based on self registration | Define rules of type general and attach them to the user group definitions to which you want users to be added upon registration. This enables Oracle Identity Manager to determine which groups to add users to based on the criteria they enter upon registration. The criteria in the rules must match the user-entered criteria. |
| Access privileges | |
| To designate the pages to which all users are to be allowed access | Specify these pages on the Menu Items tab of the All Users user group. |
| To designate the pages to which various administrative groups are to be allowed access. | Specify these pages on the Menu Items tab of the applicable administrative user groups, for example, System Administrators, AdminGroup1, and so on. |
| Account creation functions for administrators | |
| To allow administrators to create an Oracle Identity Manager account for other users | Ensure that the groups that these administrators belong to are added to the Administrators tab of the organizations that contain the users they are to administer. |
| To configure fields for administrators to supply data when creating the user account. | Create these fields in the FormMetaData.xml file. See the Oracle Identity Manager Administrative and User Console Customization Guide for details. |
| To specify fields that are required when creating a user account. | Create these fields in the FormMetaData.xml file. See the Oracle Identity Manager Administrative and User Console Customization Guide for details. |
| To specify the groups of which a user is automatically made a member. | Define rules of type general and attach them to the user group definitions to which you want users automatically added upon registration. This enables Oracle Identity Manager to determine which groups to add users to based on the criteria entered when their account was created. The criteria in the rules must match the entered criteria. |
| To designate the groups to which administrators can add users who they administer | Ensure that the groups of which these administrators are members are added to the Administrators tab of the group definitions to which you wish to allow them to add users. |
| Profile editing functions for users | |
| To require an approval for user-initiated Oracle Identity Manager profile updates | Define an approval task in the User Profile Edit approval process |
| To configure different workflow approvals for user-initiated profile updates | Define additional approval processes for the Request resource definition and create a rule of type process determination with a rule element that at least requires the request object action to be Modify Entity. Associate the rule with the approval process on the Request resource definition to enable Oracle Identity Manager to determine which process to select. |
| To control which fields users can edit in their own profiles | Configure the fields in the FormMetaData.xml file. See the Oracle Identity Manager Administrative and User Console Customization Guide for details. |
| Account modification functions for administrators | |
| To control which users can edit the profiles of other users | You must designate the forms to which members of the various administrative groups are to have access. You must also add these groups to the Administrators tab of the Organizations that contain the users they are to administer. |
| To control which Oracle Identity Manager system fields (for example user ID, first name, and so on) administrators can edit. | You must designate which fields you want to allow administrators to edit for other users. The fields you want to make editable must be specified in the FormMetaData.xml file. See the Oracle Identity Manager Administrative and User Console Customization Guide for details. |
| To control which User-Defined fields (for example Social Security number, local identity, and so on) administrators can edit. | You must designate which fields you want to allow administrators to edit for other users. Depending on the pages in the Administrative and User Console on which these fields will appear, you may need to edit the FormMetaData.xml file to add attribute definitions and references for these fields. See the Oracle Identity Manager Administrative and User Console Customization Guide for details. |
