Skip Headers
Oracle® Identity Manager Glossary of Terms
Release 9.0.3

Part Number B32454-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Feedback page
Contact Us

Go to previous page
View PDF

Oracle® Identity Manager

Glossary of Terms

Release 9.0.3


February 2007

This manual discusses the frequently-used terms related to Oracle Identity Manager.


The frequently-used terms in Oracle Identity Manager are as follows:


Access is the granting of enterprise resources to Oracle Identity Manager users and/or organizations. Access to these resources depends upon the specific policies adopted by the enterprise. The customer defines (and Oracle Identity Manager implements) policies that determine whether, how, and under what circumstances users gain access to various corporate resources.

access policy

This is a list of user groups and the resources with which users in the group are to be provisioned or deprovisioned. Access policies are defined using the Access Policies menu item in Oracle Identity Manager Web admin console.

access rights management

This is the process by which access to enterprise resources is granted or revoked. This includes decisions regarding which users can access specific resources and when they are allowed to access them.


A Java class, generated by the Adapter Factory, that enables Oracle Identity Manager to interact with an external .jar file, a target IT resource (for example, a resource asset), or a user-defined form.

An adapter extends the internal logic and functionality of Oracle Identity Manager. It automates process tasks, and defines the rules for the auto-generation and validation of data in fields within Oracle Identity Manager.

There are five types of adapters: task assignment adapters, task adapters, rule generator adapters, pre-populate adapters, and entity adapters.

adapter factory

A code-generation tool provided by Oracle Identity Manager, which enables a User Administrator to create Java classes, known as adapters.

adapter task

This is one of several possible components within an adapter. And this is a logical step within an adapter, equivalent to calling a programming language method. The following types of adapter tasks are available: Java Task, Remote Task, Stored Procedure Task, Utility Task, Oracle Identity Manager API Task, Set Variable Task, Error Handler Task, and Logic Task.

adapter variable

This is a user-defined placeholder within the adapter that contains runtime application data used by its adapter tasks. An adapter variable may be used multiple times within a single adapter.

administrative queue

This is a list of user groups (or other administrative queues). Users who are members of groups that comprise a queue may be assigned administrative privileges on a particular data element. Administrative queues serve as a mechanism for mass assigning users with administrative privileges on a given record. Each administrative queue consists of one or more user groups (and/or administrative queues) and the privileges (for example, read, write, and delete) the members of the queue have on the records to which the queue is assigned.

Application Program Interface (API)

This is the interface (calling conventions) by which an application program accesses an operating system and other services. An API is defined at the source code level and provides a level of abstraction between the application and the kernel (or other privileged utilities) to ensure the portability of the code.

An API can also provide an interface between a high-level language and lower-level utilities and services that were written without consideration for the calling conventions supported by compiled languages. In this case, the API's main task may be the translation of parameter lists from one format to another and the interpretation of call-by-value and call-by-reference arguments in one or both directions.

approval process

This is one of two Oracle Identity Manager process types. This type of process is generally used to approve the provisioning of Oracle Identity Manager resources to users or organizations. Unlike provisioning processes, approval processes are usually comprised of tasks that must be manually completed.

auto-group membership

This is a rule-based mechanism by which Oracle Identity Manager automatically adds or removes users to and/or from user groups. See rule.

authoritative identity reconciliation

This is also known as "Trusted Source Reconciliation", which can be used to create, update, and delete users in Oracle Identity Manager.

automated task

This is any task within a process that does not require user-interaction for completion. Automated tasks always require a process task adapter. Provisioning processes are generally comprised of automated tasks. See Process Task Adapter.

back end

A general term for the database server functions and procedures used to obtain and manipulate data on a network. This is also the storage location for Oracle Identity Manager's data.

certification authority

A third-party company that issues trusted certificates. See trusted certificate.

child table

A subordinate database table used to store, access, and reference the information associated with one or more fields of a user-created form, which has been defined using the Form Designer form.


This is the GUI tier of the client/server edition of Oracle Identity Manager. See Oracle Identity Manager Administrative and User Console (Web Application).

column header

The box containing the name of the column associated with the data in a table column. To change the order in which records are sorted in a particular table, click the column header for that table column.

conditional task

A process task that is not part of the default process instance. A conditional task is only inserted into a process when specific pre-defined conditions are satisfied. See process task.


Used to integrate Oracle Identity Manager with a specific third-party application, such as Microsoft Active Directory or Novell eDirectory.

custom lookup queries

See lookup queries.

data field

Areas of a form into which information may be entered (for example, Organization Name). Data fields are used to contain, display, and potentially edit the data entered into them.

data flow

This is the transfer of information between processes or related forms (for example, from resource forms to process forms).

data object

Data Object is an internal object representation of tables in the Xellerate data model where business logic is executed and responsible for insert, update, and delete of data into the data store.

data object manager

The Oracle Identity Manager form used to assign event handlers, rule generator adapters, or entity adapters to data objects. These event handlers or adapters may be executed in a specific order on a database event on pre- or post-insert, pre- or post-update, or pre- or post-delete. See event handler. See data object.

data security

Protection of information from unauthorized release, use, editing, or deletion.


This is the storage facility for data within Oracle Identity Manager. Oracle Identity Manager controls this data using a software application known as the Database Management System (DBMS). See Database Management System (DBMS).

Database Management System (DBMS)

This is software that controls the organization, storage, retrieval, security, and integrity of data in a database within Oracle Identity Manager. DBMS accepts requests from the application and instructs the operating system to transfer the appropriate data.

delegated administrators

This is an Oracle Identity Manager user who has been assigned administrative responsibilities. Administrative rights are assigned using membership within administrative groups. Administrators have access only to those organizations, forms, data, and users for which/whom they are responsible. See user group.

delimited field

This is a field containing data of varying length (as opposed to fixed-length fields). Individual fields of this type are separated by a field delimiter (for example, a comma or semi-colon).

delimited file

A file comprised of data records of varying lengths. Individual records are separated by a record delimiter character (for example, a hard return or colon).

dependent object

This is a resource object that has a dependency relationship with another resource object. The processes of the parent resource object must be completed before the processes of the dependent resource object can be initiated. See resource object.

dependent task

A process or adapter task that is dependent upon another process or adapter task, respectively. Oracle Identity Manager or an Oracle Identity Manager user can only initiate this type of task once the process/adapter task on which it is dependent is completed.


The rescinding of a user's, user group's, and/or organization's access to a resource. See Process Task Statuses.

digital signature

This is an identification mechanism, which is used within Oracle Identity Manager to secure password propagation, by authenticating the application or device receiving the password.

direct provisioning

This is one of the methods by which a resource may be provisioned. Only users with specific administrative privileges may direct provision resources. When a resource is direct provisioned (to a user or organization), Oracle Identity Manager does not invoke the standard approval process (since this is only associated with requests) or the resource's approval process. Instead, Oracle Identity Manager proceeds directly to initiating the applicable provisioning process for the resource. See request.

Electronic Data Interchange (EDI)

This is the electronic format for the automated communication of business transactions (for example, orders, confirmations, and invoices) between organizations. EDI services, provided by third parties, enable organizations with potentially disparate hardware to connect and exchange data. Although interactive access may comprise a component of such a solution, EDI implies direct computer-to-computer transactions within vendors' databases and ordering systems.

e-mail definition

This is a pre-defined template that is used when generating e-mail notifications. E-mail definitions are created using the E-mail Definition form. See e-mail notification.

e-mail notification

This is the act of informing an Oracle Identity Manager user of the occurrence of an action, process task assignment, or process task status change using e-mail.


See user.

end-user administrator

See user.

entity adapter

This is one of five Oracle Identity Manager adapter types. This type of adapter is attached directly to a provisioning process and/or a form (using the Data Object Manager form). Oracle Identity Manager is able to trigger and execute entity adapters on pre-insert, pre-update, pre-delete, post-insert, post-update, or post-delete.

error handler task

This is one of several adapter task types. This type of adapter task is used to display any errors associated with an adapter that occur at runtime. In addition, you can view the reasons for the errors, along with possible solutions. See adapter task.

error message

This is informative text that appears when a specific problem occurs within Oracle Identity Manager.


This is an action (initiated by Oracle Identity Manager, an external system, or a user) and/or a result of that action being performed.

event handler

This is a Java class that executes user-defined or system-generated actions. An event handler can be set to run on:

See event. See data object manager.


This is the Windows-styled list of folders and forms displayed in the left-hand panel of the Oracle Identity Manager application window. The folders and forms displayed in the Explorer (as well as their nesting configuration and display sequence) may vary for each user depending on the user groups to which the user belongs.


This is the act of taking an .xml data file (produced by Oracle Identity Manager), and using it to transmit information to additional Oracle Identity Manager environments.


This is a data element of a database record or area of a GUI form in which a particular item of data is stored.


A graphical user interface layout (i.e., mechanism) used to view, insert, edit, and delete information associated with records in the Oracle Identity Manager database. A form can be displayed as two distinct views:

See record.

form designer

A form used to create customized Forms. Forms created using this form must be associated with a process or a resource object. These forms (and the fields they are comprised of) are used to provide processes or resource objects with a mechanism for obtaining additional information they require to conduct provisioning.

form tab

A region of a form used to display details related to the primary form or record. Tabs allow for the conservation of active space on the screen while providing streamlined access to related data.

form view

See form.

front end

This is a general term for the Client within a client/server model. The front end provides for the display of information and supports user-initiated actions.

generated task

A process task that Oracle Identity Manager initiates when another related process task achieves a pre-defined status (provided that this status is represented by a response). See response


The act of taking a previously created .xml data file, and using it to load information into Oracle Identity Manager using the deployment manager. Import files are generated by other Oracle Identity Manager environments. They can contain either new information to be added to Oracle Identity Manager or updates to information that already exists in Oracle Identity Manager (for example, a record insert or record update).

IT resource asset

This is Oracle Identity Manager representation of the physical component of the external target resources provisioned by Oracle Identity Manager (for example, the various Solaris ® servers in a company).

jar file

This is a Java Archive file. A compressed archive file (denoted by a .Jar extension) containing one or more Java class files. This file format is used to distribute and run Java applications.


JavaBeans allow developers to create reusable software components that can then be assembled together using visual application builder tools. Within Oracle Identity Manager, it is a Java program module that is used by Oracle Identity Manager Remote Manager to communicate bi-directionally with non-network-aware APIs. See remote manager.

Java DataBase Connectivity (JDBC)

A programming interface used by Java applications to access databases using SQL. Since Java interpreters (i.e., Java Virtual Machines) are available for all major operating systems, this interface supports the creation, modification, and deletion of platform-independent database applications.

Java task

This is one of several adapter task types available within the Adapter Factory form. This type of adapter task is used to communicate with an external source through a Java API. See adapter task.

Logic task

This is one of several adapter task types available within the Adapter Factory form. This type of adapter task is used to build a conditional statement within an adapter (for example, an if statement, a for-loop, or a while loop). See adapter task.

lookup definition

A definition that can represent:

Lookup definitions are created using the Lookup Definition form (for default forms) or the Form Designer form (for custom forms). See lookup field.

lookup field

This is a data field that provides the user with a set of pre-defined values. Lookup fields only accept values selected from the pre-defined list as valid entries. See data field.

lookup queries

You can define lookups (for lookup fields and combination boxes) in Oracle Identity Manager for user-defined fields (UDF's) in system forms (for example, User Form, Resource Object Form, etc.) and fields of user-defined resource and object forms. The lookups are defined in two ways:

The (custom) lookup queries has been enhanced to allow the lookup query to be parameter driven. The parameter property is a mapped parameter, where you can specify:Filter Column: the column for which a value is specified in the "where" clauseFilter Map: the source from where the value comes fromWhile the enhancement itself is delivered as part of the existing Forms Designer feature in the Java Client, any updates made by this feature are rendered on the Web Client dynamically as administrators, approvers, or end-users access the updated form(s).

lookup value

This is an item, which contains information pertaining to the text field, lookup field, or combo box that represents the lookup definition. See lookup definition.

manual task

This is any task within a process that requires user action in order to be completed. Approval processes are generally comprised of manual tasks.


This is data about data. Metadata can represent information about or documentation of other data managed within an application or environment. For example, Metadata can be used to provide information about data elements or attributes, (name, size, data type, etc.), records or data structures (length, fields, columns, etc.) or the physical location or permissions of data (where it is located, how it is associated, ownership, etc.). Within Oracle Identity Manager, there are two types of Metadata: system Metadata, which is internal to the Oracle Identity Manager system, and customer Metadata, such as process definitions.

nested rule

This is a rule that is contained or embedded within another rule.


This is a system that connects computers and peripheral devices to allow for the sharing of information and resources. Networks are categorized by speed and distance between the machines. The most common kind of network is a LAN, which usually connects machines within an office. Another kind of network is a WAN, which connects machines at different locations. See Wide Area Network (WAN).


This is any resource that can be provisioned (for example, a database, server, software application, file, or directory access). Also referred to as a resource object.

Open DataBase Connectivity (ODBC)

A database-programming interface produced by Microsoft that provides a common language for Windows applications to access databases on a network. ODBC is comprised of the function calls programmers write into their applications and the ODBC drivers themselves. For client/server database systems (such as Oracle and SQL Server), the ODBC driver provides access to the database using links to their database engines. For desktop database systems (such as dBASE and FoxPro), the ODBC drivers actually manipulate the data. ODBC supports SQL- and non-SQL-compliant databases. Although the application always uses SQL to communicate with ODBC, ODBC communicates with non-SQL-compliant databases in their native language. See Structured Query Language SQL).


This is an operand (for example, and/or) that determines and illustrates the relationship among the multiple elements (or nested rules) of a rule.

Oracle Identity Manager

A software platform that automates access rights management and the provisioning of resources. Oracle Identity Manager instantly connects users to the resources they need to be productive, and revokes and or prevents unauthorized access to protect proprietary information and enhance security.

Oracle Identity Manager API Task

This is one of several Oracle Identity Manager adapter task types. This type of adapter task enables an external third-party application to access Oracle Identity Manager functionality from outside of Oracle Identity Manager. See adapter task.

Oracle Identity Manager Client

See client.

Oracle Identity Manager Explorer

See explorer.

Oracle Identity Manager Server

See server.

Oracle Identity Manager System Administrators

These are Members of Oracle Identity Manager user groups to which maximum system access has been assigned. See system administrator. See user.

Oracle Identity Manager User

See user.

Oracle Identity Manager Administrative and User Console (Web Application)

This is the user interface by which end-users and delegated administrators access Oracle Identity Manager functionality using the Internet (web browser).

Oracle Identity Manager Workspace

See workspace.


A record used to represent an organizational unit within a company's hierarchy (for example, a department, division, or cost center). Oracle Identity Manager does not limit the number of sub-organizations that can be created within an organization.

organization target

The Oracle Identity Manager organization that is to be provisioned with a resource specified within a request.

password policy

A collection of criteria used to validate password creation and modification within Oracle Identity Manager or on an external resource. The criteria within a policy are applied based on the rule associated with it on the resource object to which it has been attached. Password policies can be defined for Oracle Identity Manager and/or third-party system passwords.

password policy rule

A rule used to determine which password policy is to be applied to password creation and modification on a particular resource or within Oracle Identity Manager. Password policy rules are always of type General. See rule.

Pre-Populate Adapter

Pre-Populate AdapterThis is one of five Oracle Identity Manager adapter types that are used to populate data on user defined fields on user defined forms. This specific type of rule generator adapter can be attached either to custom fields of forms or to fields of custom forms. These fields are created using the User Defined Field Definition form and the Form Designer form, respectively.See Rule Generator Adapter.

preceding task

A task that must have a status of Completed before Oracle Identity Manager or a user can initiate any tasks dependent on it. See dependent task.

Presentation Layer

See client.


This is a collection of one or more process tasks, also, a requested instance of a process definition. See process definition.

process definition

This is a record containing a detailed definition of all properties of a process as well as its workflow and the tasks that comprise it.

process status

This is the current state of execution for a process. The status of a process is determined by the status of its tasks. See status.

process task

This is a step or component of a process (as specified within the Process Definition form). Process tasks can be independent or dependent on one another.

Process Task Adapter

This is one of five Oracle Identity Manager adapter types. This type of adapter allows Oracle Identity Manager to automate the execution of a process task. See process task.

Process Task Statuses

A process task status indicates the status of the task throughout its entire lifecycle. A task has following pre-defined statuses R,C,X,P,W,XLR,UCR,UT,S,UC,PX, and MC.


This is the granting of access for resources to users in conformance with Oracle Identity Manager policies. See deprovisioning.

provisioning policy

This is an access policy that is applied to a user group during resource provisioning. A provisioning policy is one of several factors that determine whether a resource object may ultimately be provisioned to the user. A provisioning policy definition specifies the resource objects that can be allowed or disallowed for one or more user groups. See access policy. See resource object. See user group.

provisioning process

This is one of two Oracle Identity Manager process types. This type of process is used to provision Oracle Identity Manager resources to users or organizations.

provisioning status

The status of the resource object as it is being provisioned to a user or an organization. A resource object can have one of nine pre-defined statuses:


A method of searching for particular data records within a database using a common characteristic. For example, a common query performed on the Organizations page (Oracle Identity Manager Administor Console) is to retrieve all records related to a particular organizational unit. Oracle Identity Manager has many powerful built-in query syntax tools.

RACF server

See Resource Access Control Facility (RACF) server.


A collection of related items of information organized as a single unit of data (for example, a single record comprised of a name, telephone number, and address). The record is the entity stored in the database that contains this related information (whereas forms are the mechanism employed by the user to view/edit that information).


The process by which any action to create, modify, or delete a target system identity initiated in the target system (using traditional means) is communicated back to the provisioning system and recorded.

recovery task

This is a process task that initiates when a preceding process task achieves a status of Rejected. The relationship between the primary task and its recovery task must be pre-defined for this to occur. This relationship is set within the Undo/Recovery tab of the process task's Editing Task window.

remote manager

A server that enables Oracle Identity Manager to communicate with a remote application that is either non-network-aware, or is network-aware, but is not located on the Oracle Identity Manager Server. Remote managers are employed when Oracle Identity Manager needs to perform some function with this third-party application (for example, call a method that resides within the external API).

remote task

This is one of several adapter task types. This type of adapter task enables an adapter to call a method on an API (for example, when the API resides on a machine that is external to Oracle Identity Manager).Remote tasks are generally used within integrations of third-party APIs that are not network-enabled. In these cases, a remote manager executes the remote API method, which is located on a remote machine.Remote tasks can also be used with integrations of third-party APIs, which are network-enabled, but are not located on the Oracle Identity Manager Server for scalability purposes. The remote API method is still executed by a remote manager. However, because the third-party API is network-enabled, the remote manager does not have to reside on the target system. See adapter task.


This is an entity that represents the initiation of the approval and provisioning of one or more resources to one or more users or organizations. When a request for the provisioning of resources is submitted, Oracle Identity Manager will:

The request record maintains information about the standard approval process and the resource-specific approval process instances. Administrators or end-users generally place requests. Requests can also originate in external systems.Request-based provisioning differs from direct provisioning. Direct provisioning bypasses both the standard approval process and resource-specific approval process. See direct provisioning.

request status

This is the current state of the request. A request can have one of six statuses:

reset password

This is the ability of a user to change his/her password. When the user first registers with Oracle Identity Manager (using the Oracle Identity Manager Web Application), he/she needs to select personal verification questions, and specify the answers to these questions. Oracle Identity Manager then uses these questions to verify a user's identity and reset his or her password.


This is the user who created and submitted a request. See request.


Also referred to as a Resource Object. This is any unit of hardware, software, or data over which a company wishes to enforce provisioning control. For example, hardware resources might be servers and printers in the network. Software resources can be programs, utilities, or even smaller elements within a program. Data resources could be any accessible files or databases.The Oracle Identity Manager resource object definition is the virtual representation of the resources to be provisioned. For example, a resource object can have one or more approval processes, provisioning processes, rules, and password policies.The Oracle Identity Manager resource object definition is used to control the various processes and policies associated with the resource, as well as set system-wide options that will determine how the resource is provisioned.

Resource Access Control Facility (RACF) server

A remote IBM mainframe security application used by Oracle Identity Manager to:


This is a pre-defined message or action that is generated when a process task is initiated and achieves a particular completion status.

resource object

See resource.

result set

The data or records returned from the execution of a query. Most API results are returned in Result Set format.

row header

The rectangular box located along the left edge of each row in a table in the Oracle Identity Provisioning Design Console. The row header displays the row number of the associated record within the current sort order (if the sorting criteria are changed, the row number may also change). In most forms, a record can be selected by double-clicking the row header.


User-defined criteria employed by Oracle Identity Manager to match conditions and take action based on them. There are five types of rules (the first four are defined using the Rule Designer form):

rule element

This is the logical component of a rule. It is a unit that consists of an attribute, an operator, and a value (for example, user role == full time).

Rule Generator Adapter

This is one of five Oracle Identity Manager adapter types. This type of adapter is responsible for automatically generating, modifying, or verifying the value of a form's field, and saving this information to the database. Values supplied by a rule generator can be overridden by user input.


This is the ability of a user to register with Oracle Identity Manager, using the Oracle Identity Manager Web Application.


The software architecture tier used to implement the business logic and manage the interaction between the Oracle Identity Manager Client and the database.

set variable task

This is one of several adapter task types. This type of adapter task allows you to set the value of a variable within an adapter. See adapter task.

Simple Object Access Protocol (SOAP)

A message-based protocol based on XML used for accessing services on the Web. Initiated by Microsoft, IBM and others, it employs XML syntax to send text commands across the Internet using HTTP. Similar in purpose to the COM and CORBA ® distributed object systems, but more portable and less programming intensive, SOAP is used to invoke services throughout the Web. Because of its simple exchange mechanism, SOAP can also be used to implement a messaging system. SOAP is supported in COM, DCOM, Internet Explorer, and Microsoft Java implementation.

standard approval process

This is a type of approval process. This type of approval process is used to approve a request as a whole, which may include multiple resource objects, and users or organizations. It is not resource-specific, but rather request-specific.


This is the current state of execution for a given process or process task. The statuses of each task within a process determine the overall status of the parent process (certain tasks statuses have a greater effect on the process' overall status). There are six main statuses within Oracle Identity Manager:

stored procedure

An SQL program located within a particular database schema. Stored procedures contain information, such as SQL statements, which are pre-compiled for greater efficiency. See stored procedure task.

stored procedure task

This is one of several adapter task types. This type of adapter task allows Oracle Identity Manager to map to and execute SQL programs that are located within a particular database schema. Within Oracle Identity Manager, these programs are known as stored procedures.

By incorporating a stored procedure task into an adapter and attaching this adapter to a process task, Oracle Identity Manager can utilize stored procedures on any Oracle or SQLServer database (assuming it is accessible on its network). This includes retrieving primitive values from stored procedures. See adapter task. See stored procedure.

Structured Query Language SQL)

This is a database language created by IBM in a research project in the late 1970's. It rapidly became the standard database language due to its combination of elegance, power, and connectivity. It is commonly used with database servers on mainframes, minicomputers, and PCs. An ANSI standard for the language exists.


This is an organization that is a member of and derived from a higher-level (or parent) organization (for example, a department within a division). See organization.


See standard approval process.

system administrator

This user has both read- and write-access to all forms and records within Oracle Identity Manager.

Task Assignment Adapter

This adapter enables Oracle Identity Manager to automate the allocation of a process task to a user or group. A task assignment adapter can be written to dynamically assign a task based on parameters in the task request. The new Task Assignment Adapter is associated with a task assignment rule.

The Task Assignment Adapter enhances the mechanism of assigning a task through the Assignment tab of the Editing Task form (nested in the Process Definition form), where a rule is attached to a task, and users or groups are assigned to the current task.


A presentation mechanism for a collection of data records in which the items are arranged according to common pre-defined elements. In SQL database tables, the information is organized within columns and rows. A column represents one field or piece of information, such as a name. A row contains information related to one record. A record is a set of columns. Thus, SQL tables are thought of as having multiple rows of columns. In Oracle Identity Manager, tables are presented in Table views in order to display multiple records on a single screen simultaneously. By contrast, a Form view can only display one record at a time. When queries are performed, only the records that satisfy the search criteria will be displayed in the Table view. See form. See form tab.

target resource

The external resource or application to which you wish to provision a user or organization with access using Oracle Identity Manager.

Within the context of Oracle Identity Manager's reconciliation functions, this term has a more specific meaning. It is then used to refer to a resource with which Oracle Identity Manager has been set to conduct reconciliation. Target resources differ from trusted sources in that Oracle Identity Manager only accepts changes to the primary user record from a trusted source. All other external applications with which Oracle Identity Manager is conducting reconciliation are referred to as target resources.

target resource reconciliation

This refers to reconciliation that result in creation/update/revocation of resources provisioned to a user in Oracle Identity Manager. Account Discovery, Orphan Account Discovery, Rogue Account Discovery, and Direct Management Discovery are all specific use cases within this type of reconciliation.


See process task. See adapter task.

task status

This is the status of a process task. The status of a process' tasks determines the process' overall status.

three-tier architecture

Oracle Identity Manager is comprised of three distinct tiers. The three tiers of Oracle Identity Manager are the Oracle Identity Manager Client, Oracle Identity Manager Server, and the database. See client. See server. See database.


The set of buttons along the top edge of the Oracle Identity Manager Design Console window that provides access to frequently used functions. Clicking the left mouse button when the pointer is over a button will execute that button's function. Hovering with your mouse over a button will cause a tool tip about that button to be displayed.

trusted certificate

A digital ID, which verifies that the user's password for an external application is being transmitted to Oracle Identity Manager from the correct location.

trusted source

This is the Resource object in which a unique key for reconciliation with data in Oracle Identity Manager has been defined. The trusted source is the resource object from which Oracle Identity Manager accepts changes to the user record definition. There may be more than one trusted source and more than one key per trusted source.

trusted source reconciliation

See authoritative identity reconciliation.

undo task

This is a process task that will be initiated when a pre-defined associated process task is cancelled.


An individual who possesses an account and login credentials within Oracle Identity Manager. There are two distinct types of users in Oracle Identity Manager:

User-Defined Field (UDF)

Supplemental fields that can be created by the user to augment the fields already present on the Organizations, Users, Requests, Resource Objects, User Groups, Form Designer, or Locations forms. Through a user-defined field, an administrator can provide a location for inputting and storing data, define default values, format input data, create and apply data validation criteria, and provide a label for the field. The field and its contents are then stored in the database.

user group

This is a collection of one or more users. User group definitions can be used to assign permissions to all members of the group (for example, the users). The user group is an efficient mechanism for managing the privileges and access rights for large numbers of users.

user target

This is the user for whom a resource has been requested or direct provisioned.

utility task

This is one of several adapter task types. It's an adapter task that allows an adapter to be populated with any of the methods and APIs that are packaged with Oracle Identity Manager. In addition, this type of task provides you with access to a Java API. See adapter task.

Wide Area Network (WAN)

This is a computer network that connects machines at different locations. A WAN often connects to many LANs.


The region of the Oracle Identity Manager application window, displayed within the right-hand panel, which contains the forms and tables used to view, edit, and manage information.

XML - EXtensible Markup Language

This is an open standard for describing data from the World Wide Web Consortium (W3C). It is used for defining data elements on a Web page and business-to-business documents. It uses a tag structure similar to HTML; however, whereas HTML defines how elements are displayed, XML defines what those elements contain. HTML uses predefined tags, but XML allows tags to be defined by the developer of the page. Thus, virtually any data items, such as product, sales rep and amount due, can be identified, allowing Web pages to function like database records. By providing a common method for identifying data, XML supports business-to-business transactions and is expected to become the dominant format for electronic data interchange. See Electronic Data Interchange (EDI).

Documentation Accessibility

Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at

Accessibility of Code Examples in Documentation

Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.

Accessibility of Links to External Web Sites in Documentation

This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.

TTY Access to Oracle Support Services

Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.

Oracle Identity Manager Glossary of Terms, Release 9.0.3


Copyright © 2005, 2007, Oracle. All rights reserved.

The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited.

The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose.

If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs.

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party.