3 Configuring the Connector

This chapter is divided into the following sections:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

• Section 3.1, "Configuring the Connector for Multiple Installations of the Target System"

• Section 3.2, "Performing Provisioning Operations"

• Section 3.3, "Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1"

3.1 Configuring the Connector for Multiple Installations of the Target System

Note:

Perform this procedure only if you want to configure the connector for multiple installations of Microsoft Windows.

You may want to configure the connector for multiple installations of Microsoft Windows. The following example illustrates this requirement:

The Tokyo, London, and New York offices of Example Multinational Inc. have their own installations of Microsoft Windows. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of Microsoft Windows.

To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of Microsoft Windows.

To configure the connector for multiple installations of the target system, create and configure one IT resource for each target system installation

The IT Resources form is in the Resource Management folder. An IT resource is created when you import the connector XML file. You can use this IT resource as the template for creating the remaining IT resources, of the same resource type.

See Also:

Oracle Identity Manager Design Console Guide for detailed instructions on performing this procedure

When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the Microsoft Windows installation to which you want to provision the user.

3.2 Performing Provisioning Operations

Provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

When you install the connector on Oracle Identity Manager release 11.1.1, the direct provisioning feature is automatically enabled. This means that the process form is enabled when you install the connector.

If you have configured the connector for request-based provisioning, then the process form is suppressed and the object form is displayed. In other words, direct provisioning is disabled when you configure the connector for request-based provisioning. If you want to revert to direct provisioning, then perform the steps described in Section 3.3, "Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1."

This following are types of provisioning operations:

• Direct provisioning

• Request-based provisioning

See Also:

Oracle Identity Manager Connector Concepts for information about the types of provisioning

This section discusses the following topics:

• Section 3.2.1, "Direct Provisioning"

• Section 3.2.2, "Request-Based Provisioning"

3.2.1 Direct Provisioning

To provision a resource by using the direct provisioning approach:

1. Log in to the Administrative and User Console.

2. If you want to first create an OIM User and then provision a target system account, then:

   • If you are using Oracle Identity Manager release 9.1.0.x, then:

     1. From the Users menu, select Create.

     2. On the Create User page, enter values for the OIM User fields and then click Create User.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the Welcome to Identity Administration page, in the Users region, click Create User.

     2. On the Create User page, enter values for the OIM User fields, and then click Save.

3. If you want to provision a target system account to an existing OIM User, then:

   • If you are using Oracle Identity Manager release 9.1.0.x, then:

     1. From the Users menu, select Manage.

     2. Search for the OIM User and select the link for the user from the list of users displayed in the search results.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the Welcome to Identity Administration page, search for the OIM User by selecting Users from the list on the left pane.

     2. From the list of users displayed in the search results, select the OIM User. The user details page is displayed on the right pane.

4. Depending on the Oracle Identity Manager release you are using, perform one of the following steps:

   • If you are using Oracle Identity Manager release 9.1.0.x, then:

     1. On the User Detail page, select Resource Profile from the list at the top of the page.

     2. On the Resource Profile page, click Provision New Resource.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. On the user details page, click the Resources tab.

     2. From the Action menu, select Add Resource. Alternatively, you can click the add resource icon with the plus (+) sign. The Provision Resource to User page is displayed in a new window.

5. On the Step 1: Select a Resource page, select Windows 2000 from the list and then click Continue.

6. On the Step 2: Verify Resource Selection page, click Continue.

7. On the Step 5: Provide Process Data for Windows 2000 Details page, enter the details of the account that you want to create on the target system and then click Continue.

8. On the Step 6: Verify Process Data page, verify the data that you have provided and then click Continue.

9. The "Provisioning has been initiated" message is displayed. Perform one of the following steps:

   • If you are using Oracle Identity Manager release 9.1.0.x, click Back to User Resource Profile. The Resource Profile page shows that the resource has been provisioned to the user.

   • If you are using Oracle Identity Manager release 11.1.1, then:

     1. Close the window displaying the "Provisioning has been initiated" message.

     2. On the Resources tab, click Refresh to view the newly provisioned resource.

3.2.1.1 Direct Provisioning for Server Release 11g R2 or Later

• For server release 11g R2 or later, follow below steps:

1. Login to Identity console.

2. Under Administration section, click Users.

3. Click Create button.

4. Enter all required fields and Submit.

5. If you want to provision a Windows account, then:

   1. On the Users screen, search for the required user (The windows account can only be provisioned to a user with AD account in target).

   2. On the user details page, click Accounts tab.

   3. Click Request Accounts button.

   4. Search for the Windows Application instance in the catalog search box and select it.

   5. Click Add to cart.

   6. Click Checkout.

   7. Enter all the required fields in the UI form.

   8. Click Ready to submit.

   9. Click Submit.

3.2.2 Request-Based Provisioning

Note:

• This is not applicable for OIM release 11.1.2

• The information provided in this section is applicable only if you are using Oracle Identity Manager release 11.1.1.

A request-based provisioning operation involves both end users and approvers. Typically, these approvers are in the management chain of the requesters. The following sections discuss the steps to be performed by end users and approvers during a request-based provisioning operation:

Note:

The procedures described in these sections are built on an example in which the end user raises or creates a request for provisioning a target system account. This request is then approved by the approver.

• Section 3.2.2.1, "End User's Role in Request-Based Provisioning"

• Section 3.2.2.2, "Approver's Role in Request-Based Provisioning"

3.2.2.1 End User's Role in Request-Based Provisioning

The following steps are performed by the end user in a request-based provisioning operation:

See Also:

Oracle Fusion Middleware User's Guide for Oracle Identity Manager for detailed information about these steps

1. Log in to the Administrative and User Console.

2. On the Welcome page, click Advanced in the upper-right corner of the page.

3. On the Welcome to Identity Administration page, click the Administration tab, and then click the Requests tab.

4. From the Actions menu on the left pane, select Create Request.

   The Select Request Template page is displayed.

5. From the Request Template list, select Provision Resource and click Next.

6. On the Select Users page, specify a search criterion in the fields to search for the user that you want to provision the resource, and then click Search. A list of users that match the search criterion you specify is displayed in the Available Users list.

7. From the Available Users list, select the user to whom you want to provision the account.

   If you want to create a provisioning request for more than one user, then from the Available Users list, select users to whom you want to provision the account.

8. Click Move or Move All to include your selection in the Selected Users list, and then click Next.

9. On the Select Resources page, click the arrow button next to the Resource Name field to display the list of all available resources.

10. From the Available Resources list, select Windows 2000, move it to the Selected Resources list, and then click Next.

11. On the Resource Details page, enter details of the account that must be created on the target system, and then click Next.

12. On the Justification page, you can specify values for the following fields, and then click Finish.

    • Effective Date

    • Justification

    On the resulting page, a message confirming that your request has been sent successfully is displayed along with the Request ID.

13. If you click the request ID, then the Request Details page is displayed.

14. To view details of the approval, on the Request Details page, click the Request History tab.

3.2.2.2 Approver's Role in Request-Based Provisioning

The following are steps performed by the approver in a request-based provisioning operation:

The following are steps that the approver can perform:

1. Log in to the Administrative and User Console.

2. On the Welcome page, click Self-Service in the upper-right corner of the page.

3. On the Welcome to Identity Manager Self Service page, click the Tasks tab.

4. On the Approvals tab, in the first section, you can specify a search criterion for request task that is assigned to you.

5. From the search results table, select the row containing the request you want to approve, and then click Approve Task.

   A message confirming that the task was approved is displayed.

3.3 Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1

Note:

It is assumed that you have performed the procedure described in Section 2.3.7, "Enabling Request-Based Provisioning."

On Oracle Identity Manager release 11.1.1, if you want to switch from request-based provisioning to direct provisioning, then:

1. Log in to the Design Console.

2. Disable the Auto Save Form feature as follows:

   1. Expand Process Management, and then double-click Process Definition.

   2. Search for and open the Windows 2000 process definition.

   3. Deselect the Auto Save Form check box.

   4. Click the Save icon.

3. If the Self Request Allowed feature is enabled, then:

   1. Expand Resource Management, and then double-click Resource Objects.

   2. Search for and open the Windows 2000 resource object.

   3. Deselect the Self Request Allowed check box.

   4. Click the Save icon.

On Oracle Identity Manager release 11.1.1, if you want to switch from direct provisioning to request-based provisioning, then:

1. Log in to the Design Console.

2. Enable the Auto Save Form feature as follows:

   1. Expand Process Management, and then double-click Process Definition.

   2. Search for and open the Windows 2000 process definition.

   3. Select the Auto Save Form check box.

   4. Click the Save icon.

3. If you want to enable end users to raise requests for themselves, then:

   1. Expand Resource Management, and then double-click Resource Objects.

   2. Search for and open the Windows 2000 resource object.

   3. Select the Self Request Allowed check box.

   4. Click the Save icon.