5 Identity Management

Enterprise Manager offers the following Management pack for identity management:

The following sections in this chapter describe the licensed features and links for this pack.

Management Pack Plus for Identity Management

The Management Pack Plus for Identity Management enables enterprises to proactively monitor the availability, performance, load, and security metrics of various Identity Management components. The Management Pack Plus for Identity Management helps improve performance and availability, and reduce the cost and complexity of managing Identity Management deployments, including the following environments:

  • Oracle Internet Directory

  • Directory Integration Platform

  • Oracle Directory Server Enterprise Edition (formerly Sun Java Directory Server Enterprise Edition)

  • Oracle Virtual Directory

  • Oracle Identity Federation

  • Oracle Access Manager

  • Oracle Identity Manager

  • Oracle Adaptive Access Manager

  • Oracle Unified Directory

Features

The Management Pack Plus for Identity Management leverages Oracle Enterprise Manager Grid Control's broad set of capabilities in configuration management, performance management, and service level management to effectively manage Oracle Identity Management environments.

When combined with other Enterprise Manager packs and plug-ins for managing Oracle and non-Oracle database, middleware, network devices and hosts, you can achieve complete end-to-end management of your entire Oracle Identity Management environment.

Note:

A management pack license is required to use the features described below in the Enterprise Manager graphical user interface, command-line interface, and published repository views.

The Management Pack Plus for Identity Management includes the features shown in Table 5–1.

Table 5-1 Feature Highlights of Management Pack Plus for Identity Management

Feature Benefit

Single-step discovery

Perform a single-step discovery of both Identity Management 10g and Identity Management 11g components. The supported Identity Management 10g components include Oracle Access Manager (OAM) 10g, Oracle Identity Manager (OIM) 9.x, Oracle Identity Federation (OIF) 10g, and Oracle Identity Management Suite 10g (including Oracle Internet Directory, Directory Integration Platform, Delegated Administration Services, and Single Sign-On).

The supported Identity Management 11g components include Oracle Internet Directory, Oracle Directory Integration Platform, Oracle Virtual Directory, Oracle Identity Federation, Oracle Access Manager, Oracle Identity Manager, and Oracle Adaptive Access Manager. Single-step discovery enables you to quickly set up your monitoring environment.

With the Oracle System Monitoring Plug-in for Oracle Directory Server, a simple target discovery is also provided for Oracle Directory Server Enterprise Edition (formerly Sun Java Directory Server Enterprise Edition) 6.x and 7.x, as well as ODSEE 11gR1 and 11gR1PS1.

Additionally with the Oracle System Monitoring Plug-in for Oracle Unified Directory, a similar target discovery is provided for Oracle Unified Directory 11g – including OUD Directory Server, OUD Proxy Server, and OUD Replication Gateway

Monitoring and diagnostics

Receive real-time metrics and historical data as well as alert notifications.

Proactively monitor the Oracle Identity Management environment from both a systems-oriented view and an end-user perspective. Out-of-box collection of key performance metrics for monitored components facilitates rapid time to value. This enables you to set up alerts based on warning and critical thresholds, view current and historical performance information using graphs and reports, and diagnose performance problems by identifying bottlenecks in any of the monitored targets.

Configuration

Track configuration metrics, take configuration snapshots, and compare configurations for Oracle Access Manager 10g components, as well as Oracle Internet Directory 11g, Oracle Directory Integration Platform 11g, Oracle Virtual Directory 11g, and Oracle Identity Federation 11g.

Service level management

Model Identity and Access services down to the key components they rely on, define service levels based on business requirements, and report against clearly defined Service Level Objectives (SLOs).

You can also monitor your Oracle Identity Management environment from an end-user perspective using synthetic service tests. These tests simulate key end-user activities, such as logging into an application with a single sign-on. The tests are run through beacons from locations within your network to actively measure the performance and availability of your Identity and Access services.

Licensed Links

The sections beginning with Identity Management 10g Components describe the licensed pages and links of this pack that apply to the following Identity Management-specific targets within Enterprise Manager.

Identity Management 10g Targets

  • Access Manager — Access Server

  • Access Manager — Identity Server

  • Access Manager — Access System

  • Access Manager — Identity System

  • Identity Federation Server

  • Identity Federation System

  • Identity Manager Repository

  • Identity Manager Server

  • Identity Manager System

  • Delegated Administration Server

  • Directory Integration Platform Server

  • Oracle Internet Directory

  • Single Sign-On Server

  • Generic Service or Web Application targets associated with Access Manager — Access System, Access Manager — Identity System, Identity Federation System, and Identity Manager System Hosts running Identity Management components

  • Hosts running Identity Management components

Identity Management 11g Targets

  • Oracle Internet Directory

  • Identity Federation Server

  • Directory Integration Platform Server

  • Oracle Virtual Directory

  • Oracle Access Manager

  • Oracle Access Manager Cluster

  • Oracle Adaptive Access Manager

  • Oracle Adaptive Access Manager Cluster

  • Oracle Identity Manager

  • Oracle Identity Manager Cluster

  • Generic Service & Identity and Access System targets associated with Identity Management 11g components

  • Hosts running Identity Management components

Oracle Directory Server Enterprise Edition (formerly Sun Java Directory Server Enterprise Edition) Targets

  • Oracle Directory Server Enterprise Edition

  • Hosts running Oracle DSEE components

Oracle Unified Directory Targets

  • Oracle Unified Directory (OUD) Directory Server

  • OUD Proxy Server

  • OUD Replication Gateway

  • Hosts running OUD components

Identity Management 10g Components

  • From the Grid Control Home page, click the Targets tab, then Identity and Access. All links on the Identity and Access page are licensed features of this pack.

Access Manager — Access Server

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Access Manager – Access Server. The Access Manager – Access Server Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Access Manager - Access Server. The following items are licensed features of this pack:

    • Black Out button

    • Availability link

    • Start/Stop button

    • All links in the Associated Directory Server Information section

    • All links in the Alerts section

    • All links in the Host Alerts section

    • All links in the Configuration section

    • All links in the Related Links section

  • From the Access Manager – Access Server Home page, select the Performance sub-tab. All features on the Access Manager – Access Server Performance page are licensed features of this pack.

Access Manager — Identity Server

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Access Manager – Identity Server. The Access Manager – Identity Server Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Access Manager - Identity Server. The following items are licensed features of this pack:

    • Black Out button

    • Availability link

    • Start/Stop button

    • All links in the Associated Directory Server Information section

    • All links in the Alerts section

    • All links in the Host Alerts section

    • All links in the Configuration section

    • All links in the Related Links section

  • From the Access Manager – Identity Server Home page, select the Performance sub-tab. All features on the Access Manager – Identity Server Performance page are licensed features of this pack.

Access Manager — Access System

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Access Manager – Access System. The Access Manager – Access System Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Access Manager - Access System. All features on the System Home page are licensed features of this pack.

  • From the System Home page, select the Charts sub-tab. All features on the System Charts page are licensed features of this pack.

  • From the System Home page, select the Administration sub-tab. All features on the System Administration page are licensed features of this pack.

  • From the System Home page, select the Components sub-tab. All features on the System Components page are licensed features of this pack.

  • From the System Home page, select the Topology sub-tab. All features on the System Topology page are licensed features of this pack.

Access Manager — Identity System

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Access Manager – Identity System. The Access Manager – Identity System Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Access Manager - Identity System. All features on the System Home page are licensed features of this pack.

  • From the System Home page, select the Charts sub-tab. All features on the System Charts page are licensed features of this pack.

  • From the System Home page, select the Administration sub-tab. All features on the System Administration page are licensed features of this pack.

  • From the System Home page, select the Components sub-tab. All features on the System Components page are licensed features of this pack.

  • From the System Home page, select the Topology sub-tab. All features on the System Topology page are licensed features of this pack.

Identity Federation Server

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Identity Federation Server. The Identity Federation Server Home page appears. All features on the System Home page are licensed features of this pack. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Identity Federation Server. The following items are licensed features of this pack:

    • Black Out button

    • Availability link

    • All links in the User Data Store section

    • All links in the Federation Data Store section

    • All links in the Alerts section

    • All links in the Host Alerts section

    • All links in the Related Links section

  • From the Identity Federation Server Home page, select the Infrastructure Performance sub-tab. All features on the Infrastructure Performance page are licensed features of this pack.

  • From the Identity Federation Server Home page, select the Service Provider Performance sub-tab. All features on the Service Provider Performance page are licensed features of this pack.

  • From the Identity Federation Server Home page, select the Identity Provider Performance sub-tab. All features on the Identity Provider Performance page are licensed features of this pack.

  • From the Identity Federation Server Home page, select the Peer Provider Performance sub-tab. All features on the Peer Provider Performance page are licensed features of this pack.

Identity Federation System

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Identity Federation System. The Identity Federation System Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Identity Federation System. All features on the System Home page are licensed features of this pack.

  • From the System Home page, select the Charts sub-tab. All features on the System Charts page are licensed features of this pack.

  • From the System Home page, select the Administration sub-tab. All features on the System Administration page are licensed features of this pack.

  • From the System Home page, select the Components sub-tab. All features on the System Components page are licensed features of this pack.

  • From the System Home page, select the Topology sub-tab. All features on the System Topology page are licensed features of this pack.

Identity Manager Repository

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Identity Manager Repository. The Identity Manager Repository Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Identity Manager Repository. The following items are licensed features of this pack.

    • Black Out button

    • Availability link

    • All links in the Provisioning section

    • All links in the Associated Remote Managers section

    • All links in the Alerts section

    • All links in the Host Alerts section

    • All links in the Related Links section

  • From the Identity Manager Repository Home page, select the Performance sub-tab. All features on the Identity Manager Repository Performance page are licensed features of this pack.

Identity Manager Server

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Identity Manager Server. The Identity Manager Server Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Identity Manager Server. The following items are licensed features of this pack.

    • Black Out button

    • Availability link

    • All links in the Alerts section

    • All links in the Host Alerts section

    • All links in the Related Links section

  • From the Identity Manager Server Home page, select the Performance sub-tab. All features on the Identity Manager Server Performance page are licensed features of this pack.

Identity Manager System

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Identity Manager System. The Identity Manager System Home page appears. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select a target of type Identity Manager System. All features on the System Home page are licensed features of this pack.

  • From the System Home page, select the Charts sub-tab. All features on the System Charts page are licensed features of this pack.

  • From the System Home page, select the Administration sub-tab. All features on the System Administration page are licensed features of this pack.

  • From the System Home page, select the Components sub-tab. All features on the System Components page are licensed features of this pack.

  • From the System Home page, select the Topology sub-tab. All features on the System Topology page are licensed features of this pack.

Identity Management 11g Components

Identity Management 11g target types consist of:


Oracle Internet Directory
Identity Federation Server
Directory Integration Platform Server
Oracle Virtual Directory
Oracle Access Manager
Oracle Access Manager Cluster
Oracle Adaptive Access Manager
Oracle Adaptive Access Manager Cluster
Oracle Identity Manager
Oracle Identity Manager Cluster

  • From the Grid Control Home page, click the Targets tab, then Identity and Access. All links on the Identity and Access page are licensed features of this pack.

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select any of the target types referenced above. Alternatively, click the Targets tab, then Identity and Access. On the Identity and Access page, select any of the target types referenced above. The following items under the drop-down menu are licensed features of this pack:

    • Home

    • Monitoring

    • Control

    • Configuration (currently available: Oracle Internet Directory, Identity Federation Server, Directory Integration Platform Server, Oracle Virtual Directory)

    • Job Activity

    • Reports

    • WebLogic Server Administration Console

    • Fusion Middleware Control

    • Target Setup

    • General Information

Oracle Directory Server Enterprise Edition (formerly Sun Java Directory Server Enterprise Edition)

With the Oracle System Monitoring Plug-in for Oracle Directory Server, a simple target discovery is also provided for Oracle Directory Server Enterprise Edition (formerly Sun Java Directory Server Enterprise Edition) 6.x and 7.x, as well as ODSEE 11gR1 and 11gR1PS1. The following Oracle DSEE target type is supported:

Oracle Directory Server Enterprise Edition

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select any target of the target type Oracle Directory Server Enterprise Edition. All links and items under this target are licensed features of this pack.

Oracle Unified Directory

With the Oracle System Monitoring Plug-in for Oracle Unified Directory, a similar target discovery is provided for Oracle Unified Directory 11g – including OUD Directory Server, OUD Proxy Server, and OUD Replication Gateway.

Oracle Unified Directory Licensed Links

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select any target of the target types OUD Directory Server, OUD Proxy Server, and OUD Replication Gateway. All links and items under these targets are licensed features of this pack.

Generic Service or Web Application Associated with Identity Management Systems

With the Management Pack Plus for Identity Management, users can create targets of type Generic Service or Web Application associated with any of the monitored Identity Management Systems: Access Manager – Access System, Access Manager – Identity System, Identity Federation System, Identity Manager System, as well as the Identity and Access System.

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Generic Service that is associated with any of the monitored Identity Management Systems listed above. The Generic Service Home page appears. All features on the Generic Service Home page are licensed features of this pack.

  • From the Service Home page, select the Charts sub-tab. All features on the Service Charts page are licensed features of this pack.

  • From the Service Home page, select the Test Performance sub-tab. All features on the Test Performance page are licensed features of this pack.

  • From the Service Home page, select the System sub-tab. All features on the System page are licensed features of this pack.

  • From the Service Home page, select the Topology sub-tab. All features on the Service Topology page are licensed features of this pack.

  • From the Service Home page, select the Monitoring Configuration sub-tab. All features on the Monitoring Configuration page are licensed features of this pack.

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Web Application that is associated with any of the monitored Identity Management Systems: Access Manager – Access System, Access Manager – Identity System, Identity Federation System, and Identity Manager System. The Web Application Home page appears. All features on the Web Application Home page are licensed features of this pack.

  • From the Web Application Home page, select the Charts sub-tab. All features on the Charts page are licensed features of this pack.

  • From the Web Application Home page, select the Test Performance sub-tab. All features on the Test Performance page are licensed features of this pack.

  • From the Web Application Home page, select the Page Performance sub-tab. All features on the Page Performance page are licensed features of this pack.

  • From the Web Application Home page, select the Request Performance sub-tab. All features on the Request Performance page are licensed features of this pack.

  • From the Web Application Home page, select the System sub-tab. All features on the System page are licensed features of this pack.

  • From the Web Application Home page, select the Topology sub-tab. All features on the Topology page are licensed features of this pack.

  • From the Web Application Home page, select the Monitoring Configuration sub-tab. All features on the Monitoring Configuration page are licensed features of this pack.

Hosts Running Identity Management Components

  • From the Grid Control Home page, click the Targets tab, then All Targets. On the All Targets page, select a target of type Host (where Identity Management Components are running). The Host Home page appears. The following items are licensed features of this pack.

    • Black Out button

    • Availability link

    • View Current Users -link

    • All links in the Alerts section

    • All links in the Related Links section

  • From the Host Home page, select the Performance sub-tab. All features on the Host Performance page are licensed features of this pack.

  • From the Host Home page, select the Administration sub-tab. All features on the Host Administration page are licensed features of this pack.

    Note:

    The Administration page is only available for Linux operating systems.

  • From the Host Home page, select the Targets sub-tab. All features on the Host Targets page are licensed features of this pack.

Licensing for Service Level Management

Enterprise Manager Grid Control Service Level Management (SLM) offers a rich monitoring solution that helps IT organizations achieve high availability and performance, and optimized service levels for their business services. SLM actively monitors and reports on the availability and performance of services, including end-user business functions, Web applications, and infrastructure components. Using service tests or synthetic transactions executed from remote user locations (beacons), businesses can monitor services from the end-users' perspectives and the services' correlation to the underlying IT infrastructure. In addition, SLM assesses the business impact of any service problem or failure, and indicates whether service level goals have been met.

Enterprise Manager Grid Control Service Level Management was introduced as a standalone Service Level Management Pack with Enterprise Manager version 10g release 2. In Enterprise Manager 11g, Service Level Management is licensed as part of Management Pack Plus for Identity Management, as well as the following products:

  • WebLogic Server Management Pack Enterprise Edition

  • Oracle Real User Experience Insight

  • SOA Management Pack Enterprise Edition

A subset of functionality in the Service Level Management Pack was previously included as part of the Diagnostics Pack for Application Server license. Customers who had licensed the Diagnostics Pack for Application Server 10g release 1 are entitled to use the following specific functionality without licensing the Service Level Management Pack 11g release 1:

  • Web Application service test monitoring with HTTP and HTTP(s) protocols

  • Host monitoring with ping protocol

Note:

Any and all methods of accessing pack functionality — whether through the Enterprise Manager Console, Desktop Widgets, command-line APIs, or direct access to the underlying data — require the Management Pack Plus for Identity Management license.

Customers who previously licensed the standalone Service Level Management Pack can continue to use Enterprise Manager Grid Control Service Level Management under their previously licensed terms. However, they are not entitled to use the additional capabilities contained in Management Pack Plus for Identity Management.

Features

Enterprise Manager Grid Control Service Level Management includes the features shown in Table 5–1.

Table 5-2 Feature Highlights of Enterprise Manager Grid Control Service Level Management

Feature Benefit

Service modeling

Model critical business functions based on a wide range of supported protocols.

Complete service monitoring

Monitor service availability, performance, usage, and service level compliance.

Beacons

Measure availability and performance from representative key user locations.

Service Level Management Licensed Links

The following information describes the Enterprise Manager links that require licensing of Management Pack Plus for Identity Management. This information does not include feature links that may contain information derived from the creation of tests and beacons, but are considered part of Management Pack Plus for Identity Management. The list that follows assumes that you begin from the main Grid Control Home page.

Services Links

Licensed services links consist of configuration pages and monitoring pages.

  • For configuration pages, from the Enterprise Manager Home page, go to the Targets tab and then select the Services sub-tab:

    • On the Services page, select Generic Service from the Add drop-down, then click Go to add the service. Select Service Test from the drop-down list on the Availability page of the Create Service wizard. Defining a service's availability based on the execution of a service test is a licensed feature of Management Pack Plus for Identity Management.

    • On the Services page, select Generic Service from the Add drop-down, then click Go to add the service. The Beacons page of the Create Generic Service wizard is a licensed feature of Management Pack Plus for Identity Management.

    • On the Services page, click any Name link (except for Aggregate Service) in the table. On the Service page that appears, select the Monitoring Configuration sub-tab. The Service Tests and Beacons link on the Monitoring Configuration page is a licensed feature of Management Pack Plus for Identity Management.

    • On the Monitoring Configuration page, select Availability Definition. Select Service Test from the drop-down list on the Availability Definition page. Defining a service's availability based on the execution of a service test is a licensed feature of Management Pack Plus for Identity Management.

    • On the Services page, click either the Name link of a Generic Service or Forms Application in the table. On the Service page that appears, select the Monitoring Configuration sub-tab. On the Monitoring Configuration page, the Enable Forms Transaction Monitoring link is a licensed feature of Management Pack Plus for Identity Management.

  • For monitoring pages, from the Enterprise Manager Home page, go to the Targets tab and then select the Services sub-tab:

    • Click a service Name link in the table to go to the Service Home page. The Test Performance sub-tab and Black Out button are licensed features of Management Pack Plus for Identity Management.

    • On the Service Home page, click the Test Performance sub-tab. All links and controls on this page are licensed as part of Management Pack Plus for Identity Management.

  • The following Related Links are also part of Management Pack Plus for Identity Management:

    • Alert History

    • Blackouts

    • Metric Baselines

    • Past Changes

    • Pending Changes (where applicable)

Forms Application Links

Licensed services links consist of configuration pages and monitoring pages.

  • For configuration pages, from the Enterprise Manager Home page, go to the Targets tab and then select the Services sub-tab:

    • On the Services page, select Forms Application from the drop-down list and click Go. Select Service Test from the drop down-menu on the Availability page of the Create Forms Application wizard. Defining a form application's availability based on the execution of a service test is a licensed feature of Management Pack Plus for Identity Management.

    • On the Services page, select Forms Application from the drop-down list and click Go. The Beacons page of the Create Web Application wizard is a licensed feature of Management Pack Plus for Identity Management.

    • On the Services page, click any Forms Application Name link, then select the Monitoring Configuration sub-tab. The Service Tests and Beacons link in the Generic Tasks section of the Monitoring Configuration page is a licensed feature of Management Pack Plus for Identity Management.

    • On the Monitoring Configuration page, select Availability Definition from the Generic Tasks section. The Service Test choice from the drop-down list on the Availability Definition page is a licensed feature of Management Pack Plus for Identity Management.

  • For monitoring pages, from the Enterprise Manager Home page, go to the Targets tab and then select the Services sub-tab:

    • On the Services page, click a Forms Application Name link in the table to go to the Forms Application Home page. The Test Performance link and Black Out button are licensed features of Management Pack Plus for Identity Management.

  • The following Related Links are also part of Management Pack Plus for Identity Management:

    • Alert History

    • Blackouts

    • Metric Baselines

    • Past Changes

    • Pending Changes (where applicable)