Skip Headers
Oracle® Identity Manager Administrative and User Console Guide
Release 9.1.0.1
Part Number E14057-01
Home
Book List
Index
Contact Us
Next
View PDF
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Documentation Updates
Conventions
Part I General Features
1
Introduction to the Administrative and User Console
1.1
Understanding User Roles and Capabilities
1.2
Overview of the Resource Model
1.2.1
Approval Processes
1.2.2
Provisioning Processes
2
Self-Registration Using the Administrative and User Console
2.1
Creating Oracle Identity Manager Accounts
2.2
Changing Passwords
2.3
Tracking Self-Registration Requests
2.4
Logging In to the Administrative and User Console
2.5
Logging Out of the Administrative and User Console
3
Using the Administrative and User Console
3.1
Searching in the Administrative and User Console
3.1.1
Constructing a Search (or Query)
3.1.2
Using Wildcards
3.1.3
Understanding How Search Works
3.2
Customizing the Display of Data in the Administrative and User Console
3.2.1
Truncating Text Entries
3.2.2
Displaying Process Forms with Child Tables
4
Managing Your Account
4.1
Viewing and Modifying Account Profiles
4.2
Changing Passwords
4.3
Specifying Questions and Answers for Password Change and Retrieval
4.4
Delegating Responsibilities to a Proxy
5
Managing Your Resources
5.1
Viewing Resources
5.2
Viewing Resource Requests
5.3
Requesting New Resources
6
Administering Requests
6.1
Creating and Managing Requests
6.1.1
Granting Resources
6.1.2
Disabling Resources
6.1.3
Reenabling Resources
6.1.4
Revoking Resources
6.2
Tracking Requests
6.2.1
Searching for Requests
6.2.2
Viewing Approval Details
6.2.3
Viewing Provisioning Details
6.2.3.1
Viewing Provisioning Details by User/Organization
6.2.3.2
Viewing Provisioning Details by Resource
6.2.4
Viewing Request Comments
6.2.5
Viewing Request Status History
7
Managing Your To-Do List
7.1
Reviewing Pending Approvals
7.1.1
Managing the Display of Pending Approvals
7.2
Managing Open Tasks
7.2.1
Viewing Open Tasks
7.2.2
Retrying Rejected Tasks
7.2.3
Reassigning Open Tasks
7.2.4
Setting Responses to Open Tasks
7.2.5
Manually Completing Rejected Tasks
7.2.6
Managing the Display of Open Tasks
7.3
Managing Attestation Requests
7.3.1
Viewing Attestation Requests
7.3.2
Saving Attestation Actions
7.3.3
Updating Comments and Delegations
7.3.4
Submitting Attestations
8
Creating and Managing Users
8.1
Creating Users
8.1.1
Editing User Profiles
8.1.2
Disabling Users
8.1.3
Changing User Passwords
8.2
Managing Users
9
Creating and Managing Organizations
9.1
Creating Organizations
9.2
Managing Organizations
9.2.1
Searching for and Viewing Organizations
9.2.2
Enabling Organizations
9.2.3
Disabling Organizations
9.2.4
Deleting Organizations
9.3
Managing Organization Details
10
Creating and Managing User Groups
10.1
Creating Groups
10.2
Managing Groups
10.2.1
Searching for User Groups
10.2.2
Deleting User Groups
10.2.3
Viewing and Administering a User Group
10.2.3.1
Members and Subgroups
10.2.3.2
Menu Items
10.2.3.3
Administrative Groups
10.2.3.4
Access Policies
10.2.3.5
Membership Rules
10.2.3.6
Data Object Permissions
10.2.3.7
Allowed Reports
11
Creating and Managing Access Policies
11.1
Features of Access Policies
11.2
Creating Access Policies
11.3
Managing Access Policies
12
Working with Resources
12.1
Viewing Resource Details
12.2
Working with Organizations Associated with Resources
12.3
Using the Resource Administrator Option
12.3.1
Assigning User Groups as Administrators for Resources
12.3.2
Creating Administrator Groups
12.3.3
Updating Permissions of an Administrative Group
12.4
Using the Resource Authorizers Option
12.5
Using the Resource Workflows Option to View Workflows
12.5.1
Opening the Workflow Visualizer
12.5.2
Elements of the Workflow Visualizer
12.5.2.1
Using the Provisioning Workflow Definition Event Tabs
12.5.3
Operations on the Workflow Visualizer
12.5.3.1
Rearranging Elements
12.5.3.2
Using the Expansion Nodes
12.5.3.3
Accessing the Task Details
12.6
Using the Resource Workflows Option to Create and Modify Workflows
12.6.1
Opening the Workflow Designer
12.6.2
Creating a Workflow
12.6.3
Workflow Designer Main Page
12.6.3.1
Information
12.6.3.2
Toolbar
12.6.3.3
Designer Page
12.6.3.4
Menu Section
12.6.4
Creating and Configuring Tasks and Responses
12.6.4.1
General Menu Options
12.6.4.2
Task Options
12.6.4.3
Response Options
12.6.4.4
Link Options
12.6.4.5
Configuring Tasks
12.6.4.6
Configuring Responses
12.6.5
Configuring Data Flows
12.6.5.1
Form Data Flows
12.6.5.2
Reconciliation Data Flows
12.7
Creating IT Resources
12.8
Managing IT Resources
12.8.1
Viewing IT Resources
12.8.2
Modifying IT Resources
12.8.3
Deleting IT Resources
12.9
Creating Scheduled Tasks
12.10
Managing Scheduled Tasks
12.10.1
Viewing Scheduled Tasks
12.10.2
Modifying Scheduled Tasks
13
Using the Deployment Manager
13.1
Exporting Deployments
13.2
Importing Deployments
13.2.1
Deployment Manager Actions on Reimported Scheduled Tasks
13.2.2
Importing an XML File
13.3
Best Practices Related to Using the Deployment Manager
14
Working with Reports
14.1
Overview of Operational Reports
14.2
Overview of Historical Reports
14.3
Running Reports
14.4
Display of Data in Report
14.5
Using Report Filters
14.6
Change Input Parameters
14.7
CSV Export
14.8
Detail Page Links
14.9
Creating Reports Using Third-Party Software
15
Working with the Attestation Feature
15.1
About Attestation
15.1.1
Definition of an Attestation Process
15.1.1.1
Attestation Process Control
15.1.2
Components of Attestation Tasks
15.1.2.1
Attestation Inbox
15.1.3
Attestation Request
15.1.4
Delegation
15.1.5
Attestation Lifecycle Process
15.1.5.1
Stage 1: Creation of an Attestation Task
15.1.5.2
Stage 2: Acting on an Attestation Task
15.1.5.3
Stage 3: Processing a Submitted Attestation Task
15.1.6
Attestation Engine
15.1.7
Attestation Scheduled Task
15.1.8
Attestation-Driven Workflow Capability
15.1.9
Attestation E-Mail
15.1.9.1
Notify Attestation Reviewer
15.1.9.2
Notify Delegated Reviewers
15.1.9.3
Notify Process Owner About Declined Attestation Entitlements
15.1.9.4
Notify Process Owner About Reviewers with No E-Mail Defined
15.2
Attestation Process Configuration
15.2.1
Menu Structure
15.2.2
System Control
15.3
Creating Attestation Processes
15.4
Managing Attestation Processes
15.4.1
Editing Attestation Processes
15.4.2
Disabling Attestation Processes
15.4.3
Enabling Attestation Processes
15.4.4
Deleting Attestation Processes
15.4.5
Running Attestation Processes
15.4.6
Managing Attestation Process Administrators
15.4.7
Viewing Attestation Process Execution History
15.5
Using the Attestation Dashboard
15.5.1
Viewing Attestation Request Details
15.5.2
E-Mail Notification
15.5.3
Attestation Grace Period Expiry Checker Scheduled Task
16
Working with the Diagnostic Dashboard
16.1
Introduction to the Diagnostic Dashboard
16.1.1
Installation Tests
16.1.2
Postinstallation Tests
16.2
Installing the Diagnostic Dashboard
16.2.1
Installing the Diagnostic Dashboard on Oracle Application Server
16.2.2
Installing the Diagnostic Dashboard on JBoss Application Server
16.2.3
Installing the Diagnostic Dashboard on IBM WebSphere Application Server
16.2.4
Installing the Diagnostic Dashboard on Oracle WebLogic Server
16.2.5
Launching the Diagnostic Dashboard
16.3
Using the Diagnostic Dashboard
16.4
Test Details and Parameters
16.4.1
Microsoft SQL Server JDBC Libraries Availability Check
16.4.2
Microsoft SQL Server Prerequisites Check
16.4.3
Oracle Database Prerequisites Check
16.4.4
WebSphere Embedded JMS Server Status
16.4.5
Database Connectivity Check
16.4.6
Account Lock Status
16.4.7
Data Encryption Key Verification
16.4.8
Scheduler Service Status
16.4.9
Remote Manager Status
16.4.10
JMS Messaging Verification
16.4.11
Target System SSL Trust Verification
16.4.12
Java VM System Properties Report
16.4.13
WebSphere Version Report
16.4.14
Oracle Identity Manager Libraries and Extensions Version Report
16.4.15
Oracle Identity Manager Libraries and Extensions Manifest Report
16.4.16
SSO Diagnostic Information
16.4.17
Test Basic Connectivity
16.4.18
Test Provisioning
16.4.19
Test Reconciliation
Part II Integration Solutions Features
17
Installing Predefined Connectors
17.1
Overview of the Connector Installation Process
17.2
Creating the User Account for Installing Connectors
17.3
Installing a Predefined Connector
18
Configuring Connectors for Installation and Testing
18.1
Structure of the Configuration XML File
18.1.1
connector Element
18.1.2
connector-name Element
18.1.3
connector-version Element
18.1.4
filecopy Element
18.1.5
destination Element
18.1.6
file Element
18.1.7
configuration Element
18.1.8
source Element
18.1.9
pre-Install Element
18.1.10
title Element
18.1.11
step Element
18.1.12
dependency-connector Element
18.1.13
dependency-connector-name Element
18.1.14
dependency-connector-version Element
18.1.15
Sample Configuration XML File
18.2
Developing the Test Class for the Connector
18.3
Structure of the Connector Pack Directory
19
Introduction to Generic Technology Connectors
19.1
Requirement for Generic Technology Connectors
19.2
Functional Architecture of Generic Technology Connectors
19.2.1
Providers and Data Sets of the Reconciliation Module
19.2.2
Providers and Data Sets of the Provisioning Module
19.2.3
OIM Data Sets
19.3
Features of Generic Technology Connectors
19.3.1
Features Specific to the Reconciliation Module
19.3.1.1
Trusted Source Reconciliation
19.3.1.2
Account Status Reconciliation
19.3.1.3
Full and Incremental Reconciliation
19.3.1.4
Batched Reconciliation
19.3.1.5
Reconciliation of Multivalued Attribute Data (Child Data) Deletion
19.3.1.6
Failure Threshold for Stopping Reconciliation
19.3.2
Other Features
19.3.2.1
Custom Data Fields and Field Mappings
19.3.2.2
Custom Providers
19.3.2.3
Multilanguage Support
19.3.2.4
Custom Date Formats
19.3.2.5
Propagation of Changes in OIM User Attributes to Target Systems
19.4
Roadmap for Information on Generic Technology Connectors in This Guide
20
Predefined Generic Technology Connector Providers Shipped with Oracle Identity Manager
20.1
Shared Drive Reconciliation Transport Provider
20.2
CSV Reconciliation Format Provider
20.3
SPML Provisioning Format Provider
20.3.1
Run-Time Parameters
20.3.2
Design Parameters
20.3.3
Nonmandatory Parameters
20.3.4
Parameters with Predetermined Values
20.4
Web Services Provisioning Transport Provider
20.4.1
Configuring SSL Communication Between Oracle Identity Manager and the Target System Web Service
20.5
Transformation Providers
20.5.1
Concatenation Transformation Provider
20.5.2
Translation Transformation Provider
20.5.2.1
Configuring Account Status Reconciliation
20.6
Validation Providers
21
Creating Custom Providers for Generic Technology Connectors
21.1
Role of Providers
21.1.1
Role of Providers During Generic Technology Connector Creation
21.1.2
Role of Providers During Reconciliation
21.1.3
Role of Providers During Provisioning
21.2
Creating Custom Providers
21.2.1
Determining Provider Requirements
21.2.1.1
Determining the Reconciliation Provider Requirements
21.2.1.2
Determining the Provisioning Provider Requirements
21.2.2
Identifying the Provider Parameters
21.2.3
Developing Java Code Implementations of the Value Objects
21.2.4
Developing Java Code Implementations of the Provider SPI Methods
21.2.5
Developing Java Code for Logging and Exception Handling
21.2.6
Creating the Provider XML File
21.2.7
Creating Resource Bundle Entries for the Provider
21.2.8
Deploying the Provider
21.3
Reusing Providers
21.3.1
Reusing Reconciliation Providers
21.3.2
Reusing Provisioning Providers
22
Creating Generic Technology Connectors
22.1
Determining Provider Requirements
22.2
Selecting the Providers to Be Included in the Generic Technology Connector
22.3
Addressing the Prerequisites for Creating the Generic Technology Connector
22.4
Using the Administrative and User Console to Create the Generic Technology Connector
22.4.1
Step 1: Provide Basic Information Page
22.4.2
Step 2: Specify Parameter Values Page
22.4.3
Step 3: Modify Connector Configuration Page
22.4.3.1
Adding or Editing Fields in Data Sets
22.4.3.2
Removing Fields from Data Sets
22.4.3.3
Removing Mappings Between Fields
22.4.3.4
Removing Child Data Sets
22.4.4
Step 4: Verify Connector Form Names Page
22.4.5
Step 5: Verify Connector Information Page
22.5
Configuring Reconciliation
22.6
Configuring Provisioning
22.7
Enabling Logging for the Generic Technology Connector
23
Managing Generic Technology Connectors
23.1
Modifying Generic Technology Connectors
23.2
Exporting Generic Technology Connectors
23.3
Importing Generic Technology Connectors
23.4
Upgrading Generic Technology Connectors to Oracle Identity Manager Release 9.1.0.1
24
Best Practices for Creating and Using Generic Technology Connectors
24.1
Step 1: Provide Basic Information Page
24.2
Step 2: Specify Parameter Values Page
24.3
Step 3: Modify Connector Configuration Page
24.3.1
Names of Fields
24.3.2
Password Fields
24.3.3
Password-Like Fields
24.3.4
Mappings
24.3.5
OIM Data Sets
24.4
Shared Drive Reconciliation Transport Provider
24.5
Custom Providers
24.6
Connector Objects
24.7
Modifying Generic Technology Connectors
25
Troubleshooting Generic Technology Connector Errors
25.1
Errors Encountered at the End of the Connector Creation Process
25.2
Common Errors Encountered During Reconciliation
25.3
Common Errors Encountered During Provisioning
26
Known Issues of Generic Technology Connectors
26.1
Names of Generic Technology Connectors and Connector Objects
26.2
Step 3: Modify Connector Configuration Page
26.3
Multilanguage Support
26.4
Connector Objects
26.5
General Known Issues
27
Using Oracle Identity Manager As a Target System for Provisioning Operations
28
Connector Objects Created by the Generic Technology Connector Framework
28.1
Both Reconciliation and Provisioning Are Selected
28.2
Only Reconciliation Is Selected
28.3
Only Provisioning Is Selected
Part III Appendixes
A
System Configuration Considerations for Administrators
Index
Scripting on this page enhances content navigation, but does not change the content in any way.