| Oracle® Identity Manager Concepts Release 9.1.0.1 Part Number E14065-01 |
|
|
View PDF |
| Oracle® Identity Manager Concepts Release 9.1.0.1 Part Number E14065-01 |
|
|
View PDF |
Oracle Identity Manager provides two interfaces that you can use to perform various tasks. These are the Administrative and User Console and the Design Console. These two interfaces are located in the Presentation or Client tier of Oracle Identity Manager. Oracle Identity Manager also provides the SPML Web Service interface that supports inbound provisioning requests.
This chapter introduces the two consoles and briefly describes the functionality of each. This chapter also provides a brief introduction to the SPML Web Service. The chapter contains the following topics:
Oracle Identity Manager is an advanced, flexible provisioning system for automatically granting and revoking access to organization applications and managed systems. The Administrative and User Console of Oracle Identity Manager can provide the staff and partners of an organization with access to the organization's resources, and enforce access policies that are associated with these resources.
The Administrative and User Console enables you to perform various functions, such as viewing user accounts, modifying profiles, viewing request status, and changing passwords. You can also customize the Administrative and User Console, as explained at the end of this section.
Note:
Not all functions are available to all users. The features that you can view and use in Oracle Identity Manager depend on the privileges that you are assigned.Use the Administrative and User console to perform the following functions:
Creating Accounts
If you do not have an account in Oracle Identity Manager, you must create one. Depending on how your system is configured, you might need your manager to create an account for you.
Locating Records
Many fields in Oracle Identity Manager have lookup capabilities. You use them when you want to locate a record. You can locate a record by constructing a search or query and then by running it. To do so, you must enter data in one or more fields to limit the records retrieved by your search. You can also use wildcard characters in addition to the data that you enter in the fields.
Note:
The manner in which the search is constructed and run depends on the type of search you perform. The results retrieved are based on the context in which you are conducting the search.Modifying Data Display Requirements
By default, the Administrative and User Console displays entire text entries, irrespective of the length of the entries. You can configure the console to truncate long text entries by using a series of three dots (…). By default, the Administrative and User Console displays any process form along with a child table that has 10 or fewer columns. You can also configure the console to display child tables with more than 10 columns.
Accessing and Managing Accounts
Using the Administrative and User Console, you can modify basic information associated with your Oracle Identity Manager user account. You can also change your password at will, or from time to time depending on system requirements. In addition, the console lets you delegate your task approval responsibilities to another user in case you are unavailable because of illness, vacation, and so on.
Viewing and Resourcing Requests
The console lets you view resources that have been provisioned to you. The console also lets you view all resource requests that you have submitted for yourself and those made by other users for you. You can also request provisioning of a new resource.
Creating and Tracking Requests
Oracle Identity Manager enables you to create and manage requests for provisioning resources to yourself, other users, and organizations. Based on the privileges granted to you by Oracle Identity Manager, you might be able to use the Administrative and User Console to view requests for resources. In addition, you might be able to edit details or approve tasks within those requests. This is known as tracking requests.
Managing To-Do Lists
A To-Do list is a list of tasks within a process. The processes for approving requests and their associated resources and making them available for provisioning consist of tasks. Before resources in a request can be provisioned to the target users, they must be approved by users assigned as approvers. If approval is required, then the approval tasks associated with the user self-registration requests also appear and require approval by an assigned approver. Using the Administrative and User Console, you can complete tasks on which your approvals are pending, retry a task if it has a Rejected status, and manage open attestation tasks that are assigned to you.
Creating and Managing User Records
Using the Administrative and User Console, you can create and manage user records. Even if users are allowed to self-register, you should have the privileges to create and manage accounts on behalf of other users.
Creating and Managing Organization Information
Using the Administrative and User Console, you can create and manage organization records. You can also enable, disable, revoke, and provision resources, organizations, and suborganizations.
Using User Groups
Using the Administrative and User Console, you can define user groups to create and manage records of collections of users to whom you can assign certain common functionality, such as access rights, roles, or permissions. User groups can be organization-independent spanning across multiple organizations, or they can contain users from a single organization.
Creating and Managing Access Policies
You can create and use access policies for users, organizations, and resources in Oracle Identity Manager. The Access Policy Wizard of the Administrative and User Console helps you to define an access policy for provisioning resources to users who are members of the user groups to which the access policy is attached. The Administrative and User Console also enables you to modify information in existing access policies.
Managing Resources
You can use the Resource Management feature of the Administrative and User Console to manage resource objects for an organization or an individual user. Managing resources includes the following activities:
Search for a resource and view its details
Enable, disable, and revoke a resource from users or organizations
Manage Resource Administrator and Authorizer groups
View and edit the workflow
Define Resource audit objectives
Define and manage IT Resources
Define and manage scheduled tasks
Using the Deployment Manager
The Deployment Manager tool, accessed through the Administrative and User Console, helps you to export and import Oracle Identity Manager configurations. The Deployment Manager enables you to export the objects that form your Oracle Identity Manager configuration. Usually, you use the Deployment Manager to migrate a configuration from one deployment to another.
Generating Reports
Based on your needs, you can use the Administrative and User Console to generate reports that contain current operational data (Operational Reports) or historical data (Historical Reports). These reports describe resources available to users.
Managing Attestation Tasks
A menu item in the Administrative and User Console provides access to attestation that creates reports for reviewers that they must review, which describes the provisioned resources that certain users have.
See Also:
Oracle Identity Manager Administrative and User Console Guide for more information about the functions that you can perform by using the Administrative and User Console
Oracle Identity Manager Administrative and User Console Customization Guide for information about how to customize the Administrative and User Console
You can customize the following components of the Oracle Identity Manager Administrative and User Console:
General page layout
Text, labels, and error messages
Colors, font, and alignment
Logos
Self-registration, user profiles, and service accounts
Field behavior and functionality
Menus
Search pages
See Also:
Oracle Identity Manager Administrative and User Console Customization Guide for more information about the different components of the Administrative and User Console that can be customizedDuring installation, Oracle Identity Manager is deployed to your application server as an Enterprise Archive (EAR). This archive file contains some of the files for customizing your Administrative and User Console. The name of the EAR file varies depending on your application server.
To access the files for customizing your console, you unpack a Web Archive (WAR) file, make the required edits, repack the WAR file, and run a script that regenerates the EAR file and deploys it to your application server.
The Design Console is mainly used to configure the system settings. These settings control the systemwide behavior of Oracle Identity Manager and affect its users. This section describes the basic features of the Design Console.
The following features of the Design Console let you perform different tasks:
Field Types
The behavior of the basic features of Design Console is standard for all forms to enable ease of use. You can view records that are displayed in the data fields. You can also search for values by using the lookup fields. For example, the Date & Time window enables you to select a date, month, year, and time.
In addition, you can enter supplemental information about a record in the notes window. The Design Console also lets you select and assign available entities to a record.
Search Functions
Using the Design Console, you can perform searches for records in a database, also known as queries. Every form in the Design Console provides a search function. You can filter the search criteria in a form field. This limits the results that are returned to only the records that match the criteria you entered.
You can also use a wildcard in a search. The asterisk (*) wildcard character represents unspecified portions of the search criteria. For example, if you enter B* in the Location field of a Design Console form and execute a search, you retrieve all records with locations that begin with the letter B, for example, Burbank, Boston, Bristol, and so on.
Note:
If multiple records in the database match your search criteria, then you can view details of each record.User Management
The Design Console lets you perform the following user management functions:
Define default values for certain process form parameters at the organizational level
Display resources that are allowed or disallowed by policies for each user
Define what forms and folders on the Design Console are allowed for which user groups
Create administrative queues that can be assigned to requests
It also enables you to view, analyze, correct, link, and manage information in reconciliation events received from target resources and the trusted source.
Resource Management
You can manage resources in Oracle Identity Manager by using the Design Console. The different tasks that you can perform in resource management are:
Create resource types that appear as lookup values on IT resources from.
Define and manage IT resources.
Create rules that can be applied to password policy selection, auto-group membership, provisioning process selection, task assignment, and prepopulating adapters.
Create and manage resource objects.
Process Management
Process management includes creating and managing Oracle Identity Manager processes and templates for e-mail notifications.
An Oracle Identity Manager process is the mechanism for representing a logical workflow for approvals or provisioning. Process definitions consist of tasks that you must perform to complete a process. Using the Design Console, you can create and manage the approval and provisioning processes that are associated with the resource objects.
You can also create templates for e-mail notifications by using the Design Console. These notifications can be set to be sent to the user:
When a task is assigned to the user
When the task achieves a particular status
When a request is approved
On various attestation activities
During self-registration and self profile modification
Oracle Identity Manager Administration
The Design Console also provides you with tools to manage the Oracle Identity Manager administrative features. You can perform various administrative tasks for Oracle Identity Manager by using these tools.
You can associate class names, form labels, form types, menu items, graphics, icons, and online Help topics with an existing Oracle Identity Manager form. You can also modify folders that appear in the Design Console. The Design Console lets you create and manage lookup fields and their values, and user-defined fields.
You can specify the value of properties that control the behavior of the client and server. You can also display information about servers that Oracle Identity Manager uses to communicate with third-party programs. In addition, you can set up schedules for when tasks should be run.
Development Tools
The Design Console contains a suite of development tools that enable you or developers to customize Oracle Identity Manager.
You can create and manage the code that enables Oracle Identity Manager to communicate with any IT Resource by connecting to that resource's API. This code is known as an adapter. You can also compile multiple adapters simultaneously.
The Design Console lets you create error messages that are displayed when certain problems occur. In addition, you can create and manage event handlers, data objects, and reconciliation rules that are used in Oracle Identity Manager.
See Also:
Oracle Identity Manager Design Console Guide for more information about the features and functions of the Design ConsoleThe SPML Web Service is an interface for inbound SPML-based provisioning requests. It supports the creation, modification, deletion, and lookup of Oracle Identity Manager users, user groups, and organizations. It also provides features for managing references (such as assignment and revocation of group memberships), resetting user passwords, and disabling and reenabling user accounts.
For details about the SPML Web Service, see Chapter 12, "SPML Web Service" of Oracle Identity Manager Tools Reference.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
