1/31
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Concepts
1
Feature Overview
1.1
Features of Oracle Identity Manager
1.1.1
User Administration
1.1.2
Workflow and Policy
1.1.3
Password Management
1.1.4
Audit and Compliance Management
1.1.5
Integration Solutions
1.1.6
User Provisioning
1.1.7
Organization and Role Management
2
Architecture
2.1
Key Features and Benefits
2.1.1
Ease of Deployment
2.1.2
Flexibility and Resilience
2.1.3
Maximum Reuse of Existing Infrastructure
2.1.4
Extensive User Management
2.1.5
Web-Based User Self-Service
2.1.6
Modular and Scalable Architecture
2.1.7
Built-in Audit and Compliance
2.1.8
Based on Leading Software Development Standards
2.1.9
Powerful and Flexible Process Engine
2.1.10
Integration By Using the Adapter Factory
2.1.11
Built-In Change Management
2.2
How Oracle Identity Manager Works: The Tiers of Oracle Identity Manager
2.2.1
Presentation Tier
2.2.2
Business Services Tier
2.2.2.1
The API Services
2.2.2.2
Integration Services
2.2.2.3
Platform Services
2.2.3
The Data Tier
2.2.3.1
Oracle Identity Manager Database
2.2.3.2
The Metadata Store
2.2.3.3
The Identity Store
2.3
System Components
3
Interfaces
3.1
Overview of Oracle Identity Manager Administrative and User Console
3.1.1
Unauthenticated User Self Service
3.1.1.1
Features of the Unauthenticated User Self Service
3.1.2
Authenticated User Self Service
3.1.2.1
Features of the Authenticated User Self Service
3.1.3
Oracle Identity Administration
3.1.3.1
Features of Oracle Identity Administration
3.1.4
Oracle Identity Manager Advanced Administration
3.1.4.1
Features of Oracle Identity Manager Advanced Administration
3.1.5
Customizing Oracle Identity Manager Administrative and User Console
3.1.6
Localizing Interfaces
3.2
Overview of Oracle Identity Manager Design Console
3.2.1
Features of Oracle Identity Manager Design Console
3.3
SPML Web Service
4
Deployment Configurations
4.1
Provisioning Configuration
4.2
Reconciliation Configuration
4.2.1
Types of Reconciliation
4.2.1.1
Reconciliation Based on the Object Being Reconciled
4.2.1.2
Mode of Reconciliation
4.2.1.3
Approach Used for Reconciliation
4.2.2
Reconciliation Architecture
4.2.2.1
Reconciliation Profile
4.2.2.2
Reconciliation Metadata
4.2.2.3
Reconciliation Target
4.2.2.4
Reconciliation Run
4.2.2.5
Reconciliation APIs
4.2.2.6
Reconciliation Schema
4.2.2.7
Reconciliation Engine
4.2.2.8
Connector for Reconciliation
4.2.2.9
Archival
4.2.2.10
Backward Compatibility
4.2.2.11
Reconciliation Manager
4.3
Integration Between LDAP Identity Store and Oracle Identity Manager
4.3.1
Configuring the Integration with LDAP
4.3.2
Provisioning Data From Oracle Identity Manager to LDAP Identity Store
4.3.2.1
Managing Users
4.3.2.2
Managing Roles
4.3.3
Reconciliation From LDAP Identity Store to Oracle Identity Manager
5
Integration Solutions
5.1
Predefined Connectors
5.2
Generic Technology Connectors
5.3
Custom Connectors
5.4
Components Common to All Connectors
5.4.1
Provisioning Process Tasks
5.4.2
Reconciliation-Related Provisioning Process Tasks
5.5
Connector Installation
6
Auditing
6.1
Overview
6.1.1
Auditing Design Components
6.1.2
Profile Auditing
6.1.3
Standard and Customized Reports
6.2
Audit Engine
6.2.1
Audit Levels
6.2.2
Tables Used for Storing Information About Auditors
6.2.3
Issuing Audit Messages
6.3
User Profile Auditing
6.3.1
Data Collected for Audits
6.3.1.1
Capture and Archiving of User Profile Audit Data
6.3.1.2
Storage of Snapshots
6.3.1.3
Trigger for Taking Snapshots
6.3.2
Post-Processor Used for User Profile Auditing
6.3.3
Tables Used for User Profile Auditing
6.4
Role Profile Auditing
6.4.1
Data Collected for Audits
6.4.1.1
Capture and Archiving of Role Profile Audit Data
6.4.1.2
Storage of Snapshots
6.4.1.3
Trigger for Taking Snapshots
Part II Oracle Identity Manager Self Service
7
Configuring and Using Self-Service Registration
7.1
Using Self-Service Registration
7.1.1
Logging In to Oracle Identity Manager Administrative and User Console
7.1.2
Submitting Registration Requests
7.1.3
Tracking Registration Requests
7.2
Configuring Auto-Approval for Self-Registration
8
Managing Profile
8.1
Managing Profile Attributes
8.2
Managing Role Assignments
8.2.1
Requesting Roles
8.2.2
Removing Roles
8.3
Managing Resource Profile
8.3.1
Requesting a Resource
8.3.2
Modifying a Resource
8.3.3
Removing a Resource
8.3.4
Displaying Resource Details
8.4
Managing Proxies
8.4.1
Adding a Proxy
8.4.2
Editing a Proxy
8.4.3
Removing a Proxy
8.5
Managing Security
8.5.1
Changing Password
8.5.2
Setting Challenge Questions and Response
8.5.2.1
Localizing Challenge Questions and Responses
8.6
Resetting Forgotten Password
9
Managing Tasks
9.1
Managing Approval Tasks
9.1.1
Viewing Task Details
9.1.2
Claiming a Task
9.1.3
Approving a Task
9.1.4
Rejecting a Task
9.1.5
Reassigning a Task
9.1.6
Requesting for More Information
9.1.7
Submitting Information
9.2
Managing Provisioning Tasks
9.2.1
Searching Provisioning Tasks
9.2.2
Viewing Provisioning Task Details
9.2.3
Setting Response for a Task
9.2.4
Adding Notes to a Task
9.2.5
Reassigning a Task
9.2.6
Viewing Task Assignment History
9.2.7
Viewing Form Details
9.2.8
Modifying Form Details
9.2.9
Retrying a Task
9.3
Managing Attestation Tasks
9.3.1
Searching Attestation Tasks
9.3.2
Viewing Attestation Request Detail
10
Managing Requests
10.1
Request Stages
10.2
Bulk Requests and Child Requests
10.3
Request Models
10.4
Creating Requests for Self and Others
10.4.1
Creating a Request to Register Yourself in Oracle Identity Manager
10.4.2
Creating a Request From Welcome Page of Oracle Identity Manager Self Service
10.4.3
Creating a Request By Using the Authenticated Oracle Identity Manager Self Service
10.5
Searching for Requests
10.5.1
Request Search as a Requester
10.5.1.1
Role/Resources/Users
10.5.1.2
Request Comments
10.5.1.3
Request History
10.5.1.4
Approval Tasks
10.5.2
Request Search as a Beneficiary
10.5.3
Request Searching by Approver
10.5.4
Request Searching by Unauthenticated User
10.6
Withdrawing a Request
10.7
Performing Request-Related Tasks by Using the Task List
10.8
Closing Requests
Part III Identity Administration
11
Managing Users
11.1
User Lifecycle
11.1.1
OIM Account
11.1.2
Organization
11.1.3
Role
11.2
User Entity Definition
11.3
User Management Tasks
11.3.1
Searching Users
11.3.1.1
Simple Search
11.3.1.2
Advanced Search
11.3.2
Creating Users
11.3.3
Viewing and Modifying User Information
11.3.3.1
User Details Page
11.3.3.2
User Modifications
11.3.3.3
Single User Operations
11.3.3.4
Bulk User Modifications
11.4
User Management Authorization
11.4.1
Privileges
11.4.2
Attributes
11.4.3
Data Constraints
11.4.4
Authorization with Multiple Policies
11.4.4.1
Search Operation Authorization with Multiple Authorization Policies
11.4.4.2
Modify Operation Authorization with Multiple Authorization Policies
11.5
Username Reservation
11.5.1
Enabling and Disabling Username Reservation
11.5.2
Configuring the Username Policy
11.5.3
Releasing the Username
12
Managing Roles
12.1
Role Membership Inheritance
12.2
Role Permission Inheritance
12.3
Role Entity Definition
12.3.1
Role Entity
12.3.2
Role Category Entity
12.3.3
Role Grant Relationship
12.3.4
Role Parent Relationship
12.4
Default Roles
12.5
Role Management Tasks
12.5.1
Creating Roles
12.5.2
Managing Roles
12.5.2.1
Browsing Roles
12.5.2.2
Searching for Roles
12.5.2.3
Deleting Roles
12.5.2.4
Viewing and Administering Roles
12.5.2.5
Viewing Menu Items
12.5.2.6
Viewing, Assigning, and Revoking Access Policies
12.5.2.7
Viewing, Assigning, and Revoking Membership Rules
12.5.2.8
Updating Data Object Permissions
12.5.3
Creating and Managing Role Categories
12.5.3.1
Creating a Role Category
12.5.3.2
Searching Role Categories
12.5.3.3
Modifying a Role Category
12.5.3.4
Deleting a Role Category
12.6
Managing Authorization for Roles
13
Managing Organizations
13.1
Organization Entity Definition
13.2
Organization Management Tasks
13.2.1
Searching Organizations
13.2.1.1
Performing Simple Search
13.2.1.2
Performing Advanced Search
13.2.2
Browsing Organizations
13.2.3
Creating an Organization
13.2.4
Viewing and Modifying Organizations
13.2.4.1
Modifying Organization Attributes
13.2.4.2
Viewing Child Organizations
13.2.4.3
Viewing User Information
13.2.4.4
Modifying Resources
13.2.5
Disabling and Enabling Organizations
13.2.6
Managing Administrative Roles
13.2.7
Managing Permitted Resources
13.2.8
Deleting an Organization
13.3
Organization Management Authorization
14
Creating and Searching Requests
14.1
Creating Requests by Using Oracle Identity Manager Advanced Administration
14.1.1
Creating a Request To Create a User
14.1.2
Creating a Request to Provision a Resource to Users
14.1.3
Creating a Request to Deprovision Resources
14.2
Searching and Tracking Requests
14.2.1
Searching Requests
14.2.2
Viewing Request Details
14.2.2.1
The Resources or Users or Roles Tab
14.2.2.2
The Request Comments Tab
14.2.2.3
The Request History Tab
14.2.2.4
The Approval Tasks Tab
Part IV Policy Administration
15
Managing Authorization Policies
15.1
Authorization Policy
15.2
Creating and Managing Authorization Policies
15.2.1
Searching Authorization Policies
15.2.1.1
Simple Search
15.2.1.2
Advanced Search
15.2.2
Creating Custom Authorization Policies
15.2.2.1
Creating an Authorization Policy for User Management
15.2.2.2
Creating an Authorization Policy for Role Management
15.2.3
Creating Authorization Policies Based on Existing Policies
15.2.4
Viewing and Modifying Authorization Policies
15.2.5
Deleting Authorization Policies
15.3
Authorization Policies for Oracle Identity Manager Features
15.3.1
User Management
15.3.1.1
Assignee
15.3.1.2
Functional Security
15.3.1.3
Data Security
15.3.1.4
Default Authorization Policies
15.3.2
Authenticated User Self Service
15.3.2.1
Authorization for Profile Attributes
15.3.2.2
Authorization for Role Requests
15.3.2.3
Authorization for Resource Requests
15.3.2.4
Authorization for Proxies
15.3.2.5
Default Authorization Policy
15.3.3
Role Management
15.3.3.1
Assignee
15.3.3.2
Functional Security
15.3.3.3
Data Security
15.3.3.4
Default Authorization Policies
15.3.4
Authorization Policy Management
15.3.5
User Management Configuration
15.3.6
Reconciliation Management
15.3.6.1
Assignee
15.3.6.2
Functional Security
15.3.6.3
Data Security
15.3.6.4
Default Authorization Policy
15.3.7
Scheduler
15.3.8
Request Creation By Using Request Templates
15.3.9
Approval Policy Management
15.3.10
Notification Management
15.3.11
System Properties
15.3.12
Diagnostic Dashboard
15.3.13
Plug In
16
Managing Access Policies
16.1
Features of Access Policies
16.2
Creating Access Policies
16.3
Managing Access Policies
17
Managing Request Templates
17.1
Creating Request Templates
17.1.1
Creating a Request Template Based on the Create User Request Type
17.1.2
Creating a Request Template Based on the Provisioning Resource Request Type
17.2
Searching and Modifying Request Templates
17.2.1
Allowed Resources or Allowed Roles
17.2.2
Attribute Restrictions
17.2.3
Additional Attributes
17.2.4
Template User Roles
17.3
Cloning Templates
17.4
Deleting Templates
18
Managing Approval Policies
18.1
Approval Selection Methodologies
18.1.1
Request-Level Methodology
18.1.2
Operation-Level Methodology: Organization-Based Selection
18.1.3
Operation-Level Methodology: Resource-Based Selection
18.1.4
Operation-Level Methodology: Role-Based Selection
18.2
Creating Approval Policies
18.3
Searching Approval Policies
18.4
Modifying Approval Policies
18.5
Modifying the Priority of an Approval Policy
18.6
Deleting Approval Policies
19
Managing Attestation Processes
19.1
About Attestation
19.1.1
Definition of an Attestation Process
19.1.1.1
Attestation Process Control
19.1.2
Components of Attestation Tasks
19.1.2.1
Attestation Inbox
19.1.3
Attestation Request
19.1.4
Delegation
19.1.5
Attestation Lifecycle Process
19.1.5.1
Stage 1: Creation of an Attestation Task
19.1.5.2
Stage 2: Acting on an Attestation Task
19.1.5.3
Stage 3: Processing a Submitted Attestation Task
19.1.6
Attestation Engine
19.1.7
Attestation Scheduled Task
19.1.8
Attestation-Driven Workflow Capability
19.1.9
Attestation E-Mail
19.1.9.1
Notify Attestation Reviewer
19.1.9.2
Notify Delegated Reviewers
19.1.9.3
Notify Process Owner About Declined Attestation Entitlements
19.1.9.4
Notify Process Owner About Reviewers with No E-Mail Defined
19.2
Attestation Process Configuration
19.2.1
Menu Structure
19.2.2
System Control
19.3
Creating Attestation Processes
19.4
Managing Attestation Processes
19.4.1
Editing Attestation Processes
19.4.2
Disabling Attestation Processes
19.4.3
Enabling Attestation Processes
19.4.4
Deleting Attestation Processes
19.4.5
Running Attestation Processes
19.4.6
Managing Attestation Process Administrators
19.4.7
Viewing Attestation Process Execution History
19.5
Using the Attestation Dashboard
19.5.1
Viewing Attestation Request Details
19.5.2
E-Mail Notification
19.5.3
Attestation Grace Period Checker Scheduled Task
Part V Reporting
20
Using Reporting Features
20.1
Reporting Features
20.2
Starting Oracle Identity Management Reports
20.3
Running Oracle Identity Management Reports
20.4
Supported Output Formats
20.5
Reports for Oracle Identity Manager
20.5.1
Access Policy Reports
20.5.1.1
Access Policy Details
20.5.1.2
Access Policy List by Role
20.5.2
Attestation, Request, and Approval Reports
20.5.2.1
Approval Activity
20.5.2.2
Attestation Process List
20.5.2.3
Attestation Request Details
20.5.2.4
Attestation Requests by Process
20.5.2.5
Attestation Requests by Reviewer
20.5.2.6
Request Details
20.5.2.7
Request Summary
20.5.2.8
Task Assignment History
20.5.3
Role and Organization Reports
20.5.3.1
Role Membership History
20.5.3.2
Role Membership Profile
20.5.3.3
Role Membership
20.5.3.4
Organization Details
20.5.3.5
User Membership History
20.5.4
Password Reports
20.5.4.1
Password Expiration Summary
20.5.4.2
Password Reset Summary
20.5.4.3
Resource Password Expiration
20.5.5
Resource and Entitlement Reports
20.5.5.1
Account Activity In Resource
20.5.5.2
Delegated Admins and Permissions by Resource
20.5.5.3
Delegated Admins by Resource
20.5.5.4
Entitlement Access List
20.5.5.5
Entitlement Access List History
20.5.5.6
Financially Significant Resource Details
20.5.5.7
Fine Grained Entitlement Exceptions By Resource
20.5.5.8
Offline Resource Provisioning Messages
20.5.5.9
Orphaned Account Summary
20.5.5.10
Resource Access List History
20.5.5.11
Resource Access List
20.5.5.12
Resource Account Summary
20.5.5.13
Resource Activity Summary
20.5.5.14
Rogue Accounts By Resource
20.5.5.15
User Resource Access History
20.5.5.16
User Resource Access
20.5.5.17
User Resource Entitlement
20.5.5.18
User Resource Entitlement History
20.5.6
User Reports
20.5.6.1
User Profile History
20.5.6.2
User Summary
20.5.6.3
Users Deleted
20.5.6.4
Users Disabled
20.5.6.5
Users Unlocked
20.6
Exception Reports
20.7
Creating Reports Using Third-Party Software
Index
Scripting on this page enhances content navigation, but does not change the content in any way.