1/54
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Adaptive Access Manager 11
g
Release 1 (11.1.1)?
New Features for Oracle Adaptive Access Manager 11
g
Release 1 (11.1.1)
Feature Comparison Chart - Oracle Adaptive Access Manager 11
g
vs. Oracle Adaptive Access Manager 10
g
Concepts and Terminology Changes for Oracle Adaptive Access Manager 11
g
Part I Getting Started with Oracle Adaptive Access Manager
1
Introduction to Oracle Adaptive Access Manager
1.1
Benefits of Oracle Adaptive Access Manager
1.2
Oracle Adaptive Access Manager Features
1.3
Oracle Adaptive Access Manager User Roles
1.4
Oracle Adaptive Access Manager Integrations
1.4.1
Native Integration
1.4.2
Reverse Proxy Integration
1.4.3
Access Management Integration
1.4.4
SAML Integration
1.5
Oracle Adaptive Access Manager Architecture
1.5.1
Architectural Scenario for Deployment
2
Setting Up the Oracle Adaptive Access Manager Environment
2.1
Installation and Configuration
2.2
Setting Up the Oracle Adaptive Access Manager Basic Environment
2.3
Setting Up CLI Environment
2.4
Setting Up Encryption and Database Credentials for Oracle Adaptive Access Manager
2.4.1
Overview of the Process
2.4.1.1
Setting up Encryption
2.4.1.2
Configuring Database Credentials in the Credential Store Framework
2.4.2
Pre-requisites
2.4.3
Setting up Secret Key for Encrypting Configuration Values
2.4.4
Setting Up Secret Key for Encrypting Database Values
2.4.5
Generating an Encoded Secret Key
2.4.6
Adding Symmetric Key to the Credential Store Framework
2.4.7
Setting Up Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
2.4.8
Backing Up Secret Keys
2.5
Importing Challenge Questions
2.6
Importing Base Policies
2.7
Importing Conditions Library
2.8
Importing Configurable Action Templates
2.9
Importing Basic Authentication-Related Entities
2.10
Importing IP Location Data
2.11
Setting Properties to Enable Autolearning and Configurable Actions
2.12
Setting the Time Zone Used for All Time Stamps in OAAM Admin
2.12.1
Values for the Common Timezones
3
Oracle Adaptive Access Manager Navigation
3.1
Access Level to OAAM Admin
3.2
Signing In to Oracle Adaptive Access Manager 11
g
3.3
OAAM Admin Console and Controls
3.4
Navigation Panel
3.5
Navigation Tree
3.5.1
Navigation Tree Structure
3.5.2
Navigation Tree Menu and Toolbar
3.6
Policy Tree
3.7
Management Pages
3.7.1
Search Pages
3.7.1.1
Elements in the Search Form
3.7.1.2
Search Results Table
3.7.1.3
Search Results Menu and Toolbar
3.7.1.4
Select All
3.7.1.5
Create and Import
3.7.2
Detail Pages
3.8
Dashboard
3.9
Access to Search, Create, and Import
3.10
Online Help
Part II Customer Service and Forensics
4
Managing and Supporting Cases
4.1
Introduction and Concepts
4.1.1
Case
4.1.1.1
CSR Cases
4.1.1.2
Escalated Cases
4.1.2
Customer Service Representative (CSR)
4.1.3
CSR Manager
4.1.4
Fraud Investigator
4.1.5
Fraud Investigation Manager
4.1.6
Locked Status
4.1.7
Temporary Allow
4.1.8
Case Status
4.1.9
Severity Level
4.1.10
Expiration Date
4.1.11
Customer Resets
4.2
CSR and CSR Manager Role Permissions
4.3
Getting Started
4.4
Cases Search Page
4.4.1
Searching for Cases
4.4.2
Viewing a List of Cases
4.4.3
Searching for Open and Closed Cases
4.4.4
Searching Case by Description Keyword
4.4.5
Viewing a List of Cases
4.5
Case Details Page
4.5.1
Case Actions
4.5.2
Viewing Case Details
4.5.3
Viewing User Details
4.6
Viewing Case Activity
4.6.1
Viewing the Case History
4.6.2
Searching the Log of a Case
4.6.3
Viewing Escalated Case Logs and Notes
4.7
Viewing Customer's Sessions
4.7.1
Viewing a Customer's Session History
4.7.2
Searching for a Customer's Sessions
4.7.3
Searching for a Customer's Sessions by Device ID or Date Range
4.7.4
Filtering the Session History by Authentication Status or Alert Level
4.7.5
Viewing Transactions in the Sessions History
4.8
Creating a CSR Case
4.8.1
Creating a Case
4.8.2
Creating a Case Like Another Case
4.9
Bulk-Editing CSR Cases (CSR Manager Only)
4.10
Performing Customer Resets
4.10.1
Resetting Image
4.10.2
Resetting Phrase
4.10.3
Resetting Image and Phrase
4.10.4
Unregistering Devices
4.10.5
Resetting OTP Profile
4.10.6
Resetting Virtual Authentication Device
4.10.7
Unlock OTP
4.10.8
Resetting a Customer's Challenge Questions, Question Set, Image, and Phrase
4.11
Performing Challenge Question Resets
4.11.1
Performing Challenge Questions Related Actions
4.11.2
Resetting Challenge Questions
4.11.3
Resetting Challenge Questions and the Question Set
4.11.4
Incrementing a Customer to His Next Question
4.11.5
Unlocking a Customer (KBA)
4.11.6
Performing KBA Phone Challenge
4.12
Enabling a Temporary Allow (CSR Manager Only)
4.13
Adding Notes to Cases
4.14
Changing Severity Level of a Case
4.15
Changing Status of a Case
4.15.1
Changing Case Status to Pending
4.15.2
Closing a Case
4.15.3
Reopening Closed Cases (CSR Manager Only)
4.16
Extending Expiration (CSR Manager Only)
4.17
Escalating Cases
4.18
Configuring Expiry Behavior for CSR Cases
4.19
Reporting
4.20
Use Cases
4.20.1
Use Case: Customer Session Search and Case Creation
4.20.2
Use Case: Reset Challenge Questions
4.20.3
Use Case: Reset Image and Phrase
4.20.4
Use Case: Bulk Edit CSR Cases
4.20.5
Use Case: CSR Manager Bulk Case Edit
4.21
Best Practices and Recommendations
5
Using Session Details
5.1
Getting Started
5.2
Searching for a Session
5.3
Navigating to the Session Details Page
5.4
Viewing Session Details
5.4.1
The Panels
5.4.2
Session Details Panel
5.4.3
Login Details Panel
5.4.4
Checkpoint Panels
5.4.5
Transactions Panel
5.4.6
Policy Explorer
5.5
Uses Cases
5.5.1
Use Case: Search Sessions
5.5.2
Use Case: Session Details Page
5.6
Comparison Between 10
g
and 11
g
Session Details
Part III Managing KBA and OTP
6
Managing Knowledge-Based Authentication
6.1
Introduction and Concepts
6.1.1
Knowledge Based Authentication
6.1.2
Challenge Response Process
6.1.3
Challenge Response Configuration
6.1.4
Registration
6.1.5
Challenge Questions
6.1.6
Question Set
6.1.7
Registration Logic
6.1.8
Answer Logic
6.1.9
Validations
6.1.10
Failure Counters
6.1.11
KBA Resets
6.1.11.1
Reset Challenge Questions
6.1.11.2
Reset Challenge Questions and the Set of Questions to Choose From
6.1.11.3
Increment User to the Next Question
6.1.11.4
Unlock a User
6.1.11.5
Ask Question (KBA Phone Challenge)
6.1.12
Disable Question and Category Logic
6.1.13
Locked Status
6.2
Setting Up KBA Overview
6.2.1
Loading Challenge Questions
6.2.2
Setting Up KBA
6.2.3
Setting Up Challenge
6.2.4
User Flow
6.3
Setting Up the System to Use Challenge Questions
6.3.1
Ensuring that Universal Installation Option Base Policies are Installed
6.3.2
Ensuring that KBA Properties/Default Properties are Set
6.3.3
Uploading Challenge Questions
6.3.4
Importing and Enabling Policies
6.3.5
Configuring Rules for Registration and Challenge Policies
6.4
Accessing Configurations in KBA Administration
6.5
Managing Challenge Questions
6.5.1
Searching for a Challenge Question
6.5.2
Viewing Question Details and Statistics
6.5.3
Creating a New Question
6.5.4
Creating a Question Like Another Question
6.5.5
Editing a Question
6.5.6
Importing Questions
6.5.7
Exporting Questions
6.5.8
Deleting a Question
6.5.9
Disabling a Question
6.5.10
Activating Questions
6.5.11
Deactivating Questions
6.6
Setting Up Validations for Answer Registration
6.6.1
Using the Validations Page
6.6.2
Adding a New Validation
6.6.3
Editing an Existing Validation
6.6.4
Exporting Validations
6.6.5
Deleting Validations
6.7
Managing Categories
6.7.1
Searching for a Category
6.7.2
Creating a New Category
6.7.3
Editing a Category
6.7.4
Deleting Categories
6.7.5
Activating Categories
6.7.6
Deactivating Categories
6.8
Configuring the Registration Logic
6.9
Configuring the Answer Logic
6.9.1
About Answer Logic
6.9.2
Answer Logic Algorithms Examples
6.9.2.1
Abbreviations
6.9.2.2
Phonetics
6.9.2.3
Keyboard Fat Fingering
6.9.3
Level of Answer Logic
6.9.3.1
Abbreviation
6.9.3.2
Fat Fingering
6.9.3.3
Phonetics
6.9.3.4
Multiple Word Answers
6.10
Customizing English Abbreviations and Equivalences
6.11
Customizing Abbreviations and Equivalences for Locales
6.12
Setting Up a KBA Failure Counter
6.13
Use Cases
6.13.1
Use Case: Create Challenge Question
6.13.2
Use Case: KBA Registration Logic
6.13.3
Use Case: KBA Phone Challenge
6.14
KBA Guidelines and Recommended Requirements
6.14.1
Best Practices for Managing Questions
6.14.2
Guidelines for Designing Challenge Questions
6.14.3
Guidelines for Answer Input
6.14.4
Other Recommended Requirements
7
Enabling Challenge Questions
7.1
What is KBA?
7.2
Phased Approach for Registration
7.2.1
Phase 1 - No Registration
7.2.2
Phase 2 - Optional Registration
7.2.3
Phase 3 - Required Registration
7.3
Checklist for Enabling Challenge Questions
7.4
Ensuring that Base Policies are Installed
7.5
Ensuring KBA Properties/Default Properties are Set
7.6
Uploading Challenge Questions
7.7
Importing and Enabling Policies
7.8
Configuring Rules for Policies
7.9
Configuring the Challenge Question Answer Validation
7.10
Configuring the Answer Logic
8
Setting Up OTP Anywhere
8.1
Introduction and Concepts
8.1.1
Out-of-Band OTP Delivery
8.1.2
One Time Password (OTP)
8.1.3
Registration
8.1.4
OTP Challenge
8.1.5
KBA vs. OTP
8.1.6
OTP Failure Counters
8.1.7
OTP Resets
8.1.7.1
Reset OTP Profile
8.1.7.2
Unlock a Customer
8.2
User Flow
8.3
Setting Up OTP Anywhere
8.3.1
Enabling OTP Profile Registration and Preference Setting
8.3.2
Setting Up the Contact Input Elements for OTP Registration Page
8.3.3
Configuring the OTP Challenge Types
8.3.4
Configuring OTP Delivery
8.4
Configuring OTP Presentation
8.4.1
Adding an OTP Device
8.4.2
Changing an OTP Device
8.5
Enabling OTP Challenge
8.6
Setting Up Failure Counter
8.7
OTP Case Management
8.7.1
Resetting OTP Profile
8.7.2
Unlocking User
8.7.3
OTP Case Details
8.8
Viewing OTP Performance Data
Part IV Managing Policy Configuration
9
Managing Policies, Rules, and Conditions
9.1
Introduction and Concepts
9.1.1
Policies
9.1.2
Rules
9.1.3
Conditions
9.1.4
Checkpoints
9.1.5
Groups
9.1.6
Actions and Action Groups
9.1.7
Alerts and Alert Groups
9.1.8
User Group Linking
9.1.9
Run Mode
9.1.10
Trigger Combinations and Triggers
9.1.11
Nested Policies
9.1.12
Evaluating a Policy within a Rule
9.1.13
Scores and Weight
9.1.14
Scoring Engine
9.1.15
Import Policies
9.1.16
Policy Type
9.2
Planning Policies
9.3
Overview of Creating a Policy
9.4
Navigating to the Policies Search Page
9.5
Searching for a Policy
9.6
Viewing a Policy or a List of Policies
9.7
Viewing Policy Details
9.8
Creating Policies
9.9
Linking Policy to All Users or a User ID Group
9.9.1
Linking a Policy to All Users
9.9.2
Linking a Policy to a Group
9.10
Editing a Policy's General Information
9.11
Adding a New Rule
9.11.1
Starting the Rule Creation Process
9.11.2
Specifying General Rule Information
9.11.3
Configuring Preconditions
9.11.4
Adding Conditions
9.11.5
Specifying Results for the Rule
9.11.6
Adding or Copying a Rule to a Policy
9.12
Working with Trigger Combinations
9.12.1
Specifying Trigger Combinations
9.12.2
Changing the Sequence of the Trigger Combination
9.12.3
Deleting a Trigger Combination
9.13
Deleting Policies
9.14
Copying a Rule to a Policy
9.15
Copying a Policy to Another Checkpoint
9.16
Exporting and Importing a Policy
9.16.1
Exporting a Policy
9.16.2
Importing a Policy
9.17
Navigating to the Rules Search Page
9.18
Searching for Rules
9.19
Viewing Rule Details
9.20
Editing Rules
9.20.1
Modifying the Rule's General Information
9.20.2
Specifying Preconditions
9.20.3
Specifying the Results for a Rule
9.21
Working with Scores and Weights
9.22
Deleting Rules
9.23
Searching Conditions
9.24
Importing Conditions
9.25
Adding Conditions to a Rule
9.26
Viewing the Condition Details of a Rule
9.27
Exporting a Condition
9.28
Editing Conditions
9.29
Changing the Order of Conditions in a Rule
9.30
Deleting Conditions
9.31
Deleting Conditions from a Rule
9.32
Use Cases
9.32.1
Use Case: Rule Exception Group
9.32.2
Use Case: Import Policy
9.32.3
Use Case: Create a Policy
9.32.4
Use Case: Add New Rule
9.32.5
Use Case: Link Group to Rule Condition
9.32.6
Use Case: Copy Rule
9.32.7
Use Case: Trigger Combination
9.32.8
Use Case: Trigger Combination and Rule Evaluation
9.32.9
Use Case: Configuring User Flow
9.32.10
Use Case: Edit Existing Security Policy
9.32.11
Use Case: Policy Set Scoring Engine
9.32.12
Use Case: Copy Policy
9.32.13
Use Case: Conditions: IP: Login Surge
9.32.14
Use Case: Canceling Rule Creation
9.32.15
Use Case: Disable Trigger Combinations
9.32.16
Use Case: Condition: Evaluate Policy
9.33
Best Practices
9.33.1
Adding or Editing Policies/Rules
10
Managing Groups
10.1
About Groups
10.2
Group Types
10.3
Group Usage
10.4
User Flows
10.5
Navigating to the Groups Search Page
10.6
Searching for a Group
10.7
Viewing Details about a Group
10.8
Group Characteristics
10.9
Creating a Group
10.9.1
Defining a Group
10.9.2
Adding Members to a Group
10.10
Creating a New Element/Member to Add to the Group (No Search and Filter Options)
10.11
Filtering an Existing List to Select an Element to Add to the Group (No Creation of a New Element)
10.11.1
Adding a City to a Cities Group
10.11.2
Adding a State to a States Group
10.11.3
Adding a Country to a Country Group
10.12
Searching for and Adding Existing Elements or Creating and Adding a New Element
10.12.1
Selecting an Element to Add as a Member to the Group
10.12.2
Creating an Element (Member) to Add to the Group
10.13
Adding Alerts to a Group
10.13.1
Selecting an Existing Alert to Add to the Alert Group
10.13.2
Creating a New Alert to Add to the Alert Group
10.14
Searching for and Adding Existing Elements
10.14.1
Selecting an Element to Add as a Member to the Group
10.14.2
Adding Actions to an Action Group
10.14.2.1
Selecting an Existing Action to Add to an Action Group
10.14.2.2
Creating a New Action to Add to an Action Group
10.15
Editing a Member of a Group
10.16
Removing Members of a Group
10.17
Removing a User from a User Group
10.18
Exporting and Importing a Group
10.18.1
Exporting a Group
10.18.2
Importing a Group
10.19
Deleting Groups
10.20
Updating a Group Directly
10.21
Use Cases
10.21.1
Use Case: Migration of Groups
10.21.2
Use Case: Create Alert Group and Add Members
10.21.3
Use Case: Remove User from Group
10.21.4
Use Case: Block Users from a Black-listed Country
10.21.5
Use Case: Company Wants to Block Users
10.21.5.1
Create Country Blacklist Policy (1): Create Fraudulent Country Policy and Rule
10.21.5.2
Create Country Blacklist Policy (2): Create Country Group
10.21.5.3
Create Country Blacklist Policy (3): Create Fraud High Alert Group
10.21.5.4
Create Country Blacklist Security Policy (4 of 5): Create Block Action Group
10.21.5.5
Create Country Blacklist Security Policy (5 of 5): Attach Groups to Fraudulent Country Rule
10.21.6
Use Case: Block Users from Certain Countries
10.21.7
Use Case: Allow Only Users from Certain IP Addresses
10.21.8
Use Case: Check Users from Certain Devices
10.21.9
Use Case: Monitor Certain Users
10.22
Best Practices
11
Managing the Policy Set
11.1
Introduction and Concepts
11.1.1
Policy Set
11.1.2
Action and Score Overrides
11.1.3
Before You Begin
11.2
Navigating to the Policy Set Details Page
11.3
Viewing Policy Set Details
11.4
Adding or Editing a Score Override
11.5
Adding or Editing an Action Override
11.6
Editing a Policy Set
11.7
Use Cases
11.7.1
Use Case: Policy Set - Overrides
11.7.2
Policy Set - Overrides (Order of Evaluation)
11.8
Best Practices for the Policy Set
12
Using the Scoring Engine
12.1
Concept of Scores
12.1.1
Score
12.1.2
Weight
12.1.3
Rule
12.1.4
Policy
12.1.5
Policy Type
12.1.6
Checkpoint
12.1.7
Policy Set
12.1.8
Scoring Engines
12.2
How Does Risk Scoring Work?
12.2.1
Score Propagation
12.2.2
Nested Policies
12.2.3
Scoring Override
12.2.4
Action and Alert Overrides
12.3
Score Calculations
12.3.1
Policy Score
12.3.1.1
Aggregate Score
12.3.1.2
Average Score
12.3.1.3
Maximum Score
12.3.1.4
Minimum Score
12.3.1.5
Weighted Average Score
12.3.1.6
Weighted Maximum Score
12.3.1.7
Weighted Minimum Score
12.3.2
Checkpoint Score
12.3.2.1
Average Score
12.3.2.2
Maximum Score
12.3.2.3
Minimum Score
12.3.2.4
Weighted Average Score
12.3.2.5
Weighted Maximum Score
12.3.2.6
Weighted Minimum Score
12.4
Best Practices
13
Managing System Snapshots
13.1
Concepts
13.1.1
Snapshots
13.1.2
Snapshot Storage
13.1.3
Snapshot Metadata
13.1.4
Backup
13.1.5
Restore
13.1.6
How Restore Works
13.2
Navigating to the System Snapshot Search Page
13.3
Searching for a Snapshot
13.4
Viewing Details of a Snapshot
13.5
Creating a Backup
13.5.1
Backing Up the Current System to the System Database
13.5.2
Backing Up the System Configuration in Database and File
13.5.3
Backing Up the Current System to a File
13.6
Restoring a Snapshot
13.6.1
Steps to Restore Selected Snapshot
13.6.2
Loading and Restoring a Snapshot
13.6.3
Snapshot Restore Considerations
13.6.3.1
Snapshot in Live System (Single Server)
13.6.3.2
Snapshot Restore in Multi-Server System (Connected to the Same Database)
13.6.3.3
Snapshot Restore in Multi-Server Running Different Versions
13.7
Deleting a Snapshot
13.8
Limitations of Snapshots
13.9
Diagnostics
13.10
Use Cases
13.10.1
System Snapshot Import/Export
13.10.2
Use Case: User Exports Policy Set as a Record for Research
13.10.3
Use Case: User Replaces Entire System
13.10.4
Use Case: User Identifies Policy Set to Import
13.11
Best Practices for Snapshots
Part V Autolearning
14
Managing Autolearning
14.1
Introduction and Concepts
14.1.1
Autolearning
14.1.2
Patterns
14.1.3
Member Types and Attributes
14.1.4
Buckets
14.1.5
Pattern Rules Evaluations
14.1.6
Bucket Population
14.2
Quick Start for Enabling Autolearning for Your System
14.3
Before You Begin
14.3.1
Importing Basic Authentication-Related Entities
14.3.2
Enabling Autolearning Properties
14.3.3
Using Autolearning in Native Integration
14.4
User Flows
14.4.1
Creating a New Pattern
14.4.2
Editing a Pattern
14.5
Navigating to the Patterns Search Page
14.6
Searching for a Pattern
14.7
Navigating to the Patterns Details Page
14.8
Viewing Pattern Details
14.8.1
Viewing Details of a Specific Pattern
14.9
Creating and Editing Patterns
14.9.1
Creating a Pattern
14.9.2
Adding Attributes
14.9.3
Activating and Deactivating Patterns
14.9.3.1
Activating Patterns
14.9.3.2
Deactivating Patterns
14.9.4
Editing the Pattern
14.9.5
Changing the Status of the Pattern
14.9.6
Adding or Changing Member Types
14.9.7
Changing the Evaluation Priority
14.9.8
Editing Attributes
14.9.9
Deleting Attributes
14.10
Importing and Exporting Patterns
14.10.1
Importing Patterns
14.10.2
Exporting Patterns
14.11
Deleting Patterns
14.12
Using Autolearning Data/Profiling Data
14.12.1
Create a Policy that Uses Autolearning Conditions
14.12.2
Associate Autolearning Condition with Policy
14.12.3
Check Session Details
14.13
Use Cases
14.13.1
Use Case: Challenge Users If Log In Different Time Than Normally
14.13.2
Use Case: Test a Pattern
14.13.3
Use Case: Track Off-Hour Access
14.13.4
Use Case: User Logs in During a Certain Time of Day More Than X Times
14.13.5
Use Case: Patterns Can have Multiple Member Types
14.13.6
Use Case: City Usage
14.13.7
Use Case: Autolearning Adapts to Behavior of Entities
14.13.8
Use Case: Single Bucket Pattern
14.13.9
Use Case: Using Pattern
14.14
Pattern Attributes Operators Reference
14.14.1
For Each
14.14.2
Equals
14.14.3
Less Than
14.14.4
Greater Than
14.14.5
Less Than Equal To
14.14.6
Greater Than Equal To
14.14.7
Not Equal
14.14.8
In
14.14.9
Not In
14.14.10
Like
14.14.11
Not Like
14.14.12
Range
14.14.12.1
Fixed Range
14.14.12.2
Fixed Range with Steps (or Increment)
14.14.12.3
Upper Unbound Ranges with Steps
15
Managing Configurable Actions
15.1
Introduction and Concepts
15.1.1
Configurable Actions
15.1.2
Action Templates
15.1.3
Deploying a Configurable Action
15.2
Creating Configurable Actions
15.2.1
Define New Action Template
15.2.2
Use Existing Action Template
15.2.3
Create Action Instance
15.3
Navigating to the Action Templates Search Page
15.4
Searching for Action Templates
15.5
Viewing Action Template Details
15.6
Creating a New Action Template
15.7
Navigating to the Action Instances Search Page
15.8
Searching for Action Instances
15.9
Creating an Action Instance and Adding it to a Checkpoint
15.10
Creating a Custom Action Instance
15.11
Editing an Action Template
15.12
Exporting Action Templates
15.13
Importing Action Templates
15.14
Moving an Action Template from a Test Environment
15.15
Deleting Action Templates
15.16
Viewing a List of Configurable Action Instances
15.17
Viewing the Details of an Action Instance
15.18
Editing an Action Instance
15.19
Deleting an Existing Action Instance
15.20
Out-of-the-Box Configurable Actions
15.20.1
Defining CaseCreationAction
15.20.2
Defining AddItemtoListAction
15.21
Use Cases
15.21.1
Use Case: Add Device to Black List
15.21.2
Use Case: Add Device to Watch-list Action
15.21.3
Use Case: Custom Configuration Action
15.21.4
Use Case: Create Case
Part VI Managing Transactions
16
Creating and Managing Entities
16.1
Introduction and Concepts
16.1.1
Entities
16.1.2
Data Elements
16.1.3
Display Element
16.1.4
ID Scheme
16.1.5
Internal ID
16.1.6
External ID
16.2
Navigating to the Entities Search Page
16.3
Searching for Entities
16.4
Creating an Entity
16.4.1
Initial Steps
16.4.2
Adding and Editing Data Elements
16.4.3
Selecting Elements for the ID Scheme
16.4.4
Specifying Data for the Display Scheme
16.4.5
Activating the Entity
16.5
Viewing Details of a Specific Entity
16.6
Editing the Entity
16.7
Exporting Entities
16.8
Importing Entities
16.9
Activating Entities
16.10
Deactivating Entities
16.11
Deleting Entities
16.12
Re-ordering the Rows in the ID Scheme and Display tabs
16.13
Best Practices
17
Managing Transactions
17.1
Introduction and Concepts
17.1.1
Transactions
17.1.2
Entities
17.1.3
Transaction Data
17.1.4
Transaction Handling
17.2
Overview of Defining and Using Transaction Definition
17.3
Navigating to the Transactions Search Page
17.4
Searching for a Transaction Definition
17.5
Viewing Transaction Definitions
17.6
Prerequisites for Using Transactions
17.7
Creating the Transaction Definition
17.8
Adding an Existing Entity to the Transaction
17.9
Creating a New Entity and Adding It to the Transaction
17.10
Defining Transaction Data for the Transaction at the Oracle Adaptive Access Manager End
17.11
Defining Parameters for the Transaction from the Client's End
17.12
Mapping the Source Data
17.12.1
Mapping Transaction Data to the Source Data
17.12.2
Mapping Entities to the Source Data
17.12.3
Editing Mapping
17.13
Activating the Transaction Definition
17.14
Editing a Transaction Definition
17.15
Exporting Transaction Definitions
17.16
Importing Transaction Definition
17.17
Activating a Transaction Definition
17.18
Deactivating a Transaction Definition
17.19
Deleting Transaction Definitions
17.20
Use Cases
17.20.1
Implementing a Transaction Use Case
17.20.2
Use Case: Transaction Frequency Checks
17.20.3
Use Case: Transaction Frequency and Amount Check against Suspicious Beneficiary Accounts
17.20.4
Use Case: Transaction Check against Blacklisted Deposit and Beneficiary Accounts
17.20.5
Use Case: Transaction Pattern
17.20.6
Use Case: Composite or Nested Transactions
Part VII Reporting
18
Using the Dashboard
18.1
Introduction
18.1.1
What is a Dashboard?
18.1.2
Common Terms and Definitions
18.2
Navigation
18.3
Using the Dashboard in Oracle Adaptive Access Manager
18.3.1
Performance
18.3.1.1
Viewing Statistics in Total View and Trending View
18.3.1.2
Viewing Performance Data
18.3.1.3
Difference Between Performance Panel and Performance Dashboard
18.3.2
Summary
18.3.3
Dashboards
18.3.3.1
Viewing Data Type by Location
18.3.3.2
Viewing a List of Scoring Breakdowns
18.3.3.3
Security Dashboard
18.3.3.4
Viewing a List of Rules or Alerts by Security
18.3.3.5
Viewing Browser and Operating System Data by Device
18.3.3.6
Viewing a Data Type by Performance
18.3.3.7
Using the Total and Trending Views
18.3.3.8
Viewing the Trending View Graph
18.3.3.9
View by Range
18.3.3.10
View by Sample
18.3.3.11
Last Updated
18.3.3.12
Using Tooltips
18.4
Use Cases
18.4.1
Use Case: Trend Rules Performance on Dashboard
18.4.2
Use Case: View Current Activity
18.4.3
Use Case: View Aggregate Data
18.4.4
Use Cases: Additional Security Administrator and Fraud Investigator Use Cases
18.4.5
Use Cases Additional Business Analyst Use Cases
19
Configuring BI Publisher Reports
19.1
Setting up Oracle Business Intelligence Publisher for Oracle Adaptive Access Manager Reports
19.1.1
Installing BI Publisher
19.1.2
Installing Oracle Adaptive Access Manager BI Publisher Reports
19.1.3
Configuring Oracle Adaptive Access Manager BI Publisher Reports
19.1.4
Testing Oracle Adaptive Access Manager BI Publisher Configuration
19.2
Viewing/Running Reports
19.3
Scheduling a Report
19.4
Example Report Scenarios
19.4.1
Example General Nightly Report
19.4.1.1
User/Recent Logins
19.4.1.2
Device details
19.4.1.3
Device/Multiple Failures
19.4.1.4
User/Recent Logins
19.4.1.5
Location details
19.4.1.6
Location/Users by Location
19.4.2
Additional Sample Analyses
19.4.2.1
Here are some example values that could be used.
19.4.2.2
Device/ Users by Device
19.5
Best Practices for Creating Reports
19.6
Use Cases
19.6.1
Use Case: BIP Reports
19.6.1.1
Description
19.6.1.2
Steps
20
Monitoring Performance by Using Fusion Middleware Control
20.1
Displaying Fusion Middleware Control
20.2
Displaying Base Domain 11
g
Farm Page
20.3
Oracle Adaptive Access Manager Cluster Home Page
20.4
Oracle Adaptive Access Manager Server Home Page
21
Monitor and Audit of Events
21.1
Monitoring Information Sent to Dynamic Monitoring System
21.1.1
Login Information (Counts Only)
21.1.2
Rules Engine Execution Information (Count and Time Taken to Execute)
21.1.3
APIs Execution Information (Count and Time Taken to Execute)
21.2
Audit Information Sent to Audit System
21.2.1
Customer Care Events
21.2.2
Policy Management Events
21.2.3
KBA Questions Events
21.2.4
Group/List Management Events
Part VIII Deployment Management
22
Using the Properties Editor
22.1
Navigating to the Properties Search Page
22.2
Searching for a Property
22.3
Viewing the Value of a Property
22.4
Viewing Enumerations
22.5
Creating a New Database Type Property
22.6
Editing the Values for Database and File Type Properties
22.7
Deleting Database Type Properties
22.8
Exporting Database and File Type Properties
22.9
Importing Database Type Properties
Part IX Command-Line Interface
23
Oracle Adaptive Access Manager Command-Line Interface Scripts
23.1
CLI Overview
23.2
Setting Up the CLI Environment
23.2.1
Set up the CLI Work Folder
23.2.2
Set Up the Credential Store Framework (CSF)
23.2.2.1
Use CSF without MBeans
23.2.2.2
Use CSF with MBeans
23.2.3
Set the Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
23.3
Using CLI
23.3.1
Obtaining Usage Information for Import or Export
23.3.2
Command-Line Options
23.3.2.1
What is the Syntax for Commands?
23.3.2.2
CLI Parameters
23.3.2.3
Supported Modules for Import and Export
23.3.2.4
Import of Files
23.3.2.5
Export of Files
23.3.2.6
Import Options
23.3.2.7
Importing Multiple Types of Entities in One Transaction
23.3.2.8
Multiple Modules and Extra Options (Common vs. Specific)
23.3.2.9
Transaction Handling
23.3.2.10
Upload Location Database
23.3.3
Globalization
23.4
Importing IP Location Data
23.4.1
Loading the Location Data to the Oracle Adaptive Access Manager Database
23.4.1.1
Setting Up for SQL Server Database
23.4.1.2
Setting Up IP Location Loader Properties
23.4.1.3
Setting Up for Loading MaxMind IP data
23.4.1.4
Setting Up Encryption
23.4.1.5
Loading Location Data
23.4.2
System Behavior
23.4.3
Quova File Layout
23.4.3.1
Routing Types Mapping
23.4.3.2
Connection Types Mapping
23.4.3.3
Connection Speed Mapping
23.4.4
Oracle Adaptive Access Manager Tables
23.4.4.1
Anonymizer
23.4.4.2
Tables in Location Loading
23.4.5
Verifying When the Loading was a Success
Part X Multitenancy
24
Multitenancy
24.1
Multitenancy Scenario
24.2
Changes in Terminology
24.3
Mapping of Application ID (Client-Side) to Organization ID (Administration Side)
24.4
Multitenant Support In Oracle Adaptive Access Manager
Part XI Troubleshooting
25
Troubleshooting
25.1
Import/Export
25.2
Transactions
25.3
Globalization
25.4
Case Management
25.5
KBA
25.6
Database
25.7
Localization
25.8
Policies, Rules, and Conditions
25.9
Groups
25.10
Configurable Actions
25.11
Autolearning
25.12
Entities
25.13
Time Zones
25.14
Dashboard
25.15
Command-Line Interface
25.16
Location Loader
25.17
Encryption
25.18
Monitoring Performance
25.19
Audit and Query
Part XII Appendixes
A
Pattern Processing
A.1
Pattern Data Processing
A.2
APIs for Triggering Pattern Data Processing
A.2.1
updateTransaction
A.2.2
updateAuthStatus
A.2.3
processPatternAnalysis
B
Conditions Reference
B.1
Descriptions
B.1.1
Device Conditions
B.1.1.1
Device: Browser header substring
B.1.1.2
Device: Device firsttime for user
B.1.1.3
Device: In Group
B.1.1.4
Device: Excessive Use
B.1.1.5
Device: Is registered
B.1.1.6
Device: User count
B.1.1.7
Device: Timed not status
B.1.1.8
Device: Used count for User
B.1.1.9
Device: Velocity from last login
B.1.2
Autolearning Conditions
B.1.2.1
Entity: Entity is Member of Pattern Bucket for the first time in Certain Time Period
B.1.2.2
Entity: Entity is member of pattern less than some percent times
B.1.2.3
Entity: Entity is member of pattern bucket less than some percent with all entities in picture
B.1.2.4
Entity: Entity is member of pattern N times
B.1.2.5
Entity: Entity is member of bucket N times in a given time period
B.1.3
Location Conditions
B.1.3.1
Location: ASN in group
B.1.3.2
Location: IP in Range group
B.1.3.3
Location: In Country group
B.1.3.4
Location: IP Connection type in group
B.1.3.5
Location: IP line speed type
B.1.3.6
Location: IP Routing Type in group
B.1.3.7
Location: In carrier group
B.1.3.8
Location: IP Maximum Users
B.1.3.9
Location: Is IP from AOL
B.1.3.10
Location: in city group
B.1.4
Transactions Conditions
B.1.4.1
Transaction: Check Current Transaction Using Filter Condition
B.1.4.2
Transaction: Check Transaction Count Using Filter Condition
B.1.4.3
Transaction: Check Transaction Aggregrate and Count Using Filter Conditions
B.1.4.4
Transaction: Check Count of any entity or element of a Transaction using filter conditions
B.1.4.5
Transaction: Check if consecutive Transactions in given duration satisfy the filter conditions
B.1.4.6
Transaction: Compare Transaction Aggregrates (Sum/Avg/Min/Max) across two different durations
B.1.4.7
Transaction: Compare Transaction counts across two different durations
B.1.4.8
Transaction: Compare Transaction Entity/Element counts across two different durations
B.1.5
In-Session Conditions
B.1.5.1
Session: Check Param Value
B.1.5.2
Session: Check param value for regex
B.1.5.3
Session: Check param value in group
B.1.5.4
Session: Check String Value
B.1.5.5
Session: Time Unit Condition
B.1.6
System Conditions
B.1.6.1
System - Check Boolean Property
B.1.6.2
System - Check Int Property
B.1.6.3
System - Check String Property
B.1.6.4
System - Check Request Date
B.1.7
User Conditions
B.1.7.1
User: Check User Data
B.1.7.2
User: Stale Session
C
Oracle Adaptive Access Manager Reports Reference
C.1
Common Reports
C.2
Devices Reports
C.3
KBA Reports
C.4
Location Reports
C.5
Performance Reports
C.6
Security Reports
C.7
Summary Reports
C.8
Users Reports
D
Oracle Adaptive Access Manager Properties
D.1
Properties
D.2
OTP Properties
D.3
Time Zone
E
The Discovery Process
E.1
Discovery Process Overview
E.2
Example Scenario: Transaction Security
E.2.1
Problem Statement
E.2.2
Inputs Available
E.2.3
Evaluation
E.2.4
Outcomes
E.2.5
Translation
E.2.6
Alert
E.3
Example Scenario: Login Security
E.3.1
Problem Statement
E.3.2
Inputs Available
E.3.3
Evaluation
E.3.4
Outcome
E.3.5
Translation
E.3.6
Action
F
Globalization Support
F.1
Supported Languages
F.2
Turning Off Localization
F.3
Configuring Language Defaults for Oracle Adaptive Access Manager
F.3.1
Example 1
F.3.2
Example 2
F.3.3
Example 3
F.4
Dashboard
F.5
Answer Logic Phonetics Algorithms
F.6
Keyboard Fat Fingering
F.7
Adding Registration Questions
F.8
Adding Abbreviations and Equivalences for Answer Logic
G
Setting Up Archive and Purge Procedures
G.1
Purge Process
G.2
Archive Process
G.3
Database Archive and Purge
G.3.1
Archive and Purge Data Classification
G.3.1.1
Device Fingerprinting
G.3.1.2
Transaction In-Session Based Data
G.3.1.3
Autolearning Profile Data
G.3.1.4
Rule Log Data
G.3.2
Archive and Purge Process
G.3.2.1
Archive and Purge Process - Special Recommendations for Schemas with Partitioned Objects
G.3.2.2
Archive and Purge Process - Setting Up for Users with an Existing Process In Place
G.3.2.3
Archive and Purge Process - Setting Up for the Oracle Database
G.3.3
Performing Archive and Purge
G.3.3.1
Manual Execution
G.3.3.2
Automatic Scheduling
G.3.4
Validating Archive and Purge
G.3.5
Restoring Archived Data
G.3.6
Archive and Purge Details
G.3.6.1
Device Fingerprint Tables and Corresponding Archived Tables
G.3.6.2
Autolearning Transactional Tables and Corresponding Archive Tables
G.3.6.3
Transaction Tables and Corresponding Archived Tables
G.3.6.4
Rule Logs Tables and Corresponding Archived Tables
G.3.7
Scripts to Set Up Archive and Purge
G.3.7.1
Scripts for the Oracle Database
G.3.7.2
Scripts to Execute Archive and Purge
G.3.7.3
Drop Scripts for Partitioned Tables
G.4
Case Data Archive and Purge
G.4.1
Archive and Purge Process for Case Data
G.4.1.1
Set Up the Archive and Purge Script
G.4.1.2
Execute Archive and Purge Script
G.4.1.3
Validating Archive and Purge
G.4.1.4
Restoring Archived Data
G.4.1.5
Case Data Archive and Purge Details
G.5
Monitor Data Archive and Purge
G.5.1
Archive and Purge Process for Monitor Data
G.5.1.1
Set Up the Archive and Purge Script
G.5.1.2
Execute Archive and Purge Script
G.5.1.3
Validating Archive and Purge
G.5.1.4
Restoring Archived Data
G.5.1.5
Monitor Data Archive and Purge Details
H
Configuring Logging Output
H.1
Handlers
H.1.1
Configuring the File handler
H.1.2
Configuring Both Console Logging and File Logging
H.2
Oracle Adaptive Access Manager Loggers
H.3
Logging Levels
H.4
Other Properties
I
Rule and Fingerprint Logging
I.1
Detailed Rule Logging
I.1.1
Enabling Detailed Rule Logging
I.1.2
Specifying When to Log
I.1.3
Configuring Detailed Logging Threshold Time
I.1.4
Rule Logging Flow
I.1.5
Value Combinations
I.1.6
Logging Non-Triggered Rules
I.1.6.1
Examples
I.2
Enabling Fingerprint Rule Logging
I.3
Specifying Properties in Running Both Fingerprint and Detailed Logging
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.