Documentation Home
> Sun Identity Manager 8.1 Business Administrator's Guide
Sun Identity Manager 8.1 Business Administrator's Guide
Book Information
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Preface
Chapter 1 Identity Manager Overview
The Big Picture
Goals of the Identity Manager System
Defining User Access to Resources
Understanding User Types
Delegating Administration
Identity Manager Objects
Identity Manager User Accounts
Identity Manager Roles
Resources and Resource Groups
Organizations and Virtual Organizations
Directory Junctions
Identity Manager Capabilities
Admin Roles
Identity Manager Policies
Audit Policies
Object Relationships
Chapter 2 Getting Started with the Identity Manager User Interface
Identity Manager Administrator Interface
Logging in to the Identity Manager Administrator Interface
To Open the Administrator Interface
Session Limits and Cookies
Forgotten User ID
Identity Manager End-User Interface
The Five End-User Interface Tabs
Home Tab
Work Items Tab
Requests Tab
Delegations Tab
Profile Tab
Logging in to the Identity Manager End-User Interface
To Open the End-User Interface
Retrieving Forgotten User IDs
Help and Guidance
Identity Manager Help
Identity Manager Guidance
The Identity Manager Debug Page
Identity Manager IDE
Where to Go from Here
Chapter 3 User and Account Management
The Accounts Area of the Interface
Actions Lists in the Accounts Area
Searching in the Accounts List Area
User Account Status
The User Pages (Create/Edit/View)
Identity Tab
Resources Tab
Roles Tab
Security Tab
Delegations Tab
Attributes Tab
Compliance Tab
Creating Users and Working with User Accounts
Enabling Process Diagrams
To Enable Process Diagrams for Use in Identity Manager
To Create a User in Identity Manager
Creating Multiple Resource Accounts for a User
Why Assign Multiple Accounts per User per Resource?
Configuring Types of Accounts
Assigning Types of Accounts
Finding & Viewing User Accounts
Editing Users
To View User Accounts
To Edit User Accounts
Reassigning Users to Another Organization
To Move a User
Renaming Users
Updating Resources Associated with an Account
Updating Resources on a Single User Account
Updating Resources on Multiple User Accounts
Deleting Identity Manager User Accounts
Deleting Resources from User Accounts
Deleting Resources from a Single User Account
To Start a Delete, Unassign, or Unlink Action for a Single User Account
Deleting Resources from Multiple User Accounts
To Start A Delete, Unassign, or Unlink Action for Multiple Users
Changing User Passwords
Changing Passwords from the User List Page
To Change Passwords from the Main Menu
Resetting User Passwords
Resetting Passwords from the User List Page
To Expire Passwords Using the Identity Manager Account Policy
Disabling, Enabling, & Unlocking User Accounts
To Disable User Accounts
To Enable User Accounts on a Resource Through Password Resets
Unlocking User Accounts
Failed Password Login Attempts
Failed Question Login Attempts
Bulk Account Actions
Launching Bulk Account Actions
To Launch Bulk Account Actions
Using Action Lists
Delete, DeleteAndUnlink, Disable, Enable, Unassign, and Unlink Commands
Create, Update, and CreateOrUpdate Commands
Fields with More Than One Value
Special Characters in Field Values
Bulk Action View Attributes
Correlation and Confirmation Rules
Correlation Rules
To Set an Extended Attribute as Queryable
Confirmation Rules
Managing Account Security and Privileges
Setting Password Policies
Creating a Policy
Length Rules
Policy Type
Character Type Rules
Dictionary Policy Selection
Password History Policy
Must Not Contain Words
Must Not Contain Attributes
Implementing Password Policies
User Authentication
To Set Up Authentication in an Account Policy
Personalized Authentication Questions
Bypassing the Change Password Challenge after Authentication
Assigning Administrative Privileges
User Self-Discovery
Enabling Self-Discovery
To Enable Self-Discovery
Anonymous Enrollment
Enabling Anonymous Enrollment
To Enable the Anonymous Enrollment Feature
Configuring Anonymous Enrollment
User Enrollment Process
Chapter 4 Configuring Business Administration Objects
Configuring Identity Manager Policies
What are Policies?
To Open the Policies Page
Must Not Contain Attributes in Policies
What is a Dictionary Policy?
To Configure a Dictionary Policy
To Implement a Dictionary Policy
Customizing Email Templates
Editing an Email Template
To Customize an Email Template
HTML and Links in Email Templates
Allowable Variables in the Email Body
Configuring Audit Groups and Audit Events
To Open the Audit Configuration Page
To Configure Audit Groups
To Add Events to the Audit Configuration Group
To Edit Events in the Audit Configuration Group
Remedy Integration
Configuring the End-User Interface
To Set Options for Displaying Information in the End-User Interface
To Enable Process Diagrams in the End-User Interface
Registering Identity Manager
Registering Identity Manager from the Console
Using the register Command
register Command Usage
register Command Options
To Register Identity Manager from the Console
To Register Identity Manager from the Administrator Interface
Editing Identity Manager Configuration Objects
Chapter 5 Roles and Resources
Understanding and Managing Roles
What are Roles?
Putting Role Types to Work
Managing Roles Created In Versions Prior to Version 8.0
Using Role Types to Design Flexible Roles
Designing Business Roles
Designing IT Roles
Designing Applications and Assets
Role Types in Summary
Creating Roles
To Create Roles Using the Create Role Form
To Assign Resources and Resource Groups
To Edit Assigned Resource Attribute Values
To Assign Roles and Role Exclusions
Designating Role Owners and Role Approvers
Designating Notifications
Initiating Change-Approval and Approval Work Items
Editing and Managing Roles
To Search for Roles
To View Roles
To Edit a Role
To Clone a Role
To Assign a Role to Another Role
To Remove a Role Assigned to Another Role
To Enable or Disable Roles
To Delete a Role
To Assign a Resource or a Resource Group to a Role
To Remove a Resource or Resource Group Assigned to a Role
Managing User Role Assignments
To Assign Roles to a User
To Activate and Deactivate Roles on Specific Dates
To Edit the Schedule for the Deferred Task Scanner
To Update Roles Assigned to Users
To Manually Update Assigned Users
To Schedule an Update Role Users Task
To Find Users Assigned to a Specific Role
To Remove One or More Roles From a User
Configuring Role Types
To Configure Role Types to be Directly Assignable to Users
To Enable Role Types for Assignable Activation Dates and Deactivation Dates
To Enable or Disable Change-Approval and Change-Notification Work Items
To Configure the Maximum Number of Rows that the Role List Page Can Load
Synchronizing Identity Manager Roles and Resource Roles
To Synchronize an Identity Manager Role with a Resource Role
Understanding and Managing Identity Manager Resources
What are Resources?
The Resources Area in the Interface
Managing the Resources List
To Open the Configure Managed Resources Page
To Enable Resource Types
To Add a Custom Resource
To Create a Resource
Managing Resources
To View the Resource List
To Edit a Resource Using the Resource Wizard
To Edit a Resource Using Resource List Commands
To View or Edit Resource Account Attributes
Resource Groups
Global Resource Policy
To Edit Policy Attributes
To Set Additional Timeout Values
Bulk Resource Actions
Understanding and Managing External Resources
What Are External Resources?
Why Use External Resources?
Configuring External Resources
Configuring the External Resources Data Store
To Configure a Database-Type Data Store
To Configure the Action Scripts
To Configure a Directory-Type Data Store
Configuring Provisioner Notification
To Configure Email Notification
To Configure Remedy Notification
Creating External Resources
Provisioning External Resources
To Assign an External Resource to a User
To Respond to An External Resource Provisioning Request
Unassigning and Unlinking External Resources
Troubleshooting External Resources
Chapter 6 Administration
Understanding Identity Manager Administration
Delegated Administration
Creating and Managing Administrators
To Create an Administrator
Filtering Administrator Views
Changing Administrator Passwords
Challenging Administrator Actions
To Enable the Challenge Option for Tabbed User Forms
To Enable the Challenge Option for Change User Password and Reset User Password Forms
Changing Answers to Authentication Questions
Customizing Administrator Name Display in the Administrator Interface
Understanding Identity Manager Organizations
Creating Organizations
To Create an Organization
Assigning Users to Organizations
Assigning Organization Control
Understanding Directory Junctions and Virtual Organizations
Setting Up Directory Junctions
To Set Up a Directory Junction
Refreshing Virtual Organizations
Deleting Virtual Organizations
Understanding and Managing Capabilities
Capabilities Categories
Working with Capabilities
View the Capabilities Page
To Open the Capabilities Page
Create a Capability
To Create a Capability
Edit a Capability
To Edit a Non-Protected Capability
Save and Rename a Capability
To Clone a Capability
Assigning Capabilities to Users
Understanding and Managing Admin Roles
Admin Role Rules
The User Admin Role
Creating and Editing Admin Roles
General Tab
Scope of Control
Assigning Capabilities to the Admin Role
Assigning User Forms to an Admin Role
The End User Organization
The End User Controlled Organization Rule
Managing Work Items
Work Item Types
Working With Work Item Requests
Viewing Work Item History
Delegating Work Items
Audit Log Entries
Viewing Current Delegations
To View Current Delegations
Viewing Previous Delegations
To view previous delegations
Creating Delegations
To Create a Delegation
Delegations to Deleted Users
Ending Delegations
To End One or More Delegations
Approving User Accounts
Setting Up Account Approvers
Signing Approvals
To Sign an Approval
Configuring Digitally Signed Approvals and Actions
To Enable Server-Side Configuration for Signed Approvals
To Enable Server-Side Configuration for Signed Approvals Using PKCS12
To Enable Client-Side Configuration for Signed Approvals Using PKCS11
Viewing the Transaction Signature
To View a Transaction Signature
Configuring XMLDSIG-Format Signed Approvals
Approval Data Format
Installation and Setup
Approval Configuration
Chapter 7 Data Loading and Synchronization
Data Synchronization Tools: Which to Use?
Account Discovery Features
Extract to File
To Extract Accounts
Load from File
About CSV File Format
To Load Accounts
Load from Resource
To Import Accounts
Account Reconciliation
Reconciliation in a Nutshell
About Reconciliation Policies
Editing Reconciliation Policies
To Edit a Reconciliation Policy
Starting Reconciliation
To Run Reconciliation at Regular Intervals
To Run Reconciliation Immediately
To Cancel Reconciliation
Viewing Reconciliation Status
To View Detailed Reconciliation Status
To View Reconciliation Status in the Resource List
Working with the Account Index
To Search the Account Index
Examining the Account Index
To Examine the Account Index
Working with Accounts
Working with Users
Using Task Schedule Repetition Rules
How Reconciliation Run Times are Scheduled
To View the Accept All Dates Sample Rule
Active Sync Adapters
Configuring Synchronization
To Edit or Configure Synchronization
Editing Active Sync Adapters
To Stop Synchronization
Tuning Active Sync Adapter Performance
Changing Polling Intervals
Specifying the Host Where the Adapter Will Run
Starting and Stopping
Adapter Logging
Chapter 8 Reporting
Working with Reports
Report Types
Running Reports
To Run a Report
Viewing Reports
To View a Report
Creating Reports
To Create a New Report
Editing and Cloning Reports
To Edit or Clone a Report
Sending Email Reports
Scheduling Reports
Downloading Report Data
Configuring Report Output
Identity Manager Reports
AuditLog Reports
To Define an AuditLog Report
Individual User AuditLog Reports
To Define an Individual User AuditLog Report
Real Time Reports
To Define a Real-Time Report
Summary Reports
To Define a Summary Report
SystemLog Reports
To Define a SystemLog Report
Usage Reports
To Define a Usage Report
Workflow Reports
Configuring Workflows to Capture Audit Timing Events
Specifying Attributes to Store for the Workflow Report
To Define a Workflow Report
Auditor Reports
Working with Graphs
Viewing Defined Graphs
To View a Defined Graph
To Create a Dashboard Graph
To Edit a Dashboard Graph
To Delete a Defined Graph
Working with Dashboards
To View Dashboards
To Create Dashboards
Editing Dashboards
Deleting Dashboards
System Monitoring
Tracked Event Configuration
Risk Analysis
To Create a Risk Analysis Report
To Schedule a Risk Analysis Report
Chapter 9 Task Templates
Enabling the Task Templates
To Map Process Types
To Configure a Task Template
Configuring the Task Templates
Configuring the General Tab
For the Create User or Update User Templates
To Change the Default Task Name
For the Delete User Template
To Specify How User Accounts Are Deleted/Deprovisioned
Configuring the Notification Tab
Configuring User Notifications
Configuring Administrator Notifications
Specifying Administrator Notification Recipients by Attribute
To Derive Notification Recipients’ Account IDs From a Specified Attribute
Specifying Administrator Notification Recipients by Rule
To Derive Notification Recipients’ Account IDs From a Specified Rule
Specifying Administrator Notification Recipients by Query
To Derive Notification Recipients’ Account IDs by Querying a Specified Resource
To Specify Administrator Notification Recipients From the Administrator List
Configuring the Approvals Tab
To Configure Approvals
Enabling Approvals (Approvals Tab, Approvals Enablement Section)
Specifying Additional Approvers (Approvals Tab, Additional Approvers Section)
To Determine Additional Approvers From an Attribute
To Determine Additional Approvers from a Rule
To Determine Additional Approvers From a Query
To Determine Additional Approvers From the Administrator List
To Configure Approval Timeouts
To Configure the Determine Escalation Approvers From Section
To Configure the Approval Timeout Task Section
Configuring the Approval Form (Approvals Tab, Approval Form Configuration Section)
To Configure an Approval Form for Additional Approvers
To Add Attributes to the Approval Form
Removing Attributes
To Remove Attributes From the Approval Form
Configuring the Audit Tab
To Configure Auditing
To Remove Attributes
Configuring the Provisioning Tab
Configuring the Sunrise and Sunset Tab
Configuring Sunrises
To Configure Sunrises
Specifying a Time
To Delay Provisioning Until a Specified Time
To Delay Provisioning Until a Specified Calendar Date
To Determine Provisioning Date and Time by Specifying an Attribute
To Determine Provisioning Date and Time by Evaluating a Rule
Configuring Sunsets
To Configure a Sunset
Configuring the Data Transformations Tab
Chapter 10 Audit Logging
Audit Logging Overview
What Does Identity Manager Audit?
Creating Audit Events From Workflows
The com.waveset.session.WorkflowServices Application
Modifying Workflows to Log Standard Audit Events
Workflow Examples
Modifying Workflows to Log Timing Audit Events
Examples: Starting and Stopping Audit Events in a Workflow
What Information Do Timing Audit Events Store?
Audit Configuration
The filterConfiguration Attribute
Account Management Group
Changes Outside Identity System Group
Compliance Management Group
Configuration Management Group
Event Management Group
Logins/Logoffs Group
Password Management Group
Resource Management Group
Role Management Group
Security Management Group
Service Provider Group
Task Management Group
The extendedTypes Attribute
The extendedActions Attribute
The extendedResults Attribute
The publishers Attribute
Database Schema
The waveset.log Table
The waveset.logattrTable
Audit Log Truncation
Audit Log Configuration
Resizing Column Length Limits
Removing Records from the Audit Log
Using Custom Audit Publishers
To Enable Custom Audit Publishers
The Console, File, JDBC, & Scripted Publisher Types
The JMS Publisher Type
Why Use JMS?
Point-to-Point or Publish-and-Subscribe?
Configuring the JMS Publisher Type
The JMX Publisher Type
What is JMX?
Identity Manager’s JMX Publisher Implementation
To Configure the JMX Publisher Type
Viewing Audit Events with a JMX Client
Querying the MBean for Additional Information
Developing Custom Audit Publishers
Publisher Lifecycle
Publisher Configuration
Developing Formatters
Registering Publishers/Formatters
Chapter 11 PasswordSync
What is PasswordSync?
Before You Install
Install Microsoft .NET 1.1
Configure PasswordSync for SSL
Uninstall Previous Versions of PasswordSync
Installing and Configuring PasswordSync on Windows
To Install the PasswordSync Configuration Application
To Configure PasswordSync
Installing PasswordSync Silently
To Capture Installation Parameters to a Configuration File
To Install PasswordSync Silently
Deploying PasswordSync on the Application Server
Adding and Configuring a JMS Listener Adapter
To Add the JMS Listener Resource Adapter
Implementing the Synchronize User Password Workflow
Setting Up Notifications
Configuring PasswordSync with a Sun JMS Server
Sample Scenario
Creating and Storing Administered Objects
Storing Administered Objects in an LDAP Directory
Using the Message Queue Command-Line Tool
Storing Connection Factory Objects
Storing Destination Objects
Storing Administered Objects in a File
Storing Connection Factory Objects
Creating the Destination on the Broker
Configuring the JMS Listener Adapter for this Scenario
Configuring Active Sync
To Configure the JMS Listener for Synchronization
Testing Your Configuration
Debugging PasswordSync on Windows
Uninstalling PasswordSync on Windows
Frequently Asked Questions about PasswordSync
Chapter 12 Security
Security Features
Limiting Concurrent Login Sessions
Managing Passwords
Pass-Through Authentication
About Login Applications
Login Constraint Rules
Example Login Constraint Rule
Editing Login Applications
Setting Identity Manager Session Limits
Disabling Access to Applications
Editing Login Module Groups
Editing Login Modules
Configuring Authentication for Common Resources
Configuring X509 Certificate Authentication
Configuration Prerequisites
To Verify that the Client Certificate’s Client Authentication Option is Selected
Configuring X509 Certificate Authentication in Identity Manager
To Configure X509 Certificate Authentication
Creating and Importing a Login Correlation Rule
Testing the SSL Connection
Diagnosing Problems
To Correct a Client Certificate Attribute Name in an HTTP Request
Cryptographic Use and Management
Cryptographically Protected Data
Frequently Asked Questions about Server Encryption Keys
Frequently Asked Questions about Gateway Keys
Managing Server Encryption
To Access the Manage Server Encryption Page
To Configure Server Encryption
Using Authorization Types to Secure Objects
Security Practices
At Setup
During Use
To Change the Session Timeout Value
Chapter 13 Identity Auditing: Basic Concepts
About Identity Auditing
Goals of Identity Auditing
Understanding Identity Auditing
Policy-Based Compliance
Continuous Compliance
Periodic Compliance
Logical Task Flow for Policy-Based Compliance
Periodic Access Reviews
Working with Identity Auditing in the Administrator Interface
Using the Compliance Section of the Interface
To Use the Compliance section to Create and Manage Audit Policies
Manage Policies
Manage Access Scans
Access Reviews
Identity Auditing Tasks Interface Reference
Email Templates
Enabling Audit Logging
About Audit Policies
Creating a Policy with Audit Policy Rules
Addressing Policy Violations with Remediation Workflows
Designating Remediators
A Sample Audit Policy Scenario
Chapter 14 Auditing: Audit Policies
Working with Audit Policies
Audit Policy Rules
Creating an Audit Policy
To Open the Audit Policy Wizard
Creating an Audit Policy: Overview
Before You Begin
To Identify the Rules You Need
(Optional) Import Separation of Duty Rules into Identity Manager
(Optional) Import a Workflow into Identity Manager
To Import an External Workflow
Name and Describe the Audit Policy
To Select a Rule Type
To Select an Existing Rule
To Use the Rule Wizard to Create a New Rule
To Name and Describe the New Rule
Select the Resource Referenced by the Rule
Create the Rule Expression
To Create a Rule Expression
Adding Rules
Select a Remediation Workflow
Select Remediators and Timeouts for Remediations
Select Organizations that Can Access this Policy
Editing an Audit Policy
The Edit Policy Page
Edit Audit Policy Description
Edit Options
Delete a Rule from the Policy
Add a Rule to the Policy
Change a Rule used by the Policy
Remediators Area
Remove or Assign Remediators
Adjust Escalation Timeouts
Remediation Workflow and Organizations Area
Change the Remediation Workflow
Select Remediation User Form Rule
Assign or Remove Visibility to Organizations
Sample Policies
IDM Role Comparison Policy
IDM Account Accumulation Policy
Deleting an Audit Policy
Troubleshooting Audit Policies
Assigning Audit Policies
To Assign a User-Level Policy
Resolving Auditor Capabilities Limitations
To Add Capabilities
Chapter 15 Auditing: Monitoring Compliance
Audit Policy Scans and Reports
Scanning Users and Organizations
To Scan a User Account or Organization
Working with Auditor Reports
Creating an Auditor Report
To Create an Auditor Report
Configuring the Audited Attribute Report
Compliance Violation Remediation and Mitigation
About Remediation
Remediator Escalation
Remediation Security Access
Remediation Workflow Process
Remediation Responses
Remediation Example
Remediation Email Template
Working with the Remediations Page
Viewing Policy Violations
Viewing Pending Requests
Viewing Completed Requests
Updating the Table
Prioritizing Policy Violations
To Edit the Priority or Severity for Violations
Mitigating Policy Violations
From the Remediations Page
To Mitigate Pending Policy Violations From the Remediations Page
Remediating Policy Violations
To Remediate One or More Policy Violations
Forwarding Remediation Requests
To Forward Remediation Requests
Editing a User from a Remediation Work Item
Periodic Access Reviews and Attestation
About Periodic Access Reviews
Access Review Scans
Access Review Workflow Process
Required Administrator Capabilities
Attestation Process
Attestation Workflow
Attestation Security Access
Delegated Attestation
Planning for a Periodic Access Review
Tuning Scan Tasks
Creating an Access Scan
To Define the Access Review Scan
Deleting an Access Scan
Managing Access Reviews
Launching an Access Review
Scheduling Access Review Tasks
Managing Access Review Progress
Modifying Scan Attributes
Canceling an Access Review
Deleting an Access Review
Managing Attestation Duties
Access Review Notification
Viewing Pending Attestation Requests
Acting on Entitlement Records
Closed-Loop Remediation
Requesting Remediation
To Request Remediation From Another User
Rescanning Attestations
To Rescan A Pending Attestation
Forwarding Attestation Work Items
To Forward Attestations
Digitally Signing Access Review Actions
Access Review Reports
Access Review Remediation
About Access Review Remediation
Access Review Remediation Request Escalation
The Remediation Workflow Process
Access Review Remediation Responses
The Remediations Page
Unsupported Access Review Remediation Actions
Chapter 16 Data Exporter
What is Data Exporter?
Planning to Implement Data Exporter
To Implement Data Exporter
Configuring Data Exporter
To Configure Data Exporter
Defining Read and Write Connections
To Define Read and Write Connections
Defining the Warehouse Configuration Information
To Define Warehouse Configuration Information
Configuring Warehouse Models
To Configure Warehouse Models
Configuring Exporter Automation
To Configure Exporter Automation
Configuring the Warehouse Task
To Configure the Warehouse Configuration Information
Modifying the Configuration Object
Testing Data Exporter
To Start the Data Warehouse Exporter Launcher
Configuring Forensic Queries
Creating a Query
To Create A Forensic Query
Saving a Forensic Query
To Save a Forensic Query
Loading a Query
To Load a Forensic Query
Maintaining Data Exporter
Monitoring Data Exporter
Monitoring Logging
Audit Logs
System Logs
Chapter 17 Service Provider Administration
Overview of Service Provider Features
Enhanced End-User Pages
Password and Account ID Policy
Identity Manager and Service Provider Synchronization
Access Manager integration
Initial Configuration
Edit Main Configuration
To Edit Configuration Objects for a Service Provider Implementation
Directory Configuration
To Complete the Directory Configuration Form
User Forms and Policy
To Specify Forms And Policies for Service Provider User Administration
Transaction Database
To Configure a Transaction Database
Configuring Tracked Event Configurations
To Specify a Time Zone and Collection Intervals for Service Provider Tracked Events
Synchronization Account Indexes
To Define Index Attributes for a Resource
Callout Configuration
Edit User Search Configuration
To Configure Default Search Settings for Searching Service Provider Users
Transaction Management
Setting Default Transaction Execution Options
To Configure Service Provider Transactions
Setting Transaction Persistent Store
To Set Options on the Service Provider Transaction Configuration Page
Set Advanced Transaction Processing Settings
To Specify Advanced Transaction Processing Settings
Monitoring Transactions
To Search Transactions
Delegated Administration for Service Provider Users
Delegation Through Organization Authorization
Delegation Through Admin Role Assignment
Enabling Service Provider Admin Role Delegation
Configuring a Service Provider User Admin Role
To Configure a Service Provider User Admin Role
Specifying the Scope of Control
Specifying Capabilities
Assigning Admin Roles To Users
Delegating Service Provider User Admin Roles
Administering Service Provider Users
User Organizations
Create Users and Accounts
To Create a Service Provider Account
Search Service Provider Users
Advanced Search
To Perform an Advanced Search of Service Provider Users
Search Results
Link Accounts
To Link User Accounts
Delete, Unassign, or Unlink Accounts
To Delete, Unassign, or Unlink User Accounts
Set Search Options
To Set Search Options for Service Provider Users,
End-User Interface
Sample End-User Pages
New User Registration
Home and Profile Screens
Service ProviderUser Synchronization
Configure Synchronization
Monitor Synchronization
Start and Stop Synchronization
To Disable Service Provider Active Sync
Migrate Users
To Migrate Existing Identity Manager Users
Configuring Service Provider Audit Events
Appendix A lh Reference
lh Command Syntax
Usage Notes
lh Command Examples
syslog Command
syslog Command Usage
syslog Command Options
Appendix B Audit Log Database Schema
Oracle Database Type
DB2 Database Type
MySQL Database Type
SQL Server Database Type
Audit Log Database Mappings
Appendix C User Interface Quick Reference
Identity Manager Interface Task Reference
Appendix D Capabilities Definitions
Task-Based Capabilities Definitions
Functional Capabilities Definitions
Glossary
© 2010, Oracle Corporation and/or its affiliates