Oracle Identity Navigator is an administrative portal designed to act as a single launch pad for accessing the administration consoles for other Oracle Identity Management components. It does not replace the individual component consoles. Rather, it allows you to access the Oracle Identity Management consoles centrally from one location.
This chapter contains the following topics:
Oracle Identity Navigator is installed with other Oracle Identity Management components and centralizes access to product administration consoles, as well as other identity services. Oracle Identity Navigator can be installed with other Oracle Identity Management components in the same domain or in different domains. It is a web-based application that you access through a browser. You can use Oracle Identity Navigator to access the following product administration consoles and identity services:
Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Authorization Policy Manager
Oracle Directory Services Manager
Oracle Directory Integration Platform
Oracle Enterprise Manager
Oracle Entitlements Server
Oracle Identity Analytics
Oracle Identity Federation
Oracle Identity Manager
Oracle Role Manager
Oracle WebLogic Server
Oracle Web Services Manager
Each administration console launches in its own separate browser window. You configure Oracle Identity Navigator to connect to these consoles either by specifying the URLs directly, or by employing the product discovery feature.
Like Oracle Enterprise Manager Fusion Middleware Control, Oracle Identity Navigator is a Java EE application deployed on a Oracle WebLogic Administration Server. It uses Oracle Metadata Service.
The Oracle Identity Navigator report feature relies on Oracle Business Intelligence Publisher and requires configuration to communicate with an Oracle Business Intelligence Publisher server.
You can access Oracle RSS feeds and view them in the Dashboard. You might need to configure a proxy to connect through your company's firewall.
Figure 1-1 shows the relationships between Oracle Identity Navigator and the Oracle Identity Management components:
Oracle Identity Navigator is integrated with 11g Oracle Platform Security Services for single sign-on (SSO) support. Some of the component consoles accessible from Oracle Identity Navigator are single sign-on enabled and can be configured to authenticate against the same authentication service in the Oracle Identity Navigator operation environment. Single sign-on enabled consoles include Oracle Access Manager, Oracle Identity Manager, Oracle Adaptive Access Manager, and Oracle Authorization Policy Manager. Double sign-on occurs for other components, such as Oracle Directory Services Manager and Oracle Enterprise Manager Fusion Middleware Control. See "Configuring Single Sign-On (SSO)" for more information.
Common Admin Roles are a set of predefined standardized application roles for securing administrative access to Oracle identity management applications. These roles encapsulate the common administrative tasks across the Oracle Identity Management Suite.
Note:
You must configure enterprise roles to support the Common Admin Roles before you can begin using them. For more information, see "Configuring the Enterprise Roles".Oracle Identity Navigator enables you to assign Common Admin Roles to users. Each role maps to a set of capabilities that are common across all the components in the Identity Management Suite.
Table 1-1 describes the responsibilities of each role and the skills and expertise required to perform that role. You can assign any of the roles described in Table 1-1 to a user as a component role. Once this assignment is done, the user is granted the role capabilities for administering the component.
Table 1-1 Summary of the Common Admin Roles
Common Admin Role Name | Responsibility | Skills and Expertise Required |
---|---|---|
Application Configurator |
|
|
Application Auditor |
|
|
Application Troubleshooter |
|
|
Security Auditor |
|
|
Security Admin |
|
|
User Manager |
|
|
Helpdesk Admin |
|
|
Actions that an authenticated user can perform are based on the roles assigned. Oracle Identity Navigator supports two types of administrative roles:
Administrators with Common Admin Roles
Administrators with Common Admin Roles specific to Oracle Identity Navigator can administer Oracle Identity Navigator as summarized in Table 1-2.
A component administrator manages a specific Identity Management component. These role types can be finer grained than the Common Admin Role. For more information, see "Advanced: Configuring Component Administrative Role-Based Access".
Table 1-2 describes the Common Admin Roles that are specific to Oracle Identity Navigator and the access rights each conveys. All authenticated users can access My Profile and News and Announcements.
Table 1-2 Summary of Oracle Identity Navigator Common Admin Roles
Common Admin Role Name | Access Rights |
---|---|
Security Admin |
|
Security Auditor |
|
Application Configurator |
|
After installation, all users who are members of the Oracle WebLogic Server Administrators
group are granted all superuser privileges required to administer Oracle Identity Navigator. The default administrator is the weblogic
user (also known as the bootstrap user) who is a member of the Administrators
group.
After installation the weblogic
user, as the bootstrap user, can be used to map the users from the domain identity store to the Oracle Identity Navigator Common Admin Roles detailed in Table 1-2. Users mapped to the Security Admin role can assign the Common Admin Roles to other users, and can later replace the weblogic
user in your environment. After the initial user mapping is completed, replace the default weblogic
user by mapping the Security Admin role to at least one administrator user defined in your domain identity store.
Oracle Identity Navigator supports a set of reports by default. The reports provide meaningful information for auditors to examine the security practice of the component in the deployment environment, as well as enabling system administrators to check the component health status.
All reports are generated using Oracle Business Intelligence Publisher. Oracle BI Publisher 10.1.3.4.1 must be installed separately. See "Configuring Oracle Business Intelligence Publisher" for more information on installing and configuring Oracle BI Publisher.
My Reports is a portlet used to view your favorite Oracle Identity Management Oracle Business Intelligence Publisher reports in the Navigator content. In addition, the My Reports portlet allows you to save the query to run a report and run the report again. As an administrative user, you have your own My Reports portlet on the Dashboard page of Oracle Identity Navigator. You can add report categories to My Reports and save different reports under different categories.
This portlet enables you to perform the following tasks:
Show a list of Oracle Identity Management BI Publisher Reports in a portlet configuration page.
Select a report and add it to the My Reports list from a portlet configuration page.
View and run any report that the you have access to.
Reports are categorized by the component they belong to.
Oracle Identity Navigator supports the following three Oracle RSS feeds:
Identity Management Discussion Forum
Oracle New Downloads
Oracle Security Alerts
The RSS feeds can not be changed.
Refer to the system requirements and certification documentation for information about hardware and software requirements, platforms, databases, and other information. Both of these documents are available on Oracle Technology Network (OTN).
The system requirements document covers information such as hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html
The certification document covers supported installation types, platforms, operating systems, databases, JDKs, and third-party products:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html