3 Getting Started with Common Administration and Navigation

This chapter describes the initial steps needed to log in and navigate around the OAAM Administration Console.

This chapter contains the following sections:

3.1 Starting and Stopping Components in Your Deployment

To help in the understanding of the various startup and shutdown commands, Figure 3-1 illustrates the distribution of Oracle Adaptive Access Manager components on WebLogic Servers.

Figure 3-1 Oracle Adaptive Access Manager Component Distribution

Description of Figure 3-1 follows
Description of "Figure 3-1 Oracle Adaptive Access Manager Component Distribution"

Note:

If batch processing is used, there is another Managed Server in addition to the ones shown in the illustration, which is the OAAM Offline server.

The following procedure describes starting the database and Admin and managed servers.

  1. Start the database.

    1. Set the ORACLE_HOME environment variable to the Oracle home for the database.

    2. Set the ORACLE_SID environment variable to the SID for the database.

    3. Start the Net Listener:

      ORACLE_HOME/bin/lsnrctl start

    4. Start the database instance:

      ORACLE_HOME/bin/sqlplus /nolog
SQL> connect SYS as SYSDBA
SQL> startup

  2. Start the WebLogic Administration Server.

    DOMAIN_HOME/bin/startWeblogic.sh

  3. Start the managed server hosting OAAM Admin Server.

    DOMAIN_HOME/bin/startManagedWeblogic.sh oaam_admin_server1

  4. Start the online and offline servers.

    DOMAIN_HOME/bin/startManagedWeblogic.sh server_name

The following procedure describes stopping the OAAM Administration Console and online and offline servers. You will be stopping the components in the opposite sequence.

  1. Stop the OAAM managed, offline, and OAAM Admin servers. For example:

    DOMAIN_HOME/bin/stopManagedWeblogic.sh oaam_admin_server1
DOMAIN_HOME/bin/stopManagedWeblogic.sh oaam_server_server1
DOMAIN_HOME/bin/stopManagedWeblogic.sh oaam_offline_server1

  2. Stop the WebLogic Administration Server.

    DOMAIN_HOME/bin/stopWeblogic.sh

  3. Stop the database.

    1. Stop the database instance:

      ORACLE_HOME/bin/sqlplus /nolog
SQL> connect SYS as SYSDBA
SQL> shutdown
SQL> quit

    2. Stop the Net Listener:

      ORACLE_HOME/bin/lsnrctl stop

3.2 About Access Level to the OAAM Admin Console

OAAM Admin provides functions for security investigators and customer service representatives (CSRs), security administrators, and system administrators. The functions and navigation that are available depend on the roles. For information, see Appendix G, "OAAM Access Roles."

OAAM Users will be needed in order to be able to use Oracle Adaptive Access Manager. You can create new users and assign the relevant Oracle Adaptive Access Manager roles in your WebLogic administration domain by using the Oracle WebLogic Administration Console. Best practices is to refrain from assigning multiple roles to a single user. If a user has multiple roles assigned to him, the user will have all of the permissions from the different groups. For information, see Section 2.5.1, "Creating OAAM Users."

3.3 Signing In to Oracle Adaptive Access Manager 11g

This section describes how to sign in to OAAM Admin.

The features available when you sign in are based according to roles and business requirements.

An Oracle Adaptive Access Manager Sign In page is shown in Figure 3-2.

Figure 3-2 Oracle Adaptive Access Manager Sign In

Description of Figure 3-2 follows
Description of "Figure 3-2 Oracle Adaptive Access Manager Sign In"

To sign in to OAAM Admin, follow these steps:

  1. In a browser window, enter the URL to the Oracle Adaptive Access Manager 11g Sign In page.

    http://host:port/oaam_admin/

    where

    • host refers to the Oracle Adaptive Access Manager managed Admin Server

    • port refers to the OAAM Admin managed server port

    • /oaam_admin/ refers to the OAAM Admin Sign In page

  2. On the Sign In page, enter your credentials.

  3. Click the Sign In button.

    If you have logged in successfully, the Fraud Prevention tab appears on the left with an expanded navigation tree.

To sign out, select the Sign Out link in the upper-right corner of OAAM Admin.

3.4 Using the OAAM Administration Console and Controls

Upon a successful sign in, Oracle Adaptive Access Manager displays the OAAM Administration Console.

The OAAM Administration Console is divided into the following areas: navigation panel on the left containing a navigation tree and a menu and tool bar above the navigation tree, and the main, open page on the right.

The navigation panel helps users access OAAM environment, configuration, and dashboard features. Named nodes in the panel identifies these items.

Initially when you log in, the OAAM Administration Console does not show any open pages on the right side. You must open a node first before a page can appear.

Figure 3-3 shows OAAM Admin with an active Policies search page.

Figure 3-3 OAAM Administration Console

Description of Figure 3-3 follows
Description of "Figure 3-3 OAAM Administration Console"

You can open up to ten pages simultaneously, which enables multitasking.

Note:

If you try to open more than ten tabs, an error occurs with the message that only ten tabs are allowed to be kept open. You can manually close one or more tabs and then try to open the new tab.

When multiple pages are open, only the active page and named tabs of other open pages are visible. You can click a named tab to return to the corresponding page.

The following sections provide more information about OAAM Admin:

3.4.1 About the Navigation Panel

OAAM Admin provides navigators for easy access to different features of Oracle Adaptive Access Manager.

The Navigation panel in OAAM Admin contains the following trees:

3.4.2 About the Navigation Tree

The Navigation tree, illustrated in Figure 3-4, is a collapsible and expandable tree that provides quick and visible access to features of Oracle Adaptive Access Manager.

3.4.2.1 Navigation Tree Structure

The Navigation tree includes named nodes that identify the individual features and groups of items within the Oracle Adaptive Access Manager product on which you can take action.

Note:

Oracle Adaptive Access Manager users can access functionality based on the roles they are assigned. For details on nodes displayed to different user roles, see Appendix G, "OAAM Access Roles." For example, Dashboard and Sessions nodes are not displayed for a CSR Manager.

Figure 3-4 illustrates the Navigation tree.

Figure 3-4 Navigation tree

Description of Figure 3-4 follows
Description of "Figure 3-4 Navigation tree"

Table 3-1 describes the Navigation tree nodes. The nodes you see will depend on your access level and role.

Table 3-1 OAAM Navigation Tree

Features Function

Dashboard

Provides a view of activity via aggregates and trending.

Sessions

Search and view the details (forensic record) of user activity.

Cases

Provides tools to track and solve customer service issues and investigate fraud. Cases are not available offline.

Policy Set

Contains the scoring engine and action/score overrides.

Policies

Contains security and autolearning rules and configurations used to evaluate the level of risk at each checkpoint.

Rules

Search and view rules outside the context of the policies that contain them. Rules are a collection of conditions used to evaluate user activity.

Conditions

Search and view the rule conditions available in OAAM. Conditions are the basic building blocks for security and autolearning policies.

Groups

Provides a set of tools for creating and managing groups. A group is a collection of like items.

Patterns

Search, create and manage patterns that profile behaviors. Rules evaluate the patterns to assess risk levels.

Entities

User-defined data structure, that can be re-used across different transactions.

Transactions

Defines the data structure and mapping to support application event/transaction analytics.

Configurable Actions

Create custom actions.

KBA

Framework to manage tasks that impact challenge questions, validations and levels of logic algorithms used for answers, question categories, and levels of logic algorithms used for registration.

Questions

Search, edit and create the KBA questions.

Validations

Search, edit and create the answer validation used in the KBA question registration and challenge process.

Categories

Search, edit and create the KBA question categories.

Registration Logic

Edit the configuration of logic that governs the KBA registration process.

Answer Logic

Edit the configuration of logic that governs the KBA challenge response process. This includes tuning of how exact user answers must be to their registered answers to be valid.

Environment

Tools for the configuration system properties and snapshots.

System snapshots

Back up and restore entire system configuration.

Properties

View and edit system configuration properties.

Scheduler

Manage jobs.

3.4.2.2 Navigation Tree Menu and Toolbar

A menu and toolbar appears above the Navigation tree, as shown Figure 3-4. Menus provide commands that you can use to take action on the selected item in the Navigation tree. Many menu commands are also provided as command buttons in the toolbar for quick access.

Figure 3-5 Menu and Toolbar

Description of Figure 3-5 follows
Description of "Figure 3-5 Menu and Toolbar"

Create New

Create New

Create New opens the corresponding create page of the selected node. Create New is available only for certain nodes where applicable. See Table 3-2, "Create New Pages of Selected Nodes" for a list of pages that can be opened by clicking Create New.

Table 3-2 Create New Pages of Selected Nodes

Node Subnode Create Page or Dialog

Dashboard

  

N/A

Sessions

  

Not available

Cases

  

Create Case

Policy Sets

  

Not available

Policies

  

New Policy
 

Rules

Not available
 

Conditions

Not available

Groups

  

Create Group

Patterns

  

New Pattern

Entities

  

New Entity

Transactions

  

New Transaction

Configurable Actions

    
 

Action Templates

New Action Template
 

Action Instances

New Action Instance

KBA

  

Not available
 

Questions

New Questions
 

Validations

Not Available
 

Categories

New Category
 

Registration Logic

Not available
 

Answer Logic

Not available

Scheduler

  

Not available
 

Jobs

Jobs search
 

Job Queue

Job Queue

Environment

  

Not available
 

System Snapshots

Not available
 

Properties

New Property

Open

Open

Open opens the corresponding page for the node you have selected.

Import

Import

Import opens the Import dialog for the node you have selected.

View Menu

Figure 3-6, "View Menu" illustrates the View menu and commands. Menu items that cannot be used on the selection in the Navigation tree appear in gray.

Table 3-3 describes the View menu commands.

Table 3-3 View Menu Commands

Command Description

Collapse

Immediately closes the node.

Expand All Below

Immediately reveals all items below the selection.

Collapse All Below

Immediately closes the node and all items below the selection.

Expand All

Immediately reveals all the nodes and subnodes along with their leaf nodes in the Navigation tree.

Collapse All

Immediately closes all the nodes and subnodes along with their leaf nodes in the Navigation tree.

Scroll to First

Scrolls to the first node

Scroll to Last

Scrolls to the last node

Actions Menu

Figure 3-7 shows the Actions menu, which provides appropriate commands for the selected item in the navigation tree. For instance, if you have Policies selected in the Navigation tree, the command New Policy... is available in the Actions menu. The New Policy command enables you to open the New Policy page for creating a new policy.

Table 3-4 describes Action menu commands which may be available when you select an item from the Navigation tree. The commands may vary depending on the node selected.

Table 3-4 Actions Menu Commands

Command Description

List item

Opens the item, search, or details page.

New item

Activates a new page that you can fill in to define a new item.

Import item

Displays the Import dialog, which enables you to locate and import the item.

3.4.3 About the Policy Tree

The Policy tree, as shown in Figure 3-8, gives a visual representation of the policy hierarchy and the relationship between different policies, user groups, and the checkpoints.

Double-clicking an item in the Policy tree opens a dynamic tab for that item. This enables administrators to view and edit the configurations in context.

You can expand the Policy tree to view the details about the user groups and policies under each checkpoint.

For example the Forgot Password policy is under the Forgot Policy Checkpoint and All Users is assigned to the policy.

Policy is the last level in the Policy tree. You cannot drill down further except to see nested policies.

Table 3-5 provides a legend for the icons which appear on the Policy tree.

Table 3-5 Policy Tree Legend

Icon Definition Description
Checkpoint

Checkpoint

The checkpoint is a decision and enforcement point when policies are call to run their rules.
Policy

Policy

The policies available in the system.

Disabled policies are grayed out.

Policies linked to multiple user groups are bold and highlighted.

To open the Policy Details page of a policy, double-click the Policy node. The Policy Details page can also be opened by clicking Open Selected from the context menu.

To view nested policies, expand the policy node.
All Users

All Users

Policy is linked to All Users.
One user

User Groups

Policy is linked to Users
No Users

No user group

No users are associated with the policy.
Trigger combination

Trigger combination

Trigger combinations exist in the policy.
More

More...

Summary information is available about the policy.

From the Policy tree, you can click the More icon for summary information on the policy.

Description of clkmore1.gif follows
Description of the illustration clkmore1.gif

3.4.4 About the Management Pages

The individual features and groups of items are organized on the Navigation tree. To open a component, double-click its node in the Navigation tree. The details of that node or a search page opens in a new tab on the right side of the console. A named tab identifies each open page, like the tabs on manila folders.

Only the active page is visible, with as many named tabs of other open pages that can fit on one line. You can click a named tab to return to the corresponding page.

The nodes and their corresponding pages are listed in Table 3-6.

Table 3-6 Open Pages

Node Subnode Pages

Dashboard

  

Dashboard

Sessions

  

Sessions

Cases

  

Cases search page

Policy Sets

  

Policy Sets page

Policies

  

Policies search page
 

Rules

Rules search page
 

Conditions

Conditions search page

Groups

  

Groups search page

Patterns

  

Pattern search page

Entities

  

Entity Definition Search page

Transactions

  

Transactions search page

Configurable Actions

  

Not available
 

Action Templates

Action Templates search page
 

Action Instances

Action Instance search page

KBA

  

Not available
   

Note: KBA is not available in offline mode.
 

Questions

Questions search page
 

Validations

Validations search page
 

Categories

Categories search page
 

Registration Logic

Registration Logic page
 

Answer Logic

Answer Logic page

Environment

  

Not available
 

System Snapshot

Snapshots search page
 

Properties

Properties search page

Scheduler

    
 

Jobs

New Job
 

Job Queue

  

3.4.4.1 Search Pages

The search page is the starting place for managing the environment, adaptive strong authentication, and risk management features, and groups of like items.

You can open a search page by:

  • Double-clicking a node in the Navigation tree

  • Right-clicking a node in the Navigation tree and selecting the List command from the context menu that appears

  • Selecting the node in the Navigation tree and then choosing the List command from the Actions menu

When a search page first appears, you see a search filter and a Search Results table. The Search Results table is initially empty. You must click the Search button to see a list of items.

To search for items:

  1. Select the criteria to search from the dropdown lists. The lists of available criteria varies according to the feature.

  2. Enter strings to match in the text boxes.

  3. Select or specify filters to narrow the search scope.

  4. Click the Search button to trigger the search and to display the results in the Search Results table.

The search returns all items that match the specified criteria; leave the fields empty to obtain the list of all items of the type.

3.4.4.1.1 Elements in the Search Form

This section describes the elements in the search forms.

Search

You can search for items using the attribute search criteria fields.

Reset

The Reset button enables you to reset the search criteria.

Saved Searches

You can create saved searches that persist for the duration of your session. You would enter the search criteria, then click the Save button to open the Personalize Saved Search dialog. The Personalize Saved Search dialog is used to specify how you want to save the search criteria you entered. You can name the search, for example, myspecialsearch, so that it displays in the Saved Search list.

Description of crsavsrch1.gif follows
Description of the illustration crsavsrch1.gif

3.4.4.1.2 Search Results Table

The Search Results table shows at most the first 200 matches found by the search.

You can sort the results by using the Sort Ascending and Sort Descending buttons next to the column name.

Sort buttons

If the description of an item is too long to be fully shown, positioning the cursor over the visible text displays the entire description.

Description of admin004.gif follows
Description of the illustration admin004.gif

Once an item is selected in the Search Results table, an action can be performed on it by clicking one of the icons on the toolbar or by selecting a command from the Actions menu.

If you want to see more details, click the available link for the item.

3.4.4.1.3 Search Results Menu and Toolbar

A menu and toolbar appears above the Search Results table. Figure 3-9 shows the Search Results Menu and Toolbar from the Patterns Search page with the New Pattern, Open Selected, Delete Selected, Deactivate Selected, Select All, Deselect All, and Export Selected commands available.

Figure 3-9 Results Menu and Toolbar

Description of Figure 3-9 follows
Description of "Figure 3-9 Results Menu and Toolbar"

The Actions menu and command buttons provide appropriate commands for the selection in the Navigation tree and Search Results table.

Table 3-7 shows command buttons that may be available, depending on the selection.

Table 3-7 Results Menu and Toolbar

Button Definition Description
Create action

Create

Opens a new page, which you can fill in to add a new item of the selected type. The new page opens as the active page on the right side of the Navigation tree.
Delete action

Delete

Removes the selected item.
Create Like action

Create Like

Creates a new item that is similar— or "like"—the existing one.
Activate action

Activate

Activates the selected item.
Deactivate action

Deactivate

Deactivates the selected item.
Detach action

Detach

Detaches the Results table.

3.4.4.1.4 Select All

You can select all the results to perform actions on by clicking the header of the Row column in the upper-left corner of the Search Results table.

Description of admin005.gif follows
Description of the illustration admin005.gif

3.4.4.1.5 Create and Import

Generally, buttons to create new items or import items are in the upper-right corner of the console.

Description of admin0061.gif follows
Description of the illustration admin0061.gif

3.4.4.1.6 Close Multiple Tabs

The small close tabs button in the upper-right corner of the console enables you to close the tabs you are viewing.

Close tabs button

If you have multiple tabs open, a Close Multiple Tabs dialog appears. To close multiple tabs, highlight the names of the tabs, and press OK.

Description of closemult.gif follows
Description of the illustration closemult.gif

3.4.4.2 Detail Pages

You can view details of a specific item by opening its details page.

A Case Details page is shown in Figure 3-10.

3.4.5 About the Dashboard

The dashboard presents a real-time view of activity via aggregates and trending.

The dashboard is divided into three sections:

  • The performance panel (Section 1) presents real-time data. It shows the performance of the traffic that is entering the system. A trending graph is shown of the different types of data based on performance.

  • The summary panel (Section 2) presents aggregate data based on time range and different data types.

  • The dashboard panel (Section 3) presents historical data. The detailed dashboards are used for trending data over time ranges.

3.4.6 About Online Help

To access online help documentation, on the upper right corner of any window, click Help to start the help window. A help topic for the relevant top-level search or details page is displayed. These help topics contain links to information in an online version of the Oracle Fusion Middleware Administrator's Guide for Adaptive Access Manager.

Selecting Managing Oracle Adaptive Access Manager 11g Online Help displays several topics in the online documentation.

Topics that are displayed by selecting Help appear in only English and Japanese languages. Online Help is not translated into the nine Admin languages.

Refer to the following illustration for an example of an online help window.

Description of online1.gif follows
Description of the illustration online1.gif

3.5 Using Search, Create, and Import

Oracle Adaptive Access Manager provides more than one way to search, create, and import.

Search

Depending on the selection, you can open a Search page by:

  • Double-clicking the node in the Navigation tree.

  • Right-clicking the node in the Navigation tree and selecting List item from the context menu.

  • Selecting the node in the Navigation tree and then choosing List item from the Actions menu.

  • Clicking the List item button in the Navigation tree toolbar.

Create

Depending on the selection, you can open a Create page by:

  • Clicking the New item button in the upper right of the console.

  • Right-clicking the node in the Navigation tree and selecting New item from the context menu.

  • Selecting the node in the Navigation tree and then choosing New item from the Actions menu.

  • Clicking the Create new items button in the Navigation tree toolbar.

  • Selecting the Create New item button from the Search Results toolbar.

  • Selecting New item from the Actions menu in Search Results.

Import

Depending on the selection, you can open a Import page by:

  • Clicking the Import item button in the upper right of the console.

  • Right-clicking the node in the Navigation tree and selecting Import item from the context menu.

  • Selecting the node in the Navigation tree and then choosing Import item from the Actions menu.

  • Clicking the Import items button in the Navigation tree toolbar.

3.6 Exporting Results to a Microsoft Excel Spreadsheet

You can generate a report of the results from the Search pages for policies, questions, validations, snapshots, properties, entities, transactions, conditions, groups, patterns, and so on.

To export results to a Microsoft Excel spreadsheet:

  1. Ensure the oaam.export.max.rows.allowed property is configured so that you are able to export all the rows needed. This property limits the maximum row selection.

  2. In a search page, select rows the rows of interest from the search results.

  3. Click the Export To Excel button.

    When the export confirmation dialog is shown, you can view the selected list. The export table with the selected rows shows the ID number and display name columns, so that you can easily identity and verify the selected rows before the export.

  4. Click Export to export the rows to a Microsoft Excel spreadsheet.