Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager
Release 11
g
(11.1.1)
Part Number E14568-06
Home
Book List
Index
Master Index
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Adaptive Access Manager 11
g
Release 1 (11.1.1)?
New Features for Oracle Adaptive Access Manager 11
g
Release 1 (11.1.1)
Feature Comparison Chart - Oracle Adaptive Access Manager 11
g
vs. Oracle Adaptive Access Manager 10
g
Concepts and Terminology Changes for Oracle Adaptive Access Manager 11
g
Part I Getting Started with Oracle Adaptive Access Manager
1
Introduction to Oracle Adaptive Access Manager
1.1
Benefits of Oracle Adaptive Access Manager
1.2
Oracle Adaptive Access Manager Features
1.3
Oracle Adaptive Access Manager Architecture
1.3.1
High Availability
1.4
Deployment Options
1.4.1
Single Sign-On Integration
1.4.2
Universal Installation Option Reverse Proxy
1.4.3
Native Application Integration
1.4.4
Web Services Application Integration
2
Setting Up the Oracle Adaptive Access Manager Environment for the First Time
2.1
Installation and Configuration
2.2
Setting Up the Oracle Adaptive Access Manager Base Environment
2.3
Setting Up CLI Environment
2.4
Setting Up Encryption and Database Credentials for Oracle Adaptive Access Manager
2.4.1
Overview of the Process
2.4.1.1
Setting up Encryption
2.4.1.2
Configuring Database Credentials in the Credential Store Framework
2.4.2
Prerequisites
2.4.3
Setting up Secret Key for Encrypting Configuration Values
2.4.4
Setting Up Secret Key for Encrypting Database Values
2.4.5
Generating an Encoded Secret Key
2.4.6
Adding Symmetric Key to the Credential Store Framework
2.4.7
Setting Up Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
2.4.8
Backing Up Secret Keys and Database and Configuration Keys
2.5
Creating OAAM Users
2.6
Importing the OAAM Snapshot
2.7
Importing IP Location Data
2.8
Importing Transaction Definitions
2.9
Enabling Components and Features
2.9.1
Enabling OTP
2.10
Setting the Time Zone Used for All Time Stamps in the Administration Console
2.10.1
Values for the Common Timezones
3
Oracle Adaptive Access Manager Navigation
3.1
Signing In to Oracle Adaptive Access Manager 11
g
3.2
OAAM Admin Console and Controls
3.3
Navigation Panel
3.4
Navigation Tree
3.4.1
Navigation Tree Structure
3.4.2
Navigation Tree Menu and Toolbar
3.5
Policy Tree
3.6
Management Pages
3.6.1
Search Pages
3.6.1.1
Elements in the Search Form
3.6.1.2
Search Results Table
3.6.1.3
Search Results Menu and Toolbar
3.6.1.4
Select All
3.6.1.5
Create and Import
3.6.1.6
Close Multiple Tabs
3.6.2
Detail Pages
3.7
Dashboard
3.8
Online Help
3.9
Search, Create, and Import
3.10
Export to Excel
3.11
Access Level to OAAM Admin
Part II Customer Service and Forensics
4
Managing and Supporting CSR Cases
4.1
Introduction and Concepts
4.1.1
Case
4.1.1.1
CSR Cases
4.1.1.2
Escalated Cases
4.1.2
Customer Service Representative (CSR)
4.1.3
CSR Manager
4.1.4
Fraud Investigator
4.1.5
Fraud Investigation Manager
4.1.6
Locked Status
4.1.7
Temporary Allow
4.1.8
Case Status
4.1.9
Severity Level
4.1.10
Expiration Date
4.1.11
Customer Resets
4.2
CSR and CSR Manager Role Permissions
4.3
Getting Started
4.4
Cases Search Page
4.4.1
Searching for Cases
4.4.2
Viewing a List of Cases
4.4.3
Viewing a List Cases You are Currently Working On
4.4.4
Searching for Open and Closed Cases
4.4.5
Searching Case by Description Keyword
4.4.6
Viewing a List of Cases
4.5
Case Details Page
4.5.1
Case Actions
4.5.2
Viewing Case Details
4.5.3
Viewing User Details
4.6
Viewing Case Activity
4.6.1
Viewing the Case History
4.6.2
Searching the Log of a Case
4.6.3
Viewing Escalated Case Logs and Notes
4.7
Viewing Customer's Sessions
4.7.1
Viewing a Customer's Session History
4.7.2
Searching for a Customer's Sessions
4.7.3
Searching for a Customer's Sessions by Device ID or Date Range
4.7.4
Filtering the Session History by Authentication Status or Alert Level
4.7.5
Viewing Transactions in the Sessions History
4.8
Creating a CSR Case
4.8.1
Creating a Case
4.8.2
Creating a Case Like Another Case
4.9
Performing Customer Resets
4.9.1
Resetting Image
4.9.2
Resetting Phrase
4.9.3
Resetting Image and Phrase
4.9.4
Unregistering Devices
4.9.5
Resetting OTP Profile
4.9.6
Resetting Virtual Authentication Device
4.9.7
Unlocking OTP
4.9.8
Resetting All Registration Data, Challenge Counters, and OTP Contact and Delivery Information
4.10
Performing Challenge Question Resets
4.10.1
Performing Challenge Questions Related Actions
4.10.2
Resetting Challenge Questions
4.10.3
Resetting Challenge Questions and the Question Set
4.10.4
Incrementing a Customer to His Next Question
4.10.5
Unlocking a Customer (KBA)
4.10.6
Performing KBA Phone Challenge
4.11
Enabling a Temporary Allow
4.12
Performing Case Actions
4.12.1
Adding Notes to Cases
4.12.2
Changing Severity Level of a Case
4.12.3
Changing Status of a Case
4.12.3.1
Changing Case Status to Pending
4.12.3.2
Closing a Case
4.12.3.3
Authenticating Closed Cases
4.12.4
Extending Expiration
4.12.5
Escalating a Case
4.12.6
Escalating a CSR Case to an Agent Case
4.12.7
Bulk-Editing CSR Cases
4.13
Configuring Expiry Behavior for CSR Cases
4.14
Reporting
4.15
Multitenancy
4.15.1
Enabling Multitenancy
4.15.2
Changing Permissions
4.15.3
Access to Cases
4.15.4
Searching Sessions
4.15.5
Examples of Multitenancy in OAAM
4.15.5.1
CSR Creates a Case
4.15.5.2
CSR is unable to Create Case Successfully for Organization and Login Combination
4.15.5.3
CSR is able to Create Case Successfully for Organization and Login Combination
4.15.5.4
CSR Has Access to More Than One Organization ID Is Unable to Create Case
4.15.5.5
CSR Has Access to More Than One Organization ID is able to Create Case Successfully
4.15.5.6
CSR Who Cannot Access Any Organization Tries to Create Case
4.15.5.7
CSR Acts On Case
4.15.5.8
CSR Views Case Details
4.15.5.9
CSR Searches Sessions
4.15.5.10
Agent Creates a Case
4.15.5.11
CSR Searches Cases
4.16
Use Cases
4.16.1
Use Case: Customer Session Search and Case Creation
4.16.2
Use Case: Reset Challenge Questions
4.16.3
Use Case: Reset Image and Phrase
4.16.4
Use Case: Bulk Edit CSR Cases
4.16.5
Use Case: CSR Manager Bulk Case Edit
4.16.6
Use Case: CSR - Ask Questions
4.17
Best Practices and Recommendations
5
Investigation Using Agent Cases
5.1
Introduction and Concepts
5.1.1
Agent Cases
5.1.2
Case Status
5.1.2.1
New and Pending Cases
5.1.2.2
Closed Cases
5.1.2.3
Escalated Cases
5.2
Fraud Investigation Role Permission
5.3
Opening the Case Search Page
5.4
Searching for Cases
5.5
Viewing, Editing, and Creating Cases
5.5.1
Viewing a List of Cases
5.5.2
Viewing a List Cases You are Currently Working On
5.5.3
Viewing Agent Case Details
5.5.3.1
Summary Tab
5.5.3.2
Linked Sessions
5.5.3.3
Logs
5.5.4
Creating Agent Cases
5.5.5
Creating an Agent Case Manually
5.5.6
Creating an Agent Case Automatically by a Configurable Action
5.5.7
Creating an Agent Case from an Escalation
5.5.8
Creating a Case Like Another Agent Case
5.6
Editing Agent Cases
5.6.1
Adding Notes to Cases
5.6.2
Changing Severity Level of a Case
5.6.3
Changing Status of a Case
5.6.3.1
Changing the Status of a Case Manually
5.6.3.2
Configuring Auto Change for Case Status
5.6.4
Closing Cases
5.6.4.1
Closing a Case Manually
5.6.4.2
Closing Multiple Cases
5.6.5
Bulk-Editing Agent Cases
5.7
Linking and Unlinking Suspected Sessions to a Case
5.7.1
Linking Sessions
5.7.2
Export Linked Session for Further Analysis
5.7.3
Unlinking Linked Sessions
5.8
Agent Case Feedback
5.9
Configuring Agent Case Access
5.10
Configuring Expiry/Overdue Behavior for Agent Cases
5.10.1
Set "Overdue" Behavior for Agent Cases (Default Setting)
5.10.2
Disable "Overdue/Expiry" Behavior for Agent Cases
5.10.3
Set "Expiry" Behavior for Agent Cases
5.11
Agent Use Cases
5.11.1
Agent Creation
5.11.2
Investigation Workflow Scenario - Blocked Login Attempts
5.11.3
Investigation Workflow for CSR Escalated Agent Cases
5.11.4
Investigation Workflow for Manually Created Cases
5.11.5
Investigation Workflow for Auto-Created Cases
5.11.6
How Users Use Agent Cases for Investigation
5.11.7
Associating Fraud Sessions with a Case for Investigation
5.11.8
Listing the Cases that I Am Currently Working With
5.11.9
Marking One or More Sessions as Confirmed Fraud
5.11.10
Closing a Case
5.11.11
Closing Multiple Cases
5.11.12
Auto-Status Change (Escalated Cases)
5.12
Best Practices and Recommendations
6
Viewing Additional Details for Investigation
6.1
Details Pages Overview
6.2
Details Page Structure
6.3
Prerequisites
6.3.1
Multitenant Access
6.3.2
View Transactions in Session Details
6.4
Searching for Sessions
6.5
Export Sessions to Excel
6.6
Add to Group
6.6.1
Add to Group From Sessions
6.6.2
Add to Group from Details Pages
6.7
Session Details Page
6.8
Looking at Events from a Higher Level with Session Details
6.8.1
Policy Explorer
6.8.2
Runtime Information
6.8.2.1
Session Details
6.8.2.2
Policies
6.8.2.3
Transactions
6.8.3
Action, Alerts, and Scores
6.8.4
Outcomes from Each Checkpoints
6.9
Investigation and the Importance of Details Pages
6.10
Viewing Alerts
6.11
User Details Page
6.11.1
User Details: Summary Tab
6.11.2
User Details: Groups Tab
6.11.3
User Details: Devices Tab
6.11.4
User Details: Locations Tab
6.11.5
User Details: Sessions Tab
6.11.6
User Details: Alerts Tab
6.11.7
User Details: Fingerprint Data
6.11.8
User Details: Policies Tab
6.11.9
User Details Tasks
6.11.9.1
View general user information, registration information, and profile information
6.11.9.2
View the actions performed by the user during registration
6.11.9.3
View statistics about the user
6.11.9.4
Search and view the different devices used for a user to get additional information like the number of times a device is used by a user and the successful and unsuccessful login attempts from each device
6.11.9.5
Search and view the different user groups with which a user is associated
6.11.9.6
Search and view the different locations used for a user to get additional information such as the number of times a location is used by a user and the successful and unsuccessful login attempts from each location
6.11.9.7
Search and view all the alerts triggered and generated for the user
6.11.9.8
Search and view all the login sessions or search login sessions for a particular period for the user
6.11.9.9
View the rules run on the user
6.11.9.10
Search and view the fingerprints created for the user
6.11.9.11
Add user to user group
6.11.9.12
Create a new user group and add user to the newly created group
6.11.9.13
Remove user from user group
6.11.9.14
Navigate to other details pages for groups, alerts, devices, locations, sessions, policy, rules and fingerprints
6.12
IP or Locations (Country, State, or City) Details Page
6.12.1
Location Details: Summary Tab
6.12.2
Location Details: Groups Tab
6.12.3
Location Details: Users Tab
6.12.4
Location Details: Devices Tab
6.12.5
Location Details: Alerts Tab
6.12.6
Location Details: Sessions Tab
6.12.7
Location Details: Fingerprints Tab
6.12.8
Location (Country, State, City, or IP) Details Tasks
6.12.8.1
View general information about the location
6.12.8.2
Search and view the different location groups to which a location is associated or belongs
6.12.8.3
Add location to existing location group
6.12.8.4
Create a location group and add location to it
6.12.8.5
Search and view the different users that logged in from the location get additional information like the number of times a user logged in from the location and the successful and unsuccessful login attempts from the location by each user
6.12.8.6
Search and view the different devices that logged in from the location get additional information like the number of times a device logged in from the location and the successful and unsuccessful login attempts from the location by each device
6.12.8.7
Search and view all the alerts triggered and generated for the location
6.12.8.8
Search and view all the login sessions or search login sessions for a particular period for the location
6.12.8.9
Search and view the fingerprints created for the location
6.12.8.10
Navigate to other details pages for groups, alerts, devices, users, sessions and fingerprints
6.13
Device Details Page
6.13.1
Device Details: Summary Tab
6.13.2
Device Details: Groups Tab
6.13.3
Device Details: Users Tab
6.13.4
Device Details: Locations Tabs
6.13.5
Device Details: Alerts Tab
6.13.6
Device Details: Sessions Tab
6.13.7
Device Details: Fingerprint Data Tab
6.13.8
Device Details Tasks
6.13.8.1
View general information about the device
6.13.8.2
View flash and browser fingerprint information created for the device
6.13.8.3
Search and view the different device groups to which a device is associated or belongs
6.13.8.4
Add/Remove Device from a Device Group
6.13.8.5
Create a device group and add device to it
6.13.8.6
Search and view the different users that used the device to login to get additional information like the number of times the device was used by a user and the successful and unsuccessful login attempts for the device by each user
6.13.8.7
Search and view the different locations from which the device was used for login to get additional information like the number of times the device was used from a location and the successful and unsuccessful login attempts for the device from each location
6.13.8.8
Search and view all the alerts triggered and generated for the device
6.13.8.9
Search and view all the login sessions or search login sessions for a particular period for the device
6.13.8.10
Search and view the fingerprints created for the device
6.13.8.11
Navigate to other details pages for groups, alerts, users, locations, sessions and fingerprints
6.14
Browser or Flash Fingerprint Details
6.14.1
Fingerprint Details: Summary Tab
6.14.2
Fingerprint Details: Users Tab
6.14.3
Fingerprint Details: Devices Tab
6.14.4
Fingerprint Details: Locations Tab
6.14.5
Fingerprint Details: Sessions Tab
6.14.6
Fingerprint Details: Alerts Tab
6.14.7
Fingerprint Details Tasks
6.14.7.1
View flash fingerprint details
6.14.7.2
View browser fingerprint details
6.14.7.3
Search and view the different users for which the fingerprint was used
6.14.7.4
Search and view the different devices for which the fingerprint was used
6.14.7.5
Search and view the different locations for which the fingerprint was used
6.14.7.6
Search and view all the login sessions or search login sessions for a particular period for the fingerprint
6.14.7.7
Navigate to other details pages for users, devices, sessions and locations
6.15
Alert Details Page
6.15.1
Alert Details: Summary Tab
6.15.2
Alert Details: Users Tab
6.15.3
Alert Details: Devices Tab
6.15.4
Alert Details: Locations Tab
6.15.5
Alert Details: Sessions Tab
6.15.6
Alerts Details: Fingerprint Data
6.15.7
Alert Details Tasks
6.15.7.1
View general information about the alert
6.15.7.2
View alert groups with which an alert is associated
6.15.7.3
Add alert from alert groups
6.15.7.4
Create an alert group and add an alert to it
6.15.7.5
Search and view the different users for which the alert was generated
6.15.7.6
Search and view the different devices for which the alert was generated
6.15.7.7
Search and view the different locations for which the alert was generated
6.15.7.8
Search and view all the login sessions or search login sessions for a particular period for the alert
6.15.7.9
Search and view the fingerprints created
6.15.7.10
Navigate to other details pages for groups, users, devices, locations, sessions and fingerprints
6.16
Uses Cases
6.16.1
Use Case: Search Sessions
6.16.2
Use Case: Session Details Page
6.16.3
Use Case: Checking for Fraudulent Devices and Adding Them to a Group
6.16.4
Use Case: Exporting the Sessions from the Last One Week
6.16.5
Use Case: User Details, Fingerprint Details
6.16.6
Use Case: Device and Location Details
6.16.7
Use Case: IP Details and Adding to Group
6.16.8
Use Case: Viewing the Sessions from a Range of IPs
6.16.9
Use Case: Checking If a User Failed to Login From a Particular Device or IP
6.16.10
Use Case: Checking If Users Logging In from This IP Used Spanish Browsers
6.16.11
Use Case: Adding Devices Used for Fraud from a Location To a Risky Group
6.16.12
Use Case: Adding Suspicious Device to High Risk Device Group
6.16.13
Use Case: Mark Devices and IPs as High Risk
6.16.14
Use Case: Search for Suspicious Sessions and Add Devices to High Risk Group
6.16.15
Use Case: Search Sessions by Alert Message
6.16.16
Use Case: Search Sessions by Geography
6.16.17
Use Case: Search by Comma Separated Values
6.16.18
Use Case: Export Search Sessions Results to Excel
6.16.19
Use Case: Export Search Sessions Results - Export Page to Excel
Part III Managing KBA and OTP
7
Managing Knowledge-Based Authentication
7.1
Introduction and Concepts
7.1.1
Knowledge Based Authentication
7.1.2
Challenge Response Process
7.1.3
Challenge Response Configuration
7.1.4
Registration
7.1.5
Challenge Questions
7.1.6
Question Set
7.1.7
Registration Logic
7.1.8
Answer Logic
7.1.9
Validations
7.1.10
Failure Counters
7.1.11
KBA Resets
7.1.11.1
Reset Challenge Questions
7.1.11.2
Reset Challenge Questions and the Set of Questions to Choose From
7.1.11.3
Increment User to the Next Question
7.1.11.4
Unlock a User
7.1.11.5
Ask Question (KBA Phone Challenge)
7.1.12
Disable Question and Category Logic
7.1.13
Locked Status
7.2
Setting Up KBA Overview
7.2.1
Loading Challenge Questions
7.2.2
Setting Up KBA
7.2.3
Setting Up Challenge
7.2.4
User Flow
7.3
Setting Up the System to Use Challenge Questions
7.3.1
Ensure Policies are Available
7.3.2
Ensuring that KBA Properties/Default Properties are Set
7.3.3
Ensure Challenge Questions are Available
7.3.4
Enabling Policies
7.4
Accessing Configurations in KBA Administration
7.5
Managing Challenge Questions
7.5.1
Searching for a Challenge Question
7.5.2
Viewing Question Details and Statistics
7.5.3
Creating a New Question
7.5.4
Creating a Question Like Another Question
7.5.5
Editing a Question
7.5.6
Importing Questions
7.5.7
Exporting Questions
7.5.8
Deleting a Question
7.5.9
Disabling a Question
7.5.10
Activating Questions
7.6
Setting Up Validations for Answer Registration
7.6.1
Using the Validations Page
7.6.2
Adding a New Validation
7.6.3
Editing an Existing Validation
7.6.4
Importing Validations
7.6.5
Exporting Validations
7.6.6
Deleting Validations
7.7
Managing Categories
7.7.1
Searching for a Category
7.7.2
Creating a New Category
7.7.3
Editing a Category
7.7.4
Deleting Categories
7.7.5
Activating Categories
7.7.6
Deactivating Categories
7.8
Configuring the Registration Logic
7.9
Adjusting Answer Logic
7.9.1
About Answer Logic
7.9.2
Common Response Errors
7.9.2.1
Abbreviations
7.9.2.2
Phonetics
7.9.2.3
Keyboard Fat Fingering
7.9.3
Level of Answer Logic
7.9.3.1
Abbreviation
7.9.3.2
Fat Fingering
7.9.3.3
Phonetics
7.9.3.4
Multiple Word Answers
7.9.4
Configuring Answer Logic
7.10
Customizing English Abbreviations and Equivalences
7.11
Customizing Abbreviations and Equivalences for Locales
7.12
Use Cases
7.12.1
Use Case: Create Challenge Question
7.12.2
Use Case: KBA Registration Logic
7.12.3
Use Case: KBA Phone Challenge
7.12.4
KBA Question Edits
7.12.5
KBA Answer Logic Edits
7.13
KBA Guidelines and Recommended Requirements
7.13.1
Best Practices for Managing Questions
7.13.2
Guidelines for Designing Challenge Questions
7.13.3
Guidelines for Answer Input
7.13.4
Other Recommended Requirements
8
Enabling Challenge Questions
8.1
What is KBA?
8.2
Phased Approach for Registration
8.2.1
Phase 1 - No Registration
8.2.2
Phase 2 - Optional Registration
8.2.3
Phase 3 - Required Registration
8.3
Checklist for Enabling Challenge Questions
8.4
Ensure Policies are Available
8.5
Ensuring KBA Properties/Default Properties are Set
8.6
Ensure Challenge Questions are Available
8.7
Enabling Policies
8.8
Configuring Rules for Policies
8.9
Configuring the Challenge Question Answer Validation
8.10
Configuring the Answer Logic
9
Setting Up OTP Anywhere
9.1
Introduction and Concepts
9.1.1
What is a One Time Password
9.1.2
About Out-of-Band OTP Delivery
9.1.3
How Does OTP Work?
9.1.4
OTP Failure Counters
9.2
Challenge Type
9.3
KBA vs. OTP
9.4
Quick Start
9.5
Setting Up OTP Anywhere
9.5.1
Setup Overview
9.5.2
Configure UMS
9.5.2.1
Install SOA Suite
9.5.2.2
Configure the UMS Driver
9.5.3
Configuring UMS Server URLs and Credentials
9.5.4
Enabling and Defining the OTP Challenge
9.5.5
Configuring Policies and Rules to Use OTP Challenge
9.5.6
Enabling Registration and Preferences
9.5.7
Customizing Registration Fields and Validations
9.5.8
Customizing Terms and Conditions
9.5.9
Customizing Registration Page Messaging
9.5.10
Customizing Challenge Page Messaging
9.5.11
Customizing OTP Message Text
9.5.12
Configuring OTP Presentation
9.5.13
Customize Failure Counter
9.6
Use Cases
9.6.1
User Case 1: UMS / OTP Configuration
9.6.2
Use Case 2: Always Challenge by Group
9.6.3
Use Case 3: CSR OTP Profile Reset with High Risk Always Challenge by Group
9.6.4
Use Case 4: Unregistered Low Risk User (Risk Score 500 or Below)
9.6.5
Use Case 5: Registered Low Risk User (Risk Score 500 or Below)
9.6.6
Use Case 6: Unregistered High Risk User (Risk Score Above 500)
9.6.7
Use Case 7: Registered High Risk User (Risk Score Above 500)
9.6.8
Use Case 8: Register High Risk Lockout
9.6.9
Use Case 9: High Risk Exclusion
9.6.10
Use Case 10: OTP Challenge with Multi-Bucket Patterns
Part IV Managing Policy Configuration
10
Managing Policies, Rules, and Conditions
10.1
Introduction to Policies, Rules, and Conditions
10.1.1
Policies
10.1.2
Rules
10.1.3
Conditions
10.1.4
Checkpoints
10.1.5
Groups
10.1.6
Actions and Action Groups
10.1.7
Alerts and Alert Groups
10.1.8
User Group Linking
10.1.9
Run Mode
10.1.10
Trigger Combinations and Triggers
10.1.11
Nested Policies
10.1.12
Evaluating a Policy within a Rule
10.1.13
Scores and Weight
10.1.14
Scoring Engine
10.1.15
Import Policies
10.1.16
Policy Type
10.1.17
Failure Counters
10.2
Planning Policies
10.3
Overview of Creating a Policy
10.4
Navigating to the Policies Search Page
10.5
Searching for a Policy
10.6
Viewing a Policy or a List of Policies
10.7
Viewing Policy Details
10.8
Creating Policies
10.9
Linking Policy to All Users or a User ID Group
10.9.1
Linking a Policy to a Group
10.10
Editing a Policy's General Information
10.11
Activate/Disable Policies
10.12
Adding a New Rule
10.12.1
Starting the Rule Creation Process
10.12.2
Specifying General Rule Information
10.12.3
Configuring Preconditions
10.12.4
Adding Conditions
10.12.5
Specifying Results for the Rule
10.12.6
Adding or Copying a Rule to a Policy
10.13
Working with Trigger Combinations
10.13.1
Specifying Trigger Combinations
10.13.2
Changing the Sequence of the Trigger Combination
10.13.3
Deleting a Trigger Combination
10.14
Deleting Policies
10.15
Copying a Rule to a Policy
10.16
Copying a Policy to Another Checkpoint
10.17
Exporting and Importing a Policy
10.17.1
Exporting a Policy
10.17.2
Importing a Policy
10.18
Navigating to the Rules Search Page
10.19
Searching for Rules
10.20
Viewing Rule Details
10.21
Editing Rules
10.21.1
Modifying the Rule's General Information
10.21.2
Specifying Preconditions
10.21.3
Specifying the Results for a Rule
10.22
Working with Scores and Weights
10.23
Activate/Disable Rule
10.24
Deleting Rules
10.25
Searching Conditions
10.26
Importing Conditions
10.27
Adding Conditions to a Rule
10.28
Viewing the Condition Details of a Rule
10.29
Exporting a Condition
10.30
Editing Conditions
10.31
Changing the Order of Conditions in a Rule
10.32
Deleting Conditions
10.33
Deleting Conditions from a Rule
10.34
Use Cases
10.34.1
Use Case: Rule Exception Group
10.34.2
Use Case: Import Policy
10.34.3
Use Case: Create a Policy
10.34.4
Use Case: Add New Rule
10.34.5
Use Case: Link Group to Rule Condition
10.34.6
Use Case: Copy Rule
10.34.7
Use Case: Trigger Combination
10.34.8
Use Case: Trigger Combination and Rule Evaluation
10.34.9
Use Case: Configuring User Flow
10.34.10
Use Case: Edit Existing Security Policy
10.34.11
Use Case: Policy Set Scoring Engine
10.34.12
Use Case: Copy Policy
10.34.13
Use Case: Conditions: IP: Login Surge
10.34.14
Use Case: Canceling Rule Creation
10.34.15
Use Case: Disable Trigger Combinations
10.34.16
Use Case: Condition: Evaluate Policy
10.35
Best Practices
10.35.1
Adding or Editing Policies/Rules
11
OAAM Security and Autolearning Policies
11.1
Authentication Flow
11.2
Forgot Password Flow
11.3
Reset Password (KBA-Challenge) Flow
11.4
OAAM Checkpoints and Responsibilities
11.5
Out-of-the-Box OAAM Policies
11.5.1
Pre-Authentication Policies
11.5.1.1
OAAM Pre-Authentication
11.5.2
Authentication Pad Policies
11.5.2.1
OAAM AuthenticationPad
11.5.3
Post-Authentication Policies
11.5.3.1
OAAM Post-Authentication Security
11.5.3.2
OAAM Predictive Analysis
11.5.3.3
Auto-learning (Pattern-Based) Policy: OAAM Does User Have Profile
11.5.3.4
Auto-learning (Pattern-Based) Policy: OAAM Users vs. Themselves
11.5.3.5
Autolearning (Pattern-Based) Policy: OAAM Users vs. All Users
11.5.4
Registration Policies
11.5.4.1
OAAM Registration
11.5.5
Challenge Policies
11.5.5.1
OAAM Challenge
11.5.6
Customer Care Policies
11.5.6.1
OAAM Customer Care Ask Question
11.6
Use Cases
11.6.1
Use Case: WebZIP Browser
11.6.2
Use Case: IP Risky User OTP Challenge
11.6.3
Use Case: Anonymizer IP - From the Group
11.6.4
Use Case: Pattern Based Evaluation
12
Managing Groups
12.1
About Groups
12.2
Group Types
12.3
Group Usage
12.4
User Flows
12.5
Navigating to the Groups Search Page
12.6
Searching for a Group
12.7
Viewing Details about a Group
12.8
Adding an Entity to a Group
12.9
Group Characteristics
12.10
Creating a Group
12.10.1
Defining a Group
12.10.2
Adding Members to a Group
12.11
Creating a New Element/Member to Add to the Group (No Search and Filter Options)
12.12
Filtering an Existing List to Select an Element to Add to the Group (No Creation of a New Element)
12.12.1
Adding a City to a Cities Group
12.12.2
Adding a State to a States Group
12.12.3
Adding a Country to a Country Group
12.13
Searching for and Adding Existing Elements or Creating and Adding a New Element
12.13.1
Selecting an Element to Add as a Member to the Group
12.13.2
Creating an Element (Member) to Add to the Group
12.14
Adding Alerts to a Group
12.14.1
Selecting an Existing Alert to Add to the Alert Group
12.14.2
Creating a New Alert to Add to the Alert Group
12.15
Searching for and Adding Existing Elements
12.15.1
Selecting an Element to Add as a Member to the Group
12.15.2
Adding Actions to an Action Group
12.15.2.1
Selecting an Existing Action to Add to an Action Group
12.15.2.2
Creating a New Action to Add to an Action Group
12.16
Editing a Member of a Group
12.17
Removing Members of a Group
12.18
Removing a User from a User Group
12.19
Exporting and Importing a Group
12.19.1
Exporting a Group
12.19.2
Importing a Group
12.20
Deleting Groups
12.21
Updating a Group Directly
12.22
Use Cases
12.22.1
Use Case: Migration of Groups
12.22.2
Use Case: Create Alert Group and Add Members
12.22.3
Use Case: Remove User from Group
12.22.4
Use Case: Block Users from a Black-listed Country
12.22.5
Use Case: Company Wants to Block Users
12.22.5.1
Create Country Blacklist Policy (1): Create Fraudulent Country Policy and Rule
12.22.5.2
Create Country Blacklist Policy (2): Create Country Group
12.22.5.3
Create Country Blacklist Policy (3): Create Fraud High Alert Group
12.22.5.4
Create Country Blacklist Security Policy (4 of 5): Create Block Action Group
12.22.5.5
Create Country Blacklist Security Policy (5 of 5): Attach Groups to Fraudulent Country Rule
12.22.6
Use Case: Block Users from Certain Countries
12.22.7
Use Case: Allow Only Users from Certain IP Addresses
12.22.8
Use Case: Check Users from Certain Devices
12.22.9
Use Case: Monitor Certain Users
12.23
Best Practices
13
Managing the Policy Set
13.1
Introduction and Concepts
13.1.1
Policy Set
13.1.2
Action and Score Overrides
13.1.3
Before You Begin
13.2
Navigating to the Policy Set Details Page
13.3
Viewing Policy Set Details
13.4
Adding or Editing a Score Override
13.5
Adding or Editing an Action Override
13.6
Editing a Policy Set
13.7
Use Cases
13.7.1
Use Case: Policy Set - Overrides
13.7.2
Policy Set - Overrides (Order of Evaluation)
13.8
Best Practices for the Policy Set
14
Using the Scoring Engine
14.1
Concept of Scores
14.1.1
Score
14.1.2
Weight
14.1.3
Rule
14.1.4
Policy
14.1.5
Policy Type
14.1.6
Checkpoint
14.1.7
Policy Set
14.1.8
Scoring Engines
14.2
How Does Risk Scoring Work?
14.2.1
Score Propagation
14.2.2
Nested Policies
14.2.3
Scoring Override
14.2.4
Action and Alert Overrides
14.3
Score Calculations
14.3.1
Policy Score
14.3.1.1
Aggregate Score
14.3.1.2
Average Score
14.3.1.3
Maximum Score
14.3.1.4
Minimum Score
14.3.1.5
Weighted Average Score
14.3.1.6
Weighted Maximum Score
14.3.1.7
Weighted Minimum Score
14.3.2
Checkpoint Score
14.3.2.1
Average Score
14.3.2.2
Maximum Score
14.3.2.3
Minimum Score
14.3.2.4
Weighted Average Score
14.3.2.5
Weighted Maximum Score
14.3.2.6
Weighted Minimum Score
14.4
Best Practices
15
Creating Checkpoints
15.1
Creating a New Checkpoint
15.2
Creating a Checkpoint Example
16
Managing System Snapshots
16.1
Concepts
16.1.1
Snapshots
16.1.2
Snapshot Storage
16.1.3
Snapshot Metadata
16.1.4
Backup
16.1.5
Restore
16.1.6
How Restore Works
16.2
Navigating to the System Snapshot Search Page
16.3
Searching for a Snapshot
16.4
Viewing Details of a Snapshot
16.5
Creating a Backup
16.5.1
Backing Up the Current System to the System Database
16.5.2
Backing Up the System Configuration in Database and File
16.5.3
Backing Up the Current System to a File
16.6
Restoring a Snapshot
16.6.1
Steps to Restore Selected Snapshot
16.6.2
Loading and Restoring a Snapshot
16.6.3
Snapshot Restore Considerations
16.6.3.1
Snapshot in Live System (Single Server)
16.6.3.2
Snapshot Restore in Multi-Server System (Connected to the Same Database)
16.6.3.3
Snapshot Restore in Multi-Server Running Different Versions
16.7
Importing a Snapshot
16.8
Deleting a Snapshot
16.9
Limitations of Snapshots
16.10
Diagnostics
16.11
Use Cases
16.11.1
System Snapshot Import/Export
16.11.2
Use Case: User Exports Policy Set as a Record for Research
16.11.3
Use Case: User Replaces Entire System
16.11.4
Use Case: User Identifies Policy Set to Import
16.12
Best Practices for Snapshots
Part V Autolearning
17
Managing Autolearning
17.1
Introduction and Concepts
17.1.1
Autolearning
17.1.2
Patterns
17.1.3
Member Types and Attributes
17.1.4
Buckets
17.1.5
Pattern Rules Evaluations
17.1.6
Bucket Population
17.2
Quick Start for Enabling Autolearning for Your System
17.3
Before You Begin to Use Autolearning
17.3.1
Importing Base Authentication-Related Entities
17.3.2
Enabling Autolearning Properties
17.3.3
Importing Autolearning Policies into the Server
17.3.4
Using Autolearning in Native Integration
17.4
User Flows
17.4.1
Creating a New Pattern
17.4.2
Editing a Pattern
17.5
Navigating to the Patterns Search Page
17.6
Searching for a Pattern
17.7
Navigating to the Patterns Details Page
17.8
Viewing Pattern Details
17.8.1
Viewing Details of a Specific Pattern
17.9
Creating and Editing Patterns
17.9.1
Creating a Pattern
17.9.2
Adding Attributes
17.9.3
Activating and Deactivating Patterns
17.9.3.1
Activating Patterns
17.9.3.2
Deactivating Patterns
17.9.4
Editing the Pattern
17.9.5
Changing the Status of the Pattern
17.9.6
Adding or Changing Member Types
17.9.7
Changing the Evaluation Priority
17.9.8
Editing Attributes
17.9.9
Deleting Attributes
17.10
Importing and Exporting Patterns
17.10.1
Importing Patterns
17.10.2
Exporting Patterns
17.11
Deleting Patterns
17.12
Using Autolearning Data/Profiling Data
17.12.1
Create a Policy that Uses Autolearning Conditions
17.12.2
Associate Autolearning Condition with Policy
17.12.3
Check Session Details
17.13
Use Cases
17.13.1
Use Case: Challenge Users If Log In Different Time Than Normally
17.13.2
Use Case: Test a Pattern
17.13.3
Use Case: Track Off-Hour Access
17.13.4
Use Case: User Logs in During a Certain Time of Day More Than X Times
17.13.5
Use Case: Patterns Can have Multiple Member Types
17.13.6
Use Case: City Usage
17.13.7
Use Case: Autolearning Adapts to Behavior of Entities
17.13.8
Use Case: Single Bucket Pattern
17.13.9
Use Case: Using Pattern
17.13.10
Use Case: Logins from Out of State
17.14
Autolearning Properties
17.15
Checking if Autolearning Pattern Analysis Functioning
17.16
Checking if Autolearning Rules are Functioning
17.17
Autolearning Classes and Logging
17.18
Pattern Attributes Reference
17.19
Pattern Attributes Operators Reference
17.19.1
For Each
17.19.2
Equals
17.19.3
Less Than
17.19.4
Greater Than
17.19.5
Less Than Equal To
17.19.6
Greater Than Equal To
17.19.7
Not Equal
17.19.8
In
17.19.9
Not In
17.19.10
Like
17.19.11
Not Like
17.19.12
Range
17.19.12.1
Fixed Range
17.19.12.2
Fixed Range with Steps (or Increment)
17.19.12.3
Upper Unbound Ranges with Steps
18
Managing Configurable Actions
18.1
Introduction and Concepts
18.1.1
Configurable Actions
18.1.2
Action Templates
18.1.3
Deploying a Configurable Action
18.2
Creating Configurable Actions
18.2.1
Define New Action Template
18.2.2
Use Existing Action Template
18.2.3
Create Action Instance
18.3
Navigating to the Action Templates Search Page
18.4
Searching for Action Templates
18.5
Viewing Action Template Details
18.6
Creating a New Action Template
18.7
Navigating to the Action Instances Search Page
18.8
Searching for Action Instances
18.9
Creating an Action Instance and Adding it to a Checkpoint
18.10
Creating a Custom Action Instance
18.11
Editing an Action Template
18.12
Exporting Action Templates
18.13
Importing Action Templates
18.14
Moving an Action Template from a Test Environment
18.15
Deleting Action Templates
18.16
Viewing a List of Configurable Action Instances
18.17
Viewing the Details of an Action Instance
18.18
Editing an Action Instance
18.19
Deleting an Existing Action Instance
18.20
Out-of-the-Box Configurable Actions
18.20.1
Defining CaseCreationAction
18.20.2
Defining AddItemtoListAction
18.21
Use Cases
18.21.1
Use Case: Add Device to Black List
18.21.2
Use Case: Add Device to Watch-list Action
18.21.3
Use Case: Custom Configuration Action
18.21.4
Use Case: Create Case
19
Predictive Analysis
19.1
Important Terms
19.1.1
Predictive Analysis
19.1.2
Data Mining
19.1.3
ODM
19.1.4
Predictive Models
19.2
Prerequisites
19.3
Initial Setup
19.4
Rebuild the ODM Models to Provide Feedback and Update Training Data
19.5
Policy Evaluation
19.6
Tuning the Predictive Analysis Rule Conditions
19.7
Adding Custom Database Views
19.8
Adding Custom Grants
19.9
Adding New ODM Models
19.10
Adding Custom Input Data Mappings
19.10.1
When to Use
19.10.2
Using OAAM Attributes to Build a Custom Input Data Mapping
19.10.3
Using Custom Attributes to Build a Custom Input Data Mapping
Part VI Managing Transactions
20
Creating and Managing Entities
20.1
Introduction and Concepts
20.1.1
Entities
20.1.2
Data Elements
20.1.3
Display Element
20.1.4
ID Scheme
20.1.5
Internal ID
20.1.6
External ID
20.2
Navigating to the Entities Search Page
20.3
Searching for Entities
20.4
Creating an Entity
20.4.1
Initial Steps
20.4.2
Adding and Editing Data Elements
20.4.3
Selecting Elements for the ID Scheme
20.4.4
Specifying Data for the Display Scheme
20.4.5
Activating the Entity
20.5
Viewing Details of a Specific Entity
20.6
Editing the Entity
20.7
Exporting Entities
20.8
Importing Entities
20.9
Activating Entities
20.10
Deactivating Entities
20.11
Deleting Entities
20.12
Re-ordering the Rows in the ID Scheme and Display tabs
20.13
Best Practices
21
Managing Transactions
21.1
Introduction and Concepts
21.1.1
Transactions
21.1.2
Entities
21.1.3
Transaction Data
21.1.4
Transaction Handling
21.2
Overview of Defining and Using Transaction Definition
21.3
Navigating to the Transactions Search Page
21.4
Searching for a Transaction Definition
21.5
Viewing Transaction Definitions
21.6
Prerequisites for Using Transactions
21.7
Creating the Transaction Definition
21.8
Adding an Existing Entity to the Transaction
21.9
Creating a New Entity and Adding It to the Transaction
21.10
Defining Transaction Data for the Transaction at the Oracle Adaptive Access Manager End
21.11
Defining Parameters for the Transaction from the Client's End
21.12
Mapping the Source Data
21.12.1
Mapping Transaction Data to the Source Data
21.12.2
Mapping Entities to the Source Data
21.12.3
Editing Mapping
21.13
Activating the Transaction Definition
21.14
Editing a Transaction Definition
21.15
Exporting Transaction Definitions
21.16
Importing Transaction Definition
21.17
Activating a Transaction Definition
21.18
Deactivating a Transaction Definition
21.19
Deleting Transaction Definitions
21.20
Use Cases
21.20.1
Implementing a Transaction Use Case
21.20.2
Use Case: Transaction Frequency Checks
21.20.3
Use Case: Transaction Frequency and Amount Check against Suspicious Beneficiary Accounts
21.20.4
Use Case: Transaction Check against Blacklisted Deposit and Beneficiary Accounts
21.20.5
Use Case: Transaction Pattern
21.20.6
Use Case: Composite or Nested Transactions
Part VII OAAM Offline Environment
22
OAAM Offline
22.1
Concepts
22.1.1
What is OAAM Offline?
22.1.2
OAAM Offline Architecture
22.1.3
Jobs
22.1.4
What is a Load Job and How Do You Set One Up
22.1.5
What is a Run Job and How Do You Set One Up?
22.1.6
Load and Run Job
22.1.7
Data Loaders
22.1.8
Run Type
22.1.9
OAAM Offline User Interface
22.1.9.1
Dashboard Differences
22.1.9.2
Job Interface for Load, Run, and Load and Run
22.1.9.3
Job Queue
22.2
Access Control
22.3
Installation and Configuration of OAAM Offline System
22.3.1
Overview
22.3.2
Install OAAM Offline
22.3.3
Create the Offline Database Schema
22.3.4
Configure Database Connectivity
22.3.5
Log In to OAAM Offline
22.3.6
Environment Set Up
22.3.6.1
Import the Snapshot
22.3.6.2
Set Up Encryption and Database Credentials for Oracle Adaptive Access Manager
22.3.6.3
Enable Autolearning
22.3.6.4
Enable Configurable Actions
22.3.6.5
Import IP Location Data
22.3.6.6
Importing Transaction Definitions
22.4
Scheduling Jobs
22.5
Testing Policies and Rules
22.5.1
New Deployment Using OAAM Offline
22.5.2
Existing Deployment Using OAAM Offline
22.6
What to Expect in OAAM Offline
22.7
Monitoring OAAM Offline
22.7.1
Using Dashboard to Monitor the Loader Process
22.7.2
Enable Rule Logging
22.7.3
Database Query Logs for Performance Monitoring
22.7.4
Oracle Adaptive Access Manager Server Logs
22.7.5
Database Tuning
22.7.6
Manageability
22.8
Creating a View for Offline Loader For Non-OAAM Database
22.9
Loading from Non-Oracle or Non-Microsoft Server SQL Server Database
22.10
Changing the Checkpoints to Run
22.11
Migration
22.12
Use Cases
22.12.1
Use Case: Upgrading a Deployment with Multiple Scheduled Jobs
22.12.2
Use Case: Configure a Solution to Run Risk Evaluations Offline
22.12.3
Use Case: Run Login Analysis on the Same Data Multiple Times (Reset Data)
22.12.4
Use Case: Monitor Data Rollup
22.12.5
Use Case: Consolidation of the Dashboard Monitor Data
22.12.6
Use Case: Load Transactional Data and Run Risk Evaluations from Multiple Sources
22.12.7
Use Case: Using OAAM Offline (Standard Loading)
22.13
Best Practices
22.13.1
Configuring Worker/Writer Threads
22.13.2
Database Server with Good I/O Capability
22.13.3
Database Indexes
22.13.4
Setting Memory Buffer Size
22.13.5
Quality of Input Data
22.13.6
Configuring Device Data
22.13.7
Availability
22.13.8
OAAM Loader vs. File-based and Custom Loaders
22.13.9
Custom Loader Usage
Part VIII Scheduling Jobs
23
Scheduling and Processing Jobs in OAAM
23.1
Access Control
23.2
Introduction to OAAM Jobs
23.2.1
Job Interface
23.2.2
Job Queue
23.2.3
Searching for Jobs
23.3
Launching the Job Creation Wizard
23.3.1
Create Job: General
23.3.2
Create Job: Load Details (for Load and Load and Run Jobs)
23.3.3
Create Job: Run Details (for Run and Load and Run Jobs)
23.3.4
Create Job: Data Filters
23.3.5
Create Job: Schedule
23.3.5.1
Job Priority
23.3.5.2
Schedule Type
23.3.5.3
Cancel Time
23.3.6
Create Job: Summary
23.4
Creating Jobs
23.4.1
Creating Load Jobs
23.4.1.1
Selecting Load Job Type and Providing Job Details
23.4.1.2
Providing Load Details for Custom Loader
23.4.1.3
Providing Load Details for OAAM Data Loader
23.4.1.4
Specifying to Load All Data Created After a Given Date
23.4.1.5
Specifying to Load Data Created within a Date Range
23.4.1.6
Scheduling a Load Job that Runs Once
23.4.1.7
Scheduling a Load Job that Runs on a Regular Basis (Recurring)
23.4.1.8
Checking the Summary Details of Load Job
23.4.2
Creating Run Jobs
23.4.2.1
Selecting Run Job Type and Providing Job Details
23.4.2.2
Choosing Default or Custom Run as Run Type
23.4.2.3
Specifying Which Set of Records to Analyze
23.4.2.4
Scheduling Analysis to Run
23.4.2.5
Checking the Summary Details of the Run Job
23.4.3
Creating Load and Run Jobs
23.4.3.1
Selecting Load and Run Job Type and Providing Details
23.4.3.2
Selecting Loader Type for Load and Run Job
23.4.3.3
Specifying Data Filters for Load and Run Job
23.4.3.4
Scheduling a Load and Run Job that Runs Once
23.4.3.5
Scheduling a Load and Run Job that Runs on a Regular Basis (Recurring)
23.4.3.6
Checking the Summary Details of the Load and Run Job
23.4.4
Creating Monitor Data Rollup Jobs
23.4.4.1
About Monitor Data Rollup Jobs
23.4.4.2
Selecting Monitor Data Rollup Type and Providing Details
23.4.4.3
Specifying Rollup Unit and Cutoff Time
23.4.4.4
Scheduling a Monitor Data Rollup Job that Runs Once
23.4.4.5
Scheduling a Monitor Data Rollup that Runs on a Regular Basis (Recurring)
23.4.4.6
Checking the Summary Details of the Monitor Data Rollup
23.5
Managing Jobs
23.5.1
About Running Jobs
23.5.1.1
Bulk Risk Analytics Job Execution
23.5.1.2
Run Data Reset
23.5.1.3
Group Populations
23.5.1.4
Pattern Buckets and Memberships
23.5.1.5
Actions, Alerts, Scores
23.5.2
Notes About Rescheduling Jobs
23.5.3
Processing a Job Immediately
23.5.4
Pausing a Job
23.5.5
Resuming a Paused Job
23.5.6
Canceling a Job
23.5.7
Enabling Jobs
23.5.8
Disabling Jobs
23.5.9
Deleting Jobs
23.5.10
Viewing Job Details
23.5.11
Viewing Instances of a Job
23.5.12
Viewing the Job Log
23.5.13
Viewing and Sorting the Job Queue
23.5.13.1
Viewing the Job Queue
23.5.13.2
Sorting the Job Queue
23.6
Editing Jobs
23.6.1
Editing Jobs
23.6.2
Editing the Monitor Data Rollup
23.7
Migration
23.8
Use Cases
23.8.1
Use Case: Load OAAM Login Data and Run Checkpoints on a Recurring Basis
23.8.2
Use Case: Load Transaction Data and Run Checkpoints on a Recurring Basis
23.8.3
Use Case: Create a Job for Immediate Execution
23.8.4
Use Case: Create a Job for Future Execution
23.8.5
Use Case: Create a Job With Recurring Execution
23.8.6
Use Case: View the Job Queue
23.8.7
Use Case: View the Logs from a Job Execution
23.8.8
Use Case: Check If the Job Ran Successfully
23.8.9
Use Case: View the Order of Execution of Jobs
Part IX Reporting
24
Using the Dashboard
24.1
Introduction
24.1.1
What is a Dashboard?
24.1.2
Common Terms and Definitions
24.2
Navigation
24.3
Using the Dashboard in Oracle Adaptive Access Manager
24.3.1
Performance
24.3.1.1
Viewing Statistics in Total View and Trending View
24.3.1.2
Viewing Performance Data
24.3.1.3
Difference Between Performance Panel and Performance Dashboard
24.3.2
Summary
24.3.3
Dashboards
24.3.3.1
Viewing Data Type by Location
24.3.3.2
Viewing a List of Scoring Breakdowns
24.3.3.3
Security Dashboard
24.3.3.4
Viewing a List of Rules or Alerts by Security
24.3.3.5
Viewing Browser and Operating System Data by Device
24.3.3.6
Viewing a Data Type by Performance
24.3.3.7
Using the Total and Trending Views
24.3.3.8
Viewing the Trending View Graph
24.3.3.9
View by Range
24.3.3.10
View by Sample
24.3.3.11
Last Updated
24.3.3.12
Using Tooltips
24.4
Use Cases
24.4.1
Use Case: Trend Rules Performance on Dashboard
24.4.2
Use Case: View Current Activity
24.4.3
Use Case: View Aggregate Data
24.4.4
Use Cases: Additional Security Administrator and Fraud Investigator Use Cases
24.4.5
Use Cases Additional Business Analyst Use Cases
24.4.6
Use Case: Viewing OTP Performance Data
25
Configuring BI Publisher Reports
25.1
Oracle Business Intelligence Publisher Reports
25.2
Investigation and Forensics
25.2.1
Session Activity Aggregates
25.2.2
Search Sessions By Case Disposition
25.2.3
Audit
25.3
Setting up Oracle Business Intelligence Publisher for Oracle Adaptive Access Manager Reports
25.3.1
Installing BI Publisher
25.3.2
Installing Oracle Adaptive Access Manager BI Publisher Reports
25.3.3
Configuring Oracle Adaptive Access Manager BI Publisher Reports
25.3.4
Testing Oracle Adaptive Access Manager BI Publisher Configuration
25.4
Setting Preferences
25.5
BI Publisher's Users, Roles, and Permissions
25.6
Scheduling a Report
25.7
Viewing/Running Reports
25.8
Create Oracle BI Publisher Reports on Data in the OAAM Schema
25.8.1
Create a Data Model
25.8.2
Map User Defined Enum Numeric Type Codes to Readable Names
25.8.2.1
Results Display
25.8.2.2
English Only User Defined Enum Result Display
25.8.2.3
Internationalized User Defined Enum Result Display
25.8.3
Adding Lists of Values
25.8.3.1
User Defined Enums as List of Values for Filtering, English Only
25.8.3.2
User Defined Enums as List of Values for Filtering, Internalized
25.8.4
Adding Geolocation Data
25.8.5
Adding Sessions and Alerts
25.8.5.1
Type Code Lookups
25.8.6
Example
25.8.7
Adding Layouts to the Report Definition
25.9
Building OAAM Transactions Reports
25.9.1
Get Entities and Transactions Information
25.9.2
Discover Entity Data Mapping Information
25.9.2.1
Information about Data Types
25.9.2.2
Discover Entity Data Details Like Data Type, Row and Column Mappings
25.9.2.3
Build Entity Data SQL Queries and Views
25.9.3
Discover Transaction Data Mapping Information
25.9.3.1
Discover Transaction data details like Data Type, Row and Column mappings
25.9.3.2
Build Transaction Data SQL Queries and Views
25.9.4
Build Reports
25.9.4.1
Building Entity Data Reports
25.9.4.2
Building Transaction Data Reports
25.9.4.3
Joining Entity Data Tables and Transaction data tables
25.10
Adding Translations for the BI Publisher Catalog and Reports
25.11
Use Cases
25.11.1
Use Case: BIP Reports
25.11.1.1
Description
25.11.1.2
Steps
25.11.2
Use Case: LoginSummary Report
26
Monitoring Performance by Using Fusion Middleware Control
26.1
Displaying Fusion Middleware Control
26.2
Displaying Base Domain 11
g
Farm Page
26.3
Oracle Adaptive Access Manager Cluster Home Page
26.4
Oracle Adaptive Access Manager Server Home Page
27
Monitor and Audit of Events
27.1
Monitoring Information Sent to Dynamic Monitoring System
27.1.1
Login Information (Counts Only)
27.1.2
Rules Engine Execution Information (Count and Time Taken to Execute)
27.1.3
APIs Execution Information (Count and Time Taken to Execute)
27.2
Audit Information Sent to Audit System
27.2.1
Customer Care Events
27.2.2
Policy Management Events
27.2.3
KBA Questions Events
27.2.4
Group/List Management Events
Part X Deployment Management
28
Using the Properties Editor
28.1
Navigating to the Properties Search Page
28.2
Searching for a Property
28.3
Viewing the Value of a Property
28.4
Viewing Enumerations
28.5
Creating a New Database Type Property
28.6
Editing the Values for Database and File Type Properties
28.7
Deleting Database Type Properties
28.8
Exporting Database and File Type Properties
28.9
Importing Database Type Properties
Part XI Command-Line Interface
29
Oracle Adaptive Access Manager Command-Line Interface Scripts
29.1
CLI Overview
29.2
Setting Up the CLI Environment
29.2.1
Set up the CLI Work Folder
29.2.2
Set Up the Credential Store Framework (CSF)
29.2.2.1
Use CSF without MBeans
29.2.2.2
Use CSF with MBeans
29.2.3
Set the Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
29.3
Using CLI
29.3.1
Obtaining Usage Information for Import or Export
29.3.2
Command-Line Options
29.3.2.1
What is the Syntax for Commands?
29.3.2.2
CLI Parameters
29.3.2.3
Supported Modules for Import and Export
29.3.2.4
Import of Files
29.3.2.5
Export of Files
29.3.2.6
Import Options
29.3.2.7
Importing Multiple Types of Entities in One Transaction
29.3.2.8
Multiple Modules and Extra Options (Common vs. Specific)
29.3.2.9
Transaction Handling
29.3.2.10
Upload Location Database
29.3.3
Globalization
29.4
Importing IP Location Data
29.4.1
Loading the Location Data to the Oracle Adaptive Access Manager Database
29.4.1.1
Setting Up for SQL Server Database
29.4.1.2
Setting Up IP Location Loader Properties
29.4.1.3
Setting Up for Loading MaxMind IP data
29.4.1.4
Setting Up Encryption
29.4.1.5
Loading Location Data
29.4.2
System Behavior
29.4.3
Quova File Layout
29.4.3.1
Routing Types Mapping
29.4.3.2
Connection Types Mapping
29.4.3.3
Connection Speed Mapping
29.4.4
Oracle Adaptive Access Manager Tables
29.4.4.1
Anonymizer
29.4.4.2
Tables in Location Loading
29.4.5
Verifying When the Loading was a Success
Part XII Multitenancy
30
Multitenancy Access Control for CSR and Agent Operation
30.1
Multitenancy Access Control
30.2
Mapping of Application ID (Client-Side) to Organization ID (Administration Side)
30.3
Set Up Access Control for Multitenancy
30.3.1
Set Access Control for Multitenancy
30.3.2
Providing CSR Access to Particular Organizations
30.3.2.1
Using WebLogic
30.3.2.2
Adding Users and Groups to Oracle Internet Directory
30.3.2.3
Adding Users and Groups in the LDAP Store
30.4
What to Expect
30.5
Multitenancy Access Control Use Case
30.5.1
CSR and CSR Manager Access Controls
30.5.2
Agent Access Controls
30.5.3
CSR Case API Data Access Controls
30.6
Troubleshooting/FAQ
30.6.1
I thought I had set up multitenancy access control but CSRs and Investigators still have access to all cases
30.6.2
I have set up multitenancy access control and I have verified that the property is set to true but the CSRs and Investigators are able to access to all cases
30.6.3
Are Security and System Administrators affected when I set up multitenancy access control?
30.6.4
Can CSRs and Investigators have access to multiple organizations?
30.6.5
Can I limit access of a CSR or Investigator to certain organizations even though he had access before?
30.6.6
My CSRs and Investigators have no access to cases. What is wrong?
Part XIII Troubleshooting
31
FAQ/Troubleshooting
31.1
Techniques for Solving Complex Problems
31.1.1
Simple Techniques
31.1.2
Divide and Conquer
31.1.3
Rigorous Analysis
31.1.4
Process Flow of Analysis
31.1.4.1
State the Problem
31.1.4.2
Specify the Problem
31.1.4.3
What It Never Worked
31.1.4.4
IS and IS NOT but COULD BE
31.1.4.5
Develop Possible Causes
31.1.4.6
Test Each Candidate Cause Against the Specification
31.1.4.7
Confirm the Cause
31.1.4.8
Failures
31.2
Troubleshooting Tools
31.3
Case Management
31.4
KBA
31.5
Policies, Rules, and Conditions
31.6
Groups
31.7
Location Loader
31.8
Autolearning
31.9
Configurable Actions
31.10
Entities
31.11
Transactions
31.12
Jobs
31.13
Dashboard
31.14
Command-Line Interface
31.15
Import/Export
31.16
Database
31.17
Monitoring Performance
31.18
Audit and Query
31.19
Archive and Purge
31.20
Device Registration
31.21
Time Zones
31.22
Encryption
31.23
Globalization
31.24
Localization
Part XIV Appendixes
A
Access Roles
A.1
Support Representative (Group #1)
A.2
Support Manager (Group #2)
A.3
Fraud Investigator
A.4
Fraud Investigation Manager
A.5
Security Administrator
A.6
System Administrator
A.7
Auditor
B
Pattern Processing
B.1
Pattern Data Processing
B.2
APIs for Triggering Pattern Data Processing
B.2.1
updateTransaction
B.2.2
updateAuthStatus
B.2.3
processPatternAnalysis
C
Conditions Reference
C.1
Descriptions
C.1.1
Device Conditions
C.1.1.1
Device: Browser Header Substring
C.1.1.2
Device: Device First Time for User
C.1.1.3
Device: In Group
C.1.1.4
Device: Excessive Use
C.1.1.5
Device: Is Registered
C.1.1.6
Device: User Count
C.1.1.7
Device: Timed Not Status
C.1.1.8
Device: Used Count for User
C.1.1.9
Device: Velocity from Last Successful Login
C.1.2
Autolearning Conditions
C.1.2.1
Entity: Entity is Member of Pattern Bucket for the First Time in Certain Time Period
C.1.2.2
Entity: Entity is Member of Pattern Less Than Some Percent Time
C.1.2.3
Entity: Entity is Member of Pattern Less Than Some Percent with All Entities in Picture
C.1.2.4
Entity: Entity is Member of Pattern N Times
C.1.2.5
Entity: Entity is Member of Pattern N Times in a Given Time Period
C.1.3
Location Conditions
C.1.3.1
Location: ASN in Group
C.1.3.2
Location: IP in Range Group
C.1.3.3
Location: In Country Group
C.1.3.4
Location: IP Connection Type in Group
C.1.3.5
Location: IP Line Speed Type
C.1.3.6
Location: IP Routing Type in Group
C.1.3.7
Location: In Carrier Group
C.1.3.8
Location: IP Maximum Users
C.1.3.9
Location: Is IP from AOL
C.1.3.10
Location: in City Group
C.1.4
Transactions Conditions
C.1.4.1
Transaction: Check Current Transaction Using Filter Condition
C.1.4.2
Transaction: Check Transaction Count Using Filter Condition
C.1.4.3
Transaction: Check Transaction Aggregrate and Count Using Filter Conditions
C.1.4.4
Transaction: Check Count of Any Entity or Element of a Transaction Using Filter Conditions
C.1.4.5
Transaction: Check if Consecutive Transactions in Given Duration Satisfy the Filter Conditions
C.1.4.6
Transaction: Compare Transaction Aggregrates (Sum/Avg/Min/Max) Across Two Different Durations
C.1.4.7
Transaction: Compare Transaction Counts Across Two Different Durations
C.1.4.8
Transaction: Compare Transaction Entity/Element Counts Across Two Different Durations
C.1.5
In-Session Conditions
C.1.5.1
Session: Check Param Value
C.1.5.2
Session: Check Param Value for Regex
C.1.5.3
Session: Check Param Value in Group
C.1.5.4
Session: Check String Value
C.1.5.5
Session: Time Unit Condition
C.1.6
System Conditions
C.1.6.1
System - Check Boolean Property
C.1.6.2
System - Check Enough Pattern Data
C.1.6.3
System - Check If Enough Data is Available for Any Pattern
C.1.6.4
System - Check Int Property
C.1.6.5
System - Check String Property
C.1.6.6
System - Check Request Date
C.1.7
User Conditions
C.1.7.1
User: Check User Data
C.1.7.2
User: Stale Session
C.1.7.3
User: Velocity from Last Success
C.1.7.4
Understanding How the OAAM Device Max Velocity Rule Settings Work
D
Oracle Adaptive Access Manager Reports Reference
D.1
Common Reports
D.2
Devices Reports
D.3
KBA Reports
D.4
Location Reports
D.5
Performance Reports
D.6
Security Reports
D.7
Summary Reports
D.8
Users Reports
E
The Discovery and OAAM Policy Development Processes
E.1
Security Policy Development Process
E.1.1
Overview
E.1.2
Edit Policy: Research/Troubleshooting
E.1.3
New Policy: Discovery/Research
E.1.4
Edit/New Policy: Requirements and Planning
E.1.5
Edit/New Policy: Configuration
E.1.6
Edit/New Policy: Testing
E.1.7
Edit/New Policy: Deployment to Production
E.2
Discovery Process Overview
E.3
Example Scenario: Transaction Security
E.3.1
Problem Statement
E.3.2
Inputs Available
E.3.3
Evaluation
E.3.4
Outcomes
E.3.5
Translation
E.3.6
Alert
E.4
Example Scenario: Login Security
E.4.1
Problem Statement
E.4.2
Inputs Available
E.4.3
Evaluation
E.4.4
Outcome
E.4.5
Translation
E.4.6
Action
F
Globalization Support
F.1
Supported Languages
F.2
Turning Off Localization
F.3
Configuring Language Defaults for Oracle Adaptive Access Manager
F.3.1
Example 1
F.3.2
Example 2
F.3.3
Example 3
F.3.4
Example 4
F.4
Dashboard
F.5
Knowledge Based Authentication
F.5.1
Answer Logic Phonetics Algorithms
F.5.2
Keyboard Fat Fingering
F.5.3
Adding Abbreviations and Equivalences for Answer Logic
F.5.4
Adding Registration Questions
G
Oracle Adaptive Access Manager Properties
G.1
Properties
G.2
Time Zone
H
Device Fingerprinting
H.1
What is Device Fingerprinting
H.2
When is a Device Fingerprinted
H.3
Device Fingerprint Attributes
H.3.1
IP Intelligence
H.3.2
Browser Characteristics
H.3.3
Device Characteristics
I
Setting Up Archive and Purge Procedures
I.1
Purge Process
I.2
Archive Process
I.3
Database Archive and Purge
I.3.1
Archive and Purge Data Classification
I.3.1.1
Device Fingerprinting
I.3.1.2
Transaction In-Session Based Data
I.3.1.3
Autolearning Profile Data
I.3.1.4
Rule Log Data
I.3.2
Archive and Purge Process
I.3.2.1
Archive and Purge Process - Special Recommendations for Schemas with Partitioned Objects
I.3.2.2
Archive and Purge Process - Setting Up for Users with an Existing Process In Place
I.3.2.3
Archive and Purge Process - Setting Up for the Oracle Database
I.3.3
Performing Archive and Purge
I.3.3.1
Manual Execution
I.3.3.2
Automatic Scheduling
I.3.4
Validating Archive and Purge
I.3.5
Restoring Archived Data
I.3.6
Purging Guidelines
I.3.6.1
When to Perform Archive and Purge
I.3.6.2
Minimum Data Retention Policy
I.3.6.3
Special Requirements
I.3.7
Archive and Purge Details
I.3.7.1
Device Fingerprint Tables and Corresponding Archived Tables
I.3.7.2
Autolearning Transactional Tables and Corresponding Archive Tables
I.3.7.3
Transaction Tables and Corresponding Archived Tables
I.3.7.4
Rule Logs Tables and Corresponding Archived Tables
I.3.8
Scripts to Set Up Archive and Purge
I.3.8.1
Scripts for the Oracle Database
I.3.8.2
Scripts to Execute Archive and Purge
I.3.8.3
Drop Scripts for Partitioned Tables
I.4
Case Data Archive and Purge
I.4.1
Archive and Purge Process for Case Data
I.4.1.1
Set Up the Archive and Purge Script
I.4.1.2
Execute Archive and Purge Script
I.4.1.3
Validating Archive and Purge
I.4.1.4
Restoring Archived Data
I.4.1.5
Case Data Archive and Purge Details
I.5
Monitor Data Archive and Purge
I.5.1
Archive and Purge Process for Monitor Data
I.5.1.1
Set Up the Archive and Purge Script
I.5.1.2
Execute Archive and Purge Script
I.5.1.3
Validating Archive and Purge
I.5.1.4
Restoring Archived Data
I.5.1.5
Monitor Data Archive and Purge Details
J
Configuring SOAP Web Services Access
J.1
Web Services Access
J.2
Requirements
J.3
OAAM Server Side Setup
J.4
Client Side Setup
J.4.1
Setup Client Keystore with Password of the SOAP User
J.4.2
Disable SOAP Authentication
J.4.3
Specify SOAP Class
J.4.4
Specify SOAP Server Side URL
J.4.5
Specify SOAP Call Timeout
J.5
Disabling SOAP Service Authentication on the Server
K
Configuring Logging
K.1
Logging Configuration File
K.2
Oracle Adaptive Access Manager Loggers
K.3
Logging Levels
K.4
Handlers
K.4.1
Configuring the File Handler
K.4.2
Configuring Both Console Logging and File Logging
K.5
Redirecting oracle.oaam Logs
L
Rule and Fingerprint Logging
L.1
Detailed Rule Logging
L.1.1
Enabling Detailed Rule Logging
L.1.2
Specifying When to Log
L.1.3
Configuring Detailed Logging Threshold Time
L.1.4
Rule Logging Flow
L.1.5
Value Combinations
L.1.6
Logging Non-Triggered Rules
L.1.6.1
Examples
L.2
Enabling Fingerprint Rule Logging
L.3
Specifying Properties in Running Both Fingerprint and Detailed Logging
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.