This chapter describes how to upgrade Oracle Identity Manager 9.1.x.x to Oracle Identity Manager 11g Release 2 (11.1.2.3.0) on Oracle WebLogic Server, using the manual upgrade procedure.
Note:
If your existing Oracle Identity and Access Management environment was deployed using the Life Cycle Management (LCM) Tools, you must use the automated upgrade procedure to upgrade to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).For information about automated upgrade procedure, supported starting points and topologies, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".
Upgrading Oracle Identity Manager 9.1.x.x to Oracle Identity Manager 11.1.2.3.0 involves two major tasks:
Upgrading Oracle Identity Manager 9.1.x.x to Oracle Identity Manager 11g Release 2 (11.1.2.2.0)
Upgrading Oracle Identity Manager 11g Release 2 (11.1.2.2.0) to Oracle Identity Manager 11g Release 2 (11.1.2.3.0)
This chapter includes the following sections:
Section 16.3, "Reviewing System Requirements and Certification"
Section 16.4, "Upgrading Oracle Identity Manager 9.1.x.x to 11.1.2.2.0"
Section 16.5, "Upgrading Oracle Identity Manager 11.1.2.2.0 to 11.1.2.3.0"
Table 16-1 lists the tasks to be completed to upgrade Oracle Identity Manager 9.1.x.x to 11.1.2.3.0.
Table 16-1 Roadmap for Upgrading Oracle Identity Manager 9.1.x.x to 11.1.2.3.0
| Sl No | Task | For More Information |
|---|---|---|
|
1 |
Review the changes in the features of Oracle Identity Manager 11.1.2.3.0. |
See, Feature Comparison |
|
2 |
Review system requirements and certifications. |
|
|
3 |
Upgrade Oracle Identity Manager 9.1.x.x environments to Oracle Identity Manager 11g Release 2 (11.1.2.2.0). |
See, Upgrading Oracle Identity Manager 9.1.x.x to 11.1.2.2.0 |
|
4 |
Upgrade Oracle Identity Manager 11g Release 2 (11.1.2.2.0) to Oracle Identity Manager 11g Release 2 (11.1.2.3.0). |
See, Upgrading Oracle Identity Manager 11.1.2.2.0 to 11.1.2.3.0 |
Table 16-2 lists key differences in functionality between Oracle Identity Manager 9.1.x.x and Oracle Identity Manager 11.1.2.3.0.
Table 16-2 Features Comparison
| Oracle Identity Manager 9.1.x.x | Oracle Identity Manager 11.1.2.3.0 |
|---|---|
|
The Oracle Identity Manager 9.1.x.x User Interface is built on the struts framework. It provides basic self service interfaces. |
Oracle Identity Manager 11.1.2.3.0 uses Alta skin which is business (mobile, cloud) friendly. Oracle Identity Manager 11.1.2.3.0 has new Home page, and new my profile page with user-friendly inbox. Most of the UI customizations need to be re done post upgrade, to match the look and feel of 11.1.2.3.0. |
|
Oracle Identity Manager 9.1.x.x provides basis self service capabilities such as password reset and account request. |
Oracle Identity Manager 11.1.2.3.0 provides a new user interface with a shopping cart-type request model through which end users can search and browse through the catalog and directly request any item such as roles, entitlements, or applications without having to navigate through a series of menus. In addition to this, several business-friendly metadata such as description, audit objective, tags, owner, approver, and technical glossary and so on can be associated to each access item, to display business-friendly and rich contextual information to a business user at the time of self service access request and access review. UDFs which are marked as searchable will automatically be part of advance search form. You can customize the search form. Attributes can be used to search catalog items. Catalog is the single point for managing access. |
|
Oracle Identity Manager 9.1.x.x provides Identity Attestation to periodically review a user's access. For advanced access review capabilities such as role or data owner certification, OIM 9.1.x.x had to be integrated with Oracle Identity Analytics (OIA). |
OIA functionality is now ported into Oracle Identity Governance (OIG). Customers can define and manage identity audit policies based on IDA rules. Customers can define owners and remediators for a policy, which can be a specific user, a list of users or an OIM role. Customers can use preventive and detective scan capabilities which can create actionable policy violations. Oracle Identity Manager 11.1.2.3.0 has comprehensive role lifecycle management and workflow approval capabilities with direct involvement from business, featuring a business friendly UI. It also includes detailed Role Analytics to aid with the composition and modifications of roles. |
|
In Oracle Identity Manager 9.1.0.x, users are assigned to organizations by specifying an organization name in the Organization attribute of the user details. This is a static organization membership. A user can only be a member of one organization. |
In Oracle Identity Manager 11.1.2.3.0, in addition to the existing feature, you can dynamically assign users to organizations based on user-membership rules, which you can define in the Members tab of the organization details page. All users who satisfy the user-membership rule are dynamically associated with the organization, irrespective of the organization hierarchy the users statically belong to. With this new capability, a user can gain membership of one home organization via static membership and multiple secondary organizations via user-membership rules that are dynamically evaluated. |
|
In Oracle Identity Manager 9.1.x.x Resource and IT resource names are named in a manner such that it is easy for the IT users to manage them. The problem with this approach is that if a business user has to request access, the resource name will not make sense to the user. These incomprehensible Resource and IT resource names make the access request process non intuitive. |
Oracle Identity Manager 11.1.2.3.0 provides an abstraction entity called Application Instance. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism). Administrators can assign business friendly names to Application instances and map them to corresponding IT resources and Resource Objects. End users who request for accounts through the catalog will search for an account by providing the business friendly Application Instance Name. Application instances are automatically created as part of the Upgrade procedure. Administrators are expected to define organization publishing for these Application Instances to control who has access to request for access to the application. |
|
In Oracle Identity Manager 9.1.x.x, policies are implemented and customized using OIM plug-in and pre-pop adapters implemented via plug-in framework, which required writing custom java code to extend and customize OOTB policies |
Oracle Identity Manager 11.1.2.3.0 has introduced declarative policies that enable customers to define and configure various policy types that are evaluated at run time. Policy is configured via a UI/API rather than customized via Java plug-in or pre-pop adapter. |
Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 24.1.1, "Verifying Certification, System Requirements, and Interoperability".
In order to upgrade Oracle Identity Manager 9.1.x.x environments to 11g Release 2 (11.1.2.3.0), you must first upgrade to 11g Release 2 (11.1.2.2.0). For information about upgrading Oracle Identity Manager 9.1.x.x to Oracle Identity Manager 11.1.2.2.0, see "Upgrading Oracle Identity Manager 9.1.x.x Environments" in the Upgrade Guide for Oracle Identity and Access Management for 11g Release 2 (11.1.2.2.0).
After you upgrade Oracle Identity Manager 9.1.x.x to 11.1.2.2.0, you must upgrade Oracle Identity Manager 11.1.2.2.0 to 11.1.2.3.0. For information about upgrading Oracle Identity Manager 11.1.2.2.0 to 11.1.2.3.0, see Chapter 10, "Upgrading Oracle Identity Manager 11g Release 2 (11.1.2.x.x) Environments".