Use the Provisioning Gateway node of the Oracle Enterprise Single Sign-On Suite Administrative Console to manage provisioning rights for users. To access this functionality, click the Provisioning Gateway node from the tree in the left pane.
Use this node to manage provisioning rights for users. There are two tabs to set the rights:
Default Rights
Admin Rights
When you change the settings in this node, you must publish them to the repository in order for them to take effect. Right-click the Provisioning Gateway node in the Administrative Console, and select Publish.
Use this tab to define standard provisioning rights for each new application created. After you create an application, change the rights as needed.
| Control | Function |
|---|---|
| Directory | Select the target directory server. |
| Access information: | |
| Name | Lists the groups or users who currently have access to this item. |
| ID | Lists the user account name. |
| Access | Indicates the permissions that have been granted to the user or group (Add, Modify or Delete Logon). To change a user or group's access rights, right-click the user or group and select Add Logon, Modify Logon, or Delete Logon from the shortcut menu. |
| Actions: | |
| Copy permissions to… | Use this button to apply the provisioning rights for the current application to multiple applications. Click to display a list of all available applications, and select those to which you want to copy these provisioning rights. Use Ctrl+Click or Shift+Click to select multiple entries. Click OK. |
| Add | Displays the Add User or Group dialog (for LDAP or Active Directory) to select the users or groups to grant access to the currently selected item. |
| Remove | Removes selected user(s) or group(s) from the list. Select a user or group to remove; use Ctrl+Click or Shift+Click to select multiple entries. |
| Directory | Select the target directory server. |
The Add User or Group dialog varies based on the directory server being used:
LDAP
Active Directory
AD LDS (ADAM)
Use this dialog to select the individual users or user groups that are to be added to the access list for the current configuration item (Add Logon, Modify Logon, or Delete Logon).
| Control | Function |
|---|---|
| Search Base | The base (highest-level) directory to begin searching for user/group accounts. All subdirectories of the base directory are searched. Type a location or click Change to browse the directory tree. |
| Change | Displays the Select Search Base dialog to browse for a base directory for the search. Use this dialog to browse to and select the base (highest-level) directory to search for user/group names. Click OK when finished. |
| Search | Begin searching the base directory for users and groups. |
| Users or Groups | Lists the search results. Select the names to be added to the access list for the current configuration item. Use Ctrl+Click or Shift+Click to select multiple entries. Click OK when finished to copy your selections to the access list. |
Use this dialog to select the individual users or user groups that are to be added to the access list for the current configuration item (Add Logon, Modify Logon, or Delete Logon).
| Control | Function |
|---|---|
| List Names From | Select an Active Directory domain or server. |
| Names | Lists the names of users and groups for the selected domain or server. Select one or more names to add to the access list. |
| Add | Copies user(s) and group(s) selected in the Names list to the Add Names list. Use Ctrl+Click or Shift+Click to select multiple entries. |
| Members | When a group is selected in the Names list, displays the Global Group Membership dialog, which lists the members of the selected group. |
| Search | Displays the Find Account dialog for searching one or more domains for a specific user or group. |
| Add Names | Displays the names of the user(s) or group(s) you have selected for addition to the access list for the current configuration item. Click OK to finalize the addition.
Note: You can type or edit user names in this list. However, entries are checked for invalid account names, and duplicate account selections are automatically removed when you click OK. |
Use this tab to specify users who can access the Provisioning Gateway Management Console. Users can have the following rights:
Delete SSO User
Map Templates
All
If you configure role/group support in the Provisioning Gateway Management Console, you must add at least one user with "All" rights. Only users added here can access the Provisioning Gateway Management Console.
| Control | Function |
|---|---|
| Directory | Select the target directory server. |
| Access information: | |
| Name | Lists the groups or users who currently have access to this item. |
| ID | Lists the user account name. |
| Access | Indicates the administrative rights that have been granted to the user or group (Delete SSO User or Map Templates). To change a user's or group's access rights, right-click the user or group and select Delete SSO User or Map Templates from the shortcut menu. |
| Actions: | |
| Copy permissions to… | Use this button to apply the provisioning rights for the current application to multiple applications. Click to display a list of all available applications, and select those to which you want to copy these provisioning rights. Use Ctrl+Click or Shift+Click to select multiple entries. Click OK. |
| Add | Displays the Add User or Group dialog (for LDAP or Active Directory) to select the users or groups to grant access to the currently selected item. |
| Remove | Removes selected user(s) or group(s) from the list. Select a user or group to remove; use Ctrl+Click or Shift+Click to select multiple entries. |
| Right-clicking on a server name in the list opens a context menu that allows you to perform any of the following: | |
| Remove | Removes the server from the Server list. |
| Publish… | Launches the Publish to Repository dialog, which allows you to choose from several objects and locations to publish. |
| Publish To | Allows you to select a single repository directly from the menu item; publishing occurs automatically after you select the repository. |
| Delete SSO User | Rescinds a user's access to an OPAM-enabled account. |
| Map Templates | Allows an administrator to map SSO templates to OPAM targets. Right-click on a user in the list, and select Map Templates from the context menu to grant the user mapping permissions. |