E.3 Administrator Lockout


Administrator cannot successfully log in to the Oracle Access Management Console. The following message appears:

Manually Change Identity Store Settings at OPSS Level and configure the IDMDOmainAgent.


Access Manager secures the Oracle Access Management Console based on authentication information in the IAM Suite Application Domain: OAM Admin Console Policy. This policy relies on a single Authentication Scheme (OAMAdminConsoleScheme), which uses a Form challenge method and LDAP Authentication Module. The LDAP Authentication Module must be pointing to the User Identity Store designated as the System Store.

If, for example, your deployment is configured to use Oracle Internet Directory (with all Administrators, users, and groups defined therein) ensure that the LDAP Authentication Module points to this user identity store and that this is designated as the System Store.


  1. Insert a user identity into both your designated system store and the Embedded LDAP store.

  2. Log in to Oracle Access Management Console.

  3. Configure the LDAP Authentication Module used by the designated System Store to point to the appropriate User Identity Store, as described in "Managing Native Authentication Modules".