Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

What's New In This Guide

• Updates in January 2019 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in July 2018 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in April 2018 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in March 2018 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in October 2017 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in January 2017 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in July 2016 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• Updates in April 2016 Documentation Refresh for 11g Release 2 (11.1.2.3.0)
• New and Changed Features for 11g Release 2 (11.1.2.3.0)
• Other Significant Changes in this Document for 11g Release 2 (11.1.2.3.0)

1 Overview of the Oracle Identity Self Service Interface

• 1.1 Top Panel
  • 1.1.1 Accessibility
  • 1.1.2 Sandboxes
  • 1.1.3 Customize
  • 1.1.4 Help
    • 1.1.4.1 Top Pane
    • 1.1.4.2 Lower Left Pane
    • 1.1.4.3 Lower Right Pane
  • 1.1.5 Inbox
  • 1.1.6 Sign Out
• 1.2 Self Service Home page
  • 1.2.1 My Information
  • 1.2.2 My Access
  • 1.2.3 Request Access
  • 1.2.4 Track Request
  • 1.2.5 Provisioning Tasks
  • 1.2.6 Certifications
  • 1.2.7 Pending Approvals
  • 1.2.8 Pending Violations
• 1.3 Compliance Home Page
  • 1.3.1 Identity Certification
  • 1.3.2 Reports
  • 1.3.3 Identity Audit
• 1.4 Manage Home page
  • 1.4.1 Managing Users
  • 1.4.2 Managing Roles
  • 1.4.3 Managing Organization
  • 1.4.4 Managing Administration Roles
  • 1.4.5 Managing Password Policies

Part I Getting Started

2 Registering to Oracle Identity Manager

• 2.1 Submitting Registration Requests
• 2.2 Tracking Registration Requests

3 Accessing Oracle Identity Self Service

• 3.1 Connecting to Oracle Identity Self Service
• 3.2 Retrieving Forgotten User Login
• 3.3 Resetting Forgotten Password
• 3.4 Setting Challenge Questions and Response After First Login

Part II Working with Self Service

4 Managing Profile Information

• 4.1 Managing Basic User Information
• 4.2 Changing Password
• 4.3 Setting Challenge Questions and Response
• 4.4 Viewing and Modifying Direct Reports
• 4.5 Managing Proxies
  • 4.5.1 Adding a Proxy
  • 4.5.2 Editing a Proxy
  • 4.5.3 Removing a Proxy

5 Managing Access for Self

• 5.1 Managing Roles
  • 5.1.1 Requesting for Roles
  • 5.1.2 Removing Roles
  • 5.1.3 Modifying Role Grant Duration
• 5.2 Managing Entitlements
  • 5.2.1 Requesting for Entitlements
  • 5.2.2 Modifying Entitlements
  • 5.2.3 Removing Entitlements
  • 5.2.4 Modifying Entitlement Grant Duration
• 5.3 Managing Accounts
  • 5.3.1 Requesting for Accounts
  • 5.3.2 Modifying Accounts
  • 5.3.3 Removing Accounts
  • 5.3.4 Disabling an Account
  • 5.3.5 Enabling an Account
  • 5.3.6 Resetting Password for an Account
  • 5.3.7 Modifying Account Grant Duration
• 5.4 Viewing Admin Roles

6 Requesting Access

• 6.1 Requesting New Access
  • 6.1.1 Requesting Access for Self
  • 6.1.2 Requesting Access for Other Users
  • 6.1.3 Requesting Access By Using a Request Profile
  • 6.1.4 Using Keyword Search in the Access Catalog
  • 6.1.5 Specifying Application Instances in Entitlements Search
  • 6.1.6 Refining Search Results
• 6.2 Viewing Hierarchical Attributes of Entitlements
• 6.3 Adding and Removing Catalog Items to and from the Cart
• 6.4 Adding and Removing Grant Duration
  • 6.4.1 Specifying Grant Duration
  • 6.4.2 Modifying Grant Duration
  • 6.4.3 Revoking Access
• 6.5 Managing Request Profiles
  • 6.5.1 Creating a Request Profile
  • 6.5.2 Modifying a Request Profile
  • 6.5.3 Deleting a Request Profile
• 6.6 Tracking a Request
  • 6.6.1 Searching Track Request
  • 6.6.2 Tracking a Draft Request
• 6.7 Deleting a Request
• 6.8 Withdrawing a Request
• 6.9 Closing a Request
• 6.10 Requesting Access With Policy Violations

7 Using the Unified Inbox

• 7.1 Overview of the Unified Inbox
• 7.2 Creating a View Definition
• 7.3 Editing the Task Chart
• 7.4 Editing Inbox Settings

8 Managing Pending Approvals

• 8.1 Viewing Pending Approval Tasks
• 8.2 Adding Comments and Attachments
• 8.3 Approving a Task
• 8.4 Rejecting a Task
• 8.5 Reassigning a Task
• 8.6 Suspending a Task
• 8.7 Withdrawing a Task
• 8.8 Skipping Current Assignment
• 8.9 Claiming a Task
• 8.10 Modifying Grant Duration

9 Managing Provisioning Tasks

• 9.1 Managing Pending Provisioning Tasks
  • 9.1.1 Searching Provisioning Tasks
    • 9.1.1.1 Basic Search
    • 9.1.1.2 Advanced Search
  • 9.1.2 Viewing Provisioning Task Details
  • 9.1.3 Setting Response for a Task
  • 9.1.4 Adding Notes to a Task
  • 9.1.5 Reassigning a Task
  • 9.1.6 Viewing Task Assignment History
  • 9.1.7 Viewing Form Details
  • 9.1.8 Modifying Form Details
  • 9.1.9 Retrying a Task
  • 9.1.10 Manually Completing a Task
• 9.2 Managing Manual Fulfillment Tasks
  • 9.2.1 Viewing and Editing Task Details
  • 9.2.2 Completing a Task
  • 9.2.3 Rejecting a Task
  • 9.2.4 Adding Comments and Attachments
  • 9.2.5 Requesting for Information
  • 9.2.6 Reassigning a Task
  • 9.2.7 Modifying Grant Duration

10 Managing Certification Review Tasks

• 10.1 Searching and Viewing Certifications
  • 10.1.1 Searching Certifications in the Pending Certifications Page
  • 10.1.2 Accessing Certification Tasks From the Pending Certifications Page
    • 10.1.2.1 Viewing User Certification Details
    • 10.1.2.2 Viewing Role Certification Details
    • 10.1.2.3 Viewing Application Instance Certification Details
    • 10.1.2.4 Viewing Entitlement Certification Details
• 10.2 Completing Certifications
  • 10.2.1 Completing User Certifications
    • 10.2.1.1 Making Certification Decision on the Users
    • 10.2.1.2 Reviewing Roles and Entitlements
    • 10.2.1.3 Finishing the User Certification
  • 10.2.2 Completing Role Certifications
    • 10.2.2.1 Making Certification Decisions on the Roles
    • 10.2.2.2 Reviewing the Contents of the Roles
    • 10.2.2.3 Finishing the Role Certification
  • 10.2.3 Completing Application Instance Certifications
    • 10.2.3.1 Making Certification Decisions on the Application Instances
    • 10.2.3.2 Reviewing Account and Entitlement Assignments
    • 10.2.3.3 Finishing the Application Instance Certification
  • 10.2.4 Completing Entitlement Certifications
    • 10.2.4.1 Making Certification Decisions on the Entitlements
    • 10.2.4.2 Reviewing the Entitlement Assignments
    • 10.2.4.3 Finishing the Entitlement Certification

11 Managing Pending Violations

• 11.1 Viewing Policy Violations
• 11.2 Searching Pending Violations
• 11.3 Completing Policy Violations
• 11.4 Reassigning or Delegating Policy Violations

Part III Working with Compliance

12 Using Identity Certification

• 12.1 Identity Certification Overview
  • 12.1.1 What Is Identity Certification?
  • 12.1.2 Who Is Involved in Completing Identity Certifications?
• 12.2 Certification UI
• 12.3 Certification Name Formats
• 12.4 Searching and Viewing Certifications
  • 12.4.1 Searching Certifications in the Dashboard
  • 12.4.2 Viewing Certifications From the Dashboard
• 12.5 Completing User Certifications in Offline Mode
• 12.6 Generating Certification Reports
  • 12.6.1 Generating Certification Reports From the Dashboard
  • 12.6.2 Generating Exported Certification Reports From the Certification Pages

13 Managing Identity Certification

• 13.1 Certification Concepts
  • 13.1.1 Line of Business and Line Item
  • 13.1.2 Certification Task
  • 13.1.3 Certification Object
  • 13.1.4 Certification Definition
  • 13.1.5 Certification Jobs
  • 13.1.6 Closed-Loop Remediation
  • 13.1.7 Remediation Tracking
  • 13.1.8 Event Listener
  • 13.1.9 Certification Authorization
• 13.2 Configuring Certifications
  • 13.2.1 Prerequisites for Configuring Certifications
    • 13.2.1.1 Marking a Catalog Item as Certifiable
    • 13.2.1.2 Setting the Certifier in the Request Catalog
    • 13.2.1.3 Setting User Manager and Organization Certifier
    • 13.2.1.4 Setting User Attributes for Certification Snapshot
    • 13.2.1.5 Setting Risk Levels for Individual Entities
    • 13.2.1.6 Tagging Attributes
    • 13.2.1.7 Configuring the Availability of Identity Certification
    • 13.2.1.8 Configuring Reminders, Notifications, Escalations, and Expiry for Certifications (Optional)
  • 13.2.2 Configuring Certification Options
• 13.3 Managing Certification Definitions
  • 13.3.1 Creating Certification Definitions
    • 13.3.1.1 Creating a User Certification Definition
    • 13.3.1.2 Creating a Role Certification Definition
    • 13.3.1.3 Creating an Application Instance Certification Definition
    • 13.3.1.4 Creating an Entitlement Certification Definition
  • 13.3.2 Modifying Certification Definitions
  • 13.3.3 Deleting Certification Definitions
• 13.4 Scheduling Certifications
• 13.5 Understanding How Risk Summaries are Calculated
  • 13.5.1 Understanding Item Risk and Risk-Factor Mappings
    • 13.5.1.1 Setting Item Risk
    • 13.5.1.2 Understanding Risk-Level Mappings (Risk Factors)
  • 13.5.2 Understanding Risk Aggregation and Risk Summaries
  • 13.5.3 Understanding How Changing Risk Configuration Values Impacts the System
• 13.6 Understanding Closed-Loop Remediation and Remediation Tracking
  • 13.6.1 Configuring Challenge Workflows
  • 13.6.2 Disabling Accounts When Revoked
• 13.7 Understanding Event Listeners
• 13.8 Configuring Event Listeners and Certification Event Trigger Jobs
  • 13.8.1 Creating an Event Listener
  • 13.8.2 Modifying an Event Listener
  • 13.8.3 Deleting an Event Listener
  • 13.8.4 Configuring Certification Event Trigger Jobs
    • 13.8.4.1 Setting the Event Listener Name List
    • 13.8.4.2 Adding More Trigger Jobs
• 13.9 Configuring Certification Reports
• 13.10 Understanding Multi-Phased Review in User Certification
  • 13.10.1 Multiple Phases of Review
  • 13.10.2 Delegation to Multiple Reviewers Within Each Phase
  • 13.10.3 Stages of Certification in TPAD
    • 13.10.3.1 Phase One With Verification
    • 13.10.3.2 Phase Two With Verification
    • 13.10.3.3 Final Review
• 13.11 Understanding Certification Oversight
• 13.12 Troubleshooting Identity Certification

14 Managing Identity Audit

• 14.1 Identity Audit Concepts
  • 14.1.1 Identity Audit Rules
  • 14.1.2 Rule Condition
  • 14.1.3 Identity Audit Policies
  • 14.1.4 Scan Definitions
  • 14.1.5 Scan Jobs
  • 14.1.6 Policy Violations
  • 14.1.7 Remediators
  • 14.1.8 Policy Violation Remediation
    • 14.1.8.1 Violation Causes
    • 14.1.8.2 Policy Violation States
  • 14.1.9 Policy Violation Reports
• 14.2 Enabling Identity Audit
• 14.3 Configuring Identity Audit
  • 14.3.1 Setting Identity Audit Options
  • 14.3.2 Configuring Reminders, Notifications, Escalations, and Expiry for Identity Audit (Optional)
• 14.4 Managing IDA Rules
  • 14.4.1 Searching Rules
    • 14.4.1.1 Performing Basic Search for Rules
    • 14.4.1.2 Performing Advanced Search for Rules
  • 14.4.2 Creating Rules
  • 14.4.3 Understanding Rule Expressions
  • 14.4.4 Modifying Rules
  • 14.4.5 Duplicating Rules
  • 14.4.6 Deleting Rules
• 14.5 Managing IDA Policies
  • 14.5.1 Searching Policies
    • 14.5.1.1 Performing Basic Search for Policies
    • 14.5.1.2 Performing Advanced Search for Policies
  • 14.5.2 Creating IDA Policies
  • 14.5.3 Modifying IDA Policies
  • 14.5.4 Duplicating IDA Policies
  • 14.5.5 Deleting IDA Policies
  • 14.5.6 Previewing the Results of IDA Policies
• 14.6 Managing Scan Definitions
  • 14.6.1 Searching Scan Definitions
    • 14.6.1.1 Performing Basic Search for Scan Definitions
    • 14.6.1.2 Performing Advanced Search for Scan Definitions
  • 14.6.2 Creating Scan Definitions
  • 14.6.3 Modifying Scan Definitions
  • 14.6.4 Running and Viewing Scans
• 14.7 Managing Policy Violations
  • 14.7.1 Searching Policy Violations
    • 14.7.1.1 Performing Basic Search for Policy Violations
    • 14.7.1.2 Performing Advanced Search for Policy Violations
  • 14.7.2 Opening Policy Violation Details
  • 14.7.3 Completing Policy Violations
  • 14.7.4 Closing Policy Violations
  • 14.7.5 Remediating or Closing Policy Violations Causes
  • 14.7.6 Generating Identity Audit Policy Violation Reports

Part IV Working with Identity Administration

15 Managing Users

• 15.1 Searching Users
  • 15.1.1 Basic Search
  • 15.1.2 Advanced Search
  • 15.1.3 Operations on Search Results
• 15.2 Creating a User
• 15.3 Viewing User Details
• 15.4 Modifying Users
  • 15.4.1 Editing User Attributes
  • 15.4.2 Requesting, Removing, and Modifying Roles
    • 15.4.2.1 Requesting Roles for a User
    • 15.4.2.2 Modifying a Role
    • 15.4.2.3 Removing Roles from a User
    • 15.4.2.4 Modifying Role Grant Duration
  • 15.4.3 Requesting and Removing Entitlements
    • 15.4.3.1 Requesting Entitlements for a User
    • 15.4.3.2 Removing Entitlements from a User
    • 15.4.3.3 Modifying Entitlement Grant Duration
  • 15.4.4 Requesting, Removing, and Modifying Accounts
    • 15.4.4.1 Requesting for an Account
    • 15.4.4.2 Modifying an Account
    • 15.4.4.3 Removing an Account
    • 15.4.4.4 Marking an Account as Primary
    • 15.4.4.5 Disabling an Account
    • 15.4.4.6 Enabling an Account
    • 15.4.4.7 Modifying Account Grant Duration
  • 15.4.5 Modifying Details of Direct Reports
• 15.5 Disabling a User
• 15.6 Enabling a User
• 15.7 Deleting a User
• 15.8 Locking a User Account
• 15.9 Unlocking a User Account
• 15.10 Resetting the User Password

16 Managing Roles

• 16.1 Role Membership Inheritance
  • 16.1.1 About Role Membership Inheritance
  • 16.1.2 Evaluate Policies for Role Inheritance
• 16.2 Default Roles
• 16.3 Role Management Tasks
  • 16.3.1 Creating Roles
  • 16.3.2 Managing Roles
    • 16.3.2.1 Searching for Roles
    • 16.3.2.2 Viewing and Administering Roles
    • 16.3.2.3 Viewing Role Analytics
    • 16.3.2.4 Deleting Roles

17 Managing Organizations

• 17.1 Searching Organizations
  • 17.1.1 Basic Search
  • 17.1.2 Advanced Search
• 17.2 Creating an Organization
• 17.3 Viewing and Modifying Organizations
  • 17.3.1 Modifying Organization Attributes
  • 17.3.2 Managing Child Organizations
    • 17.3.2.1 Creating a Child Organization
    • 17.3.2.2 Deleting a Child Organization
    • 17.3.2.3 Disabling a Child Organization
    • 17.3.2.4 Enabling a Child Organization
    • 17.3.2.5 Opening a Child Organization
  • 17.3.3 Viewing Organization Membership
  • 17.3.4 Managing Dynamic Organization Membership
    • 17.3.4.1 Creating a Dynamic Organization Membership Rule
    • 17.3.4.2 Modifying a Dynamic Organization Membership Rule
    • 17.3.4.3 Deleting a Dynamic Organization Membership Rule
  • 17.3.5 Managing Admin Roles
    • 17.3.5.1 Granting an Admin Role
    • 17.3.5.2 Revoking an Admin Role
  • 17.3.6 Viewing Available Accounts
  • 17.3.7 Viewing Provisioned Accounts
    • 17.3.7.1 Provisioning a Resource
    • 17.3.7.2 Revoking a Resource
    • 17.3.7.3 Viewing the Details of a Provisioned Resource
    • 17.3.7.4 Disabling a Provisioned Resource
    • 17.3.7.5 Enabling a Provisioned Resource
    • 17.3.7.6 Viewing Resource History
  • 17.3.8 Viewing Available Entitlements
• 17.4 Creating a User Member
• 17.5 Creating a Suborganization
• 17.6 Disabling and Enabling Organizations
• 17.7 Deleting an Organization

18 Managing Administration Roles

• 18.1 Admin Roles
• 18.2 Overview of Admin Role Attributes
  • 18.2.1 Admin Role Capability
  • 18.2.2 Admin Role Scope of Control
  • 18.2.3 Admin Role Publication
• 18.3 Searching Admin Role
  • 18.3.1 Basic Search
  • 18.3.2 Advanced Search
• 18.4 Creating an Admin Role
• 18.5 Viewing and Modifying Admin Role
• 18.6 Deleting Admin Role
• 18.7 Controlling End User Actions

19 Managing Password Policies

• 19.1 Searching Password Policies
  • 19.1.1 Basic Search
  • 19.1.2 Advanced Search
• 19.2 Creating a Password Policy
• 19.3 Setting Password Policy Rules
• 19.4 Evaluating Password Policies
• 19.5 Setting Challenge Options
• 19.6 Deleting a Password Policy
• 19.7 Associating Password Policies with Organization

Part V Reporting

20 Running Reports

• 20.1 Running Oracle Identity Manager Reports
• 20.2 Running Policy Violation Reports

Part VI Appendix

A Personalizing Self Service

• A.1 Performing Search in Self Service
  • A.1.1 Basic Search
  • A.1.2 Advanced Search
• A.2 Adding and Removing Attributes in Advanced Search Criteria
• A.3 Personalizing the Search Result
• A.4 Using Saved Search
  • A.4.1 Creating a Saved Search
  • A.4.2 Personalizing Saved Search
  • A.4.3 Deleting a Saved Search
  • A.4.4 Using Saved Search to Perform a Search Operation
• A.5 Sorting Data in Search Results
• A.6 Using Query By Example

B Functional Capabilities