28 Getting Started with Oracle Identity Management

This section explains the benefits and features of using Oracle Enterprise Manager to monitor Oracle Identity Management systems.

As more and more businesses rely on the Oracle Identity and Access Management Suite to control access to their mission-critical applications (both packaged applications and custom-built web applications) and to provision resources across their organizations, the need to achieve predictable performance and availability for Oracle Identity Management systems has become a top priority for many businesses. An outage or slow performance in access and identity services, for instance, can have negative impacts on the business bottom-line as end-users are unable to log in to mission-critical applications.

To help you maximize the value of Oracle Identity Management systems and to deliver a superior ownership experience while restraining the systems management costs, Oracle provides Oracle Management Pack Plus for Identity Management (the Identity Management Pack), which leverages the Oracle Enterprise Manager Cloud Control advanced management capabilities, to provide an integrated and top-down solution for your Oracle Identity Management environment.

To view a video about managing Oracle Identity Management, click here.

Benefits of Using the Identity Management Pack

The benefits of using the Identity Management Pack include:

  • Using a centralized systems management solution to efficiently manage multiple Oracle Identity Management deployments including testing, staging, and production environments from a single console

  • Gaining the ability to monitor a wide range of performance metrics for all critical Identity Management components to find root causes of problems that could potentially slow performance or create outages

  • Automating configuration management to accelerate problem resolution

  • Recording synthetic Web transactions (or service tests) to monitor Identity Management Service availability and analyze end user response times

  • Defining Service Level Objectives (SLO's) in terms of out-of-box system-level metrics, as well as end user experience metrics to accurately monitor and report on Service Level Agreement (SLA) compliance

Features of the Identity Management Pack

The features in the Identity Management Pack include:

  • Enterprise-Wide View of Oracle Identity Management

    • The "Identity and Access" dashboard provides a centralized view of all Oracle Identity Management components - including Identity Management 10g and Identity Management 11g components.

    • From the "Identity and Access" dashboard, users can view the performance summary of the associated systems and services based on the underlying dependencies and monitor the overall health of the Identity Management environment.

  • Performance Management

    • A wide range of out-of-box performance metrics to find root causes of problems that could potentially slow performance, extend response times, or create outages

    • Customizable performance summaries with a "Metric Palette" that allows users to drag and drop performance charts

  • Configuration Management

    • Perform key configuration management tasks like keeping track of configuration changes for diagnostic and regulatory purposes, taking snapshots to store configurations, and comparing component configurations to ensure consistency of configurations within the same environment or across different environments.

New Features for this Release

New features for Identify Management Pack include:

  • Problem Analysis

    Problem analysis is now available for IDM targets. See Investigating and Analyzing Problems for more information.

  • Performance Page

    This page shows the performance of the database corresponding to the Oracle Access Manager (OAM) Enterprise Manager target. Using this data, the OAM administrator can identify problems causing performance bottlenecks.

  • Configuration Compare Templates

    Using a template, you can remove properties that typically signal "false positives" in comparisons by setting flags to ignore differences. When comparing hosts, for example, you know that host names will be different, so you can indicate to ignore differences on the name property value.

  • Performance Management

    • Out-of-box reports for Oracle Internet Directory, Oracle Access Manager, and Oracle Identity Manager

    • Oracle Identity Manager database performance page to analyze the performance of the underlying Oracle Identity Manager database in the context of the OIM-specific tables and user. Note: The database target will need to be discovered to take advantage of all the features on the database performance page.

  • Configuration Management

    Automated compliance monitoring and change detection for Oracle Identity Manager is now available to help customers meet compliance and reporting requirements.

    To enable the compliance standard association with the Oracle Identity Manager Cluster target. Perform the following steps:

    1. Click the Oracle Identity Manager Cluster target. From the Target menu, select Compliance, then select Standard Associations.

    2. Click Edit Association Settings. Click Add and then select Oracle Identity Manager Cluster Configuration Compliance.

    3. Click OK and then OK again to enable the new association setting.

  • Monitoring Support

    As part of the Oracle Access Management Suite, added monitoring support for the Oracle Mobile and Social, Identity Federation. This includes Up and Down status of Mobile and Social service along with the collection of the select Mobile and Social metrics.

Monitoring Oracle Identity Management Components in Enterprise Manager

You can use Enterprise Manager to monitor the following Identity Management 11g components (Table 28-1).

Table 28-1 Licensed Targets for Identity Management 11g Targets

Enterprise Manager Target Type Purpose

Oracle Adaptive Access Manager

Oracle Access Manager

Oracle Directory Integration Platform

Oracle Identity Federation

Oracle Identity Manager

Oracle Internet Directory

Oracle Virtual Directory

Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview, customizable performance summary, process control, configuration management, compliance analysis, and Information Publisher reports.

For all the Oracle Adaptive Access Managers, Oracle Access Managers, and Oracle Identity Managers that are deployed within the same WebLogic domain, a cluster target will be created for each component:

  • Oracle Adaptive Access Manager Cluster

  • Oracle Access Manager Cluster

  • Oracle Identity Manager Cluster

Each cluster target is a logically related group of components that are managed as a unit.

Every target is part of a WebLogic domain.

Oracle Directory Server Enterprise Edition

The following types of targets will be created for each Oracle Directory Server Enterprise Edition deployment:

  • Oracle Directory Server Enterprise Edition Server

    A target represents the LDAP service and all internal resources

  • Directory Server Group

    User logical grouping of Oracle Directory Server Enterprise Edition Servers

  • Directory Server Enterprise

    A set of Oracle Directory Server Enterprise Edition Servers connected through a network that participates in the service, including Directory Server Groups.

Each target provides an interface in Enterprise Manager with access to target overview, customizable performance summary, process control, and configuration management.

The following Identity Management 10g components can be monitored by Enterprise Manager (Table 28-2).

Table 28-2 Licensed Targets for Identity Management 10g Targets

Enterprise Manager Target Type Purpose

Oracle Delegated Administration Server

Oracle Directory Integration Platform

Oracle Internet Directory

Oracle Single Sign-On

Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview and performance summary

Oracle Access Manager - Access Server

Oracle Access Manager - Identity Server

Oracle Identity Federation

Each component will be presented as a target in Enterprise Manager which provides an interface with access to target overview and performance summary.

A system target will be created for each component to provide end-to-end system oriented view of the component:

  • Access Manager - Access System

  • Access Manager - Identity System

  • Identity Federation System

The underlying LDAP servers, database instances and hosts will be monitored within the system.

Oracle Identity Manager

The following types of targets will be created for each Oracle Identity Manager:

  • Identity Manager Server

    A target represents the server tier of Oracle Identity Manager

  • Identity Manager Repository

    A target represents the data and enterprise integration tier of Oracle Identity Manager

A system target will be created for Oracle Identity Manager to provide an end-to-end system oriented view of the component.

  • Identity Manager System

The underlying LDAP servers, database instances, and hosts will be monitored within the system.

The monitored targets in the Identity Management pack associated with both release 10g and release 11g are summarized in Table 28-3.

Table 28-3 Targets Associated with Identity Management 11g Targets

Enterprise Manager Target Type Purpose

Generic Service

With the Management Pack Plus for Identity Management, users can create targets of type Generic Service associated with any of the monitored Identity Management Systems: Access Manager - Access System, Access Manager - Identity System, Identity Federation System, Identity Manager System, and Identity and Access System. The Generic Service target provides an end-to-end service oriented view of the monitored Oracle Identity Management targets with access to performance and usage metrics, service tests, service level rules, service availability definition, alerts, charts, and topology view.

Host

Representation of hosts running Oracle Identity Management components providing access to metrics, alerts, performance charts, remote file editor, log file alerts, user-defined metrics, host commands and customized reports.

Oracle Database

Representation of Oracle Database that is used by Oracle Identity Management components providing access to metrics, alerts, performance charts, compliance summary, and configuration management.

Oracle Identity and Access System

System target that can be modeled with any discovered Oracle Identity Management target and the underlying hosts and databases as the key components providing an end-to-end system oriented view of the monitored Identity Management environment. The Identity and Access System target provides access to member status, metrics, charts, incidents, and topology view.

Oracle SOA Suite

Representation of Oracle SOA Suite that is used by Oracle Identity Manager 11g providing access to metrics, alerts, performance charts, and configuration management of the SOA infrastructure instance and its service engines.