1. Help Reference for Oracle Access Management Consoles
  2. Configuration Help
  3. User Identity Stores Help
  4. User Identity Stores

9.1 User Identity Stores

Default and System Store

The following table describes the elements in the Default and System Store section of the User Identity Stores page:

Element Description

Default Store

Select a default store from the drop-down menu. It is the automatic choice for use by LDAP authentication modules unless you configure use of a different store for the module or plug-in.

System Store

Select a system store from the drop-down menu. Only one User Identity Store can be designated as the System Store. This is used to authenticate Administrators signing in to use the Oracle Access Management Console, remote registration tools, and custom administrative commands in WLST.

Apply

Click Apply to submit the changes.

Access System Administrators

This table appears only while changing System Store. All Administrator roles, users, and groups must be stored in the System Store. If the System Store changes, appropriate Administrator roles must be added to the new System Store.

The following table describes the elements in the Access System Administrators section of the User Identity Stores page:

Element Description

Name

Displays the name added using Add System Administrators Roles dialog box.

Type

Displays the type of the added name.

Sort Ascending

Click to sort the items in the column in ascending order.

Sort Descending

Click to sort the items in the column in descending order.

Add

Click to open Add System Administrators Roles dialog box.

Delete

Select a row in the table and click Delete to remove the row.

Add System Administrators Roles dialog box

Click Add button in Access System Administrators section to open this dialog box.

Search

In this section, user can search the System Store to find configured administrators.

The following table describes the elements in the Add System Administrator Roles dialog box of the Access System Administrators section:

Element Description

Name

Type a name that needs to be searched.

Type

Select a Type from the list.

Search

Click Search to initiate the search and populate results in the search results table.

Reset

Click Reset to reset the search criteria.

Search Results

This section lists the records matching the search criteria.

The following table describes the elements in the Add System Administrator Roles dialog box of the Access System Administrators section:

Element Description

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Detach

Click to expand the table to a full page.

Name

Displays the searched names.

Type

Displays the Type of the searched names.

Add selected

Select the desired user from the table, then click Add Selected to add the selected rows to Access System Administrators table.

Cancel

Click Cancel to cancel your selections.

Close

Click to close the dialog box.

OAM ID Stores

The following table describes the elements in the OAM ID Stores section of the User Identity Stores page:

Element Description

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Create

Click to create a new user identity store using the Create User Identity Store page.

Duplicate

Click to create a copy of the existing record.

Select a row and click Duplicate to open the existing record in edit mode, user can make changes and save the record.

Edit

Select a row in the table and click Edit to open the record in edit mode. Modify values as needed and click Apply to update the registration or close the tab without applying changes.

Delete

Select a row in the table and click Delete, in the confirm pop-up click Delete to remove the row or click Cancel to retain the row.

Name

Lists all the created Store Names.

Directory Type

Lists the type of directory server software hosting the repository. If the type is not selected, this field will be empty.

Host Information

Lists the information about the host computer on which the Identity Directory Service Repository is located.

Description

Lists the description added while creating the Identity Store.

Synched IDS Profiles

Lists the IDS profiles that are synched.

Sort Ascending

Click to sort the items in the column in ascending order.

Sort Descending

Click to sort the items in the column in descending order.

Sync IDS Profiles

Click to make common Identity Directory Service Profiles accessible to Oracle Access Management as local Identity Stores.

Identity Directory Service

Identity Directory Service is a common service used by Oracle Identity Management products to access and manage Identity Directory. The IDS Profiles can be used within Oracle Access Management after they are synchronized.

IDS Profiles

The following table describes the elements in the IDS Profiles section of the User Identity Stores page:

Element Description

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Create

Click to create a new identity directory service profile using the Create Identity Store Profile page.

Edit

Select a row in the table and click Edit to open the record in edit mode. Modify values as needed and click Apply to update the registration or close the tab without applying changes.

Delete

Select a row in the table and click Delete, in the confirm pop-up click Delete to remove the row, or click Cancel to retain the row.

Name

Lists all the created User Profile Service Provider names.

Description

Lists all the descriptions added for the Service Provider names.

Repository Name

Lists all the Repository Names added for the Service Provider names.

Created By

Displays the name of the user who created the IDS profile.

Sort Asc

Click to sort the items in the column in ascending order.

Sort desc

Click to sort the items in the column in descending order.

Create Identity Store Profile

Use this page to create an Identity Service Profile. Click Create under IDS Profiles section to access this page.

The following table describes the elements in the Create Identity Store Profile page:

Element Description

Name

Type a unique name for this User Profile Service Provider.

Description

Type a short description that will help you or another Administrator identify this service in the future.

Repository

The following table describes the elements in the Repository section of the Create Identity Store Profile page:

Element Description

Repository Options

Select any of the following options:

  • Create New - Defines a new Repository object for the Identity Directory Service connection.

  • Use Existing - Allows you to choose a previously defined Repository object selecting it from the drop down menu.

Name

Enter a unique name to create, or choose an existing one from the menu. After entering a new name, configure properties for the Identity Directory Service connection.

Directory Type

Select the type of directory server software hosting the Repository.

For Example: Microsoft Active Directory or Oracle Internet Directory.

If your directory is not listed, leave this field empty.

Note: If you are not defining a new Identity Directory Service connection or creating a new repository, this field is read-only.

Hosts

Contains information about the host computer on which the Identity Directory Service Repository is located. Add multiple hosts if the directory server is part of a cluster.

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Add

Click to add a new host to the table.

Remove

Select a row in the table and click Removeto delete the row.

Host Name

Type either the IP address or the name of the computer on which the Directory server is running.

Port

Type the port number that the directory server is configured to use.

Load Distribution (%)

Type the load amount as a percentage that should be directed to each host. For multiple hosts, the amount should add up to 100%.

Availability

Choose from the following:

  • Failover - Choose if the cluster is configured for failover operation.

  • Load balanced - Choose if the cluster distributes the load across multiple hosts.

Note: This field is read-only if you are using an existing repository.

SSL

Select Enabled if the connection is configured for SSL.

Bind DN

Type the distinguished name (DN) of the LDAP Administrator used to authenticate to the Directory server.

Bind Password

Type the Bind DN password used to authenticate to the Directory server.

Base DN

Type the base distinguished name (DN) where User and Group data is located.

Password Management

Select Enabled to enable password policy enforcement against attribute values. Refer Password Management for attribute values and to configure the corresponding options in the password policy.

Use Native ID Store Settings

This enables getting the authentication code for natively locked/disabled/pw_must_change code in the LDAP authentication module.

Use Oblix User schema

Click to check this box to Enable the use of OBLIX schema instead of standard Oracle schema.

Create

Click to create this identity profile, the profile is displayed in the IDS Profiles table.

Cancel

Click to cancel this identity profile.

Test Connection

Click to confirm connectivity, then close the confirmation window.

Form-Fill Application IDS Profile

Use this page to create an Identity Directory Service Profile for a Form-fill Application, click the Create Form-Fill Application IDS Profile button on the left of the IDS Profile section to access this page.

This page is arranged in the following sections:

  • Repository

  • Entity Search Bases

The following table describes the elements in the Form-Fill Application IDS Profile page:

Element Description

Name

Type a unique name for this User Profile Service Provider.

Description

Type a short description that will help you or another Administrator identify this service in the future.

Repository

The following table describes the elements in the Repository section of the Form-Fill Application IDS Profile page:

Element Description

Repository Options

Select any of the following options:

  • Create New - Defines a new Repository object for the Identity Directory Service connection.

  • Use Existing - Allows you to choose a previously defined Repository object selecting it from the drop down menu.

Name

Enter a unique name to create, or choose an existing one from the menu. After entering a new name, configure properties for the Identity Directory Service connection.

Directory Type

Select the type of directory server software hosting the Repository.

For Example: Microsoft Active Directory or Oracle Internet Directory.

If your directory is not listed, leave this field empty.

Note:If you are not defining a new Identity Directory Service connection or creating a new repository, this field is read-only.

Hosts

Contains information about the host computer on which the Identity Directory Service Repository is located. Add multiple hosts if the directory server is part of a cluster.

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Add

Click to add a new host to the table.

Remove

Select a row from the table and click Remove to delete the row.

Host Name

Type either the IP address or the name of the computer on which the Directory server is running.

Port

Type the port number that the directory server is configured to use.

Load Distribution (%)

Type the load amount as a percentage that should be directed to each host. For multiple hosts, the amount should add up to 100%.

Availability

Choose from the following:

  • Failover - Choose if the cluster is configured for failover operation.

  • Load balanced - Choose if the cluster distributes the load across multiple hosts.

Note: This field is read-only if you are using an existing repository.

SSL

Select Enabled if the connection is configured for SSL.

Bind DN

Type the distinguished name (DN) of the LDAP Administrator used to authenticate to the Directory server.

Bind Password

Type the Bind DN password used to authenticate to the Directory server.

Base DN

Type the base distinguished name (DN) where User and Group data is located.

Password Management

Select Enabled to enable password policy enforcement against attribute values. Refer Password Management for attribute values and to configure the corresponding options in the password policy.

Use Native ID Store Settings

This enables getting the authentication code for natively locked/disabled/pw_must_change code in the LDAP authentication module.

Use Oblix User schema

Click to check this box to Enable the use of OBLIX schema instead of standard Oracle schema.

Entity Search Bases

The following table describes the elements in the Entity Search Bases section of the Form-Fill Application IDS Profile page:

Element Description

User Base DN

Full DN for the node at which enterprise users are stored in the directory.

For Example: cn=Users,realm_DN.

Group Base DN

Full DN for the node at which enterprise groups are stored in the directory.

For Example: ou=demo.

Application Template Base DN

Full DN for the node from which searches for the Application Templates will begin.

Top Search Base DN

Full DN for the node from which searches will begin.

For Example: cn=realm_DN.

Create

Click to create this identity profile, the profile is displayed in the IDS Profiles table.

Cancel

Click to cancel this identity profile.

Test Connection

Click to confirm connectivity, then close the confirmation window.

IDS Repositories Elements

The following table describes the elements in the IDS Repositories section of the User Identity Stores page:

Element Description

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Create

Click to create a new IDS Repository using the Create IDS Repositories page.

Edit

Select a row in the table and click Edit to open the record in edit mode. Modify values as needed and click Apply to update the repository, or close the tab without applying changes.

Delete

Select a row in the table and click Delete, in the confirm pop-up click Delete to remove the row, or click Cancel to retain the row.

Name

Lists the created IDS Repository names.

Directory Type

Lists the Directory Type added for the Repositories.

Host Information

Lists the Host Information added.

Sort ascending

Click to sort the items in the column in ascending order.

Sort descending

Click to sort the items in the column in descending order.

Create IDS Repositories/Create LDAP Repository

Use this page to create an Identity Directory Service Repository, click Create under IDS Repository to access this page.

The following table describes the elements in the Create IDS Repositories page:

Element Description

Name

Type a unique name to create, or choose an existing one from the menu. After entering a new name, configure properties for the Identity Directory Service connection.

Directory Type

Select the type of directory server software hosting the Repository.

For example: Microsoft Active Directory or Oracle Internet Directory.

If your directory is not listed, leave this field empty.

Note: If you are not defining a new Identity Directory Service connection or creating a new repository, this field is read-only.

Hosts

Contains information about the host computer on which the Identity Directory Service Repository is located. Add multiple hosts if the directory server is part of a cluster.

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Add

Click to add a new host to the table.

Remove

Select a row from the table and click Remove to delete the row.

Host Name

Type either the IP address or the name of the computer on which the Directory server is running.

Port

Type the port number that the directory server is configured to use.

Load Distribution (%)

Type the load amount as a percentage that should be directed to each host. For multiple hosts, the amount should add up to 100%.

Availability

Choose from the following:

  • Failover - Choose if the cluster is configured for failover operation.

  • Load balanced - Choose if the cluster distributes the load across multiple hosts.

Note: This field is read-only if you are using an existing repository.

SSL

Select Enabled if the connection is configured for SSL.

Bind DN

Type the distinguished name (DN) of the LDAP Administrator used to authenticate to the Directory server.

Bind Password

Type the Bind DN password used to authenticate to the Directory server.

Base DN

Type the base distinguished name (DN) where User and Group data is located.

Password Management

Select Enabled to enable password policy enforcement against attribute values. Refer Password Management for attribute values and to configure the corresponding options in the password policy.

Use Native ID Store Settings

This enables getting the authentication code for natively locked/disabled/pw_must_change code in the LDAP authentication module.

Use Oblix User Schema

Click to check this box to Enable the use of OBLIX schema instead of standard Oracle schema.

Test Connection

Click to confirm if the values are correct.

Create

Click to create this IDS Repository, the repository is displayed in the IDS Repositories table.

Cancel

Click to cancel this IDS Repository.

Related Topics

Managing Data Sources in Administrator's Guide for Oracle Access Management.