Table of Contents

• List of Figures
• List of Tables
• Title and Copyright Information
• Preface
  • Audience
  • Documentation Accessibility
  • Related Documents
  • Conventions
• What's New In This Guide
  • Updates in October 2020 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in June 2020 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in January 2020 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in October 2019 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in February 2019 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in January 2019 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in October 2018 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in July 2018 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in April 2018 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in January 2018 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in November 2017 Documentation Refresh for 12c (12.2.1.3.0)
  • Updates in September 2017 Documentation Refresh for 12c (12.2.1.3.0)
  • New and Changed Features for 12c (12.2.1.3)
• Part I Application Provisioning
  • 1 Developing Application Instances
    • 1.1 Overview of Application Instances
    • 1.2 Managing Resources By Using the Design Console
      • 1.2.1 Overview of Resource Management
      • 1.2.2 IT Resources Type Definition Form
      • 1.2.3 Fields of the IT Resource Type Definition Form
      • 1.2.4 Defining a Template (a Resource Type) for IT Resources
    • 1.3 Converting a Disconnected Application Instance to Connected Application Instance
      • 1.3.1 Assumptions and Broad-Level Steps
      • 1.3.2 Creating a Disconnected Application Instance in the Production Environment
      • 1.3.3 Exporting Disconnected Application Instance From Test Environment
      • 1.3.4 Importing the Disconnected Application Instance in Production Environment
      • 1.3.5 Modifying the Application Instance from Disconnected to Connected
      • 1.3.6 Testing the Connected Application Instance
  • 2 Developing Provisioning Processes
    • 2.1 Process Definition Form
    • 2.2 Fields of the Process Definition Form
    • 2.3 Creating a Process Definition
    • 2.4 Tabs on the Process Definition Form
      • 2.4.1 The Tasks Tab
        • 2.4.1.1 About the Tasks Tab
        • 2.4.1.2 Adding a Process Task
        • 2.4.1.3 Editing a Process Task
        • 2.4.1.4 Deleting a Process Task
      • 2.4.2 The Reconciliation Field Mappings Tab
        • 2.4.2.1 About the Reconciliation Field Mappings Tab
        • 2.4.2.2 User Account Status Reconciliation
        • 2.4.2.3 Mapping a Target Resource Field to Oracle Identity Governance
        • 2.4.2.4 Mapping a Single Value Field
        • 2.4.2.5 Mapping a Multi-Value Field (For Target Resources Only)
        • 2.4.2.6 Deleting a Mapping
    • 2.5 Modifying Process Tasks
      • 2.5.1 The General Tab
        • 2.5.1.1 About the General Tab
        • 2.5.1.2 Fields of the General Tab
        • 2.5.1.3 Modifying a Process Task's General Information
        • 2.5.1.4 Triggering Process Tasks for Events Defined in Lookup.USR_PROCESS_TRIGGERS Fields
          • 2.5.1.4.1 About the USR_STATUS Attribute
          • 2.5.1.4.2 Triggering for the USR_STATUS Attribute For Transition from Disabled to Enabled Status
          • 2.5.1.4.3 Triggering for the USR_STATUS Attribute For Transition from Enabled to Disabled Status
          • 2.5.1.4.4 Triggering for the USR_STATUS Attribute for Transition From Enabled/Disabled/Provisioned to Revoked status
          • 2.5.1.4.5 Triggering For the USR_LOCKED, USR_LOCKED_ON, USR_MANUALLY_LOCKED Attributes
      • 2.5.2 Integration Tab
        • 2.5.2.1 About the Integration Tab
        • 2.5.2.2 Assigning an Adapter or Event Handler to a Process Task
        • 2.5.2.3 Mapping Adapter Variables
        • 2.5.2.4 Removing an Adapter or Event Handler from a Process Task
      • 2.5.3 Task Dependency Tab
        • 2.5.3.1 About the Dependency Tab
        • 2.5.3.2 Assigning a Preceding Task to a Process Task
        • 2.5.3.3 Removing a Preceding Task from a Process Task
        • 2.5.3.4 Assigning a Dependent Task to a Process Task
        • 2.5.3.5 Removing a Dependent Task from a Process Task
      • 2.5.4 Responses Tab
        • 2.5.4.1 About the Responses Tab
        • 2.5.4.2 Adding a Response to a Process Task
        • 2.5.4.3 Removing a Response from a Process Task
        • 2.5.4.4 Assigning a Generated Task to a Process Task
        • 2.5.4.5 Removing a Generated Task From a Process Task
      • 2.5.5 Task to Object Status Mapping Tab
        • 2.5.5.1 About the Task to Object Status Mapping Tab
        • 2.5.5.2 Mapping a Process Task Status to a Provisioning Status
        • 2.5.5.3 Unmapping a Process Task Status From a Provisioning Status
• Part II Connectors
  • 3 Using the Adapter Factory
    • 3.1 Introduction to Adapters
    • 3.2 Types of Adapters
      • 3.2.1 Rule Generator Adapters
      • 3.2.2 Entity Adapters
      • 3.2.3 Task Assignment Adapters
      • 3.2.4 Prepopulate Adapters
      • 3.2.5 Process Task Adapters
    • 3.3 Adapter Environment and Tools
      • 3.3.1 Configuring the Adapter Environment
      • 3.3.2 The Adapter Factory
      • 3.3.3 Compiling Adapters
        • 3.3.3.1 Automatic Compilation of Adapters
        • 3.3.3.2 Compiling Adapters Manually
    • 3.4 Defining Adapters
    • 3.5 Tabs of the Adapter Factory Form
      • 3.5.1 The Adapter Tasks Tab
      • 3.5.2 The Resources Tab
      • 3.5.3 The Variable List Tab
      • 3.5.4 The Usage Lookup Tab
      • 3.5.5 The Responses Tab
    • 3.6 Disabling and Re-enabling Adapters
    • 3.7 Working With Adapter Variables
      • 3.7.1 Creating an Adapter Variable
      • 3.7.2 Items on the Map To Menu
      • 3.7.3 Modifying an Adapter Variable
      • 3.7.4 Deleting an Adapter Variable
    • 3.8 Creating Adapter Tasks
      • 3.8.1 Types of Adapter Tasks
      • 3.8.2 Creating a Java Task
      • 3.8.3 Options in the Object Instance Selection Window
      • 3.8.4 Regions of the Add an Adapter Factory Task Window
      • 3.8.5 Reassigning the Value of an Adapter Variable
        • 3.8.5.1 About Reassigning Adapter Variable
        • 3.8.5.2 Creating a Set Variable Task
        • 3.8.5.3 Types of Operands
        • 3.8.5.4 Creating Additional Set Variable Tasks
    • 3.9 Modifying Adapter Tasks
    • 3.10 Changing the Order and Nesting of Tasks
    • 3.11 Deleting Adapter Tasks
    • 3.12 Working with Responses
      • 3.12.1 About Responses
      • 3.12.2 Creating a Response
      • 3.12.3 Modifying a Response
      • 3.12.4 Deleting a Response
    • 3.13 Working with Prepopulate Adapters
      • 3.13.1 Attaching Prepopulate Adapters to Form Fields
      • 3.13.2 Fields of the Prepopulate Adapters Dialog Box
      • 3.13.3 Fields of the Map Adapter Variables Window
      • 3.13.4 Removing Prepopulate Adapters from Form Fields
    • 3.14 Working with Process Task Adapters
      • 3.14.1 Guidelines for Working with a Process Task Adapter
      • 3.14.2 Attaching Process Task Adapters to Process Tasks
      • 3.14.3 Fields of the Data Mapping for Variable Window
      • 3.14.4 Removing Process Task Adapters from Process Tasks
    • 3.15 Adapter Mapping Information
      • 3.15.1 About Adapters
      • 3.15.2 Adapter Task Mapping Information
        • 3.15.2.1 Adapter Variables
        • 3.15.2.2 Adapter Task
        • 3.15.2.3 Literal for an Adapter Task
        • 3.15.2.4 Adapter References
        • 3.15.2.5 Process Definition
        • 3.15.2.6 User Definition
      • 3.15.3 Adapter Variable Mapping Information
        • 3.15.3.1 Adapter Type and Location
        • 3.15.3.2 From the Variable List Tab
        • 3.15.3.3 Process Task Adapter Variable Mappings
        • 3.15.3.4 Task Assignment Adapter Variable Mappings
        • 3.15.3.5 Rule Generator and Entity Adapter Variable Mappings
        • 3.15.3.6 Prepopulate Adapter Variable Mappings
    • 3.16 Defining Error Messages
      • 3.16.1 The Error Message Definition Form
      • 3.16.2 Fields of the Error Message Definition Form
      • 3.16.3 Creating an Error Message
  • 4 Understanding the Identity Connector Framework
    • 4.1 Advantages of ICF
    • 4.2 Introducing the ICF Architecture
      • 4.2.1 Identity Connector Framework Deployment
      • 4.2.2 Compatibility Between the ICF and Connector Bundles
      • 4.2.3 Deployment Methodology to Support Multiple Versions of Same Target
      • 4.2.4 Connector Server Remote System Framework
      • 4.2.5 ICF Framework
    • 4.3 Using the ICF API
      • 4.3.1 The ConnectorInfoManagerFactory Class
      • 4.3.2 The ConnectorInfoManager Interface
      • 4.3.3 The ConnectorKey Class
      • 4.3.4 The ConnectorInfo Interface
      • 4.3.5 The APIConfiguration Interface
      • 4.3.6 The ConfigurationProperties Interface
      • 4.3.7 The ConnectorFacadeFactory Class
      • 4.3.8 The ConnectorFacade Interface
    • 4.4 Introducing the ICF SPI
      • 4.4.1 Implementing the Required Interfaces
        • 4.4.1.1 The org.identityconnectors.framework.spi.Connector Interface
        • 4.4.1.2 Implementing the Connector Methods
          • 4.4.1.2.1 Implementing the init Method
          • 4.4.1.2.2 Implementing the dispose Method
          • 4.4.1.2.3 Implementing the getConfiguration Method
        • 4.4.1.3 The org.identityconnectors.framework.spi.Configuration Interface
        • 4.4.1.4 Implementing the Configuration Methods
          • 4.4.1.4.1 The validate() Method
          • 4.4.1.4.2 The setConnectorMessages() Method
          • 4.4.1.4.3 The getConnectorMessages() Method
      • 4.4.2 Implementing the Feature-based Interfaces
        • 4.4.2.1 The org.identityconnectors.framework.spi.PoolableConnector Interface
        • 4.4.2.2 The org.identityconnectors.framework.spi.AttributeNormalizer Interface
      • 4.4.3 Implementing the Operation Interfaces
        • 4.4.3.1 About Operation Interfaces
        • 4.4.3.2 Implementing the SchemaOp Interface
        • 4.4.3.3 Implementing the CreateOp Interface
        • 4.4.3.4 Implementing the DeleteOp Interface
        • 4.4.3.5 Implementing the SearchOp Interface
          • 4.4.3.5.1 About Implementing the SearchOp Interface
          • 4.4.3.5.2 Implementing the createFilterTranslator Method
          • 4.4.3.5.3 Implementing the executeQuery Method
        • 4.4.3.6 Implementing the UpdateOp Interface
      • 4.4.4 Common Classes
    • 4.5 Extending an Identity Connector Bundle
    • 4.6 Using an Identity Connector Server
      • 4.6.1 About the Identity Connector Server
      • 4.6.2 Using the Java Connector Server
        • 4.6.2.1 Installing and Configuring a Java Connector Server
        • 4.6.2.2 Properties in the ConnectorServer.properties File
        • 4.6.2.3 Running the Java Connector Server on Microsoft Windows
        • 4.6.2.4 Options Supported by the ConnectorServer.bat Script
        • 4.6.2.5 Running the Java Connector Server on Solaris and Linux
        • 4.6.2.6 Options Supported by the connectorserver.sh Script
        • 4.6.2.7 Installing an Identity Connector in a Java Connector Server
        • 4.6.2.8 Using SSL to Communicate with a Connector Server
      • 4.6.3 Using the .NET Connector Server
        • 4.6.3.1 Installing the .NET Connector Server
        • 4.6.3.2 Configuring the .NET Connector Server
        • 4.6.3.3 Upgrading the .NET Connector Server
        • 4.6.3.4 Configuring Trace Settings
        • 4.6.3.5 Running the .NET Connector Server
        • 4.6.3.6 Installing Multiple Connectors on a .NET Connector Server
  • 5 Developing Identity Connectors Using Java
    • 5.1 Introduction to Flat File Connector Development
    • 5.2 Developing a Flat File Connector
      • 5.2.1 Overview of Developing a Flat File Connector
      • 5.2.2 Implementation of AbstractConfiguration
      • 5.2.3 Implementation of PoolableConnector
      • 5.2.4 Implementation of AbstractFilterTranslator
      • 5.2.5 The MANIFEST.MF File
    • 5.3 Supporting Classes for File Input and Output Handling
      • 5.3.1 Implementation of the FlatFileIOFactory Supporting Class
      • 5.3.2 Implementation of the FlatFileMetaData Supporting Class
      • 5.3.3 Implementation of the FlatFileParser Supporting Class
      • 5.3.4 Implementation of the FlatFileWriter Supporting Class
      • 5.3.5 Implementation of the FlatfileLineIterator Supporting Class
      • 5.3.6 Implementation of the FlatfileUserAccount Supporting Class
      • 5.3.7 Implementation of the FlatfileAccountConversionHandler Supporting Class
      • 5.3.8 Implementation of the Messages.Properties Supporting Class
    • 5.4 Uploading the Identity Connector Bundle to Oracle Identity Governance Database
      • 5.4.1 Registering the Connector Bundle with Oracle Identity Governance
      • 5.4.2 Creating Basic Identity Connector Metadata
        • 5.4.2.1 Creating the IT Resource Type Definition
        • 5.4.2.2 Creating the Resource Object
        • 5.4.2.3 Creating Lookups
          • 5.4.2.3.1 Creating the Main Configuration Lookup
          • 5.4.2.3.2 Creating Object Type Configuration Lookup
      • 5.4.3 Creating Provisioning Metadata
        • 5.4.3.1 Creating a Process Form
          • 5.4.3.1.1 Creating a Process Form
          • 5.4.3.1.2 About Process Forms
          • 5.4.3.1.3 Attributes in the Connector Schema
        • 5.4.3.2 Creating Adapters
        • 5.4.3.3 Creating A Process Definition
        • 5.4.3.4 Creating a Provisioning Attribute Mapping Lookup
          • 5.4.3.4.1 About Provisioning Attribute Mapping Lookup
          • 5.4.3.4.2 Creating a Provisioning Attribute Mapping Lookup
          • 5.4.3.4.3 Field Flags Used in the Provisioning Attributes Map
      • 5.4.4 Creating Reconciliation Metadata
        • 5.4.4.1 Creating a Reconciliation Scheduled Task
          • 5.4.4.1.1 Defining the Scheduled Task
          • 5.4.4.1.2 Creating a Scheduled Task
        • 5.4.4.2 Creating a Reconciliation Profile
        • 5.4.4.3 Setting a Reconciliation Action Rule
        • 5.4.4.4 Creating Reconciliation Mapping
        • 5.4.4.5 Field Flags Used in the Reconciliation Attributes Map
        • 5.4.4.6 Defining a Reconciliation Matching Rule
    • 5.5 Provisioning a Flat File Account
    • 5.6 Installing the Java Connector Server
    • 5.7 Configuring the Java Connector Server with SSL for Oracle Identity Governance
    • 5.8 Configuring the Java Connector Server without SSL for Oracle Identity Governance
    • 5.9 Upgrading the Java Connector Server
  • 6 Developing Identity Connectors Using .NET
    • 6.1 Developing a Flat File .NET Connector
      • 6.1.1 Overview of Developing a Flat File .NET Connector
      • 6.1.2 Developing a Flat File .NET Connector
      • 6.1.3 Implementation of AbstractConfiguration
      • 6.1.4 Implementation of PoolableConnector
      • 6.1.5 Implementation of AbstractFilterTranslator
      • 6.1.6 Sample AssemblyInfo.cs File
    • 6.2 Deploying the Identity Connector Bundle on .NET Connector Server
      • 6.2.1 Registering the Connector Bundle with .NET Connector Server
      • 6.2.2 Creating Basic Identity Connector Metadata
        • 6.2.2.1 Creating the IT Resource Type Definition
        • 6.2.2.2 Creating the Resource Object
        • 6.2.2.3 Creating Lookups
          • 6.2.2.3.1 Creating the Main Configuration Lookup
          • 6.2.2.3.2 Creating Object Type Configuration Lookup
      • 6.2.3 Creating Provisioning Metadata
        • 6.2.3.1 Creating a Process Form
          • 6.2.3.1.1 About Process Forms
          • 6.2.3.1.2 Creating a Process Form
          • 6.2.3.1.3 Attributes in the Connector Schema
        • 6.2.3.2 Creating Adapters
        • 6.2.3.3 Creating a Process Definition
        • 6.2.3.4 Creating a Provisioning Attribute Mapping Lookup
          • 6.2.3.4.1 About Provisioning Attribute Mapping Lookup
          • 6.2.3.4.2 Creating a Provisioning Attribute Mapping Lookup
          • 6.2.3.4.3 Field Flags Used in the Provisioning Attributes Map
      • 6.2.4 Creating Reconciliation Metadata
        • 6.2.4.1 Creating a Reconciliation Scheduled Task
          • 6.2.4.1.1 Defining the Scheduled Task
          • 6.2.4.1.2 Creating a Scheduled Job
        • 6.2.4.2 Creating a Reconciliation Profile
        • 6.2.4.3 Setting a Reconciliation Action Rule
        • 6.2.4.4 Creating Reconciliation Mapping
        • 6.2.4.5 Field Flags Used in the Reconciliation Attributes Map
        • 6.2.4.6 Defining a Reconciliation Matching Rule
    • 6.3 Provisioning a Flat File Account
  • 7 Integrating ICF with Oracle Identity Governance
    • 7.1 ICF Common
    • 7.2 Integration Architecture
    • 7.3 Global Oracle Identity Governance Lookups
      • 7.3.1 About Global Lookups
      • 7.3.2 Main Lookup Configuration
      • 7.3.3 User Management Configuration
      • 7.3.4 Recon Transformation Lookup (Lookup.CONNECTOR_NAME.UM.ReconTransformation)
      • 7.3.5 Recon Validation Lookup (Lookup.CONNECTOR_NAME.UM.ReconValidation)
      • 7.3.6 Optional Defaults Lookup
    • 7.4 About IT Resources for ICF Integration
    • 7.5 Provisioning Using ICF
      • 7.5.1 ICF Provisioning Manager
        • 7.5.1.1 APIs for Provisioning
        • 7.5.1.2 Account Related Operations
        • 7.5.1.3 Multivalued Operations
        • 7.5.1.4 Other operations
      • 7.5.2 Provisioning Lookup
      • 7.5.3 Non-User Object Types
      • 7.5.4 Optional Lookups for Provisioning
      • 7.5.5 Provisioning Validation Lookup
      • 7.5.6 Optional Flags in Lookups for Provisioning Attribute Map
      • 7.5.7 Compound attributes in Provisioning Attribute Map
    • 7.6 Concepts of Reconciliation in ICF Common
      • 7.6.1 Types of Reconciliation
        • 7.6.1.1 About Reconciliation Types
        • 7.6.1.2 ICF Common Reconciliation Parameters
        • 7.6.1.3 Target and Trusted Reconciliation
        • 7.6.1.4 Full, Incremental Reconciliation
        • 7.6.1.5 Advanced Incremental Reconciliation
        • 7.6.1.6 Delete Reconciliation
        • 7.6.1.7 Group Lookup Reconciliation
      • 7.6.2 List of Reconciliation Artifacts in Oracle Identity Governance
        • 7.6.2.1 Methods of Control Over Reconciliation
        • 7.6.2.2 Lookups for Reconciliation
        • 7.6.2.3 Example of Reconciliation With Child Table
          • 7.6.2.3.1 Example Showing Design Console Updates to Setup Reconciliation with Child Table
          • 7.6.2.3.2 Setting Up Reconciliation With Child Tables
    • 7.7 Predefined Scheduled Tasks
      • 7.7.1 LookupReconTask
      • 7.7.2 SearchReconTask
      • 7.7.3 SearchReconDeleteTask
      • 7.7.4 SyncReconTask
    • 7.8 ICF Filter Syntax
      • 7.8.1 Filter Examples
      • 7.8.2 Definition in EBNF Format
      • 7.8.3 Keywords and Syntax for the Filter Attribute
  • 8 Using Java APIs for ICF Integration
  • 9 Configuring ICF Connectors
    • 9.1 Configuring Connector Load Balancer
      • 9.1.1 About the Load Balancer Configuration
      • 9.1.2 Configuring the Load Balancer for a Connector Server
    • 9.2 Configuring Validation of Data During Reconciliation and Provisioning
      • 9.2.1 About Validation of Data During Reconciliation and Provisioning
      • 9.2.2 Configuring Validation of Data
      • 9.2.3 Sample Validation Class
    • 9.3 Configuring Transformation of Data During User Reconciliation
      • 9.3.1 About Transformation of Data During User Reconciliation
      • 9.3.2 Configuring Transformation of Single-Valued User Data Fetched During Reconciliation
      • 9.3.3 Sample Transformation Class
    • 9.4 Configuring Resource Exclusion Lists
      • 9.4.1 About Resource Excursion Lists
      • 9.4.2 Format of Values Stored in the Lookups
      • 9.4.3 Adding Entries in the Lookup for Exclusion
    • 9.5 Configuring SSL Communication
      • 9.5.1 Setting SSL for Connector Server and Oracle Identity Governance
      • 9.5.2 Troubleshooting SSL
    • 9.6 Adding Target System Attributes
      • 9.6.1 Adding Target System Attributes for Provisioning
        • 9.6.1.1 Adding a New Form Field
        • 9.6.1.2 Adding the New Field to the Provisioning Mapping Lookup
        • 9.6.1.3 Changing the Process Task to Handle Updates
        • 9.6.1.4 Mapping the Adapter Variables
      • 9.6.2 Adding Target System Attributes for Target Reconciliation
      • 9.6.3 Adding Target System Attributes for Trusted Reconciliation
  • 10 Understanding ICF Best Practices and FAQs
    • 10.1 Best Practices for ICF
    • 10.2 FAQs on ICF
  • 11 Using Generic Technology Connectors
    • 11.1 Overview of Generic Technology Connectors
    • 11.2 Using the Generic Connection Pool Framework in Custom Connectors
      • 11.2.1 Basic Steps to Use Generic Connection Pool in Custom Connector
      • 11.2.2 Providing concrete implementation for ResourceConnection interface
      • 11.2.3 Defining Additional ITResource Parameters
      • 11.2.4 Getting and Releasing Connections from the Pool
      • 11.2.5 Using a Third-party Pool
      • 11.2.6 Example: Implementation of ResourceConnection
    • 11.3 Best Practices
      • 11.3.1 Working with the Provide Basic Information Page
      • 11.3.2 Working with the Specify Parameter Values Page
      • 11.3.3 Working with the Modify Connector Configuration Page
        • 11.3.3.1 Names of Fields
        • 11.3.3.2 Password Fields
        • 11.3.3.3 Password-Like Fields
        • 11.3.3.4 Mappings
        • 11.3.3.5 Oracle Identity Governance Data Sets
      • 11.3.4 Working with Shared Drive Reconciliation Transport Provider
      • 11.3.5 Working with Custom Providers
      • 11.3.6 Working with Connector Objects
      • 11.3.7 Modifying Generic Technology Connectors
  • 12 Predefined Providers for Generic Technology Connectors
    • 12.1 Shared Drive Reconciliation Transport Provider
      • 12.1.1 Parameters of the Shared Drive Reconciliation Transport Provider
        • 12.1.1.1 Staging Directory (Parent Identity Data)
        • 12.1.1.2 Staging Directory (Multivalued Identity Data)
        • 12.1.1.3 Archiving Directory
        • 12.1.1.4 File Prefix
        • 12.1.1.5 Specified Delimiter
        • 12.1.1.6 Tab Delimiter
        • 12.1.1.7 Fixed Column Width
        • 12.1.1.8 Unique Attribute (Parent Data)
        • 12.1.1.9 File Encoding
      • 12.1.2 Permissions to Be Set on the Staging and Archiving Directories
    • 12.2 CSV Reconciliation Format Provider
    • 12.3 SPML Provisioning Format Provider
      • 12.3.1 About the SPML Provisioning Format Provider
      • 12.3.2 Parameters of the SPML Provisioning Format Provider
        • 12.3.2.1 Run-Time Parameters
        • 12.3.2.2 Design Parameters
        • 12.3.2.3 Nonmandatory Parameters
        • 12.3.2.4 Parameters with Predetermined Values
    • 12.4 Web Services Provisioning Transport Provider
      • 12.4.1 About the Web Services Provisioning Transport Provider
      • 12.4.2 The Web Service URL Parameter
      • 12.4.3 Configuring SSL Communication Between Oracle Identity Manager and the Target System Web Service
    • 12.5 Transformation Providers
      • 12.5.1 About Transformation Providers
      • 12.5.2 Concatenation Transformation Provider
      • 12.5.3 Adding a Concatenation Transformation Provider
      • 12.5.4 Translation Transformation Provider
      • 12.5.5 Using the Translation Transformation Provider
      • 12.5.6 Configuring Account Status Reconciliation
        • 12.5.6.1 About Account Status Reconciliation Using Translation Transformation Provider
        • 12.5.6.2 High-Level Steps to Configure Account Status Reconciliation
        • 12.5.6.3 Detailed Steps to Configure Account Status Reconciliation
    • 12.6 Validation Providers
• Part III Workflows
  • 13 Developing Workflows
    • 13.1 Introducing Workflows
      • 13.1.1 Overview of Workflows
      • 13.1.2 Workflow Concepts
      • 13.1.3 Workflow Architecture
      • 13.1.4 Human Task Process Flow
    • 13.2 Predefined SOA Composites
    • 13.3 Creating New SOA Composites
      • 13.3.1 Creating a New SOA Composite
        • 13.3.1.1 Standards of Using SOA Composites as Approval Process
        • 13.3.1.2 Creating a Custom SOA Composite Using the Helper Utility
      • 13.3.2 Deploying a SOA Composite in Oracle SOA Server
      • 13.3.3 Setting the Prerequisites for Communication to Oracle Identity Governance Through SSL Mode
    • 13.4 Developing Workflows: Vision Request Tutorial
      • 13.4.1 Introducing the Tutorial
      • 13.4.2 Assumptions
      • 13.4.3 Creating the Application Instance
        • 13.4.3.1 Creating the FinApp Application Instance
        • 13.4.3.2 Defining Application Instance Attributes and Creating a Form
        • 13.4.3.3 Publishing the Application Instance to One or More Organizations
        • 13.4.3.4 Linking Entitlements to the Application Instance
        • 13.4.3.5 Publishing the Application Instance With Entitlements to the Catalog
      • 13.4.4 Configuring FinApp in the Catalog
      • 13.4.5 Creating and Configuring the SOA Composite for Approval
        • 13.4.5.1 Creating the Approval Workflow
        • 13.4.5.2 Making Request and Catalog Data Available to the BPEL Process
        • 13.4.5.3 Configuring Workflow Selection
        • 13.4.5.4 Configuring Human Tasks
          • 13.4.5.4.1 Configuring the Parallel Human Task
          • 13.4.5.4.2 Properties of the Parallel Approval Task
          • 13.4.5.4.3 Configuring the Serial Approval Task
          • 13.4.5.4.4 Properties of the Serial Approval Task
          • 13.4.5.4.5 Configuring the Default Approval Task
        • 13.4.5.5 Configuring the Human Task and BPEL Mappings
          • 13.4.5.5.1 Configuring the Serial Approval Human Task
          • 13.4.5.5.2 Configuring the Parallel Human Task
          • 13.4.5.5.3 Configuring Auto Approval
        • 13.4.5.6 Deploying the SOA Composite
        • 13.4.5.7 Creating the Workflow Rules
    • 13.5 Configuring Default Approval Composites for Single and Bulk Operations
    • 13.6 Creating and Deploying Custom Task Details Taskflow
      • 13.6.1 Prerequisites for Developing Custom Task Details Taskflow
      • 13.6.2 Developing Custom Task Details Taskflow
        • 13.6.2.1 Building a Custom Taskflow: Broad-Level Steps
        • 13.6.2.2 Adding Managed Beans for the Task Details Page
        • 13.6.2.3 Creating the Details Page Structure
        • 13.6.2.4 Populating the Request Information Tab
        • 13.6.2.5 Populating the Task Information Tab
      • 13.6.3 Developing Custom Task Details for Email Notification (Optional)
      • 13.6.4 Deploying the Task Details Taskflow
      • 13.6.5 Configuring Human Task and Taskflow Permissions
        • 13.6.5.1 Adding View Permission for Custom Taskflow
        • 13.6.5.2 Configuring Human Task to Use the Custom Taskflow
      • 13.6.6 Testing the Custom Taskflow
    • 13.7 Extending Request Management Operations
      • 13.7.1 Running Custom Code Based on Request Status Change
      • 13.7.2 Validating Request Data
        • 13.7.2.1 About Validating Request Data
        • 13.7.2.2 Associating Plug-ins With Data Validators and Prepopulate Adapters
        • 13.7.2.3 Scenario I: Provisioning Users to a Target System
        • 13.7.2.4 Scenario II: Provisioning or Modifying Entitlement Request
      • 13.7.3 Prepopulation of an Attribute Value During Request Creation
      • 13.7.4 Enabling Request Approval by Account Beneficiary
    • 13.8 Enabling Auto-Approval for Self Registration Requests
    • 13.9 Hiding the Skip Current Assignment Option
    • 13.10 Customizing Certification Oversight
      • 13.10.1 Understanding Certification Oversight Customization
      • 13.10.2 Customizing Certification Oversight
    • 13.11 Customizing the Identity Audit Composite
• Part IV Data Synchronization
  • 14 Customizing Reconciliation
    • 14.1 Reconciliation Features
      • 14.1.1 Performance Enhancement Features
        • 14.1.1.1 New Metadata Model - Profiles
        • 14.1.1.2 Parameters to Control Flow and Processing of Events
          • 14.1.1.2.1 Parameters to Control Event Processing
          • 14.1.1.2.2 System Property to Control AutoRetry
        • 14.1.1.3 Grouping of Events by Reconciliation Runs
        • 14.1.1.4 Grouping of Events by Batches
        • 14.1.1.5 Implementing Reconciliation Engine Logic in the Database
        • 14.1.1.6 Improved Java Engine
        • 14.1.1.7 Improved Database Schema
      • 14.1.2 Web-Based Event Management Interface
      • 14.1.3 Other Reconciliation Features
        • 14.1.3.1 Staging Tables
          • 14.1.3.1.1 About Staging Tables
          • 14.1.3.1.2 Creating and Maintaining Staging Tables
        • 14.1.3.2 Handling of Race Conditions
        • 14.1.3.3 Ad Hoc Linking
    • 14.2 Reconciliation Architecture
      • 14.2.1 Reconciliation Process Flow
      • 14.2.2 Reconciliation Profile
        • 14.2.2.1 Sample Configuration Profile
        • 14.2.2.2 Elements and Structures of Reconciliation Profile
      • 14.2.3 Reconciliation Metadata
      • 14.2.4 Reconciliation Target
      • 14.2.5 Reconciliation Run
      • 14.2.6 Reconciliation APIs
      • 14.2.7 Reconciliation Schema
      • 14.2.8 Reconciliation Engine
        • 14.2.8.1 About the Reconciliation Engine
        • 14.2.8.2 Matching Module
        • 14.2.8.3 Action Module
      • 14.2.9 Connector for Reconciliation
      • 14.2.10 Archival
      • 14.2.11 Backward Compatibility
      • 14.2.12 Reconciliation Event Management
    • 14.3 Defining Reconciliation Rules
      • 14.3.1 Understanding Reconciliation Rules
      • 14.3.2 Defining a Reconciliation Rule
      • 14.3.3 Adding a Rule Element
      • 14.3.4 Transformation Properties
      • 14.3.5 Nesting a Rule Within a Rule
      • 14.3.6 Deleting a Rule Element or Rule
    • 14.4 Developing Reconciliation Scheduled Tasks
    • 14.5 Updating Reconciliation Profiles Manually
      • 14.5.1 About Creating and Updating Reconciliation Profiles
      • 14.5.2 Creating and Updating Reconciliation Profiles
      • 14.5.3 Changing the Profile Mode
    • 14.6 Understanding Reconciliation APIs
      • 14.6.1 Overview of Reconciliation APIs
      • 14.6.2 The ReconOperationsService API
        • 14.6.2.1 Ignore Event
        • 14.6.2.2 Create Event
        • 14.6.2.3 Process Event
        • 14.6.2.4 Deletion Detection
      • 14.6.3 Invoking Non-scheduled Task-Based Reconciliation in a Multithreaded Environment
    • 14.7 Postprocessing for Trusted Reconciliation
    • 14.8 Reconciliation FAQs
    • 14.9 Troubleshooting Reconciliation
      • 14.9.1 Changing the Logging Level for Reconciliation
      • 14.9.2 Troubleshooting General Reconciliation Issues
      • 14.9.3 Troubleshooting Database-Related Reconciliation Issues
        • 14.9.3.1 Missing Critical Oracle Database 11g Release 1 Interim Patches
        • 14.9.3.2 Missing Critical Oracle Database 11g Release 2 Interim Patches
        • 14.9.3.3 Slow Reconciliation and Similar Traces in Error Log
        • 14.9.3.4 Reconciliation Event Does Not Process With Error
      • 14.9.4 Troubleshooting Reconciliation Profile Configuration Failures
      • 14.9.5 Troubleshooting LDAP Reconciliation Issues
        • 14.9.5.1 LDAP User Create and Update Reconciliation Scheduled Job Fails With Error
        • 14.9.5.2 External Changelog Cookie Expiration Issue When Performing Reconciliation with OUD
      • 14.9.6 Troubleshooting Reconciliation Issues in the PL/SQL Layer
    • 14.10 Populating Data in the RECON_EXCEPTIONS Table
      • 14.10.1 About the RECON_EXCEPTIONS Table
      • 14.10.2 Populating Data in the RECON_EXCEPTIONS Table
    • 14.11 Reconciliation Best Practices
      • 14.11.1 Selecting Additional Indexes for Matching Module
        • 14.11.1.1 About Additional Indexes for the Matching Module
        • 14.11.1.2 Selecting Indexes Based on the Matching Rule Criteria
      • 14.11.2 Collecting Database Schema Statistics for Reconciliation Performance
    • 14.12 Monitoring Reconciliation Performance Using DMS
  • 15 Using the Bulk Load Utility
    • 15.1 Modes of Running the Utility
    • 15.2 Features of the Bulk Load Utility
    • 15.3 Prerequisites for Running the Bulk Load Utility
      • 15.3.1 Installing the Bulk Load Utility
      • 15.3.2 Understanding Bulk Load Options and Additional Details
        • 15.3.2.1 Scripts That Constitute the Utility
        • 15.3.2.2 Temporary Tables Used During a Bulk Load Operation
        • 15.3.2.3 Options Offered by the Utility
      • 15.3.3 Preparing Your Database for a Bulk Load Operation
        • 15.3.3.1 Creating a Tablespace for Temporary Tables
        • 15.3.3.2 Creating a Datafile in the Oracle Identity Governance Tablespace
    • 15.4 Running the Utility
    • 15.5 Performance Best Practices for Bulk Load
    • 15.6 Loading OIM User Data
      • 15.6.1 Overview of Loading OIM User Data
      • 15.6.2 Setting a Default Password for OIM Users Added by the Utility
      • 15.6.3 Creating the Input Source for the Bulk Load Operation
        • 15.6.3.1 Using CSV Files As the Input Source
        • 15.6.3.2 Creating Database Tables As the Input Source
        • 15.6.3.3 Structure of a Sample Database Table
      • 15.6.4 Determining Values for the Input Parameters of the Utility
      • 15.6.5 Monitoring the Progress of the Operation
      • 15.6.6 Handling Exceptions Recorded During the Operation
      • 15.6.7 Fixing Exceptions and Reloading Data Records
        • 15.6.7.1 About Fixing Exceptions
        • 15.6.7.2 Reloading Rejected Records
      • 15.6.8 Verifying the Outcome of the Bulk Load Operation
      • 15.6.9 Generating an Audit Snapshot
    • 15.7 Loading Account Data
      • 15.7.1 Overview of Loading Account Data
      • 15.7.2 Requirements and Features of the Bulk Load Operation for Account Data
      • 15.7.3 Creating the Input Source for the Bulk Load Operation
        • 15.7.3.1 Using CSV Files As the Input Source
        • 15.7.3.2 Creating Database Tables As the Input Source
        • 15.7.3.3 Sample Parent Table Structure
        • 15.7.3.4 Sample Child Table Structure
      • 15.7.4 Determining Values for the Input Parameters of the Utility
      • 15.7.5 Monitoring the Progress of the Operation
      • 15.7.6 Handling Exceptions Recorded During the Operation
      • 15.7.7 Fixing Exceptions and Reloading Data Records
        • 15.7.7.1 About Fixing Exceptions
        • 15.7.7.2 Reloading Rejected Records
      • 15.7.8 Verifying the Outcome of the Bulk Load Operation
    • 15.8 Loading Role, Role Hierarchy, Role Membership, and Role Category Data
      • 15.8.1 Overview of Loading Role, Role Hierarchy, Role Membership, and Role Category Data
      • 15.8.2 Creating the Input Source for the Bulk Load Operation
        • 15.8.2.1 Using CSV Files As the Input Source
        • 15.8.2.2 Creating Database Tables As the Input Source
        • 15.8.2.3 Structure of a Sample Database Table
        • 15.8.2.4 Determining the UGP_NAME Generated After Role Load
      • 15.8.3 Determining Values for the Input Parameters of the Utility
      • 15.8.4 Monitoring the Progress of the Operation
      • 15.8.5 Handling Exceptions Recorded During the Operation
      • 15.8.6 Fixing Exceptions and Reloading Data Records
        • 15.8.6.1 About Fixing Exceptions
        • 15.8.6.2 Reloading Rejected Records
      • 15.8.7 Verifying the Outcome of the Bulk Load Operation
    • 15.9 Loading Organization Data
      • 15.9.1 Overview of Loading Organization Data
      • 15.9.2 Creating the Input Source for the Bulk Load Operation
        • 15.9.2.1 Using CSV Files as the Input Source
        • 15.9.2.2 Creating Database Tables as the Input Source
      • 15.9.3 Determining Values for the Input Parameters of the Utility
      • 15.9.4 Monitoring the Progress of the Operation
      • 15.9.5 Handling Exceptions Recorded During the Operation
      • 15.9.6 Fixing Exceptions and Reloading Data Records
        • 15.9.6.1 About Fixing Exceptions
        • 15.9.6.2 Reloading Rejected Records
      • 15.9.7 Verifying the Outcome of the Bulk Load Operation
    • 15.10 Data Recorded During the Operation
    • 15.11 Gathering Diagnostic Data from the Bulk Load Operation
    • 15.12 Cleaning Up After a Bulk Load Operation
    • 15.13 Bulk Load High Volume Strategy and Case Studies
  • 16 Developing Scheduled Tasks
    • 16.1 Overview of Task Creation
      • 16.1.1 Steps in Task Creation
      • 16.1.2 Example of Scheduled Task
    • 16.2 Defining the Metadata for the Scheduled Task
    • 16.3 Configuring the Scheduled Task XML File
    • 16.4 Developing the Scheduled Task Class
    • 16.5 Configuring the Plug-in XML File
    • 16.6 Creating the Directory Structure for the Scheduled Task
    • 16.7 Scheduled Task Configuration File
      • 16.7.1 Structure of the Scheduler XML File
      • 16.7.2 The scheduledTasks Element
      • 16.7.3 The task Element
      • 16.7.4 The name Element
      • 16.7.5 The class Element
      • 16.7.6 The description Element
      • 16.7.7 The retry Element
      • 16.7.8 The parameters Element
      • 16.7.9 The string-param Element
      • 16.7.10 The number-param Element
      • 16.7.11 The boolean-param Element
    • 16.8 Best Practices for Creating Custom Scheduled Tasks
    • 16.9 Using the isStop() Method
    • 16.10 Monitoring Scheduled Jobs Performance using DMS
• Part V Custom Operations
  • 17 Developing Plug-ins
    • 17.1 Plug-ins and Plug-in Points
      • 17.1.1 About Plug-ins and Plug-in Points
      • 17.1.2 Plug-ins and Event Handlers
      • 17.1.3 Plug-in Stores
        • 17.1.3.1 About Plug-in Stores
        • 17.1.3.2 The File Store
        • 17.1.3.3 The Database Store
    • 17.2 Using Plug-ins in Deployments
    • 17.3 Plug-in Points
    • 17.4 Configuring Plug-ins
    • 17.5 Developing Custom Plug-ins
      • 17.5.1 Developing Plug-ins
      • 17.5.2 Declaring Plug-ins
    • 17.6 Registering Plug-ins
      • 17.6.1 Registering and Unregistering Plug-ins By Using APIs
      • 17.6.2 Registering and Unregistering Plug-ins By Using the Plugin Registration Utility
        • 17.6.2.1 The Plugin Registration Utility
        • 17.6.2.2 Prerequisites of Using the Plugin Registration Utility
        • 17.6.2.3 Registering a Plug-in
        • 17.6.2.4 Unregistering a Plug-in
        • 17.6.2.5 Re-registering and Activating an Old Plug-in Version
    • 17.7 Migrating Plug-ins
  • 18 Developing Event Handlers
    • 18.1 Orchestration Concepts
    • 18.2 Using Custom Event Handlers
    • 18.3 Orchestration Operations for Entities
    • 18.4 Developing Custom Event Handlers
      • 18.4.1 About Custom Event Handler Development
      • 18.4.2 Implementing the SPI and Creating a JAR
        • 18.4.2.1 Development Considerations
        • 18.4.2.2 Methods and Arguments
        • 18.4.2.3 Code Samples
          • 18.4.2.3.1 Example 1: Custom Email Validation
          • 18.4.2.3.2 Example 2: Custom Preprocess Event Handler to Set Middle Name
          • 18.4.2.3.3 Example 3: Custom Post-process Event Handler to Provision Resource Object
          • 18.4.2.3.4 Example 4: Custom User Postprocess Event Handler With bulkExecute Method
          • 18.4.2.3.5 Example 5: Using Context in isApplicable method
        • 18.4.2.4 Creating a JAR File With Custom Event Handler Code
        • 18.4.2.5 SPIs to Write Custom Event Handlers
        • 18.4.2.6 Handling Exceptions
        • 18.4.2.7 Managing Transactions
      • 18.4.3 Defining Custom Events Definition XML
        • 18.4.3.1 Elements in the Event Handler XML Files
          • 18.4.3.1.1 Elements
          • 18.4.3.1.2 Element Attributes
          • 18.4.3.1.3 Namespace Requirement in <eventhandlers> Element
        • 18.4.3.2 Sample Event Definitions
      • 18.4.4 Creating and Registering a Plug-in ZIP
    • 18.5 Sequencing the Execution of Event Handlers
    • 18.6 Writing Custom Validation Event Handlers
    • 18.7 Best Practices
    • 18.8 Migrating Event Handlers
    • 18.9 Troubleshooting Event Handlers
• Part VI Customization
  • 19 Customizing the Interface
    • 19.1 Managing Sandboxes
      • 19.1.1 Understanding Sandbox Operations
      • 19.1.2 Handling Concurrency Conflicts
        • 19.1.2.1 Understanding Concurrency Conflicts
        • 19.1.2.2 Guidelines to Avoid Conflicts When Multiple Users Work in a Single Sandbox
        • 19.1.2.3 Guidelines to Avoid Conflicts When Multiple Users Work in Multiple Sandboxes
        • 19.1.2.4 Troubleshooting Concurrency Issues
      • 19.1.3 Creating a Sandbox
      • 19.1.4 Activating a Sandbox
      • 19.1.5 Deactivating a Sandbox
      • 19.1.6 Viewing and Modifying Sandbox Details
      • 19.1.7 Exporting a Sandbox
      • 19.1.8 Importing a Sandbox
      • 19.1.9 Publishing a Sandbox
      • 19.1.10 Publishing Sandboxes in Bulk and Sequence
      • 19.1.11 Deleting a Sandbox
      • 19.1.12 Reverting Changes
        • 19.1.12.1 Reverting Changes to Default Settings
        • 19.1.12.2 Reverting Changes When Unable to Login to Identity System Administration
    • 19.2 Skin Customization in Oracle Identity Governance
      • 19.2.1 Configuring a New Skin
      • 19.2.2 Changing Branding and Logo
    • 19.3 Customizing Pages at Runtime
      • 19.3.1 Customizable Entity Artifacts
      • 19.3.2 Using Expression Language in UI Customization
        • 19.3.2.1 Available EL Expressions in the User Context
        • 19.3.2.2 Retrieving User Attribute Values From the OIMContext Bean
        • 19.3.2.3 Available EL Expressions in the RequestFormContext
        • 19.3.2.4 Internationalization for Resource Strings
          • 19.3.2.4.1 Creating Custom Resource Bundles
          • 19.3.2.4.2 Using the Resource Bundles
      • 19.3.3 Showing or Hiding UI Components Conditionally
      • 19.3.4 Showing Request Profiles Conditionally
      • 19.3.5 Validating Input Data Using ADF Validators
      • 19.3.6 Marking Input Attribute as Required
      • 19.3.7 Adding a Link or Button
      • 19.3.8 Hiding and Deleting an ADF Component
        • 19.3.8.1 Hiding an ADF Component
        • 19.3.8.2 Deleting an ADF Component
      • 19.3.9 Showing and Hiding Attributes
      • 19.3.10 Customizing Unauthenticated Pages
      • 19.3.11 Customizing the Toolbar Contents
      • 19.3.12 Customizing Certification Pages
        • 19.3.12.1 Customizing the Certification Detail Pane
        • 19.3.12.2 Adding Custom Attributes to the Certification Table
        • 19.3.12.3 Customizing the Certification Table
    • 19.4 Securing a Task Flow Region Using EL Expressions
    • 19.5 Customizing Oracle Identity Governance Help
      • 19.5.1 Adding Custom Help Topics
        • 19.5.1.1 Creating Custom Help Topics
        • 19.5.1.2 Referencing the Custom Help Topics
        • 19.5.1.3 Adding a Custom Help Topic to Identity Self Service
        • 19.5.1.4 Viewing the Custom Help Topics
      • 19.5.2 Adding Inline Help
        • 19.5.2.1 Inline Help Configuration
        • 19.5.2.2 Adding Inline Help
    • 19.6 Customizing the Home Page
      • 19.6.1 Adding a Tile to the Home Page
      • 19.6.2 Launching a New Page From the Tile Icon
      • 19.6.3 Launching a New Page From the Tile Menu
      • 19.6.4 Showing Tiles Conditionally
    • 19.7 Developing Managed Beans and Task Flows
      • 19.7.1 Types of Managed Beans
      • 19.7.2 Prerequisites for Developing Managed Beans and Task Flows
      • 19.7.3 Setting Up the ViewController Project
      • 19.7.4 Setting Up a Model Project
      • 19.7.5 Adding Custom Managed Bean
      • 19.7.6 Deploying Custom Code to Oracle Identity Governance
      • 19.7.7 Using Managed Beans
        • 19.7.7.1 Showing Components Conditionally
        • 19.7.7.2 Prepopulating Fields Conditionally
        • 19.7.7.3 Setting a Conditional Mandatory Field
        • 19.7.7.4 Implementing Custom Field Validation
          • 19.7.7.4.1 Custom Field Validation and Managed Beans
          • 19.7.7.4.2 Implementing Custom Field Validation Using Managed Beans
          • 19.7.7.4.3 Setting the Validator Property
        • 19.7.7.5 Implementing Custom Cascading LOVs
        • 19.7.7.6 Customizing Forms By Using RequestFormContext
          • 19.7.7.6.1 The RequestFormContext Bean
          • 19.7.7.6.2 Using the RequestFormContext Bean
        • 19.7.7.7 Overriding the Submit Button in Request Catalog
        • 19.7.7.8 Launching Taskflows
          • 19.7.7.8.1 Launching a Taskflow in Self Service
          • 19.7.7.8.2 Adding Custom Taskflow
        • 19.7.7.9 Creating an External Link
      • 19.7.8 Using Managed Beans to Populate Request Attributes
        • 19.7.8.1 Populating Request Attributes Using Managed Beans
          • 19.7.8.1.1 Approach Taken to Populate Request Attributes Using Managed Beans
          • 19.7.8.1.2 Creating the Java Class
          • 19.7.8.1.3 Declaring the PrePopulateMBean Class
          • 19.7.8.1.4 Deploying the View Controller Project and Custom Code
          • 19.7.8.1.5 Customizing the UI to Add the Button
          • 19.7.8.1.6 Configuring the Properties of the Prepopulate Button
          • 19.7.8.1.7 Testing the Customization
        • 19.7.8.2 Populating Request Attributes by Using the Prepopulate Plug-in
      • 19.7.9 Using Public Taskflows
        • 19.7.9.1 About Public Taskflows
        • 19.7.9.2 Public Taskflows and Input Parameters
      • 19.7.10 Customizing Catalog Search
        • 19.7.10.1 Developing the Custom Taskflow
        • 19.7.10.2 Adding the Presentation Logic for the Custom Form
        • 19.7.10.3 Constructing the SearchCriteria Object
        • 19.7.10.4 Deploying the Taskflow
      • 19.7.11 Customizing Task Details Page for Approval Tasks
        • 19.7.11.1 Prerequisites for Developing Custom Task Details Taskflow
        • 19.7.11.2 Building a Custom Taskflow for a Human Task
        • 19.7.11.3 Creating the Task Details Taskflow
        • 19.7.11.4 Creating the Task Details Page
        • 19.7.11.5 Populating the Page With Task Information
        • 19.7.11.6 Taskflows to Show Request-Related Information
        • 19.7.11.7 Configuring the Human Task to Use the Custom Taskflow
    • 19.8 Configuring Additional Request Form
      • 19.8.1 Additional Request Information Concepts
        • 19.8.1.1 Additional Information for the Request Cart Item
        • 19.8.1.2 Additional Information for the Request
      • 19.8.2 Understanding the Guidelines for Developing Custom Taskflow for Additional Request Information
        • 19.8.2.1 Implementing Custom Taskflow for Additional Request Information
        • 19.8.2.2 Taskflow Input Parameters
        • 19.8.2.3 Saving and Retrieving Additional Information in Managed Bean Developed for the Project
        • 19.8.2.4 Understanding the AdditionalRequestInfo Interface
        • 19.8.2.5 Using RequestFormContext to Achieve the Required Customizations
      • 19.8.3 Configuring Custom Taskflow for Additional Request Information
        • 19.8.3.1 Configuring Custom Taskflow for the Cart Item Level
        • 19.8.3.2 Configuring Additional Request Information at Request Level
          • 19.8.3.2.1 About Additional Request Information at Request Level
          • 19.8.3.2.2 Predefined Attributes to Determine the Custom Taskflow
          • 19.8.3.2.3 Sample Code for the Command Link
      • 19.8.4 Validating Additional Request Information
    • 19.9 Migrating UI Customizations
      • 19.9.1 Scenario I: Incremental T2P
    • 19.10 UI Customization Best Practices
      • 19.10.1 Create Sandboxes With Detailed Description
      • 19.10.2 Create a Backup of MDS Before Publishing a Sandbox
      • 19.10.3 Migrate All Sandboxes to the Target Environment and Publish in the Same Order
      • 19.10.4 Export the Sandbox Before Publishing
      • 19.10.5 Test the Sandbox Before Publishing
      • 19.10.6 Do Not Change Default Component IDs
      • 19.10.7 Use Discretion When Deleting Components From a Page
      • 19.10.8 Note That Direct Changes to Default EOs/VOs Are Not Supported
      • 19.10.9 Specify Name Space for JSFF Tags
      • 19.10.10 Note That Customizations Are Only Allowed in Site/Site Layer
      • 19.10.11 Note That Each Application Instance or Entitlement Form Has Three Page Fragments (JSFF)
      • 19.10.12 Use Discretion When Using the Searchable Picklist Option
      • 19.10.13 Sign-out After Adding/Updating UDF
      • 19.10.14 Verify the UDF After Adding it to the Page
      • 19.10.15 Map UDF With Correct LDAP Attribute
      • 19.10.16 Deploy Custom Managed Beans as Part of the oracle.iam.ui.custom-dev-starter-pack.war Shared Library
      • 19.10.17 Consider Replacing the Entire Taskflow
      • 19.10.18 Do Not Update Oracle Identity Manager WAR/EAR Files
      • 19.10.19 Consider Conditionally Showing Certain Home Page Tiles
      • 19.10.20 Do Not Invoke Platform APIs From Custom Managed Bean
      • 19.10.21 Use Recommended Value of Display Width While Creating Lookup UDFs
  • Using URLs
• Part VII Interfaces to Integrate With Other Applications
  • 20 Using APIs
    • 20.1 About Oracle Identity Governance APIs
    • 20.2 Accessing Oracle Identity Governance Services
      • 20.2.1 About Oracle Identity Governance Services
      • 20.2.2 Using OIMClient
      • 20.2.3 Using OIMClient and tcUtilityFactory in Integrated Deployments
    • 20.3 Oracle Identity Governance Services
      • 20.3.1 Services in Oracle Identity Governance
      • 20.3.2 Legacy Services or Utilities
    • 20.4 Commonly Used Services
    • 20.5 Mapping Between Legacy and New Services
    • 20.6 Working With Legacy Oracle Identity Manager APIs
      • 20.6.1 Using a Result Set Object
      • 20.6.2 Example of Using a Result Set
      • 20.6.3 Handling Oracle Identity Manager Exceptions
      • 20.6.4 Cleaning Up
    • 20.7 Code Samples
      • 20.7.1 Retrieving Oracle Identity Governance Information
      • 20.7.2 Using Certification APIs
        • 20.7.2.1 Retrieving Certifications Belonging to a User
        • 20.7.2.2 Retrieving an Application Instance Certification
        • 20.7.2.3 Certifying or Denying Certifications
        • 20.7.2.4 Completing the Certification
      • 20.7.3 Using OIMService API
        • 20.7.3.1 RequestData Object Construction
          • 20.7.3.1.1 Constructing RequestData Object for Operations Involving Target User and Cart Item
          • 20.7.3.1.2 Constructing RequestData Object for Operations Involving the User Entity
          • 20.7.3.1.3 Operations and Entity Keys
        • 20.7.3.2 Samples of OIMService API Usage
          • 20.7.3.2.1 Revoking an Account
          • 20.7.3.2.2 Creating a User
    • 20.8 Using the Custom API ZIP File
  • 21 Using SCIM/REST Services
    • 21.1 Overview of SCIM/REST Services
    • 21.2 Supported Resources and Operations
    • 21.3 Resource Schema
      • 21.3.1 Introduction to Resource Schema
      • 21.3.2 Schema Attributes for the User Resource
        • 21.3.2.1 User Schema Attributes
        • 21.3.2.2 Enterprise User Schema Attributes
        • 21.3.2.3 IDM Common User Schema Extension Attributes
        • 21.3.2.4 OIG User Schema Extension Attributes
      • 21.3.3 Schema Attributes for the PasswordResetterWithChallenges Resource
      • 21.3.4 Schema Attributes for the PasswordValidator Resource
      • 21.3.5 Schema Attributes for the UserNameValidator Resource
      • 21.3.6 Schema Attributes for the UserNameGenerator Resource
      • 21.3.7 Schema Attributes for the UserNameRecoverer Resource
      • 21.3.8 Schema Attributes for the Group Resource
        • 21.3.8.1 Group Schema Attributes
        • 21.3.8.2 IDM Common Group Schema Extension Attributes
        • 21.3.8.3 OIG Group Schema Extension Attributes
      • 21.3.9 Schema Attributes for the Organization Resource
      • 21.3.10 Schema Attributes for the Password Policy Resource
      • 21.3.11 Schema Attributes for the Notification Template Resource
      • 21.3.12 Schema Attributes for the System Property Resource
      • 21.3.13 Schema Attributes for the Service Provider Configuration Schema Resource
      • 21.3.14 Schema Attributes for the Resource Type Resource
      • 21.3.15 Schema Attributes for the Schema Resource
        • 21.3.15.1 SCIM Schema Attributes
        • 21.3.15.2 OIG Schema Extension Attributes
    • 21.4 Operation Types
    • 21.5 HTTP Response Codes
      • 21.5.1 Error Codes
      • 21.5.2 Success Codes
    • 21.6 SCIM-Based API Examples
      • 21.6.1 User Management
        • 21.6.1.1 Create User
          • 21.6.1.1.1 Create User Request
          • 21.6.1.1.2 Create User Response
        • 21.6.1.2 Modify User (PUT)
          • 21.6.1.2.1 Modify User (PUT) Request
          • 21.6.1.2.2 Modify User (PUT) Response
        • 21.6.1.3 Modify User (PATCH)
          • 21.6.1.3.1 Modify User (PATCH) Request
          • 21.6.1.3.2 Modify User (PATCH) Response
        • 21.6.1.4 View Users with Pagination
          • 21.6.1.4.1 View Users with Pagination Request
          • 21.6.1.4.2 View Users with Pagination Response
          • 21.6.1.4.3 Search Filter Examples
        • 21.6.1.5 Delete User
          • 21.6.1.5.1 Delete User Request
          • 21.6.1.5.2 Delete User Response
        • 21.6.1.6 Lock User
          • 21.6.1.6.1 Lock User Request
          • 21.6.1.6.2 Lock User Response
        • 21.6.1.7 Unlock User
          • 21.6.1.7.1 Unlock User Request
          • 21.6.1.7.2 Unlock User Response
        • 21.6.1.8 Reset Password by Providing New Password
          • 21.6.1.8.1 Reset Password by Providing New Password Request
          • 21.6.1.8.2 Reset Password by Providing New Password Response
        • 21.6.1.9 Reset Password by Auto-Generated Password
          • 21.6.1.9.1 Reset Password by Auto-Generated Password Request
          • 21.6.1.9.2 Reset Password by Auto-Generated Password Response
        • 21.6.1.10 View User
          • 21.6.1.10.1 View User Request
          • 21.6.1.10.2 View User Response
        • 21.6.1.11 Self Registration
          • 21.6.1.11.1 Self Registration Request
          • 21.6.1.11.2 Self Registration Response
        • 21.6.1.12 Modify Self Profile (PATCH)
          • 21.6.1.12.1 Modify Self Profile (PATCH) Request
          • 21.6.1.12.2 Modify Self Profile (PATCH) Response
        • 21.6.1.13 Modify Profile (PUT)
          • 21.6.1.13.1 Modify Profile (PUT) Request
          • 21.6.1.13.2 Modify Profile (PUT) Response
        • 21.6.1.14 PasswordResetterWithChallenges
          • 21.6.1.14.1 PasswordResetterWithChallenges Request
          • 21.6.1.14.2 PasswordResetterWithChallenges Response
        • 21.6.1.15 PasswordValidator
          • 21.6.1.15.1 PasswordValidator Request
          • 21.6.1.15.2 PasswordValidator Response
        • 21.6.1.16 UserNameValidator
          • 21.6.1.16.1 UserNameValidator Request
          • 21.6.1.16.2 UserNameValidator Response
        • 21.6.1.17 UserNameGenerator
          • 21.6.1.17.1 UserNameGenerator Request
          • 21.6.1.17.2 UserNameGenerator Response
        • 21.6.1.18 UserNameRecoverer
          • 21.6.1.18.1 UserNameRecoverer Request
          • 21.6.1.18.2 UserNameRecoverer Response
      • 21.6.2 Role Management
        • 21.6.2.1 View Role
          • 21.6.2.1.1 View Role Request
          • 21.6.2.1.2 View Role Response
        • 21.6.2.2 Create Role
          • 21.6.2.2.1 Create Role Request
          • 21.6.2.2.2 Create Role Response
        • 21.6.2.3 Modify Role (PUT)
          • 21.6.2.3.1 Modify Role (PUT) Request
          • 21.6.2.3.2 Modify Role (PUT) Response
        • 21.6.2.4 Modify Role (PATCH)
          • 21.6.2.4.1 Modify Role (PATCH) Request
          • 21.6.2.4.2 Modify Role (PATCH) Response
        • 21.6.2.5 Delete Role
          • 21.6.2.5.1 Delete Role Request
          • 21.6.2.5.2 Delete Role Response
        • 21.6.2.6 Remove Role (PATCH)
          • 21.6.2.6.1 Remove Role (PATCH) Request
          • 21.6.2.6.2 Remove Role (PATCH) Response
      • 21.6.3 Organization Management
        • 21.6.3.1 View Organization
          • 21.6.3.1.1 View Organization Request
          • 21.6.3.1.2 View Organization Response
        • 21.6.3.2 Create Organization
          • 21.6.3.2.1 Create Organization Request
          • 21.6.3.2.2 Create Organization Response
        • 21.6.3.3 Modify Organization (PUT)
          • 21.6.3.3.1 Modify Organization (PUT) Request
          • 21.6.3.3.2 Modify Organization (PUT) Response
        • 21.6.3.4 Modify Organizations (PATCH)
          • 21.6.3.4.1 Modify Organizations (PATCH) Request
          • 21.6.3.4.2 Modify Organizations (PATCH) Response
        • 21.6.3.5 Delete Organization
          • 21.6.3.5.1 Delete Organization Request
          • 21.6.3.5.2 Delete Organization Response
      • 21.6.4 Password Policy Management
        • 21.6.4.1 View Password Policy
          • 21.6.4.1.1 View Password Policy Request
          • 21.6.4.1.2 View Password Policy Response
        • 21.6.4.2 Create Password Policy
          • 21.6.4.2.1 Create Password Policy Request
          • 21.6.4.2.2 Create Password Policy Response
        • 21.6.4.3 Modify Password Policy (PUT)
          • 21.6.4.3.1 Modify Password Policy (PUT) Request
          • 21.6.4.3.2 Modify Password Policy (PUT) Response
        • 21.6.4.4 Modify Password Policy (PATCH)
          • 21.6.4.4.1 Modify Password Policy (PATCH) Request
          • 21.6.4.4.2 Modify Password Policy (PATCH) Response
        • 21.6.4.5 Delete Password Policy
          • 21.6.4.5.1 Delete Password Policy Request
          • 21.6.4.5.2 Delete Password Policy Response
      • 21.6.5 Notification Template Management
        • 21.6.5.1 View Notification Template
          • 21.6.5.1.1 View Notification Template Request
          • 21.6.5.1.2 View Notification Template Response
        • 21.6.5.2 Create Notification Template
          • 21.6.5.2.1 Create Notification Template Request
          • 21.6.5.2.2 Create Notification Template Response
        • 21.6.5.3 Modify Notification Template (PUT)
          • 21.6.5.3.1 Modify Notification Template (PUT) Request
          • 21.6.5.3.2 Modify Notification Template (PUT) Response
        • 21.6.5.4 Modify Notification Template (PATCH)
          • 21.6.5.4.1 Modify Notification Template (PATCH) Request
          • 21.6.5.4.2 Modify Notification Template (PATCH) Response
        • 21.6.5.5 Delete Notification Template
          • 21.6.5.5.1 Delete Notification Template Request
          • 21.6.5.5.2 Delete Notification Template Response
      • 21.6.6 System Property Management
        • 21.6.6.1 View System Properties
          • 21.6.6.1.1 View System Properties Request
          • 21.6.6.1.2 View System Properties Response
        • 21.6.6.2 Modify System Properties (PATCH)
          • 21.6.6.2.1 Modify System Properties (PATCH) Request
          • 21.6.6.2.2 Modify System Properties (PATCH) Response
      • 21.6.7 Service Provider Configuration Management
        • 21.6.7.1 Service Provider Configuration Request
        • 21.6.7.2 Service Provider Configuration Response
      • 21.6.8 Resource Types Management
        • 21.6.8.1 Resource Types Management Request
        • 21.6.8.2 Resource Types Management Response
      • 21.6.9 Using POST Search
        • 21.6.9.1 Using POST Search Request
        • 21.6.9.2 Using POST Search Response
      • 21.6.10 Retrieving Schemas
    • 21.7 Securing SCIM Resources
      • 21.7.1 Securing SCIM Resources Using OWSM Policy
      • 21.7.2 Securing SCIM Resources Using Custom Request Headers
        • 21.7.2.1 About Cross-Site Request Forgery
        • 21.7.2.2 Applicability of CSRF Protection to Identity REST Services
        • 21.7.2.3 Protecting SCIM Resources Using Custom Request Headers
      • 21.7.3 Securing SCIM Resources Using Origin Whitelist
        • 21.7.3.1 About HTTP Access Control (CORS)
        • 21.7.3.2 Applicability of CORS to Identity REST Services
        • 21.7.3.3 Protecting SCIM Service Using Origin Whitelist
    • 21.8 Oracle Identity Governance REST Service
  • 22 Using the JSON Web Token Service
    • 22.1 About the JWT Service
    • 22.2 Authentication Scenarios
    • 22.3 Acquiring and Applying a JWT
    • 22.4 JWT-Based OIM Identity Provider for SCIM-REST Authentication
      • 22.4.1 Overview of SCIM and REST Security
      • 22.4.2 JSON Web Token (JWT)
      • 22.4.3 The OIM Identity Provider Endpoint
      • 22.4.4 Session Timeout and Refresh
      • 22.4.5 Configuring JWT Timeout Period
    • 22.5 Endpoints and the Facade Application
      • 22.5.1 Endpoints
        • 22.5.1.1 The Token Endpoint ( /iam/governance/token/api/v1/tokens)
          • 22.5.1.1.1 About the Token Endpoint
          • 22.5.1.1.2 Token Endpoint Authorization
          • 22.5.1.1.3 Token Request
        • 22.5.1.2 The Refresh Token Endpoint (/iam/governance/token/api/v1/tokens)
          • 22.5.1.2.1 About the Refresh Token Endpoint
          • 22.5.1.2.2 Refresh Token End Point Configuration
          • 22.5.1.2.3 Refresh Token Request
      • 22.5.2 The Facade Application
    • 22.6 CSRF and CORS Protection
  • 23 Understanding Global Policy Attachments
    • 23.1 Predefined Policies
    • 23.2 Viewing and Editing Global Policy Attachments
    • 23.3 Enabling SCIM to Run Only on HTTPS
    • 23.4 Enabling REST to Run Only on HTTPS
• Part VIII Notification Service
  • 24 Developing Notification Events
    • 24.1 Notification Concepts
    • 24.2 Developing Custom Notification
      • 24.2.1 Building the Notification Logic
        • 24.2.1.1 Defining Event Metadata
        • 24.2.1.2 Creating the Resolver Class
          • 24.2.1.2.1 The getAvailableData Method
          • 24.2.1.2.2 The getReplacedData Method
          • 24.2.1.2.3 Example: Creating a Custom Resolver Class
        • 24.2.1.3 Creating the plugin.xml File
      • 24.2.2 Creating Plug-in Pack Containing the Resolver Class
      • 24.2.3 Building the Invocation Logic
      • 24.2.4 Configuring the Notification Service
• Part IX Customization Lifecycle
  • 25 Deploying and Undeploying Customizations
    • 25.1 Migrating User Modifiable Metadata Files
      • 25.1.1 Exporting Metadata Files to MDS
      • 25.1.2 Importing Metadata Files from MDS
      • 25.1.3 Deleting Metadata Files from MDS
      • 25.1.4 Creating MDS Backup
      • 25.1.5 Exporting All MDS Data for Oracle Identity Governance
      • 25.1.6 Sample WLST Script
    • 25.2 Migrating JARs and Resource Bundle
      • 25.2.1 Upload JAR Utility
      • 25.2.2 Download JAR Utility
      • 25.2.3 Delete JAR Utility
      • 25.2.4 Upload Resource Bundle Utility
      • 25.2.5 Download Resource Bundle Utility
      • 25.2.6 Delete Resource Bundle Utility
• Part X Reports and Audit
  • 26 Configuring Reports
    • 26.1 What are Oracle Identity Governance Reports?
    • 26.2 What is Oracle BI Publisher?
    • 26.3 BI Publisher Licensing
    • 26.4 Installing and Configuring Oracle BI Publisher
    • 26.5 Integrating Standalone BI Publisher with Oracle Identity Governance
    • 26.6 Configuring Oracle Identity Governance Reports
    • 26.7 Configuring Data Sources for Running Oracle Identity Governance Reports
      • 26.7.1 Configuring Oracle Identity Governance JDBC Connection
      • 26.7.2 Configuring BPEL-Based JDBC Connection
        • 26.7.2.1 About Reports With Secondary Data Source
        • 26.7.2.2 Configuring a Secondary Data Source for BPEL-Based Reports
    • 26.8 Generating Oracle Identity Governance Reports
      • 26.8.1 Generating the Reports Against the Sample Data Source
      • 26.8.2 Generating Reports Against the Oracle Identity Governance JDBC Data Source
      • 26.8.3 Generating Reports Against the BPEL-Based JDBC Data Source
        • 26.8.3.1 Reports With Secondary Data Source
        • 26.8.3.2 Generating the Reports Against the BPEL-Based JDBC Data Source
    • 26.9 Configuring Certification Reports
      • 26.9.1 Configuring the BI Publisher URL
      • 26.9.2 Enabling Certification Reports
      • 26.9.3 Enabling the Display of the Reports Tab
      • 26.9.4 Report Formats
  • 27 Understanding Auditing
    • 27.1 Overview of Auditing
    • 27.2 Audit Levels
    • 27.3 Tables Used for Storing Information About Auditors
    • 27.4 Issuing Audit Messages
• Part XI Appendixes
• A The FacesUtils Class
• B Username Reservation and Common Name Generation
  • B.1 Username Reservation
    • B.1.1 Overview of Username Reservation
    • B.1.2 Enabling and Disabling Username Reservation
    • B.1.3 Configuring the Username Policy
      • B.1.3.1 About Username Policies
      • B.1.3.2 Predefined Username Policies
      • B.1.3.3 API for Username Generation
      • B.1.3.4 Constraints in UserNameGenerationUtil
      • B.1.3.5 Configuring the Default Username Policy
    • B.1.4 Writing Custom User Name Policy
      • B.1.4.1 Introduction to Custom Username Policy Development
      • B.1.4.2 Implementing the Plug-in Interface
      • B.1.4.3 Creating and Registering the plugin.xml File
      • B.1.4.4 Guidelines for Writing Custom Username Policies
      • B.1.4.5 Sample Implementation
    • B.1.5 Releasing the Username
    • B.1.6 Configuring Username Generation to Support Microsoft Active Directory
  • B.2 Common Name Generation
    • B.2.1 Common Name Generation for Create User Operation
    • B.2.2 Configuring Common Name Generation
    • B.2.3 Common Name Generation for Modify User Operation
    • B.2.4 RDN Modification Scenarios