3 Accessing Oracle Identity Self Service

The login page provides the ability to log in, and provides a starting point for all unauthenticated operations, such as retrieving forgotten user login and password and setting challenge questions after first login.

The login page is displayed when you access Identity Self Service without authenticating either natively to Oracle Identity Manager or by using SSO. The tasks you can perform before logging in to Identity Self Service include:

• Connecting to Oracle Identity Self Service

• Retrieving Forgotten User Login

• Resetting Forgotten Password

• Challenge Questions and Responses After First Login

• Setting Challenge Questions and Responses After First Login

Note:

Challenge Question should be set by the User immediately after logging in to Identity Self Service for the first time.

3.1 Connecting to Oracle Identity Self Service

Provide correct user login and password to sign in to Oracle Identity Manager. You can successfully sign in if your login credentials are correct, and your user account is not locked or disabled.

To log in to Oracle Identity Self Service:

Note:

• If Oracle Identity Manager is configured to support native authentication, then the login link redirects you to a form in which you can authenticate by using your Oracle Identity Manager username and password.

• If Oracle Identity Manager is configured to support Single Sign-On (SSO), then the login link redirects you to the SSO application login page.

1. Go to the Identity Self Service login page.

   For example: http://OIM_HOST.com:PORT/identity/

2. In the User ID field, enter your user login.
3. In the Password field, enter your password.
4. Click Sign In. If you are successfully authenticated, then you are logged in and directed to the home page in the authenticated context.

   The login attempt might generate an error, such as "Invalid sign in", because of the following reasons:

   • Incorrect credentials: If the user name and password entered are not correct, then an error message is displayed. This may be because of the following reasons:

     • User login does not exist

     • Password is incorrect

     • User login exists but the user is deleted

     User account will get locked if invalid login attempts exceeds maximum allowed login attempts counter. If user account gets locked, user will be allowed to login only when the lock out duration expires.

   • Locked account: If your user account is locked, then you are not allowed to log in even if the credentials are correct.

   • Disabled user: If your user account is disabled, then you are not allowed to log in.

5. If your password has expired, then the Change Password form is displayed. You are not allowed to proceed to the main page of the console without changing the password. Enter a new password, and click Submit.
6. If the system requires you to specify challenge responses, then specify it and click Submit.

   Alternatively, you can click Cancel if you want to avoid setting challenge questions and logging on to Identity Self Service. You set challenge questions to reset your password without calling the helpdesk. Note that these challenge questions are a unique set of questions and answers. For more information about setting challenge questions and response, see Challenge Questions and Responses After First Login.

If you attempting to access a page, for example the Pending Approvals page, and you are checking for the pending approvals from a link and you are not logged in already, then you are redirected to the login page. Follow the login instruction provided in this section to log in to Oracle Identity Manager. However, you will be directed to the page you are attempting to access, the Pending Approvals page, instead of the main page of Identity Self Service.

3.2 Retrieving Forgotten User Login

You can click the Forgot User Login option and enter your email address to retrieve your forgotten user login.

To retrieve your forgotten user login:

1. In the Identity Self Service login page, click Forgot User Login. The Forgot User Login page is displayed.
2. In the Email Address field, enter the email address associated with your user login.
3. Click Submit. An email is sent to the specified email address with further instructions.

   If you enter an incorrect email address, then no error message is displayed stating that the specified user details do not exist. Therefore, ensure that the email address you enter is valid.

3.3 Resetting Forgotten Password

User password gets locked as the result of too many invalid login attempts. You can click the Forgot Password? option to reset locked password.

The Forgot Password? option is not available in the following cases:

• User is disabled or deleted

• User is locked (for reasons other than, too many invalid login attempts)

• User has not set or has set insufficient number of challenge answers

• Applicable Challenge Policy for the user is disabled

To reset your forgotten password:

1. In the Identity Self Service login page, click Forgot Password?. The Forgot Password page is displayed.
2. In the Identify Yourself page, enter User Login details and then click Next.

   If validation of User Login is successful then, an Email is sent to you with a link to reset your password.

   If this validation fails then, you cannot proceed to reset password and will have to contact System Administrator for assistance.

3. Open the Email you have received and click on the reset password link. The Forgot Password, Answer Challenge Questions page is displayed.
4. The Answer Challenge Questions page lists the challenge questions that you set during user registration to verify your user identity. Enter your responses to the challenge questions, and then click Next. The Please enter new password page is displayed.
5. In this step, enter the new password that you want to set, re-enter new password to confirm it, and then click Save. The following are the possible outcomes of these steps:

   • If the challenge responses specified do not match the ones set during user registration, then the following error message is displayed:

     "The number of questions answered correctly does not match the number of correct answers required. Please ensure if all questions are answered correctly."

   • If you satisfy the identity verification criteria (in other words, identifying yourself and answering the challenge questions), but the new password failed to satisfy configured password policies, then an error message is displayed.

   • If you satisfy the identity verification criteria and the password is successfully set, then the next page is displayed with a message that the password has been changed. This also unlocks your user account if it was locked by self (not locked by the system administrator manually). Click Back to Login to view the login screen from where you can log in to Oracle Identity Governance.

3.4 Challenge Questions and Responses After First Login

The challenge-response service allows you to set up a series of challenge questions that can be used to validate the user's identity to reset a forgotten password.

Questions and answers are stored as part of the user's profile as a name-value pair list, where the name is the question, and the value is the answer to that question. Only the user should know the correct answers to the challenge questions. For example, for user John Doe, the challenge-response set could be as follows:

Challenge	Response
Who was your fifth grade teacher?	Jean Doe
Where were you New Year’s 2000?	New York
What is the name of a city where you got lost?	New York
Where were you when you had your first kiss?	New York

Note:

Oracle recommends defining answers to challenge questions that cannot be guessed easily by collecting information about the user from the Internet or other public sources.

When a user's identity needs to be validated without relying on the authentication scheme, the challenge questions are asked, and the user must provide the necessary number of correct answers. Challenge questions are set in the following way:

• The System Administrator configures a predefined set of questions. See Setting Challenge Options.

• User configures the challenge questions and answers from the My Information page of the Identity Self Service. See Setting Challenge Questions and Responses.

• The System Administrator and the user configures the challenge questions. The System Administrator can configure a predefined set of questions, and the user can configure the answers for these questions from the My Information tab or immediately after logging in to Identity Self Service for the first time.

3.5 Setting Challenge Questions and Responses After First Login

You can set challenge questions and responses when Identity Self Service prompts you to do so, immediately after first login.

To set the challenge questions and responses:

1. Select questions from the Question 1, Question 2, and Question 3 fields.
2. In the corresponding Answer 1, Answer 2, and Answer 3 fields, enter the answers.
3. Click Apply.

Note:

Challenge questions and responses once set are not visible in this section. If you see the following message in the Challenge Questions section, then you have already set your challenge questions and responses:

Your secret questions and answers are already set.

You can modify the challenge questions and responses that you have already set by performing the procedure described earlier in this section.