3 What's New in Oracle Identity Management 12c (12.2.1.4.0)
This topic lists the new features for all the products in Oracle Identity Management Release 12c (12.2.1.4.0).
3.1 What's New in Oracle Access Management
Oracle Access Management 12c (12.2.1.4.0) includes the following new features:
-
Passwordless Login
Passwordless authentication allows you to bypass the standard web form based authentication when using a mobile device. For details, see Using Passwordless Authentication in Administering Oracle Access Management.
-
Dynamic Client Registration
Dynamic client Registration (DCR) provides a way for the native mobile apps (Android) to dynamically register as clients with the OAuth Server (OAM). For details, see Dynamic Client Registration in Administering Oracle Access Management
-
OAP over REST
Oracle Access Protocol (OAP) over REST enables the use of HTTP(S) infrastructure to route and load balance requests. Changing the transport mechanism between WebGate and server has a beneficial impact on reducing operational cost for hybrid deployments where some components are on-premises and others have moved to cloud. For details, see About OAP Over Rest Communication in Administering Oracle Access Management
-
WebGate using PFS and Approved Cipher Suites for OAP Simple/Cert Mode Communication
When the Simple/Cert Mode communication occurs, WebGate ensure that valid and approved cipher suites defined by the admin are used. For details, see About WebGate TLS validating PFS and Approved Ciphers in Administering Oracle Access Management
-
HealthCheck Framework
HealthCheck Framework enables health check on servers. These checks can be performed using REST API or by scheduling periodic checks on the server. Each schedule can be associated with a specified set of tests to be run. For details, see Monitoring Server Health with Health Check Framework in Administering Oracle Access Management
-
Modified UserInfo Response
The format of the UserInfo response for OAuth flows is modified with the following changes:
- Additional new parameters
guid
andsub
are included in the response. - The parameters
Profile
,Email
,Address
, andPhone
are returned directly under the root tag instead of seperate containers for each of the parameters. - The parameters
email_verified
andphone_number_verified
are returned as booleans.
For example,
{ "guid": "6C9CF210194A11E99FB45DDD0C60B95A", "sub": "weblogic", "family_name": "weblogic", "preferred_username": "weblogic", "updated_at": "1548740667872", "email_verified": false, "phone_number_verified": false }
To retrieve the user info attributes in the older format (see the following example), set the custom attribute
UserInfoScopeCont
totrue
at the domain level.Sample UserInfo response format when the custom attribute
UserInfoScopeCont
is set,{ "profile": { "guid": "6C9CF210194A11E99FB45DDD0C60B95A", "sub": "weblogic", "family_name": "weblogic", "preferred_username": "weblogic", "updated_at": "1548743708100" }, "email": { "email_verified": false }, "address": {}, "phone": { "phone_number_verified": false } }
- Additional new parameters
-
Policy Cache Resiliency
Improved resilience of the managed servers with the ability to read, validate and replace policy cache in a small step within the server, and delegation of cache building to the Admin Server. Introduced distribution of policy cache from Admin to manage servers with write once and read many times and reducing contention between multiple OAM server’s policy cache present in a cluster.
Policy cache can be fine-tuned using parameters. For details, see Configuring Policy Cache Parameters in Administering Oracle Access Management.
3.2 What's New in Oracle Identity Governance
Oracle Identity Governance 12c (12.2.1.4.0) has the following key new features:
-
Application Onboarding
The application onboarding capability in Identity Self Service has been enhanced to enable you to configure and manage flat files, manage jobs, and upgrade connector applications. See Managing Flat File Configurations, Managing Jobs, and Upgrading Connector Applications in Performing Self Service Tasks with Oracle Identity Governance.
-
Challenge Questions
-
The list of challenge questions is updated for this release. See Challenge Questions and Response After First Login in Performing Self Service Tasks with Oracle Identity Governance.
-
Setting challenge questions requires authentication. See Setting Challenge Questions and Response in Performing Self Service Tasks with Oracle Identity Governance.
-
-
Pending Approvals and Provisioning Tasks
-
For parent or child form modification requests, a change indicator indicates the modified fields in the approval form. See Approving a Task in Performing Self Service Tasks with Oracle Identity Governance.
-
Similarly, for parent form modification requests, a change indicator indicates the modified fields in the manual fulfillment form. See Completing a Task in Performing Self Service Tasks with Oracle Identity Governance.
-
-
Certification
In the base selection for user, role, and entitlement certification definitions, you can filter the criteria based on various user, role, and entitlement attributes and user defined fields (UDFs). You can also save the filter criteria and use it for creating other user, role, and entitlement certification definitions. See Creating a User Certification Definition, Creating a Role Certification Definition, and Creating an Entitlement Certification Definition in Performing Self Service Tasks with Oracle Identity Governance.
-
Access Policy Harvesting
Access policies are linked to accounts created by requests and to accounts that are provisioned directly. See Evaluating Policies for Reconciled and Bulk Load-Created Accounts in Performing Self Service Tasks with Oracle Identity Governance.
-
Archival and Data Purge
-
Oracle Identity Governance provides a new Offline Data Purge Framework to purge huge data sets in a few iterations and reclaim huge storage space with the same operation. See Using the Offline Data Purge Framework in Administering Oracle Identity Governance.
-
Oracle Identity Governance provides a new complete data cleanup utility for non-production environments to purge all the data from underlying database tables for the respective OIG feature and to reclaim storage space with the same operation. See Using the Complete Nuke Cleanup Framework in Administering Oracle Identity Governance.
-
Existing and incoming audit data in the UPA table at mid-tier level can be compressed based on the level of compression you set. See Legacy Audit Data Compression in Administering Oracle Identity Governance.
-
A new scheduled task has been introduced to purge data from RECON_EXCEPTIONS table. See About the Reconciliation Exceptions Purge Utility in Administering Oracle Identity Governance.
-
-
New User Interface
-
The user interface to provision a resource to an organization has been emhanced. See Provisioning a Resource in Performing Self Service Tasks for Oracle Identity Governance.
-
The user interface to view the action history of a provisioned resource has been enhanced. See Viewing Resource History in Performing Self Service Tasks for Oracle Identity Governance.
-
The user interface to manage pending provisioning tasks has been enhanced. See Managing Pending Provisioning Tasks in Performing Self Service Tasks for Oracle Identity Governance.
-
As a result of the new UI in Oracle Identity System Administration, procedures have been revised for managing IT resources. See Managing IT Resources in Administering Oracle Identity Governance.
-
As a result of the new UI in Oracle Identity System Administration, procedures have been revised for Connector Lifecycle Management. See Installing a Connector, Cloning Connectors, Exporting Connector Object Definitions in Connector XML Format, Wizard Mode Upgrade in Staging Environment and Silent Mode Upgrade in Staging and Production Environment in Administering Oracle Identity Governance.
-
-
Deployment Manager
-
The Deployment Manager exports and imports identity audit rules in human readable format. See About Export/Import of Identity Audit Rules in Administering Oracle Identity Governance.
-
The Deployment Manager also exports and imports role UDF data. See About Export/Import of Role UDF Data in Administering Oracle Identity Governance.
-
-
Identity Management Diagnostic Framework
Oracle Identity Governance provides a new Identity Management Diagnostic Framework (IDMDF) for first occurrence diagnostics and Service-Level Agreement (SLA)-based notification for faster resolution of issues. See Using the Identity Management Diagnostic Framework in Administering Oracle Identity Governance.
3.3 What's New in Oracle Unified Directory
Oracle Unified Directory 12c (12.2.1.4.0) has the following key features:
-
REST API
-
OUD 12c (12.2.1.4.0) introduces SCIM Rest services for accessing identity information (Users, Groups, etc), including querying, retrieval, create, update and delete. To configure SCIM, see Managing OUD Directory Data with SCIM Rest API. in Administering Oracle Unified Directory.
-
OUD 12c (12.2.1.4.0) introduces the Data Management REST API to manage directory data in Oracle Unified Directory. See Configuring Data Management REST API in Administering Oracle Unified Directory .
-
The Admin Rest API support was introduced in 12.2.1.3.0. To configure Admin Rest API, see Administering Oracle Unified Directory Using REST API in Administering Oracle Unified Directory.
-
3.4 What’s New in Oracle Internet Directory
Oracle Internet Directory 12c (12.2.1.4.0) has the following new features:
-
Quality of Service
Provides the capability to restrict the number of user connections or operations possible in a given duration of time. See Managing Quality of Service Configuration in Administering Oracle Internet Directory.
-
Monitoring Oracle Internet Directory Server using LDAP
Monitors the current state of the server for debugging or troubleshooting purposes by using LDAP. See Monitoring Oracle Internet Directory Server Using LDAP in Administering Oracle Internet Directory.
-
Update to Oracle Database Client software
Oracle Internet Directory 12.2.1.4.0 installation includes an update to the database client software installed with Oracle Fusion Middleware. The database patch set included is
12.1.0.2.190716
. If you execute the commandopatch lsinventory
, the patch identification number for this update will appear as29494060
on Linux/Unix and30220086
on Microsoft Windows.
3.5 What's New in Oracle Identity Management Integration
Support for upgrading OAM-OIG integrated environments from 11g Release 2 (11.1.2.3.0) and 12c (12.2.1.3.0) to the latest12c (12.2.1.4.0) release version after applying the OAM bundle patch 12.2.1.4.200327, or the OIM bundle patch 12.2.1.4.200505, or the latest bundle patch available for your release.
For more information about the upgrade, Upgrading OIG-OAM Integrated Environments. in the Integration Guide for Oracle Identity Management Suite.