15 Managing Users

The user management feature in Oracle Identity Manager includes creating, updating, deleting, enabling and disabling, resetting passwords, locking, and unlocking of user accounts.

You can perform the following user management tasks by using Oracle Identity Self Service:

• Searching Users

• Creating a User

• Viewing User Details

• Modifying Users

• Disabling a User

• Enabling a User

• Deleting a User

• Locking a User Account

• Unlocking a User Account

• Resetting the User Password

15.1 Searching Users

Use the Users page to perform simple and advanced search for users.

To search for users, you can perform one of the following:

• Performing Basic Search for Users

• Performing Advanced Search for Users

• Operations on Search Results

15.1.1 Performing Basic Search for Users

1. Log in to Identity Self Service.
2. Click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
3. To perform basic search, select any one of the following search criteria from the Search drop-down and click Search icon:

   • User Login

   • First Name

   • Last Name

   • Identity Status

   • E-mail

   • Start Date

   • End Date

   • Display Name

   • Account Status

   • Organization

   It lists the Users that match the selected Search Criteria.

15.1.2 Performing Advanced Search for Users

To perform advanced search:

1. Log in to Identity Self Service.

2. Click Manage, click Users. The Users page is displayed.

3. Click Advance link. Advance Users search page is displayed.

4. Select any one of the following options.

   • All: On selecting this option, the search is performed with the AND condition. This means that the search operation is successful only when all the search criteria specified are matched.

   • Any: On selecting this option, the search is performed with the OR condition. This means that the search operation is successful when any search criterion specified is matched.

5. In the searchable user attribute fields, such as User Login, specify a value. You can include wildcard characters (*) in the attribute value.

   For some attributes, select the attribute value from the list. For example, to search all users with locked accounts, select Locked from the Account Status list.

6. For each attribute value that you specify, select a search operator from the list.

   The following search operators are available for String type of attributes:

   • Starts with

   • Ends with

   • Equals

   • Does not equal

   • Contains

   • Does not contain

   The following search operators are available for Date type of attributes:

   • Equals

   • Before

   • After

   • On or before

   • On or after

   • Between

   The search operator can be combined with wildcard characters to specify a search condition. The asterisk (*) character is used as a wildcard character. For example, you can specify the value of the User Login attribute to be Jo* as the search criteria, and select Equals as the search operator. The users with login names that begins with Jo are displayed.

7. To add a searchable user attribute to the Search Users page, click Add Fields, and select the attribute from the list of attributes.

   For example, if you want to search all users with the Country attribute as US, then you can add the Country attribute as a searchable field and specify a search condition.

   Note:

   You can configure the attributes that are searchable. The attributes available for search must be a subset of the attributes defined for the user entity that are marked with the Searchable = Yes property.

8. Optionally click Reset to reset the search conditions and values that you specified. Typically, you perform this step to remove the specified search conditions and specify a new search condition.

9. Click Search. The search results is displayed in a tabular format.

10. If you want to hide columns in the search results table, then perform the following steps:

    1. Click View on the toolbar, select Columns, Manage Columns. The Manage Columns dialog box is displayed.

    2. From the Visible Columns list, select the columns that you want to hide.

    3. Click the left arrow icon to add the columns in the Hidden Columns list.

    4. Click OK. The selected columns are not displayed in the search results. A status message displays along the bottom of the search table to identify how many columns are currently hidden.

15.1.3 Operations on Search Results

This section describes the operations that you can perform based on selection of row(s) in the search results table. It is divided into single selection operations and bulk or multiple selection operations.

You can perform the following single selection operations by selecting a user from the search results table:

• View detail

• Modify

• Enable, only if the user status is disabled

• Disable, only if the user status is enabled

• Lock, only if the selected user's account is unlocked

• Unlock, only if the selected user's account is locked

• Reset password

• Delete

You can perform the following bulk or multiple selection operations by selecting multiple users from the search results table:

• Modify

• Enable, only if the user status is disabled

• Disable, only if the user status is enabled

• Lock, only if the selected user's account is unlocked

• Unlock, only if the selected user's account is locked

• Delete

15.2 Creating a User

You can create a new user in Oracle Identity Manager by using the Create User page. You can open this page only if you are authorized to create users as determined by the authorization policy on the Create User privilege on any organization in Oracle Identity Manager.

To create a user:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
3. Enter details of the user in the Create User page.

   Table 15-1 describes the fields in the Create User page:

   Table 15-1 Fields in the Create User Page

   Section	Field	Description
   Justification and Effective Date	Justification	Justification for creating the user.
   Justification and Effective Date	Start Date	Date on which the user must be created.
   Justification and Effective Date	Stop Date	Date till which the user must be active.
   Basic Information	First Name	First name of the user.
   Basic Information	Middle Name	Middle name of the user.
   Basic Information	Last Name	Last name of the user.
   Basic Information	E-mail	E-mail address of the user.
   Basic Information	Manager	The reporting manager of the user.
   Basic Information	Organization	The organization to which the user belongs. This is also known as the home organization.
   Basic Information	User Type	The type of employee, such as consultant, contractor, contingent worker, employee, full-time employee, intern, non-worker, other, part-time employee, or temporary.
   Basic Information	Display Name	It can have localized values, which can be added by clicking Manage Localizations, and selecting from a list of languages. Display Name is available in 33 languages.
   Account Settings	User Login	The user name to be specified for logging in to the Administration Console.
   Account Settings	Password	The password to be specified for logging in to the Administration console.
   Account Settings	Confirm Password	Re-enter the password to be specified for logging in to the Administration console.
   Account Effective Dates	Start Date	The date when the user will be activated in the system.
   Account Effective Dates	End Date	The date when the user will be deactivated in the system.
   Contact Information	Telephone Number	The telephone number of the user.
   Contact Information	Home Phone	The telephone number of the user's residence.
   Contact Information	Fax	The fax number of the user.
   Contact Information	Mobile	The mobile number of the user.
   Contact Information	Pager	The pager number of the user.
   Contact Information	Home Postal Address	The postal address of the user's residence.
   Contact Information	Postal Address	The postal address of the user.
   Contact Information	Postal Code	The postal code number of the user's address.
   Contact Information	PO Box	The post box number of the user's address.
   Contact Information	State	The state name of the user.
   Contact Information	Street	The street name where the user resides.
   Contact Information	Country	The country where user resides.
   Preferences	Locale	The locale code of the user.
   Preferences	Timezone	The timezone of the user.
   Other Attributes	Common Name	The common name of the user.
   Other Attributes	Department Number	The department number of the user.
   Other Attributes	Employee Number	The employee number of the user.
   Other Attributes	Generation Qualifier	Whether the user qualifies the generation.
   Other Attributes	Hire Date	The hiring date of the user.
   Other Attributes	Locality Name	The name of the locality where user resides.
   Other Attributes	Initials	The initials of the user.
   Other Attributes	Title	The title for the user.

4. Click Submit or Save as Draft. A message is displayed stating that the user is created successfully.

   Tip:

   Users can be created by any one of the following methods:

   • By using Oracle Identity Administration

   • By self registration

   • By using SCIM-based APIs

   For all the above methods, Oracle Identity Manager uses the default password policy or Password Policy against Default Rule. If you want to use a different password policy, then you must attach the new password policy to the default rule. To do so, see Managing Password Policies.

   For more information about how to use SCIM/REST services, see "Using SCIM/REST Services" in the Developing and Customizing Applications for Oracle Identity Governance.

15.3 Viewing User Details

The view user operation allows you to view detailed user profile information in the User Details page. You can open this page if you are authorized to view the user's profile as determined by the authorization policy through the View User Details privilege.

To display user details:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. The user details are displayed in the following tabs:

   • The Attributes Tab: Displays the attribute profile that includes details about basic user information, account effective dates, and provisioning dates. For more details, see "Editing User Attributes".

   • The Roles Tab: Displays a list of roles to which the user belongs. You can click each role to display summary information about the role.

     In the Roles tab, you can assign roles to the user and remove roles from the user. For more information, see Requesting, Removing, and Modifying Roles.

   • The Entitlements Tab: Displays a list of entitlements for the user. You can click each entitlement to display a summary of the entitlement.

     In the Entitlements tab, you can request for entitlements and remove entitlements from the user. For more information, see Requesting and Removing Entitlements.

   • The Accounts Tab: Displays a list of accounts for the user. You can click each account to display a summary of the account.

     Typical tasks you perform in this tab are request for an account, modify and remove accounts, mark an account as primary, and disable and enable accounts. For more information, see Requesting, Removing, and Modifying Accounts.

   • The Direct Reports Tab: Displays a read-only table of users for whom the user is set as the manager. In other words, this tab lists the direct reportees of the user. For each user in the table, it displays the following:

     • Display Name

     • User Login

     • Status

     • Organization

     If you select a row in the table, then summary information about the direct reportee is displayed at the bottom.

     Direct reports allows you to open the user details of the direct reportees. To do so, select a row in the table of direct reportees, and click the open icon on the toolbar.

   • The Admin Roles Tab: Displays a list of admin roles assigned to the user. You can select an admin role to display a summary of the admin role.

     Using the admin role detail information, you can select or deselect the include sub-orgs option. When this option is selected, it specifies that the admin role is applicable to the users of the organization and all the suborganizations of the organization. When this option is not selected, it specifies that the admin role is applicable to the users of the organization only. For more information, see Managing Admin Roles.

15.4 Modifying Users

You can perform administrative user modification tasks from the user details. The modification is broken up across the different tabs in the page that displays user details, which means that modifications done in each tab are independent of each other and must be saved individually.

Note:

The modify user operation can be a direct operation or generate a request, which is subject to approval, based on the authorization privileges you have.

• Editing User Attributes

• Requesting, Removing, and Modifying Roles

• Requesting and Removing Entitlements

• Requesting, Removing, and Modifying Accounts

• Modifying Details of Direct Reports

15.4.1 Editing User Attributes

You can modify the user attributes from the Attribute tab.

To edit the attributes of a user:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. Select the user in the search results table.
4. Modify the user in one of the following ways:

   • Click Edit on the toolbar.

   • From the Actions menu, select Edit.

5. In the Modify User page, change values of the attributes in the respective fields as required.
6. Click Submit. The modify attribute operation is completed successfully.

15.4.2 Requesting, Removing, and Modifying Roles

You can request for new roles, modify the roles associated with the user, remove roles or modify the role grant duration from the Roles tab.

You can perform the following operations from the Roles tab of the User Details page:

• Requesting Roles for a User

• Modifying a Role

• Removing Roles from a User

• Modifying Role Grant Duration

15.4.2.1 Requesting Roles for a User

In the Roles tab of the User Details page, you can add and remove roles. To assign roles to a user:

1. In the User Details page, click the Roles tab. The Roles tab is displayed with the list of roles assigned to the user.

   Click the Granted tab to view the roles that are granted to you. This includes both direct and indirect roles.

   Click the Pending tab to view the roles that are pending for approval.

2. From the Actions menu, select Request. Alternatively, you can click Request on the toolbar. The Catalog page is displayed.
3. Click the search icon next to the Catalog field. A list of catalog items available for requesting is displayed.

   Note:

   The catalog items that are available for requesting by a user is governed by authorization privileges defined for the admin roles of the user.

4. Select the catalog item for the role that you want to request.
5. Click Add Selected to Cart. The selected role catalog item is added to the request cart.
6. Click Checkout. The role will be assigned to the user when an approver approves the request.

   You can edit the catalog item by clicking View & Edit.

15.4.2.2 Modifying a Role

To modify a role assigned to a user:

1. In the User Details page, click the Roles tab.
2. Select the role that you want to modify.
3. From the Actions menu, select Open. The role details is displayed, which is available for editing.
4. Edit the fields that you want to modify. You can click each tab and modify the role hierarchy, role membership, access policies, and organizations. For more information, see Viewing and Administering Roles.
5. Click Apply.

15.4.2.3 Removing Roles from a User

To remove roles from a user:

1. In the User Details page, click the Roles tab. The Roles tab is displayed with the list of roles assigned to the user.
2. Select the role that you want to remove.
3. From the Actions menu, select Remove. Alternatively, you can click Remove on the toolbar. The Remove Roles page is displayed.
4. Fill in the Justification, click Submit.

15.4.2.4 Modifying Role Grant Duration

To modify the grant duration fields for the role:

1. In the Roles tab of the User Details page, select a role for which you want to modify the grant duration.

   The grant duration fields, Start Date and End Date, are displayed in the Roles tab.

2. From the Actions menu, select Modify Grant Duration. The Modify Grant Duration dialog box is displayed.
3. In the Justification box, enter a justification for modifying the start date, or end date, or both.
4. Enter values in any one or both of the following fields:

   • Start Date: The start date when the role will be provisioned. This must be a future date. This field is not available for modification if the role is already assigned to you.

   • End Date: The end date when the role will be revoked from you.

   For more information about grant duration, see "Adding and Removing Grant Duration".

5. Click OK.

   The Start Date and End Date fields in the Roles tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.

15.4.3 Requesting and Removing Entitlements

You can request for new entitlements, remove entitlements or modify the entitlements grant duration from the Entitlements tab.

You can perform the following entitlement modification operations from the Entitlements tab of the User Details page:

• Requesting Entitlements for a User

• Removing Entitlements from a User

• Modifying Entitlement Grant Duration

15.4.3.1 Requesting Entitlements for a User

To request entitlements for a user:

1. In the User Details page, click the Entitlements tab. The Entitlements tab is displayed with the list of entitlements assigned to the user.
2. From the Actions menu, select Request. Alternatively, you can click Request on the toolbar. The Catalog page is displayed.
3. Click the search icon next to the Catalog field. A list of catalog items available for requesting is displayed.

   Note:

   The catalog items that are available for requesting by a user is governed by authorization privileges defined for the admin roles of the user.

4. Select the catalog item for the entitlement that you want to request.
5. Click Add Selected to Cart. The selected entitlement catalog item is added to the request cart.
6. Click Checkout. The Cart Details page is displayed.
7. (Optional) For the requested entitlements, enter any additional information as needed. This additional information can be added using a form associated with the entitlement, provided the entitlement forms have been generated or re-generated by system administrators.

   For example, you can enter effective start and end dates for the entitlement. Then, the approver can review and/or modify this additional information and decide whether the entitlements can be provisioned or not. The entitlements will be assigned to the user when the approver approves the request.

15.4.3.2 Removing Entitlements from a User

To remove entitlements from a user:

1. In the User Details page, click the Entitlements tab. The Entitlements tab is displayed with the list of entitlements assigned to the user.
2. Select the entitlement that you want to remove.
3. From the Actions menu, select Remove. Alternatively, you can click Remove on the toolbar. The Remove Entitlement page is displayed.
4. Fill in the justification, and click Submit.

15.4.3.3 Modifying Entitlement Grant Duration

To modify the grant duration fields for the entitlement assigned to the open user:

1. In the Entitlements tab of the User Details page, select an entitlement for which you want to modify the grant duration.

   The grant duration fields, Start Date and End Date, are displayed in the Entitlements tab.

2. From the Actions menu, select Modify Grant Duration. The Modify Grant Duration dialog box is displayed.
3. In the Justification box, enter a justification for modifying the start date, or end date, or both.
4. Enter values in any one or both of the following fields:

   • Start Date: The start date when the entitlement will be provisioned. This must be a future date. This field is not available for modification if the entitlement is already assigned to the user.

   • End Date: The end date when the entitlement will be revoked from the user.

   For more information, see Adding and Removing Grant Duration.

5. Click OK.

   The Start Date and End Date fields in the Entitlements tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.

15.4.4 Requesting, Removing, and Modifying Accounts

You can request for new account, remove an account, modify an account, mark an account as primary account, enable or disable an account, or modify the entitlements grant duration from the Accounts tab.

You can perform the following account modification operations from the Accounts tab of the User Details page:

• Understanding Requesting for an Account

• Modifying an Account

• Removing an Account

• About Multiple Accounts in Single Application Instance

• Marking an Account as Primary

• Disabling an Account

• Enabling an Account

• Modifying Account Grant Duration

15.4.4.1 Understanding Requesting for an Account

This section describes about requesting for an account in the following topic:

• Types of Account

• Requesting for an Account

15.4.4.1.1 Types of Account

You can request accounts by requesting an application instance. You can request for the following types of accounts (application instances):

• Primary account: A primary account is the first account created for a user in a target application. In other words, a primary account is the first application instance that is being requested. Oracle Identity Manager supports multiple accounts for a single application instance. The first account that is created is tagged as primary account, and there can be only one primary account for a user. The other accounts (non-primary accounts) are associated with the primary account. When the user requests entitlements, the entitlements are appended to the primary account.

• Non-primary account: If a user already has a primary account and requests for another account in the same target application, then that account is a non-primary account. A user can have multiple non-primary accounts, but only one primary account.

See Also:

Marking an Account as Primary for more information on marking an account as primary

15.4.4.1.2 Requesting for an Account

To request for an account:

1. In the User Details page, click the Accounts tab. This tab lists the accounts of the user.
2. From the Actions menu, select Request. Alternatively, click Request on the toolbar. The Catalog page is displayed.
3. Click the search icon next to the Catalog field. A list of catalog items available for requesting is displayed.

   Note:

   The catalog items that are available for requesting by a user is governed by authorization privileges defined for the admin roles of the user.

4. Select the catalog item for the account that you want to request. In other words, select the application instance that you want to request.
5. Click Add Selected to Cart. The selected account catalog item is added to the request cart.
6. Click Checkout. The account will be granted to the user when an approver approves the request.

   You can edit the catalog item by clicking View & Edit.

15.4.4.2 Modifying an Account

To modify an account for the user:

1. In the Accounts tab, select the account that you want to modify.
2. From the Actions menu, select Modify. The account details is displayed which is available for editing.
3. Edit the fields that you want to modify.
4. Click Ready to Submit and then click Submit.

15.4.4.3 Removing an Account

To remove an account from the user:

1. In the Accounts tab, select the account that you want to modify.
2. From the Actions menu, select Remove. Alternatively, click Remove on the toolbar. The Remove Accounts page is displayed.
3. Click Submit.

15.4.4.4 About Multiple Accounts in Single Application Instance

Oracle Identity Manager supports multiple accounts in a single application instance. The first account that is created is tagged as the primary account, and there can be only one primary account for a user. The other accounts (non-primary accounts) are associated with the primary account.

All types of entitlements are available for request in the request catalog. If the request for an entitlement is approved, it is associated with the primary account and not the non-primary account.

When the user gets provisioned to an application instance, Oracle Identity Manager checks if it is the first account provisioned for the user in that application instance. If so, the account is marked as primary. When existing user accounts are reconciled from application instances, the first account that gets reconciled is marked as primary.

A user can have only one primary account. However, Oracle Identity Manager supports multiple accounts for a single application instance. If the account marked as primary is not supposed to be the actual primary account, you can manually change the primary tag for the account and mark another account as primary. By doing so, you can ensure that when the user requests entitlements, the entitlements are appended to the primary account.

15.4.4.5 Marking an Account as Primary

To mark an account as a primary account:

1. In the Accounts tab, select the account that you want to mark as primary.
2. From the Actions menu, select Make Primary.

   A message is displayed asking for confirmation.

3. Click Yes to confirm. The account is marked as primary.

15.4.4.6 Disabling an Account

You can disable an account that is in enabled state. To disable an account:

1. In the Accounts tab, select the account that you want to disable.
2. From the Actions menu, select Disable.
3. Click Submit. The account is disabled.

15.4.4.7 Enabling an Account

You can enable an account that is in disabled state. To enable an account:

1. In the Accounts tab, select the disabled account that you want to enable.
2. From the Actions menu, select Enable.
3. Click Submit. The account is enabled.

15.4.4.8 Modifying Account Grant Duration

To modify the grant duration fields for the account assigned to the open user:

1. In the Accounts tab of the User Details page, select an account for which you want to modify the grant duration.

   The grant duration fields, Start Date and End Date, are displayed in the Accounts tab.

2. From the Actions menu, select Modify Grant Duration. The Modify Grant Duration dialog box is displayed.
3. In the Justification box, enter a justification for modifying the start date, or end date, or both.
4. Enter values in any one or both of the following fields:

   • Start Date: The start date when the account will be provisioned. This must be a future date. This field is not available for modification if the account is already assigned to the user.

   • End Date: The end date when the account will be revoked from the user.

   For detailed information about grant duration, see Adding and Removing Grant Duration.

5. Click OK.

   The Start Date and End Date fields in the Accounts tab are updated with the values you specified immediately if no approver is assigned else if approver is assigned it is updated after the approval.

15.4.5 Modifying Details of Direct Reports

You can modify the direct reportee details from the Direct Reports tab.

The modify the details of direct reports:

1. In the User Details page, click the Direct Reports tab. This tab lists the direct reports of the open user.
2. Select the user or direct report you want to modify.
3. From the Actions menu, click Open. Alternatively, click Open on the toolbar. The User details page of the selected direct report is displayed. Use the toolbar and tabs to modify the details of the direct report.

15.5 Disabling a User

You can disable a user that is in enabled state from a specific date.

To disable a user:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. Select the user you want to disable.
4. Disable the user in one of the following ways:

   • Click Disable on the toolbar.

   • From the Actions menu, select Disable.

   • Click the user login of the user record that you want to disable. On the User Details page, click Disable User on the toolbar.

5. In the Target Users section, click the plus icon to search for more target users and add to the list of users that you want to disable. You can also view the user details by clicking the User Details link for each user.
6. In the Justification and Effective Date section, specify a justification and effective date for disabling the selected user.Click Submit. A message is displayed stating that the user is successfully disabled.

15.6 Enabling a User

You can enable a disabled user from a specific date.

To enable a disabled user:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. Select the user you want to enable.
4. Enable the user in one of the following ways:

   • Click Enable on the toolbar.

   • From the Actions menu, select Enable.

   • Click the user login of the user record that you want to enable. On the User Details page, click Enable User on the toolbar.

5. In the Target Users section, click the plus icon to search for more target users and add to the list of users that you want to enable. You can also view the user details by clicking the User Details link for each user.
6. In the Justification and Effective Date section, specify a justification and effective date for enabling the selected user.Click Submit. A message is displayed stating that the user is successfully enabled.

15.7 Deleting a User

You can delete the user that are not required or are not in use.

To delete a user:

Note:

When a user is deleted, the deleted record would still exist in the database, marked as deleted. These records are not available for any operations.

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. Select the user you want to delete.
4. Delete the user in one of the following ways:

   • Click Delete on the toolbar.

   • From the Actions menu, select Delete.

   • Click the user login of the user record that you want to delete. On the User Details page, click Delete User on the toolbar.

5. Verify that the selected user is displayed in the Target Users section.
6. If required, in the Target Users section, click the plus icon to search for more target users and add to the list of users that you want to delete. You can also view the user details by clicking the User Details link for each user.
7. In the Justification field, enter a justification for deleting the user.
8. In the Effective Date field, specify a date from which the user account must be removed.
9. Click Submit. A request to delete the user is created, which is subject to approval.

15.8 Locking a User Account

You can lock the account of a user from the Users page.

To lock the account of a user:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. Select the user you want to lock.
4. Lock the user in one of the following ways:

   • Click Lock Account on the toolbar.

   • From the Actions menu, select Lock Account.

   • Click the user login of the user record that you want to lock. On the User Details page, click Lock Account on the toolbar.

5. In the confirmation message that is displayed, click Lock. The account of the selected user is locked.

Note:

Users with special characters in the user login name cannot be locked.

When you try to lock a user account that contains some special characters in the user login name, the following error is displayed:

An unknown exception occurred, please review server logs.The user with the key USER_KEY does not exist.

The following special characters are not allowed in the user login name:

[!@#$%^&*()_-+=[{]}\|;:'",<.>/?

15.9 Unlocking a User Account

You can unlock the account of a user from the Users page.

To unlock the account of a user:

1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. Search for the user for which you want to display the details. Follow steps shown in Searching Users.
3. Select the user you want to unlock.
4. Unlock the user in one of the following ways:

   • Click Unlock Account on the toolbar.

   • From the Actions menu, select Unlock Account.

   • Click the user login of the user record that you want to unlock. On the User Details page, click Unlock Account on the toolbar.

5. In the confirmation message that is displayed, click Unlock. The account of the selected user is unlocked.

15.10 Resetting the User Password

You can reset the user log in password by manually changing it or by auto-generating the password.

To reset the password for a user:

1. In Identity Self Service, click Manage.
2. Click the icon in the Users box. The Users page is displayed.
3. Search and select the user for which you want to reset the password.
4. From the Actions menu, select Reset Password. Alternatively, you can click Reset Password on the toolbar. You can also open the user details, and then click Reset Password on the toolbar.

   The Reset Password dialog box is displayed.

5. Select any one of the following options:

   • Manually change the Password: To reset the password by entering a new password. To do so, select this option, and enter a new password in the New Password and Confirm Password fields. You can click the information icon to view the criteria to specify a password.

     When you select the Manually change the Password option, you can select the E-mail the new password to the user option if you want the new password to be sent via e-mail to the user. Otherwise, do not select this option.

   • Auto-generate the Password (Randomly generated): To enable Oracle Identity Manager to generate a random password. When you select this option, the E-mail the new password to the user option is selected by default.

6. Click Reset Password. The password of the open user is reset.