sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Tuesday, 30 June 2015

Lab2 :: Oracle Identity Manager ( OIM ) Sysadmin Console Overview

                                      
user Id : xelsysadm 
Password : Lucky1234


SYSADMIN Console :-

EVENTMANGEMENT - Reconciliation

Certifications - Certification Configuration, Certification definitions, Event Listeners, Risk Configurations

POLICIES - Approval Policies, Access Policies, Attestation Configuration, Password Policy

CONFIGURATIONS - Form Designer, IT Resource, Generic Connector, Application Instances, Lookups

SYSTEM MANAGEMENT - Scheduler, Notification, System Configuration, Manage Connector, Import, Export

UPGRADE

EVENTMANGEMENT - Reconciliation page to create and manage reconciliation events.

Approval Policies - Use this page to create and manage approval policies. An approval policy helps to associate request types with approval processes defined in the workflow service

Access Policies - Use this page to create and manage access policies. Access policies define how to automate the provisioning of target systems to users. Access policies are a list of roles and resources
to be provisioned or de-provisioned.


Attestation Configuration - Use this page to create, configure and manage attestation processes, and work with the attestation dashboard


Password Policy - Use this page to create and manage password policies. Password policy management includes setting password policy rules, and creating, searching, and deleting password policies


Form Designer - Use this page to create and manage forms of type users, roles, organizations, catalog, and resources that are not predefined in Oracle Identity Manager.


IT Resource - Use this page to create and manage IT resources. IT resource is composed of parameters that store connection information about a target system. Oracle Identity Manager uses this information to connect to a specific installation or
instance of the target system


Generic Connector - Use the Generic Connector page to create and manage generic connectors. Generic connectors are basic connectors without advanced features. The connectors utilize generic connectivity technologies, such as SPML and JDBC


Application Instances - Use this page to create and manage application instances. An application instance is a combination of an IT resource instance and resource object. Users have accounts and entitlements that are associated with application instance and not with the IT resource instance or resource object.


Lookups - Use this page to create and manage lookup definitions.


Scheduler - Use this page to create and manage scheduled jobs. Scheduled jobs are jobs that are run at specified time intervals to manage various activities in Oracle Identity Manager.


Notification - Use this page to create and manage notification templates. A notification template is used to send notifications.


System Configuration - Use this page to create and manage system properties. System properties define the characteristics that control the behavior of Oracle Identity Manager.


Manage Connector - Use this page to define, install, clone, upgrade, and uninstall predefined connectors in an Oracle Identity Manager environment. A predefined connector is designed for commonly used target systems such as Microsoft Active Directory and PeopleSoft Enterprise Applications


Import - Use this page to import Oracle Identity Manager configurations by using the Deployment Manager

Export
Use this page to export Oracle Identity Manager configurations by using the Deployment Manager.

Upgrade
When you upgrade your Oracle Identity Manager environment from 11g Release1(R1)(11.1.1.5) to 11g Release2 (R2)(11.1.2), the custom attributes for entities (such as users, roles, organizations, and application instances) exist in the back-end. However, if you want to display these attributes as form fields in the Oracle Identity Manager user interface, then you must customize the associated pages on the interface to add the custom form fields. To do so, use the links in the Upgrade region of the Identity System Administration Console.


The Upgrade region contains the following:

Upgrade User Form -  Use this page to create and manage custom form fields for the user entity.

Upgrade Role Form - Use this page to create and manage custom form fields for the role entity.

Upgrade Organization Form  - Use this page to create and manage custom form fields for the organization entity.

Upgrade Application Instances - Use this page to create and manage custom form fields for the application instance entity.


Approval policy is a configurable entity of request management that helps associate various request types with approval processes defined in the request service only for request-level and operation-level approvals. It associates approval workflows to be initiated at request or operation levels for a request type.

Each approval policy decides on what process to invoke based on approval policy priority and approval policy rule

Approval policy priorities are based on the following:
For request level, request type + request level

For operation level, request type + operation level + scope, which is the specific entity associated with the request heterogeneous requests


Oracle Business Rules (OBR)

The following methodologies are used:

Request-Level Methodology
          
     This methodology is used for all request types at the request level of approval.

Operation-Level Methodology: Organization-Based Selection
    
     This methodology is used for all user-related request types, such as Create User, Modify User, Disable User, Enable User, and Delete User, at the operation level of approval

Operation-Level Methodology: Role-Based Selection

     This methodology is used for all role-related request types at the operation level of
approval.

Operation-Level Methodology: Application Instance-Based Selection
    
     This methodology is also used for entitlement related requests (provision/revoke).

Resource - A resource is a logical entity in Oracle Identity Manager that can be provisioned to a user or an organization in Oracle Identity Manager. For example, Microsoft Active

Account - Accounts are actual instances of a resource that are created and provisioned to a user or organization in Oracle Identity Manager. For example, an e-mail account on an Exchange server is an account (instance) of resource type Exchange


IT Resource Type - IT resource type is a logical entity in Oracle Identity Manager used to model a physical target and all its attributes including (but not limited to) the connectivity information and the credentials required to connect to the physical computer. For example, IT resource type AD server is used to model an actual AD server.


IT Resource Instance

     These are actual instances of specific IT resource type that represent the actual physical target. They also have specific values for all the attributes of the physical target, such as IP address, port, user name, and password. Two physical AD servers in a deployment are represented by two instances of IT resource type AD Server.


Account Discriminator
     Account discriminator is a collection of attributes on a form that uniquely identifies the logical entity on which accounts are created. This term is sometimes loosely referred to as a target. For instance, for an AD server, an account discriminator can be a combination of AD server (an attribute of type IT Resource) and Organization Name. Typically, account discriminators are attributes of type IT Resource. Attributes are marked as account discriminators by setting the Account Discriminator property of a Form field to True


Evaluate User Policies scheduled task Application Instance Post Delete Processing Job scheduled job Catalog Synchronization Job scheduled job
Entitlement List - Target to LKV Table - ENT_LIST Table



A connector consists of the following artifacts:

Binaries (JAR and DLL files) that contain the connector code

XML file(s) consisting of data of Objects defined in Oracle Identity Manager, such as an IT resource, resource object, provisioning process and process tasks, process form and child forms, adapters and adapter tasks, lookup definitions, reconciliation rules, and scheduled tasks

Integration libraries that enable adapters to perform actions on the target system For some target systems, third-party integration libraries might be required to enable communication or specific functionality with the target systems


Oracle Identity Manager Connector artifacts :-
Resource objects
Event handlers
Process forms
IT resources
Data object definitions
Pre-Populate adapters
Processes
IT resource type definitions
Task adapters
Lookups
Scheduled tasks


There are four types of rules:

General - Enables Oracle Identity Manager to add a user to a role automatically and to determine the password policy that is assigned to a resource object.

Process Determination - Determines the provisioning processes for a for a resource object.
Organization Provisioning, User Provisioning, approval or standard approval.

Task Assignment - Specifies the user or role that is assigned to a process task.

Pre-populate - Determines which pre-populate adapter is executed for a form field.


The resource object's classification status.

A resource object can belong to one of the following types:

Application - Classifies this resource object as an application.

Generic - Contains business-related processes.

System - Oracle Identity Manager uses this type of resource object internally.
Do not modify system resource objects without first consulting Oracle.

Disconnected - Classifies the resource object as a disconnected resource

The Resource Objects form contains the following tabs:

Depends On Tab, Object Authorizers Tab, Process Determination Rules Tab Event Handlers/Adapters Tab, Resource Audit Objectives, Status Definition Tab Administrators Tab, Password Policies Rule Tab, User-Defined Fields Tab Process Tab, Object Reconciliation Tab

The Editing Task window contains the following tabs:

General Tab, Integration Tab, Task Dependency Tab, Responses Tab Undo/Recovery Tab, Notification Tab, Task to Object Status Mapping Tab
Assignment Tab of the Editing Task Window


The Form Designer form contains the following tabs:

Additional Columns Tab, Child Table(s) Tab, Object Permissions Tab
Properties Tab, Administrators Tab, Usage Tab, Pre-Populate Tab
Default Columns Tab, User Defined Fields Tab


Adaptor : - Process Task, Rule Generator, Pre-populate, Rule Generator Entity, Task Assignment


No comments:

Post a Comment