You are on page 1of 18

Oracle Identity Manager 11g:

Essentials
Volume I Student Guide

D65160GC10
Edition 1.0
November 2010
D69802

Copyright 2010, Oracle and/or its affiliates. All rights reserved.


Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and
print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way.
Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization
of Oracle.
The information contained in this document is subject to change without notice. If you find any problems in the document, please
report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United
States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Governments rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted
by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective
owners.

Authors
Robert LaVallie, Terri Cantor
Technical Contributors and Reviewers
Eswar Vandanapu, Raj Kuchi, Rajesh Bhabu, Sri Subramanian, Gopal Kumarappan, Mario Lim,
Ajay Keni, Brad Donison, Ashok Maram, Bitan Biswas, Amol Dharmadhikari, Abhishek Sharma,
Semyon Shulman, Viresh Garg, Sid Choudhury, Javed Beg, Jatan Rajvanshi, Sidhartha Das,
Ashutosh Pitre, Shyam Narayan Singh, Sanjay Rallapalli, Srinivas Marni, Debapriya Datta,
Alexandre Babeanu, Don Biasotti, Gururaj B.S.
This book was published using:

Oracle Tutor

Table of Contents
Introduction ......................................................................................................................................................1-1
Introduction ....................................................................................................................................................1-2
Road Map ......................................................................................................................................................1-3
Course Objectives ..........................................................................................................................................1-4
Road Map ......................................................................................................................................................1-7
Course Units ..................................................................................................................................................1-8
Unit 1: Product Overview ...............................................................................................................................1-9
Unit 2: Managing Users, User Entities, and Resources ................................................................................1-11
Unit 3: Handling Reconciliation Workflows .....................................................................................................1-13
Unit 4: Managing Policies, Reports, and Tools ..............................................................................................1-14
Unit 5: Deploying Configurations ....................................................................................................................1-16
Road Map ......................................................................................................................................................1-17
Lesson Summary ...........................................................................................................................................1-18
Road Map ......................................................................................................................................................1-19
What's Next? ..................................................................................................................................................1-20
Identity Management and Identity Administration: Overview ......................................................................2-1
Identity Management and Identity Administration: Overview..........................................................................2-2
Road Map ......................................................................................................................................................2-3
Lesson Objectives ..........................................................................................................................................2-4
Road Map ......................................................................................................................................................2-6
Identity Management: Overview .....................................................................................................................2-7
Identity Management: Importance ..................................................................................................................2-9
Identity Management: Benefits .......................................................................................................................2-11
Quiz................................................................................................................................................................2-13
Identity Management: Values .........................................................................................................................2-17
How Can Identity Management Help?............................................................................................................2-19
Quiz................................................................................................................................................................2-23
Identity Management: Terminology ................................................................................................................2-25
Identity Management: Functions ....................................................................................................................2-27
Identity Administration ....................................................................................................................................2-29
Access Management......................................................................................................................................2-31
Directory Services ..........................................................................................................................................2-33
Audit and Compliance ....................................................................................................................................2-35
Suite Management .........................................................................................................................................2-37
Quiz................................................................................................................................................................2-39
Road Map ......................................................................................................................................................2-43
Identity Administration: Infrastructure .............................................................................................................2-44
Identity Administration: Benefits .....................................................................................................................2-45
Road Map ......................................................................................................................................................2-46
Lesson Summary ...........................................................................................................................................2-47
Road Map ......................................................................................................................................................2-48
Lesson Demos ...............................................................................................................................................2-49
Road Map ......................................................................................................................................................2-50
What's Next? ..................................................................................................................................................2-51
Launching Oracle Identity Manager ...............................................................................................................3-1
Launching Oracle Identity Manager ...............................................................................................................3-2
Road Map ......................................................................................................................................................3-3
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


i

Lesson Objectives ..........................................................................................................................................3-4


Road Map ......................................................................................................................................................3-6
Oracle WebLogic Server Overview ................................................................................................................3-7
Oracle WebLogic Server Overview: Domains ................................................................................................3-8
Comparing Administration Servers and Managed Servers ............................................................................3-10
Oracle Identity Manager Server Overview .....................................................................................................3-12
SOA Server Overview ....................................................................................................................................3-13
Starting Administration and Managed Servers ...............................................................................................3-15
Starting the Administration Server..................................................................................................................3-16
Starting the Managed Servers........................................................................................................................3-17
Monitoring the Status of the Managed Servers ..............................................................................................3-18
Quiz................................................................................................................................................................3-19
Road Map ......................................................................................................................................................3-22
Oracle Identity Manager Interfaces ................................................................................................................3-23
Oracle Identity Manager Administrative and User Console Overview ............................................................3-24
Oracle Identity Manager Unauthenticated Self Service Console Overview ....................................................3-26
Oracle Identity Manager Unauthenticated Self Service Console: Reset Password ........................................3-27
Oracle Identity Manager Unauthenticated Self Service Console: Self-Registration .......................................3-30
Oracle Identity Manager Unauthenticated Self Service Console: Track Registration .....................................3-33
Web Console Overview..................................................................................................................................3-35
Self-Service Functionalities ............................................................................................................................3-36
Oracle Identity Manager Self Service Console ...............................................................................................3-38
Oracle Identity Manager Administration Console ...........................................................................................3-40
Oracle Identity Manager Advanced Administration Console ..........................................................................3-42
Starting the Oracle Identity Manager Web Consoles .....................................................................................3-45
Oracle Identity Manager Design Console Overview .......................................................................................3-46
Design Console: User Management ..............................................................................................................3-47
Design Console: Resource Management.......................................................................................................3-48
Design Console: Process Management .........................................................................................................3-49
Design Console: Administration .....................................................................................................................3-50
Design Console: Development Tools .............................................................................................................3-52
Starting the Oracle Identity Manager Design Console ...................................................................................3-54
Quiz................................................................................................................................................................3-55
Road Map ......................................................................................................................................................3-58
Oracle SOA Consoles Overview ....................................................................................................................3-59
Oracle SOA Platform......................................................................................................................................3-60
Oracle BPM Worklist Console ........................................................................................................................3-61
Launching the Oracle SOA Consoles.............................................................................................................3-62
Road Map ......................................................................................................................................................3-63
Lesson Summary ...........................................................................................................................................3-64
Road Map ......................................................................................................................................................3-65
Practice 3 Overview: Launching Oracle Identity Manager .............................................................................3-66
Road Map ......................................................................................................................................................3-67
What's Next? ..................................................................................................................................................3-68
Understanding Oracle Identity Manager ........................................................................................................4-1
Understanding Oracle Identity Manager.........................................................................................................4-2
Road Map ......................................................................................................................................................4-3
Lesson Objectives ..........................................................................................................................................4-4
Road Map ......................................................................................................................................................4-6
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


ii

Oracle Identity Management Products ...........................................................................................................4-7


Road Map ......................................................................................................................................................4-10
Oracle Identity Manager: Overview ................................................................................................................4-11
Oracle Identity Manager: Features .................................................................................................................4-14
Oracle Identity Manager Features: Self-Service and Delegated Administration ............................................4-16
Oracle Identity Manager Features: Workflow and Policy Management .........................................................4-17
Oracle Identity Manager Features: Password Management ........................................................................4-19
Oracle Identity Manager Features: Audit and Compliance Management .....................................................4-21
Oracle Identity Manager Features: Integration Solutions .............................................................................4-23
Oracle Identity Manager: Functional Layers ...................................................................................................4-25
Oracle Identity Manager: Solving Business Challenges .................................................................................4-27
Quiz................................................................................................................................................................4-29
Road Map ......................................................................................................................................................4-32
Oracle Identity Manager Architecture .............................................................................................................4-33
Quiz................................................................................................................................................................4-35
Road Map ......................................................................................................................................................4-39
Use Case #1: Initial Onboarding ....................................................................................................................4-40
Use Case #2: Request-Based Scenario.........................................................................................................4-41
Road Map ......................................................................................................................................................4-42
Reconciliation and Provisioning: Overview ....................................................................................................4-43
Quiz................................................................................................................................................................4-45
Road Map ......................................................................................................................................................4-47
Oracle Identity Manager Connector: Overview .............................................................................................4-48
Quiz................................................................................................................................................................4-49
Road Map ......................................................................................................................................................4-50
Lesson Summary ...........................................................................................................................................4-51
Road Map ......................................................................................................................................................4-53
What's Next? ..................................................................................................................................................4-54
Understanding Organizations, Roles, and Users ..........................................................................................5-1
Understanding Organizations, Roles, and Users ...........................................................................................5-2
Road Map ......................................................................................................................................................5-3
Lesson Objectives ..........................................................................................................................................5-4
Road Map ......................................................................................................................................................5-5
Oracle Identity Manager User ........................................................................................................................5-6
User Entity Life Cycle .....................................................................................................................................5-7
Oracle Identity Manager User Types ..............................................................................................................5-9
Oracle Identity Manager Functional Users .....................................................................................................5-11
Quiz................................................................................................................................................................5-13
Road Map ......................................................................................................................................................5-16
Oracle Identity Manager Organizations ..........................................................................................................5-17
Oracle Identity Manager Roles .......................................................................................................................5-18
Role Hierarchy ...............................................................................................................................................5-19
Role Category ................................................................................................................................................5-20
Oracle Identity Manager Entity Relationships ................................................................................................5-21
Quiz................................................................................................................................................................5-22
Road Map ......................................................................................................................................................5-25
Overview of the Bulk Load Utility....................................................................................................................5-26
Loading Data with the Bulk Load Utility ..........................................................................................................5-27
Bulk Load Utility Scripts, Data Files, and Database Tables ...........................................................................5-29
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


iii

Bulk-Load Input Source..................................................................................................................................5-31


Bulk-Load Database Columns........................................................................................................................5-32
Configuring the Bulk Load Utility ....................................................................................................................5-36
Quiz................................................................................................................................................................5-37
Road Map ......................................................................................................................................................5-38
Creating Oracle Identity Manager Entities ......................................................................................................5-39
Creating an Organization ...............................................................................................................................5-40
Creating a User ..............................................................................................................................................5-42
Creating a Role Category...............................................................................................................................5-45
Creating a Role ..............................................................................................................................................5-47
Assigning a User to a Role .............................................................................................................................5-49
Revoking a Role from a User .........................................................................................................................5-52
Bulk Modification of Users ..............................................................................................................................5-54
Modifying an Organization .............................................................................................................................5-55
Deleting an Organization................................................................................................................................5-56
Disabling and Deleting a User ........................................................................................................................5-57
Deleting a Role...............................................................................................................................................5-59
Loading User and Role-Related Data with the Bulk Load Utility ....................................................................5-61
Quiz................................................................................................................................................................5-68
Road Map ......................................................................................................................................................5-70
Lesson Summary ...........................................................................................................................................5-71
Road Map ......................................................................................................................................................5-72
Practice 5 Overview: Understanding Organizations, Roles, and Users.........................................................5-73
Road Map ......................................................................................................................................................5-74
What's Next? ..................................................................................................................................................5-75
Using Predefined Connectors .........................................................................................................................6-1
Using Predefined Connectors (Initial Onboarding) ........................................................................................6-2
Road Map ......................................................................................................................................................6-3
Lesson Objectives ..........................................................................................................................................6-4
Road Map ......................................................................................................................................................6-6
Oracle Identity Manager Connectors: Overview ............................................................................................6-7
Quiz................................................................................................................................................................6-8
Road Map ......................................................................................................................................................6-9
Types of Oracle Identity Manager Connectors ...............................................................................................6-10
Quiz................................................................................................................................................................6-13
Road Map ......................................................................................................................................................6-14
Transferring Oracle Identity Manager Connectors: Ways ..............................................................................6-15
Transferring Oracle Identity Manager Connectors: Advantages ....................................................................6-17
Transferring Oracle Identity Manager Connectors: Best Practices.................................................................6-18
Transferring Oracle Identity Manager Connectors: Tools...............................................................................6-23
Quiz................................................................................................................................................................6-25
Road Map ......................................................................................................................................................6-28
Using Oracle Identity Manager Connectors: Setup ........................................................................................6-29
Using Oracle Identity Manager Connectors: Run Time .................................................................................6-33
Step 1: Verifying Installation and Deployment Requirements .......................................................................6-34
Step 2: Configuring the External Resource ....................................................................................................6-35
Step 3: Copying Connector and External Code Files ....................................................................................6-36
Copying Connector Files: Sun Java System Directory Server ......................................................................6-38
Step 4: Configuring Oracle Identity Manager Server .....................................................................................6-44
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


iv

Configuring Oracle Identity Manager Server: Clearing the Server Cache ......................................................6-45
Configuring Oracle Identity Manager Server: Enabling Logging ....................................................................6-47
Step 5: Importing an Oracle Identity Manager Connector .............................................................................6-50
Step 6: Defining an IT Resource ....................................................................................................................6-52
Step 7: Configuring Reconciliation Workflows ................................................................................................6-55
Step 8: Configuring Provisioning Workflows ..................................................................................................6-60
Step 9: Assigning the Connector to a User ....................................................................................................6-62
Step 10: Completing the Custom Process Form ............................................................................................6-64
Step 11: Accessing the Resource ..................................................................................................................6-66
Quiz................................................................................................................................................................6-67
Road Map ......................................................................................................................................................6-72
Lesson Summary ...........................................................................................................................................6-73
Road Map ......................................................................................................................................................6-74
Practice 6 Overview: Using Predefined Connectors (Initial Onboarding) ......................................................6-75
Road Map ......................................................................................................................................................6-76
What's Next? ..................................................................................................................................................6-77
Understanding Manual and Automated Provisioning ...................................................................................7-1
Understanding Manual and Automated Provisioning .....................................................................................7-2
Road Map ......................................................................................................................................................7-3
Lesson Objectives ..........................................................................................................................................7-5
Road Map ......................................................................................................................................................7-7
Resources ......................................................................................................................................................7-8
Oracle Identity Manager Connectors..............................................................................................................7-9
Differences Between Assigning Resources and Provisioning Resources ......................................................7-10
Quiz................................................................................................................................................................7-11
Road Map ......................................................................................................................................................7-13
Assigning Resources to Users: Overview ......................................................................................................7-14
Assigning Resources to Users: Criteria..........................................................................................................7-15
Assigning Resources to Users: Request ........................................................................................................7-16
Assigning Resources to Users: Direct Provisioning .......................................................................................7-17
Quiz................................................................................................................................................................7-18
Road Map ......................................................................................................................................................7-21
Types of Provisioning .....................................................................................................................................7-22
Manual Provisioning .......................................................................................................................................7-23
Autoprovisioning.............................................................................................................................................7-24
Quiz................................................................................................................................................................7-25
Road Map ......................................................................................................................................................7-26
Using Criteria to Assign a Resource to a User ...............................................................................................7-27
Step 1: Creating an Auto Membership Rule ...................................................................................................7-28
Step 2: Assigning an Auto Membership Rule to a Role.................................................................................7-30
Step 3: Building an Access Policy ..................................................................................................................7-32
Provisioning a User with a Resource Manually ..............................................................................................7-34
Step 1: Verifying a Resource Is Assigned to a User.......................................................................................7-36
Step 2: Completing a Custom Process Form .................................................................................................7-38
Step 3: Accessing the Resource ....................................................................................................................7-40
Quiz................................................................................................................................................................7-41
Road Map ......................................................................................................................................................7-43
Modifying an Oracle Identity Manager Connector ..........................................................................................7-44
Step 1: Modifying the Provisioning Process ...................................................................................................7-46
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


v

Step 2: Modifying the Custom Process Form .................................................................................................7-49


Provisioning a User with a Resource Automatically .......................................................................................7-51
Step 1: Verifying a Resource Is Assigned to a User.......................................................................................7-53
Step 2: Accessing the Resource ....................................................................................................................7-55
Quiz................................................................................................................................................................7-56
Road Map ......................................................................................................................................................7-58
Lesson Summary ...........................................................................................................................................7-59
Road Map ......................................................................................................................................................7-61
Practice 7 Overview: Understanding Manual and Automated Provisioning...................................................7-62
Road Map ......................................................................................................................................................7-63
What's Next? ..................................................................................................................................................7-64
Understanding Approval Processes and Requests ......................................................................................8-1
Understanding Approval Processes and Requests ........................................................................................8-2
Road Map ......................................................................................................................................................8-3
Lesson Objectives ..........................................................................................................................................8-4
Road Map ......................................................................................................................................................8-6
Request Workflow and Approval Process Overview ......................................................................................8-7
Request Overview ..........................................................................................................................................8-8
Request Type .................................................................................................................................................8-10
Request Type Catalog ...................................................................................................................................8-12
Request Dataset ............................................................................................................................................8-14
Default Request Dataset XML Files ...............................................................................................................8-16
Request Template ..........................................................................................................................................8-18
Approval Process ...........................................................................................................................................8-21
Approval Processes .......................................................................................................................................8-22
Oracle SOA Platform......................................................................................................................................8-23
Template Level Approval Process..................................................................................................................8-25
Approval Policies and the Request and Operation Approval Levels ..............................................................8-26
Request and Operation Level Approval Processes ........................................................................................8-27
Quiz................................................................................................................................................................8-29
Road Map ......................................................................................................................................................8-36
JDeveloper and SOA Composite Overview ...................................................................................................8-37
Loading an SOA Composite in JDeveloper ....................................................................................................8-38
Deploying an SOA Composite to a Defined Application Server .....................................................................8-40
Registering an SOA Composite with Oracle Identity Manager .......................................................................8-47
Registering a New SOA Composite with Oracle Identity Manager .................................................................8-48
Disabling an SOA Composite from Oracle Identity Manager .........................................................................8-51
Enabling an SOA Composite with Oracle Identity Manager ...........................................................................8-52
Road Map ......................................................................................................................................................8-53
Creating an Approval Policy ...........................................................................................................................8-54
Policy Details..................................................................................................................................................8-55
Set Approval Rule ..........................................................................................................................................8-56
Approval Policy Summary ..............................................................................................................................8-57
Approval Policy: Operation-Level Example ....................................................................................................8-58
Quiz................................................................................................................................................................8-59
Road Map ......................................................................................................................................................8-60
Modeling a Request Template .......................................................................................................................8-61
Access the Request Template Wizard ...........................................................................................................8-62
Request Template Details ..............................................................................................................................8-63
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


vi

Allowed Resources ........................................................................................................................................8-65


Attribute Restrictions ......................................................................................................................................8-66
Attribute Restriction Details ............................................................................................................................8-67
Additional Attributes .......................................................................................................................................8-68
Template User Roles .....................................................................................................................................8-69
Request Template Confirmation.....................................................................................................................8-70
Road Map ......................................................................................................................................................8-71
Request Initiation Flowchart ...........................................................................................................................8-72
Request and Approval Stages for Requests ..................................................................................................8-74
Request and Approval Stages for Bulk Requests ..........................................................................................8-76
Initiating a Request ........................................................................................................................................8-77
Request Beneficiary .......................................................................................................................................8-78
Request Template ..........................................................................................................................................8-79
Select Users ...................................................................................................................................................8-80
Select Resources ...........................................................................................................................................8-81
Resource Details and Additional Data............................................................................................................8-82
Request Justification ......................................................................................................................................8-83
Road Map ......................................................................................................................................................8-84
Lesson Summary ...........................................................................................................................................8-85
Road Map ......................................................................................................................................................8-86
Practice 8 Overview: Understanding Request Workflows and Approval Processes......................................8-87
Road Map ......................................................................................................................................................8-88
What's Next? ..................................................................................................................................................8-89
Understanding Reconciliation ........................................................................................................................9-1
Understanding Reconciliation ........................................................................................................................9-2
Road Map ......................................................................................................................................................9-3
Lesson Objectives ..........................................................................................................................................9-5
Road Map ......................................................................................................................................................9-8
Reconciliation and Provisioning .....................................................................................................................9-9
Reconciliation: Types .....................................................................................................................................9-11
Reconciliation: Events ....................................................................................................................................9-14
Quiz................................................................................................................................................................9-17
Road Map ......................................................................................................................................................9-23
Authoritative Reconciliation: Conceptual Diagram .........................................................................................9-24
Authoritative Reconciliation: Single and Multiple Trusted Sources.................................................................9-25
Account Reconciliation: Conceptual Diagram ................................................................................................9-26
Account Reconciliation: Target System..........................................................................................................9-27
Account Reconciliation: Data Process Flow ...................................................................................................9-28
Road Map ......................................................................................................................................................9-30
Implementing a Reconciliation Workflow........................................................................................................9-31
Step 1: Verifying Installation and Deployment Requirements .......................................................................9-34
Step 2: Configuring the External Resource ....................................................................................................9-36
Step 3: Copying Connector and External Code Files ....................................................................................9-38
Copying Connector Files: Microsoft Active Directory ....................................................................................9-40
Copying External Code Files: Microsoft Active Directory ..............................................................................9-45
Step 4: Configuring Oracle Identity Manager Server .....................................................................................9-46
Configuring Oracle Identity Manager Server: Clearing the Server Cache ......................................................9-47
Configuring Oracle Identity Manager Server: Enabling Logging ....................................................................9-49
Step 5: Importing an Oracle Identity Manager Connector .............................................................................9-51
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


vii

Step 6: Defining an IT Resource ....................................................................................................................9-54


Step 7: Modifying a Scheduled Job ................................................................................................................9-59
Modifying a Scheduled Job: Trusted Source ..................................................................................................9-61
Modifying a Scheduled Job: Target Resource ...............................................................................................9-63
Step 8: Reconciling with a Trusted Source ....................................................................................................9-64
Step 8: Reconciling with a Target Resource ..................................................................................................9-67
Quiz................................................................................................................................................................9-70
Road Map ......................................................................................................................................................9-74
Lesson Summary ...........................................................................................................................................9-75
Road Map ......................................................................................................................................................9-76
Practice 9 Overview: Understanding Reconciliation ......................................................................................9-77
Road Map ......................................................................................................................................................9-78
What's Next? ..................................................................................................................................................9-79
Managing Authorization Policies ....................................................................................................................10-1
Managing Authorization Policies ....................................................................................................................10-2
Road Map ......................................................................................................................................................10-3
Lesson Objectives ..........................................................................................................................................10-4
Road Map ......................................................................................................................................................10-6
Security Principles: Identity, Authentication, and Authorization ......................................................................10-7
What Is Authorization? ...................................................................................................................................10-9
Quiz................................................................................................................................................................10-10
Road Map ......................................................................................................................................................10-12
Oracle Entitlement Server ..............................................................................................................................10-13
Authorization Policy Overview .....................................................................................................................10-15
Authorization Policy: Relationship to Roles ....................................................................................................10-17
Authorization Policy: Target ...........................................................................................................................10-18
Entity Association and Functional Security: Role Management ...................................................................10-19
Entity Association and Functional Security: Self Service User Management ................................................10-21
Entity Association and Functional Security: User Management ....................................................................10-22
Authorization Policy: Defining Scope with Data Security................................................................................10-24
Authorization Policy: Policy Assignment ........................................................................................................10-26
Out-of-the-Box Authorization Policies ............................................................................................................10-27
When to Define Authorization Policies ...........................................................................................................10-34
Quiz................................................................................................................................................................10-35
Road Map ......................................................................................................................................................10-41
Creating Role Management Authorization Policies ........................................................................................10-42
Step 1: Complete the Basic Policy Information ..............................................................................................10-43
Step 2: Select the Role Management Permissions ........................................................................................10-44
Step 3: Choose Data Constraints ...................................................................................................................10-45
Step 4: Select the Assignees .........................................................................................................................10-46
Step 5: Confirm the Results ...........................................................................................................................10-47
Creating Self Service User Management Authorization Policies ....................................................................10-48
Step 1: Complete the Basic Policy Information ..............................................................................................10-49
Step 2: Select the Self Service User Management Permissions ....................................................................10-50
Step 3: Select the Assignees .........................................................................................................................10-51
Step 4: Confirm the Results ...........................................................................................................................10-52
Creating User Management Authorization Policies ........................................................................................10-53
Step 1: Complete the Basic Policy Information ..............................................................................................10-54
Step 2: Select the User Management Permissions ........................................................................................10-55
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


viii

Step 3: Select Data Constraints .....................................................................................................................10-56


Step 4: Select the Assignees .........................................................................................................................10-57
Step 5: Confirm the Results ...........................................................................................................................10-58
Road Map ......................................................................................................................................................10-59
Lesson Summary ...........................................................................................................................................10-60
Road Map ......................................................................................................................................................10-61
Practice 10 Overview: Managing Authorization Policies ...............................................................................10-62
Road Map ......................................................................................................................................................10-63
What's Next? ..................................................................................................................................................10-64
Managing Reports ............................................................................................................................................11-1
Managing Reports ..........................................................................................................................................11-2
Road Map ......................................................................................................................................................11-3
Lesson Objectives ..........................................................................................................................................11-5
Road Map ......................................................................................................................................................11-8
Reports: Overview..........................................................................................................................................11-9
Access Policy Reports ...................................................................................................................................11-10
Attestation, Request, and Approval Reports ..................................................................................................11-11
Password Reports ..........................................................................................................................................11-12
Resource and Entitlement Reports ................................................................................................................11-13
Role and Organization Reports ......................................................................................................................11-17
User Reports ..................................................................................................................................................11-18
Quiz................................................................................................................................................................11-19
Road Map ......................................................................................................................................................11-20
Oracle BI Publisher: Overview .......................................................................................................................11-21
Configuring Oracle BI Publisher .....................................................................................................................11-22
Step 1: Copying Reports ................................................................................................................................11-24
Step 2: Starting Oracle BI Publisher...............................................................................................................11-27
Step 3: Managing Data Sources ....................................................................................................................11-30
Managing Data Sources: Creating the OIM JDBC Data Source ...................................................................11-31
Managing Data Sources: Creating the BPEL JDBC Data Source .................................................................11-33
Quiz................................................................................................................................................................11-35
Road Map ......................................................................................................................................................11-41
Creating Reports: Overview ...........................................................................................................................11-42
Creating an Access Policy Report ..................................................................................................................11-44
Creating a Request Report ............................................................................................................................11-46
Creating an Approval Report..........................................................................................................................11-48
Creating a Password Report ..........................................................................................................................11-50
Creating a Resource Report ..........................................................................................................................11-52
Creating a Role Report ..................................................................................................................................11-54
Creating an Organization Report....................................................................................................................11-56
Creating a User Report ..................................................................................................................................11-58
Quiz................................................................................................................................................................11-60
Road Map ......................................................................................................................................................11-63
Lesson Summary ...........................................................................................................................................11-64
Road Map ......................................................................................................................................................11-66
Practice 11 Overview: Managing Reports ......................................................................................................11-67
Road Map ......................................................................................................................................................11-69
What's Next? ..................................................................................................................................................11-70
Auditing, Monitoring, and Logging for Oracle Identity Manager .................................................................12-1
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


ix

Auditing, Monitoring, and Logging for Oracle Identity Manager .....................................................................12-2


Road Map ......................................................................................................................................................12-3
Lesson Objectives ..........................................................................................................................................12-4
Roadmap .......................................................................................................................................................12-6
What is Auditing? ...........................................................................................................................................12-7
Auditing: Requirements ..................................................................................................................................12-8
Auditing: Business Challenges .......................................................................................................................12-10
Auditing: Oracle Fusion Middleware Audit Framework...................................................................................12-11
Oracle Fusion Middleware Audit Framework: Features .................................................................................12-13
Oracle Fusion Middleware Audit Framework Audit Architecture .................................................................12-17
Oracle Fusion Middleware Audit Framework: Audit Flow ..............................................................................12-19
Oracle Fusion Middleware Audit Framework: Key Technical Concepts .........................................................12-20
Oracle Fusion Middleware Audit Framework: Oracle Identity Manager and SOA ..........................................12-21
Auditing Oracle Identity Manager ................................................................................................................12-22
Auditing: Oracle Identity Manager Audit Engine .............................................................................................12-23
Auditing: Oracle Identity Manager Audit Levels .............................................................................................12-25
Auditing: Changing the Oracle Identity Manager Audit Level .........................................................................12-26
Auditing: SOA Audit Levels ............................................................................................................................12-27
Auditing: Changing the SOA Audit Level........................................................................................................12-28
Quiz................................................................................................................................................................12-29
Roadmap .......................................................................................................................................................12-33
What Is Monitoring? .......................................................................................................................................12-34
Monitoring: Oracle Enterprise Manager Fusion Middleware Control ..............................................................12-35
Monitoring: Oracle Identity Manager ..............................................................................................................12-37
Monitoring: Oracle Identity Manager Performance Metrics ............................................................................12-39
Monitoring: SOA .............................................................................................................................................12-40
Quiz................................................................................................................................................................12-43
Roadmap .......................................................................................................................................................12-45
What Is Logging? ...........................................................................................................................................12-46
Benefits of Logging ........................................................................................................................................12-47
Overview of Log Files.....................................................................................................................................12-48
Configuration Settings for Log Files for Oracle Identity Manager and SOA ...................................................12-49
Location and Configuration of Log Files for Oracle Identity Manager and SOA .............................................12-50
Search, View, and Download Log Files..........................................................................................................12-51
Log Files: Setting Information Levels .............................................................................................................12-53
Log Files: Specifying the Log File Locale .......................................................................................................12-55
Log Files: ECID and RID ................................................................................................................................12-56
Quiz................................................................................................................................................................12-58
Roadmap .......................................................................................................................................................12-62
Managing Auditing for Oracle Identity Manager .............................................................................................12-63
Managing Auditing for SOA............................................................................................................................12-67
Managing Monitoring for Oracle Identity Manager .........................................................................................12-70
Managing Monitoring for SOA ........................................................................................................................12-75
Managing Logging for Oracle Identity Manager .............................................................................................12-85
Managing Logging for SOA ............................................................................................................................12-91
Roadmap .......................................................................................................................................................12-93
Lesson Summary ...........................................................................................................................................12-94
Roadmap .......................................................................................................................................................12-96
Practice 12 Overview: Auditing, Monitoring, and Logging for Oracle Identity Manager ..................................12-97
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


x

Roadmap .......................................................................................................................................................12-98
What's Next? ..................................................................................................................................................12-99
Transferring Oracle Identity Manager Configurations ..................................................................................13-1
Transferring Oracle Identity Manager Configurations.....................................................................................13-2
Road Map ......................................................................................................................................................13-3
Lesson Objectives ..........................................................................................................................................13-4
Road Map ......................................................................................................................................................13-6
Deployment Manager Overview .....................................................................................................................13-7
Deployment Manager: Supported Configuration Objects ...............................................................................13-9
Supported Configuration Object Types ..........................................................................................................13-10
Advantages of Using the Deployment Manager to Transfer Configurations ...................................................13-11
Best Practices for Transferring Configuration Objects ...................................................................................13-12
Quiz................................................................................................................................................................13-20
Road Map ......................................................................................................................................................13-21
Overview of MDS Utilities ...............................................................................................................................13-22
MDS WebLogic Properties File ......................................................................................................................13-24
Road Map ......................................................................................................................................................13-26
Exporting Data Using the Deployment Manager ............................................................................................13-27
Importing Data Using the Deployment Manager ............................................................................................13-29
Exporting Data Using the MDS Export Utility .................................................................................................13-31
Importing Data Using the MDS Import Utility ..................................................................................................13-33
Deleting MDS Data Using the MDS Delete Utility ..........................................................................................13-35
Quiz................................................................................................................................................................13-36
Road Map ......................................................................................................................................................13-39
Lesson Summary ...........................................................................................................................................13-40
Road Map ......................................................................................................................................................13-41
Practice 13 Overview: Transferring Oracle Identity Manager Configurations .................................................13-42
Road Map ......................................................................................................................................................13-43
What's Next? ..................................................................................................................................................13-44
Oracle Identity Management Products: Overview .........................................................................................14-1
Oracle Identity Management Products: Overview ..........................................................................................14-2
Road Map ......................................................................................................................................................14-3
Appendix Objectives ......................................................................................................................................14-4
Road Map ......................................................................................................................................................14-5
Oracle Identity Management Products ...........................................................................................................14-6
Oracle Identity Management Products: Functional Aspects ...........................................................................14-9
Oracle Identity Management Products: Functionalities ..................................................................................14-10
Oracle Identity Management Products: Solutions ..........................................................................................14-11
Identity Administration: Infrastructure .............................................................................................................14-14
Oracle Identity Manager .................................................................................................................................14-15
Oracle Identity Analytics.................................................................................................................................14-16
Access Management: Infrastructure...............................................................................................................14-18
Oracle Access Manager .................................................................................................................................14-19
Oracle Adaptive Access Manager ..................................................................................................................14-20
Oracle Authentication Service for OS.............................................................................................................14-22
Oracle Enterprise Single Sign-On ..................................................................................................................14-23
Oracle Entitlements Server ............................................................................................................................14-24
Oracle Identity Federation ..............................................................................................................................14-25
Oracle Web Services Manager ......................................................................................................................14-26
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


xi

Directory Services: Infrastructure ...................................................................................................................14-27


Oracle Virtual Directory ..................................................................................................................................14-29
Oracle Internet Directory ................................................................................................................................14-30
Road Map ......................................................................................................................................................14-31
Appendix Summary ........................................................................................................................................14-32
Basic Oracle WebLogic Server Concepts ......................................................................................................15-1
Basic Oracle WebLogic Server Concepts ......................................................................................................15-2
Road Map ......................................................................................................................................................15-3
Appendix Objectives ......................................................................................................................................15-4
Road Map ......................................................................................................................................................15-5
Oracle Fusion Middleware .............................................................................................................................15-6
Oracle Fusion Middleware Management Infrastructure..................................................................................15-8
Relationship of Fusion Middleware Products to WebLogic Server .................................................................15-9
Typical Oracle Fusion Middleware Environment ............................................................................................15-10
Overview of WebLogic Server Domain ..........................................................................................................15-11
Domain Diagram ............................................................................................................................................15-13
Road Map ......................................................................................................................................................15-15
Configuring a Domain ....................................................................................................................................15-16
Starting the Domain Configuration Wizard .....................................................................................................15-18
Creating a Domain Using the Domain Configuration Wizard .........................................................................15-19
Creating a New WebLogic Domain and Selecting the Domain Source ..........................................................15-20
Configuring Administrator Settings .................................................................................................................15-21
Configuring Startup Mode and JDK................................................................................................................15-22
Customizing Optional Configuration ...............................................................................................................15-23
Configuring the Administration and Managed Servers ...................................................................................15-24
Configuring Clusters and Assigning Servers to Clusters ................................................................................15-25
Creating an HTTP Proxy Application and Configuring Machines ...................................................................15-27
Assigning Servers to Machines ......................................................................................................................15-29
Configuring JDBC Data Sources ....................................................................................................................15-30
Testing Data Source Connections..................................................................................................................15-33
Running Database Scripts .............................................................................................................................15-35
Configuring the JMS File Store ......................................................................................................................15-36
Customizing Application and Service Targeting Configuration ......................................................................15-38
Configuring RDBMS Security Store Database ...............................................................................................15-39
Reviewing the WebLogic Domain ..................................................................................................................15-41
Creating the WebLogic Domain .....................................................................................................................15-42
Domain Directory Structure ............................................................................................................................15-43
Road Map ......................................................................................................................................................15-45
JVM Run-Time Arguments .............................................................................................................................15-46
Oracle WebLogic Server Dependencies ........................................................................................................15-47
Configuring CLASSPATH ..............................................................................................................................15-48
Starting Oracle WebLogic Administration Server ...........................................................................................15-50
Starting Administration Server by Using startWebLogic.sh ............................................................................15-52
Starting the Administration Server by Using the java weblogic.Server Command .........................................15-54
Stopping the Administration Server ................................................................................................................15-56
Benefits of Using the Administration Console ................................................................................................15-57
Accessing the Administration Console ...........................................................................................................15-58
Administration Console Login ........................................................................................................................15-59
Basic Navigation ............................................................................................................................................15-61
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


xii

Using the Help System...................................................................................................................................15-62


General Administration Console User Preferences ........................................................................................15-63
Advanced Console Options ............................................................................................................................15-65
Setting Basic Properties .................................................................................................................................15-66
Administration Console Monitoring.................................................................................................................15-67
Starting a Managed Server by Using the Administration Console ..................................................................15-68
Shutting Down a Server .................................................................................................................................15-70
Shutting Down a Domain ...............................................................................................................................15-71
Monitoring All Servers ....................................................................................................................................15-74
Road Map ......................................................................................................................................................15-76
WebLogic Scripting Tool (WLST) ...................................................................................................................15-77
Jython ............................................................................................................................................................15-78
Using Jython ..................................................................................................................................................15-79
WLST Modes .................................................................................................................................................15-80
WLST Example ..............................................................................................................................................15-81
WLST Command Requirements ....................................................................................................................15-82
Running WLST Scripts ...................................................................................................................................15-83
Importing WLST as a Jython Module .............................................................................................................15-85
General WLST Commands ............................................................................................................................15-86
Offline WLST Commands ..............................................................................................................................15-87
Creating a Domain: Example .........................................................................................................................15-89
Online WLST Commands ..............................................................................................................................15-90
WebLogic JMX: Overview ..............................................................................................................................15-91
Navigating JMX MBeans ................................................................................................................................15-92
Road Map ......................................................................................................................................................15-94
What Node Managers Can Do .......................................................................................................................15-95
What Is a Machine? .......................................................................................................................................15-97
Relationship of Machines to Other Components ............................................................................................15-98
Creating a Machine ........................................................................................................................................15-99
Defining Names and OS of Machines ............................................................................................................15-101
Assigning Servers to a Machine .....................................................................................................................15-102
Monitoring Machines and Servers ..................................................................................................................15-103
Configuring a Machine to Use a Node Manager ............................................................................................15-104
Node Manager Architecture ...........................................................................................................................15-105
How a Node Manager Starts an Administration Server .................................................................................15-106
How a Node Manager Starts a Managed Server............................................................................................15-107
How a Node Manager Restarts an Administration Server .............................................................................15-108
How a Node Manager Restarts a Managed Server........................................................................................15-109
How a Node Manager Shuts Down a Server Instance ..................................................................................15-110
Road Map ......................................................................................................................................................15-111
Lesson Summary ...........................................................................................................................................15-112
Oracle Identity Manager Architecture ............................................................................................................16-1
Oracle Identity Manager Architecture .............................................................................................................16-2
Road Map ......................................................................................................................................................16-3
Appendix Objectives ......................................................................................................................................16-4
Road Map ......................................................................................................................................................16-5
Oracle Identity Manager Architecture .............................................................................................................16-6
Road Map ......................................................................................................................................................16-8
Oracle Identity Manager Architecture: Advantages ........................................................................................16-9
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


xiii

Road Map ......................................................................................................................................................16-12


Oracle Identity Manager Architecture: Features and Benefits .......................................................................16-13
Road Map ......................................................................................................................................................16-20
Oracle Identity Manager Architecture: Tiers ...................................................................................................16-21
Tier 1: Presentation Tier.................................................................................................................................16-22
Tier 2: Business Services Tier........................................................................................................................16-24
Business Services Tier: API Services ............................................................................................................16-26
Business Services Tier: Identity Services ......................................................................................................16-27
Business Services Tier: Integration Services .................................................................................................16-28
Business Services Tier: Platform Services .....................................................................................................16-30
Tier 3: Data Tier .............................................................................................................................................16-33
Road Map ......................................................................................................................................................16-35
Appendix Summary ........................................................................................................................................16-36
Oracle Identity Manager Connectors..............................................................................................................17-1
Oracle Identity Manager Connectors..............................................................................................................17-2
Road Map ......................................................................................................................................................17-3
Appendix Objectives ......................................................................................................................................17-4
Road Map ......................................................................................................................................................17-5
Oracle Identity Manager Connector: Overview .............................................................................................17-6
Road Map ......................................................................................................................................................17-7
Oracle Identity Manager Connector: Types ....................................................................................................17-8
Oracle Identity Manager Connector Types: Predefined Connectors ..............................................................17-9
Oracle Identity Manager Connector Types: Generic Technology Connectors ...............................................17-10
Oracle Identity Manager Connector Types: Custom Connectors ...................................................................17-12
Road Map ......................................................................................................................................................17-13
Oracle Identity Manager Connector: Components ........................................................................................17-14
Road Map ......................................................................................................................................................17-19
Constructing an Oracle Identity Manager Connector: Step 1 ........................................................................17-20
Constructing an Oracle Identity Manager Connector: Step 2 ........................................................................17-22
Constructing an Oracle Identity Manager Connector: Step 3 ........................................................................17-24
Constructing an Oracle Identity Manager Connector: Step 4 ........................................................................17-26
Constructing an Oracle Identity Manager Connector: Step 5 ........................................................................17-28
Constructing an Oracle Identity Manager Connector: Step 6 ........................................................................17-30
Constructing an Oracle Identity Manager Connector: Step 7 ........................................................................17-32
Constructing an Oracle Identity Manager Connector: Step 8 ........................................................................17-34
Road Map ......................................................................................................................................................17-36
Appendix Summary ........................................................................................................................................17-37
Customizing the Oracle Identity Manager User Interfaces ...........................................................................18-1
Customizing the Oracle Identity Manager User Interfaces ............................................................................18-2
Road Map ......................................................................................................................................................18-3
Appendix Objectives ......................................................................................................................................18-5
Road Map ......................................................................................................................................................18-6
Oracle Identity Manager User Interfaces........................................................................................................18-7
User Interface 1: The Login Page .................................................................................................................18-8
User Interface 2: The Unauthenticated Self Service Console .......................................................................18-10
User Interface 3: The Identity Administration Console ..................................................................................18-11
User Interface 4: The Authenticated Self Service Console ............................................................................18-13
User Interface 5: The Advanced Administration Console ...............................................................................18-15
Road Map ......................................................................................................................................................18-18
Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


xiv

Levels of Customization .................................................................................................................................18-19


Road Map ......................................................................................................................................................18-21
Branding the Identity Administration Console: Overview................................................................................18-22
Branding the Identity Administration Console: Modifying Branding Text ........................................................18-23
Branding the Identity Administration Console: Adding a Logo .......................................................................18-26
Branding the Identity Administration Console: Changing the Logo Mouseover Text ......................................18-30
Branding the Authenticated Self Service Console: Overview .........................................................................18-34
Branding the Authenticated Self Service Console: Modifying Branding Text .................................................18-35
Branding the Authenticated Self Service Console: Adding a Logo .................................................................18-38
Branding the Authenticated Self Service Console: Changing the Logo Mouseover Text ...............................18-42
Road Map ......................................................................................................................................................18-45
Modifying the Functionality and Appearance of the Identity Administration Console: Overview ....................18-46
Modifying the Functionality and Appearance of the Identity Administration Console: Renaming Button Labels
.......................................................................................................................................................................18-47
Creating Custom Skins and Style Sheets: Overview......................................................................................18-50
Modifying the Functionality and Appearance of the Identity Administration Console: Creating a Custom Skin and
Style Sheet.....................................................................................................................................................18-51
Modifying the Functionality and Appearance of the Authenticated Self Service Console: Overview ..............18-56
Modifying the Functionality and Appearance of the Authenticated Self Service Console: Renaming Button Labels
.......................................................................................................................................................................18-57
Modifying the Functionality and Appearance of the Authenticated Self Service Console: Creating a Custom Skin
and Style Sheet ..............................................................................................................................................18-60
Road Map ......................................................................................................................................................18-63
Appendix Summary ........................................................................................................................................18-64
Road Map ......................................................................................................................................................18-65
Practice F Overview: Customizing the Oracle Identity Manager User Interfaces ...........................................18-66

Copyright 2010, Oracle and/or its affiliates. All rights reserved.

Oracle Identity Manager 11g: Essentials Table of Contents


xv