New Features in OIM11gR2

WEB CONSOLEs in OIM 11gR2

** In 11gR1 there were 3 Admin Web Consoles :

· Self Service Console

· Administration Console and

· Advanced Administration Console accessible

Whereas in OIM 11gR2 , Self Service and Administration Console have are now combined and now called as Identity Self Service Console http://host:port/identity

This console has 3 features in it for managing self profile (My Profile), Managing Requests like requesting for App Instances and Approving requests (Requests) and General Administration tasks of creating/managing users, roles, organization, attestation etc (Administration)

** In OIM 11gR2 – new console sysadmin has been added Administrators which includes some of the design console functions apart from general administrations features. http://host:port/sysadmin

Application Instances

Application instance is the object that is to be provisioned to a user. Application Instances are checked out in the catalog and user can request for application instances via catalog.

· In OIM 11gR2 resources and entitlements are bundled in Application Instance which user can select and request from catalog.

· Application instance is a combination of IT Resource and RO. So, you cannot create another App Instance with the same RO & IT Resource if it already exists for some other App Instance. One of these ( RO or IT Resource) must have a different name.

· If you want that users of a particular Organization should be able to request for an Application instances through catalog then App Instances must be attached to that particular Organization.

· Application instance can be associated with multiple organizations.

· An application instance can also have entitlements associated with it. Entitlement can include Roles/Groups or Responsibility.

· Application Instance are published to the catalog by a scheduled task “Catalog Synchronization Job

· Application Instance can have child/ parent application instance where child application instance inherits all attributes of parent application instance.

Important point to remember with Application Instance

If you delete the application Instance in OIM 11gR2 and create a new one with the same name, OIM will not allow doing so. It throws error saying Application Instance already exists with same Resource Object and IT resource.

This is because there is still some reference that is not removed in OIM for deleted application Instance. So to completely delete your application Instance from OIM, you must:

1. Delete the app Instance from sysadmin console.

2. Run the App Instance Post Delete Processing Job in Revoke/Delete mode.

3. Run the Catalog Synchronization job.

Once done, you should be able to create a new App instance with the previous RO & IT Resouce name.

Catalog

Catalog allows users to request Roles, Application Instance, and Entitlements in an Application.

Catalog Items – Roles, Application Instance and Entitlements that can be requested via catalog are called as catalog items.

Detailed Information ( attributes of Catalog item)

Category – Each catalog item is associated with one and only one category. Catalog Administrators can provide a value for catalog item.

· Tags – are search keywords helpful in searching Catalog. When users search the Catalog, the search is performed against the tags.

To define a tag, go to Catalog->Search the resource-> select the resource-> update the tag field with custom search keyword.

Tags are of three types:
a) Auto-generated Tags: The Catalog synchronization process auto-tags the Catalog Item using the Item Type, Item Name and Item Display Name
b) User-defined Tags: User-defined Tags are additional keywords entered by the Catalog Administrator.
c) Arbitrary Tags: While defining a metadata if user has marked that metadata as searchable, then that will also be part of tags.

Sandbox

Sanbox is a new feature introduced in OIM11gR2. This serves as a temporary development environment for UI customizations so that they don’t affect other users before they are published and linked to existing OIM UI.

All UI customizations should be done inside a sandbox, this ensures that your changes/modifications don’t affect other users until you have finalized the changes and customization is complete. Once UI customization is completed, the Sandbox must be published for the customizations to be merged into existing UI and available to other users.

Creating and activating a sandbox is mandatory for customizing the UI by .Without an active sandbox, OIM does not allow to customize any page.

a) Before you perform any activity in OIM (like Create/Modify Forms, Custom Attribute, creating application instances, adding roles/attributes to catalog) you must create a Sand Box and activate it.

b) One can create multiple sandboxes in OIM but only one sandbox can be active at any given time.

c) You can export/import the sandbox to move the changes from one environment to the other.

Creating Sandbox

To create sandbox, login to identity manager self service (/identity) or System Administration (/sysadmin) and click on top right of link “Sandboxes” and then click on Create SandBox.

Publishing Sandbox

Before you publish a sandbox, it is recommended to backup MDS. Use /EM to backup MDS by following the steps below :

Creating MDS Backup

1. Login to Oracle Enterprise Manager as the administrator.

2. On the landing page, click oracle.iam.console.identity.self-service.ear(V2.0).

3. From the Application Deployment menu at the top, select MDS configuration.

4. Under Export, select the Export metadata documents to an archive on the machine where this web browser is running option, and then click Export.

All the metadata is exported in a ZIP file.

Creating Password Policy through Admin Console :

In 11gR1 and previous versions password policies could be created & applied via OIM Design Console only. From OIM11gR2 onwards, Password Policies can be created and assigned using Admin Console as well.


Comments:

nice

Posted by guest on June 12, 2013 at 03:15 AM PDT #

I ran into an interesting situation. I deleted an AppInstance and run Post Delete task but then discovered that I can't run Catalog Syncronization. It just doesn't even start. No errors even in log. Just warning

XSD Validation Exception: org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element 'scheduledTasks'.

Any ideas of what that might be?

Posted by guest on August 09, 2013 at 09:42 AM PDT #

This should not be because of App Instance deletion. Is it only this schedule job or you see the same issue for other jobs as well?
Just try restarting the scheduler.

Posted by guest on August 20, 2013 at 02:30 AM PDT #

This is the good topic for difference between R1 and R2.

Posted by guest on September 16, 2013 at 08:56 PM PDT #

We are trying to create attestation process in OIM 11gr2. the requirement is to run attestation on roles (to check who all are member of that particular role). Actually there are roles associated with each users which have to be reconciled from DB.(there are two tables in DB one with user detail and other child table contains role associated with each user). requirement is get get attestation reports based on roles.
how we can achieve this.

Posted by guest on January 02, 2014 at 01:42 AM PST #

We are trying to create attestation process in OIM 11gr2. the requirement is to run attestation on roles (to check who all are member of that particular role). Actually there are roles associated with each users which have to be reconciled from DB.(there are two tables in DB one with user detail and other child table contains role associated with each user). requirement is get get attestation reports based on roles.

Posted by guest on January 02, 2014 at 01:42 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

OIM11gR2 Blog by NA-TAG Offshore IDAM team

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today