Wednesday, September 28, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) Segregation of duties (SoD) Check Test Scenario

High level overview of execution steps  :-

Scanario : 2 Roles (Role1 & Role2) are mutually exclusive and should trigger an alarm for SoD violation if requested.


1) Enable Identity Auditor Feature Set Availability System Property Flag to true
2) Restart the OIM Server
3) Create an Identity Audit Rule
4) Create an Identity Audit Policy
5) Create 2 Roles Role1 & Role2
6) Create Test User - DEEPAK
7) Create a request to self-request Role1 & Role2
8) SoD violation should trigger at the End User Level
9) Manager sees 1 request level approval with SoD violation
10) Manager sees 2 Operation Level (2 Roles) approval for the SoD Violation
11) Approve all the request & operational level requests.
12) User gets access to the roles.

Below are the screens for the above setup and demo


1) Enable Identity Auditor Feature Set Availability System Property Flag to true




3) Create an Identity Audit Rule









4) Create an Identity Audit Policy
















































7) Create a request to self-request Role1 & Role

8) SoD violation should trigger at the End User Level - Request Level























































9) Manager sees 1 request level approval with SoD violation

10) Manager sees 2 Operation Level (2 Roles) approval for the SoD Violation

11) Approve all the request & operational level requests.

----------------------------------------------










----------------------------------------------











----------------------------------------------





----------------------------------------------










----------------------------------------------







12) User gets access to the roles.






Posted by at
Labels:

Tuesday, September 27, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Request Access Wizard

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Request Access Wizard

In this post, I will be showing the request access wizard in OIM 11G R2 PS3


--------------------------------------------------------------------------------------------------------------------

























--------------------------------------------------------------------------------------------------------------------




























--------------------------------------------------------------------------------------------------------------------
























--------------------------------------------------------------------------------------------------------------------
























--------------------------------------------------------------------------------------------------------------------

























--------------------------------------------------------------------------------------------------------------------





















--------------------------------------------------------------------------------------------------------------------














Role1 and Role2 was already assigned to that User so I had to remove those 2 roles and submit the request.


--------------------------------------------------------------------------------------------------------------------





Posted by at

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Self Service Capabilities

In OIM 11G R2 PS3 - These are the self service capabilities that are available out-of-the-box.



  1. Self Service - Change Account Password
  2. Self Service - Modify Accounts
  3. Self Service - Modify Entitlements
  4. Self Service - Modify Profile
  5. Self Service - Modify Proxy
  6. Self Service - Modify Role Memberships
  7. Self Service - Request Accounts
  8. Self Service - Request Entitlements
  9. Self Service - Request Role Memberships
  10. Self Service - Revoke Accounts
  11. Self Service - Revoke Entitlements
  12. Self Service - Revoke Role Memberships





Posted by at
Labels:

Thursday, September 22, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Predefined Operations

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Predefined Operations

Please find below the list of predefined operations that come Out-Of-The-Box with OIM 11g R2 PS3 and these can be used to create workflow policies that should specifically triggered if operation is one of them.



  1. Assign Roles
  2. Create Role
  3. Create User
  4. Delete Role
  5. Delete User
  6. Disable Account
  7. Disable User
  8. Enable Account
  9. Enable User
  10. Modify Account
  11. Modify Entitlement
  12. Modify Role
  13. Modify User Profile
  14. Provision ApplicationInstance
  15. Provision Entitlement
  16. Remove from Roles
  17. Revoke Account
  18. Revoke Entitlement
  19. Self-Register User
  20. Modify Role Grant
  21. Heterogeneous Request
  22. Bulk Assign Roles
  23. Bulk Delete Role
  24. Bulk Delete User
  25. Bulk Disable Account
  26. Bulk Disable User
  27. Bulk Enable Account
  28. Bulk Enable User
  29. Bulk Modify User Profile
  30. Bulk Provision ApplicationInstance
  31. Bulk Provision Entitlement
  32. Bulk Remove from Roles
  33. Bulk Revoke Account
  34. Bulk Revoke Entitlement
Posted by at
Labels:

Wednesday, September 21, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Self Service Capabilities Test Rule Creation

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Self Service Capabilities Test Rule Creation


Self Service Capabilities is a new feature in (OIM) 11G R2 PS3 (11.1.2.3.0) where in Administrators can define what en end user can perform operations

































--------------------------------------------------------------------------------------------------------------------------













--------------------------------------------------------------------------------------------------------------------------




























--------------------------------------------------------------------------------------------------------------------------


























--------------------------------------------------------------------------------------------------------------------------




























--------------------------------------------------------------------------------------------------------------------------





















--------------------------------------------------------------------------------------------------------------------------
Posted by at
Labels:

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Home Organization Policy Creation

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Home Organization Policy Creation

Home Organization Policy is a new feature wherein a user's organization is dynamically populated based on some condition like a value based in user's profile attribute.

This feature triggers in during the Self Registration process.


--------------------------------------------------------------------------------------------------------------------------



























--------------------------------------------------------------------------------------------------------------------------

























--------------------------------------------------------------------------------------------------------------------------
























--------------------------------------------------------------------------------------------------------------------------













--------------------------------------------------------------------------------------------------------------------------
Posted by at
Labels:

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Workflow Policy Creation

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Workflow Policy Creation

In  (OIM) 11G R2 PS3 (11.1.2.3.0) approval policy creation is not allowed though it can be used to manage the existing policies which are carried forward after an upgrade so more to do that to maintain backward compatibility.

Workflow policies is a new feature but very similar to approval policies.

Please find the screen captures below :-)

--------------------------------------------------------------------------------------------------------------------------




























--------------------------------------------------------------------------------------------------------------------------

























--------------------------------------------------------------------------------------------------------------------------























--------------------------------------------------------------------------------------------------------------------------































--------------------------------------------------------------------------------------------------------------------------

























--------------------------------------------------------------------------------------------------------------------------









Posted by at

Tuesday, September 20, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Admin Role Creation

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Admin Role Creation

Please follow the screen captures as below :-


--------------------------------------------------------------------------------------------------------------------------










--------------------------------------------------------------------------------------------------------------------------




















--------------------------------------------------------------------------------------------------------------------------
















--------------------------------------------------------------------------------------------------------------------------























--------------------------------------------------------------------------------------------------------------------------
















--------------------------------------------------------------------------------------------------------------------------















--------------------------------------------------------------------------------------------------------------------------



















--------------------------------------------------------------------------------------------------------------------------

















--------------------------------------------------------------------------------------------------------------------------


























--------------------------------------------------------------------------------------------------------------------------



















--------------------------------------------------------------------------------------------------------------------------


















--------------------------------------------------------------------------------------------------------------------------






















--------------------------------------------------------------------------------------------------------------------------














--------------------------------------------------------------------------------------------------------------------------





Posted by at
Labels:

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Organization Creation

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Organization Creation

Please follow the screen captures below :-


--------------------------------------------------------------------------------------------------------------------------














--------------------------------------------------------------------------------------------------------------------------






















--------------------------------------------------------------------------------------------------------------------------

















--------------------------------------------------------------------------------------------------------------------------
Posted by at
Labels:

Monday, September 19, 2016

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Role Creation

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) - Role Creation

Please follow the screen captures below :-


--------------------------------------------------------------------------------------------------------------------------


















--------------------------------------------------------------------------------------------------------------------------




 






--------------------------------------------------------------------------------------------------------------------------













--------------------------------------------------------------------------------------------------------------------------





 








--------------------------------------------------------------------------------------------------------------------------





 





--------------------------------------------------------------------------------------------------------------------------
















--------------------------------------------------------------------------------------------------------------------------




 





--------------------------------------------------------------------------------------------------------------------------







 






--------------------------------------------------------------------------------------------------------------------------










--------------------------------------------------------------------------------------------------------------------------







 







--------------------------------------------------------------------------------------------------------------------------









 






--------------------------------------------------------------------------------------------------------------------------






 




--------------------------------------------------------------------------------------------------------------------------




Posted by at
Subscribe to: Posts (Atom)