Oracle Identity Manager Basics

1,590 views 25 slides Apr 10, 2017
Slide 1
Slide 1 of 25
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25

About This Presentation

This presentation contains about Oracle Identity Manager basics, Provisioning and reconciliations, Components of connectors involving in workflows.

Size: 225.9 KB
Language: en
Added: Apr 10, 2017
Slides: 25 pages

Slide Content

Oracle Identity Manager By Venkateshwar Rao Chekka

What is OIM? Oracle Identity Manager is an identity management product that automates user provisioning, identity administration, and password management, integrated in a comprehensive workflow engine Why OIM ? Oracle Identity Manager is a powerful and flexible enterprise identity management system that automatically manages users' access privileges within enterprise IT resources Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud

Features o f OIM Identity life-cycle management for the heterogeneous enterprise Approval and provisioning workflows Role based access control Complete integration solutions: OOTB connectors & Adapter Factory Deep integration to ERP and HRMS Audit and compliance reporting and process automation

Architecture of Oracle identity Manager

The Oracle Identity Manager architecture consists of three tiers Tier 1: Presentation Tier: The Oracle Identity Manager application GUI component reside in this tier. Users log in by using the Oracle Identity Manager client. The Oracle Identity Manager client interacts with the Oracle Identity Manager . Tier 2: Middleware Tier: The second tier implements the business logic, which resides in the Java Data Objects that are managed by the supported J2EE application server The Java Data Objects implement the business logic of the Oracle Identity Manager application, however, they are not exposed to any methods from the outside world. Therefore, to access the business functionality of Oracle Identity Manager, you can use the API layer within the J2EE infrastructure, which provides the lookup and communication mechanism Tier 3 : Data Tier: The third tier consists of the database. This is the layer that is responsible for managing the storage of data within Oracle Identity Manager.

Installation Steps in OIM Database Installation & Configuration Installing JRE(JDK) RCU ( Repository Creation Utility) Web logic installation SOA installation OIM Installation Web logic Configuration OIM Configuration Design Console & Configuration

Default User Id’s in OIM : Xelsysadm Default User Id’s in Weblogic : Weblogic Default Port no’s in OIM : 14000/ sysadmin /identity Default Port no’s in Weblogic : 7001/console/ em Default Port no’s in SOA : 8001/ soa -infra Basic url is http://hostname:portnumber/----

Identity An identity is the virtual representation of an enterprise resource user including employees, customers, partners and vendors. Identity Management shows the rights and relationships the user has when interacting with a company’s network. Account: OIM Account is an abstraction representing a means to be authenticated to access Oracle Identity Manager.

Provisioning :   Provisioning is a process by which an action to create, modify, or delete user information in an external resource is initiated from Oracle Identity Manager and passed into the resource. In terms of data flow, provisioning provides an outward flow of user information from Oracle Identity Manager. The provisioning system communicates with the external resource and specifies changes to make to the user record residing in it. Reconciliation  : Reconciliation is a process by which an action to create, modify, or delete user information for a designated resource is initiated from another external resource. Oracle Identity Manager communicates with this external resource to receive user information. In terms of data flow, reconciliation provides an inward flow of user information into Oracle Identity Manager, through which it learns about any activity on the external resource

The following figure shows that provisioning or reconciliation involves synchronization from OIM to the target system, or from the target system to OIM:

Type of Provisioning in OIM Direct Based Provisioning : Authorized Administrator can create a user account on the target System Without any approval polices Request based Provisioning : Request can be manually created by the administrator or by the users themselves to provision the account in the target system. Approval Workflows are started after the provisioning request is submitted and after the approval , the account provisioned to the target system policy based Provisioning: In policy based provisioning the user is provisioned in the target resource automatically based on defined polices. Polices are used to define associations between the role and the target system. By default each member of these roles sets a predefined account in the target system.

Type of OIM reconciliation –  Two Type Trusted Source Reconciliation  – External Source is  authoritative  source ( eg . HR), External Source drives creation, modification and deletion of user in Oracle Identity Manager. b) Target resource reconciliation  – external Source is non-authoritative source with which user is already provisioned. Events in Reconciliation  – Three type of events Reconciliation Insert  – OIM detects a user which does not exists in OIM b) Reconciliation Update  – OIM detects a modification to user  which already exists in OIM Reconciliation Delete  – OIM decides that user present in OIM should be removed

What is Connector ? An Oracle Identity Manager connector is used to integrate Oracle Identity Manager with a specific third-party application, such as Microsoft Exchange or Novell directory. Oracle Identity Manager is packaged with a number of predefined connectors. Types Of Connectors: 1.OOTB (Out of The Box) 2. GTC (Generic Technology Connector) 3. Custom Connectors

Connector Deployment Copy the Connector software and paste into the given path C:\Oracle\Middlware\Oracle_IDM1\server\ConnectorDefaultDirectory Go to SYS Admin console and Click on Manage Connector

Connector components Resource Object This is a virtual representation of the target application on which you want to provision accounts. It is the parent record with which the provisioning process and process form are associated Provisioning Process This process definition is used to create, maintain, and delete accounts on the target system. It consists of definitions of the individual tasks that are used to perform automated functions on the target system. Each connector is packaged with a single provisioning process. You can manually create additional provisioning processes. Process Form This form is used to provide information about user accounts to be created, updated, or deleted on the target system. This form is also used to capture data that can be used by provisioning process tasks or to provide a mechanism for users to provide real-time data.

IT Resource Type This component is a template for all IT resource definitions associated with the connector. An IT resource type specifies the parameters that are common to all IT resource instances, such as host servers and computers, of that particular IT resource type. Adapters This includes all adapters that are required to perform common functions on the target application. Each adapter is predefined with certain mappings and functionality. These adapters are capable of interacting with the tasks in the provisioning process and the fields of the process form. Scheduled Task (where applicable) If the connector that you want to use is shipped with a predefined reconciliation module, then you are provided with a scheduled task definition. You use this component to control the frequency at which the target system is polled for changes to tracked data.

Provisioning Work Flow

Trusted / Target Source Reconciliation Work Flow

Custom Attributes Creation Entity attributes are properties of the entity. The information about the user entity is stored in the form of attributes, such as first name, last name, user login, and password. There are default user attributes in Oracle Identity Manager. However, you can create custom user attributes by using the User form under System Entities in the Oracle Identity System Administration. The custom attributes are referred to as user defined fields (UDFs). Oracle Identity Manager lets you create UDFs for the user, role, resource, organization, and catalog entities.

Create a user: Add content– Data component -- Catalog– User Vo– Select attribute– ADF input w/label View a user: Add content– Data component– Manager users– user vo1—ADF Output w/label Modify a User: Add content– Data component—catalog—user Vo—ADF Input text w/label

Generic Technology Connectors A generic technology connector is a collection of components. A component provides a service that is used by another component, the target system, or Oracle Identity Manager. Together, these components can be linked to support a wide variety of data formats and data transport mechanisms .

Flat file Reconciliation The Flat File connector is a generic solution to retrieve records from flat files that are exported from various enterprise target systems. These flat files can be of various formats such as CSV, LDIF, XML, and so on. The connector focuses only on the reconciliation of records from a flat file. The installation media contains scheduled jobs that can be used to load users, accounts, and entitlements from a flat file into an existing resource in Oracle Identity Manager.

Orchestration  The process of any Oracle Identity Manager operation that goes through a predefined set of stages and executes some business logic in each stage is called an  orchestration . The type of object that is changed by the orchestration is called an orchestration target. Orchestration is divided into predefined steps called stages. Every operation moves through these stages until it reaches finalization. Orchestration has the following stages: 

Validation:  Stage to perform validation on the orchestration, such as validity of orchestration parameters. Orchestration parameter is the data that is required to carry out the orchestration operation. Preprocess:  Stage to perform orchestration parameter manipulations or get approvals or perform Segregation of Duties (Sod) checks. Action:  Stage in which the action takes place. Audit:  Stage in which the auditing of operation is performed. Post process:  Stage in which consequent operations related to the current operation takes place. Examples of consequent operations are auto role membership and policy evaluation on a user creation. Finalization:  Last stage in the process to perform any clean up

Thank you 
Tags
oracle identity manager
Categories
Business Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,590
  • Slides 25
  • Favorites 4
  • Age 3161 days
Related Slideshows
DTI BPI Pivot Small Business - BUSINESS START UP PLAN 1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
32 views
CATHOLIC EDUCATIONAL Corporate Responsibilities 1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
34 views
Karin Schaupp – Evocation; lançamento: 2000 11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
32 views
Pillars of Biblical Oneness in the Book of Acts 10
Pillars of Biblical Oneness in the Book of Acts
JanParon
28 views
7-10. STP + Branding and Product & Services Strategies.pptx 31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
30 views
Business Legislation PPT - UNIT 1 jimllpkggg 44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
33 views
View More in This Category