Oracle Identity Mangement

oracle security stack of product

  • User Identity Administration : Oracle Identity Manager [OIM]
  • Access Management
    • Oracle Access Manager [OAM]
    • Oracle Identity Federation [OIF]
    • Oracle Enterprise Single Sign On [eSSO]
    • Oracle Adaptive Access Manager [OAAM] *
  • Governance : Oracle Identity Analytics [OIA]
  • Directory Services
    • Oracle Internet Directory [OID]
    • Oracle Virtual Directory [OVD]
* few more products not listed above and out of scope from current discussion
.
The Biggest advantage of having a separate security layer that manages user identity and user access rights is avoiding developers hard coding these into applications , and its a maintenance misery to apply changes over a security layer that’s mixed up with business layer.
.
OIM ==>> User Identification that includes creation of Organization Structure, very subdivisions or departments with in that structure, creating users, assigning roles, setting up access policies. setting up password policies , User Provisioning and Reconciliation. it also provides workflow capabilities. other way to look around is OIM helps determine who and what you are. example your employee id, employee name, dob, sex, certifications, education, professional experience,  permanent address, dependents name etc all that identifies user. sometimes identity management is referred as IDM as well
.
OAM ==>> User Access or Authorization to various resources with in the enterprise. some times referred as Identity Access Manager IAM , is a security layer associated with Authorization. corporate and regulatory requirements decide on who access what type of information and how is it used. Access Manager is a better fit for this.
.
eSSO ==>> Enterprise Single Sign on ensures that you login to one application or to a Desktop you are logged into to all applications.
.

OIM SELF service and administration console

Start 11g Database, Weblogic Server and then OIM Managed Server,  login to OIM console at http://oim-hostname:14000/oim with xelsysadm and password.

The post login screen includes self service, administration and advanced tabs.

Self Service : Welcome Screen

Self Service : Tasks -> Approvals / Provisioning / Attestation

Self Service : Requests -> Search and Create Requests (requests for logged in user or other users) , this is done using selecting a Request Template such as Create User, Delete User etc ..

Updating profile information (Attributes) such as first name, last name, time zone etc.

user can also edit his/her roles and request for new roles.

Answer questions related to user security in case of forgot password.

Administration : allows creation of Organization, Role , Users and Policies

Administration : Creation of Authorization Policy

In the Advanced Administration one can Search and create Requests.

create access policies, user configuration, manage resources , create connectors,

One can also create User Notifications under various conditions such as user creation or user self registration or user deletion in the OIM system.

create oim organization, users, workflow approvals

Usecase : lets create a simple org hierarchy, James Smith Inc, below that have 2 sub org units James Smith IT, and James Smith Sales, Create user Mike Kelleher under James Smith IT, logout as xelsysadm and login as Mike, change some of his user attributes like time zone, this sets up workflow task which needs to be approved by xelsysadm after which this timezone data of Mike becomes available.

create sub org unit James Smith IT

view the Org Tree

View the Roles that have been assigned to James Smith Inc by default, one can change them

create user Mike Kelleher by selecting create user link from the welcome screen when logged in as xelsysadm.

logout and login as mike_jsi the username provided during registration ,

post login user will be forced to change password to meet the required password standards like a mix of capital and small letters in the password.

User Mike decides to change some of his attributes like timezone and language settings in Locale , these are essentially user attributes, changing them enforces a workflow process

xelsysadm logs in and views his approval tasks, approves Mike’s request.

view details and approves.

Under Const.

Under Const.