- What Is Identity Certification?
Identity certification is the process of reviewing user entitlements and
access-privileges within an enterprise to ensure that users have not acquired
entitlements that they are not authorized to have. It also involves either
approving (certifying) or rejecting (revoking) each access-privilege.
User Certification
Role Certification
Application Instance Certification
Entitlement Certification
- Terminologies Used in Access Policies
The following terminologies are associated with access policies:
Resource :
A resource is a logical entity in Oracle Identity Manager that can be provisioned to a
user or an organization in Oracle Identity Manager. For example, Microsoft
Active Directory (AD), Microsoft Exchange, SAP, UNIX, and Database is modeled as a
resource in Oracle Identity Manager.Resources are templates definitions that are
associated with one or more workflows called Provisioning Process in
Oracle Identity Manager, which model the lifecycle management, such as
how to provision, revoke, enable, and disable.Resources also have entities called forms
associated with them. Forms represent a collection of attributes associated with the
resource. For instance, a form associated with AD server includes attributes such as
SAM Account Name, Common Name, and User Principal Name. Forms also contain an attribute
of type IT Resource (see "IT Resource Type" for details).Resources can be marked
Allow Multiple, which would multiple instances of a resource to be provisioned to a
user or an organization.
Account :
Accounts are actual instances of a resource that are created and provisioned to a user or
organization in Oracle Identity Manager. For example, an e-mail account on an Exchange
server is an account (instance) of resource type Exchange.
Accounts have specific values for the attributes of the associated form.
IT Resource Type :
IT resource type is a logical entity in Oracle Identity Manager used to model a physical
target and all its attributes including (but not limited to) the connectivity information
and the credentials required to connect to the physical computer. For example,
IT resource type AD server is used to model an actual AD server.IT Resource Instance .
These are actual instances of specific IT resource type that represent the actual
physical target. They also have specific values for all the attributes of the physical
target, such as IP address, port, user name, and password. Two physical AD servers in a
deployment are represented by two instances of IT resource type AD Server.
Account Discriminator :
Account discriminator is a collection of attributes on a form that uniquely identify the
logical entity on which accounts are created. This term is sometimes loosely referred
to as a target. For instance, for an AD server, an account discriminator can be a
combination of AD server (an attribute of type IT Resource) and Organization Name.
Typically account discriminators are attributes of type IT Resource.Attributes are
marked as account discriminators by setting the Account Discriminator property of a
Form field to True
- OIM – How to create and use entity adapter
1. Login into Java client with an admin user
2. Move to Development Tools -> Adapter Factory
3. Enter valid adapter name, description and select “Entity” as adapter type
4. Save the adapter
5. In the Adapter Tasks tab, click on Assign to add a task to the adapter
6. Select logic task -> SET VARIABLE and click on continue
7. In Add Set Variable Task Parameter dialog, select Adapter return value in
variable name drop down, Operand Type as Literal, Operand Qualifier -> Text
Literal and input any string
8. Save the settings
9. Compile the adapter
10. Move to Development Tools -> Business Rule Definition -> Data Object Manager
11. Double click on the form designer field and select users from the lookup
12. Perform query on the form using the main toolbar
13. The data object manager should be refreshed to reflect the adapters/event
handlers associated with the users form.
14. Associate the entity adapter in a relevant pre/post section. For eg assign the adapter
in the pre-insert section
15. Move to Map Adapter tab select the adapter from the name drop down list.
16. Adapter return value should appear in the list of adapter variables to map.
17. Map the return value to Entity Field -> USR_FIRST_NAME and save
18. Now Launch the users form
19. Input all required fields except “First Name” and save
Application Instances
An application instance is a provision-able entity, and a combination of IT resource
instance (target connectivity and connector configuration) and resource object
(provisioning mechanism).
Application instances have business-friendly names that are easier to remember.
Creating and managing application instances are performed by using the Application
Instance section of Oracle Identity System Administration.
Application instances can be connected or disconnected. A connected application
instance has a connector defined for the provisioning of entities. A disconnected
application instance is used for the provisioning of a disconnected resource, for which
a connector is not defined, and therefore, the provisioning is performed manually by
the administrator.
No comments:
Post a Comment