oracle identity manager 11g essentials activity guide
DESCRIPTION
Oracle Identity Manager 11g Essentials Activity GuideTRANSCRIPT
-
Oracle Identity Manager 11g: Essentials Activity Guide
D65160GC10 Edition 1.0 March 2011 D69804
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved. Disclaimer This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free. Restricted Rights Notice If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS The U.S. Governments rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract. Trademark Notice Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Authors Robert LaVallie, Terri Cantor
Technical Contributors and Reviewers Eswar Vandanapu, Raj Kuchi, Rajesh Bhabu, Sri Subramanian, Gopal Kumarappan, Mario Lim, Ajay Keni, Brad Donison, Ashok Maram, Bitan Biswas, Amol Dharmadhikari, Abhishek Sharma, Semyon Shulman, Viresh Garg, Sid Choudhury, Javed Beg, Jatan Rajvanshi, Sidhartha Das, Ashutosh Pitre, Shyam Narayan Singh, Sanjay Rallapalli, Srinivas Marni, Debapriya Datta, Alexandre Babeanu, Don Biasotti, Gururaj B.S.
This book was published using: Oracle Tutor
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g: Essentials Table of Contents i
Table of Contents
Practices for Lesson 1 .....................................................................................................................................1-1 Practices for Lesson 1 ....................................................................................................................................1-2
Practices for Lesson 2 .....................................................................................................................................2-1 Practices for Lesson 2 ....................................................................................................................................2-2
Practices for Lesson 3 .....................................................................................................................................3-1 Practices for Lesson 3 ....................................................................................................................................3-2 Practice 3-1: Start Oracle WebLogic Server ..................................................................................................3-3 Practice 3-2: Start Oracle Identity Manager Server and Oracle SOA Server .................................................3-6 Practice 3-3: Launch the Oracle SOA and Oracle Identity Manager Administration Consoles .......................3-11 Practice 3-4: Navigate the Oracle Identity Manager Administrative and User Console ..................................3-17 Practice 3-5: Launch and Navigate the Oracle Identity Manager Design Console .........................................3-25
Practices for Lesson 4 .....................................................................................................................................4-1 Practices for Lesson 4 ....................................................................................................................................4-2
Practices for Lesson 5 .....................................................................................................................................5-1 Practices for Lesson 5 ....................................................................................................................................5-2 Practice 5-1: Create Organizations ................................................................................................................5-3 Practice 5-2: Create Suborganizations ...........................................................................................................5-7 Practice 5-3: Create Users .............................................................................................................................5-10 Practice 5-4: Create a Role Category ............................................................................................................5-16 Practice 5-5: Create Roles .............................................................................................................................5-18 Practice 5-6: Assign Users to Roles ...............................................................................................................5-24 Practice 5-7: Use the Bulk Load Utility to Import a Role Category into Oracle Identity Manager ...................5-31 Practice 5-8: Use the Bulk Load Utility to Import Users into Oracle Identity Manager ....................................5-39 Practice 5-9: Use the Bulk Load Utility to Import and Assign Roles in Oracle Identity Manager ....................5-45 Practice 5-10: Use the Bulk Load Utility to Assign Users to Roles in Oracle Identity Manager ......................5-49
Practices for Lesson 6 .....................................................................................................................................6-1 Practices for Lesson 6 ....................................................................................................................................6-2 Practice 6-1: Copy Connector and External Code Files .................................................................................6-3 Practice 6-2: Configure Oracle Identity Manager Server ................................................................................6-7 Practice 6-3: Import an Oracle Identity Manager Connector ..........................................................................6-11 Practice 6-4: Define an IT Resource ..............................................................................................................6-18 Practice 6-5: Create a User ............................................................................................................................6-28 Practice 6-6: Assign the Connector to a User ................................................................................................6-29 Practice 6-7: Complete the Custom Process Form ........................................................................................6-33 Practice 6-8: Access the Resource ................................................................................................................6-38
Practices for Lesson 7 .....................................................................................................................................7-1 Practices for Lesson 7 ....................................................................................................................................7-2 Practice 7-1: Configure the Resource Object .................................................................................................7-3 Practice 7-2: Create an Auto Membership Rule .............................................................................................7-5 Practice 7-3: Assign an Auto Membership Rule to a Role ..............................................................................7-8 Practice 7-4: Create an Access Policy ...........................................................................................................7-12 Practice 7-5: Create a User ............................................................................................................................7-17 Practice 7-6: Complete the Custom Process Form ........................................................................................7-21 Practice 7-7: Access the Resource ................................................................................................................7-24 Practice 7-8: Modify the Provisioning Process ...............................................................................................7-25 Practice 7-9: Modify the Custom Process Form .............................................................................................7-31
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g: Essentials Table of Contents ii
Practice 7-10: Provision a Resource to a User...............................................................................................7-34 Practice 7-11: Access the Resource ..............................................................................................................7-44
Practices for Lesson 8 .....................................................................................................................................8-1 Practices for Lesson 8 ....................................................................................................................................8-2 Practice 8-1: Create Prerequisite Organizations, Role Categories, and Roles ..............................................8-3 Practice 8-2: Configuring the JDeveloper Environment ..................................................................................8-6 Practice 8-3: Deploy and Register Custom SOA Composites ........................................................................8-24 Practice 8-4: Import the iPlanet User Resource Request Dataset..................................................................8-40 Practice 8-5: Configure Sun Java System Directory Server Group and Role .................................................8-45 Practice 8-6: Update Lookup Definitions ........................................................................................................8-51 Practice 8-7: Create a Request Template ......................................................................................................8-61 Practice 8-8: Create Approval Policies ...........................................................................................................8-67 Practice 8-9: Create Users for the Request ...................................................................................................8-81 Practice 8-10: Create a Request ....................................................................................................................8-82 Practice 8-11: Approve Tasks and Verify Provisioning ...................................................................................8-91
Practices for Lesson 9 .....................................................................................................................................9-1 Practices for Lesson 9 ....................................................................................................................................9-2 Practice 9-1: Start Microsoft Active Directory and Sun Java System Directory Server ..................................9-4 Practice 9-2: Configure the External Resources ............................................................................................9-9 Practice 9-3: Copy Connector and External Code Files .................................................................................9-12 Practice 9-4: Configure Oracle Identity Manager Server ................................................................................9-15 Practice 9-5: Import Oracle Identity Manager Connectors .............................................................................9-18 Practice 9-6: Define IT Resources .................................................................................................................9-22 Practice 9-7: Modify Scheduled Jobs .............................................................................................................9-27 Practice 9-8: Reconcile with a Trusted Source and a Target Resource .........................................................9-33
Practices for Lesson 10 ...................................................................................................................................10-1 Practices for Lesson 10 ..................................................................................................................................10-2 Practice 10-1: Create Prerequisite Entities ....................................................................................................10-4 Practice 10-2: Create and Associate Membership Rules ...............................................................................10-5 Practice 10-3: Create HelpDesk, Human Resources, and Manager User Accounts ......................................10-12 Practice 10-4: Extend the Oracle Identity Manager User Schema .................................................................10-16 Practice 10-5: Create Authorization Policies ..................................................................................................10-29 Practice 10-6: Test and Verify Authorization Policies Implementation ...........................................................10-48
Practices for Lesson 11 ...................................................................................................................................11-1 Practices for Lesson 11 ..................................................................................................................................11-2 Practice 11-1: Configure the Oracle BI Publisher Environment ......................................................................11-3 Practice 11-2: Create Access Policy Reports .................................................................................................11-11 Practice 11-3: Create Request and Approval Reports ...................................................................................11-14 Practice 11-4: Create a Password Report ......................................................................................................11-18 Practice 11-5: Create a Resource Report ......................................................................................................11-20 Practice 11-6: Create Role and Organization Reports ...................................................................................11-22 Practice 11-7: Create a User Report ..............................................................................................................11-26
Practices for Lesson 12 ...................................................................................................................................12-1 Practices for Lesson 12 ..................................................................................................................................12-2 Practice 12-1: Access Oracle Identity Manager Log Configuration Details ....................................................12-4 Practice 12-2: Create an Oracle Identity Manager User .................................................................................12-11 Practice 12-3: View Provisioning Messages in the Oracle Identity Manager Log ...........................................12-15 Practice 12-4: Resolve Provisioning Issue .....................................................................................................12-20
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g: Essentials Table of Contents iii
Practice 12-5: Monitor Scheduled Events ......................................................................................................12-27
Practices for Lesson 13 ...................................................................................................................................13-1 Practices for Lesson 13 ..................................................................................................................................13-2 Practice 13-1: Export and Re-import the OIM Configuration using the MDS Utility ........................................13-4 Practice 13-2: Exporting Deployment Configuration with the Deployment Manager ......................................13-11 Practice 13-3: Import an XML File Using the Deployment Manager...............................................................13-24
Practices for Lesson B ....................................................................................................................................14-1 Practices for Lesson B ...................................................................................................................................14-2
Practices for Lesson C ....................................................................................................................................15-1 Practices for Lesson C ...................................................................................................................................15-2
Practices for Lesson D ....................................................................................................................................16-1 Practices for Lesson D ...................................................................................................................................16-2
Practices for Appendix E .................................................................................................................................17-1 Practices for Appendix E ................................................................................................................................17-2 Practice E-1: Build an Oracle Identity Manager Connector ............................................................................17-3
Practices for Appendix F .................................................................................................................................18-1 Practices for Appendix F ................................................................................................................................18-2 Practice F-1: Branding the Identity Administration Console ...........................................................................18-4 Practice F-2: Branding the Authenticated Self Service Console ....................................................................18-15 Practice F-3: Renaming Button Labels ...........................................................................................................18-20 Practice F-4: Creating Custom Skins and Style Sheets .................................................................................18-25
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1 Chapter 1 - Page 1
Practices for Lesson 1 Chapter 1
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1 Chapter 1 - Page 2
Practices for Lesson 1
Practices Overview There are no practices for Lesson 1.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2 Chapter 2 - Page 1
Practices for Lesson 2 Chapter 2
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2 Chapter 2 - Page 2
Practices for Lesson 2
Practices Overview There are no practices for Lesson 2.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 1
Practices for Lesson 3 Chapter 3
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 2
Practices for Lesson 3
Practices Overview In these practices, you launch Oracle Identity Manager 11g. This includes completing the following tasks:
Starting Oracle WebLogic Server (the Administration server) Starting two servers managed by Oracle WebLogic Server: Oracle Identity Manager
Server and Oracle SOA Server Launching the Oracle SOA Administration Consoles and the Oracle Identity Manager
Administration Console Launching the Oracle Identity Manager Design Console
Important: For the practices in this lesson, represents the host name of the machine on which the practices are completed. Because the host name for your machine is unique, replace all references of with the host name of your machine. To retrieve the host name of your machine:
1. Open a DOS window. 2. At the DOS prompt, enter hostname. The host name of your machine appears.
Tip: In this practice, you launch the following Web-based consoles: Oracle WebLogic Server Administration Console Oracle SOA Platform Console Oracle BPM Worklist Console Oracle Identity Manager Administrative and User Console
For efficiency purposes, add the URL for each console to your Favorites list in Microsoft Internet Explorer. To do so:
1. Select Favorites from the Menu Bar. 2. Select the Add to Favorites command from the menu that appears. 3. On the Add a Favorite window, click Add.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 3
Practice 3-1: Start Oracle WebLogic Server
Overview With Oracle WebLogic Server, an administrator can define a domain for the server. A domain is a basic administrative unit for Oracle WebLogic Server, and includes the following types of servers:
An administrative server. This type of server is always included as part of a domain. With an administrative server, an administrator can perform additional administration of that domain, including creating and managing managed servers within the domain.
A managed server. This type of server is managed by the administrative server. A managed server hosts application components and resources, which are also deployed and managed as part of the domain.
In this practice, you start Oracle WebLogic Server. Oracle WebLogic Server is the administrative server for your domain. Note: In the next practice, you start two servers managed by Oracle WebLogic Server: Oracle Identity Manager Server and Oracle SOA Server.
Assumptions You installed and configured Oracle WebLogic Server 11g, Oracle Identity Manager
11g, and Oracle SOA Server 11g You created a domain for Oracle WebLogic Server 11g You created an administrative server for Oracle WebLogic Server 11g You created two servers managed by Oracle WebLogic Server: Oracle Identity
Manager Server and Oracle SOA Server
Tasks 1. Double-click the startWebLogic.cmd file, found in the
D:\app\oracle\product\middleware\user_projects\domains\ IDMDomain\bin folder.
Important: Before proceeding to step 2, ensure that you see in the DOS window used to launch Oracle WebLogic Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 4
2. Open an Internet Explorer Web browser. Important: Ensure that the version of your Web browser is 7.0 (or higher).
3. Enter the following URL into the Address field: http://.us.oracle.com:7001/console/login/LoginForm.jsp Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
4. Log in to Oracle WebLogic Server, using the login credentials of weblogic for the User Name and Welcome1 for the password.
Note: For security purposes, the password you enter appears as a series of bullets.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 5
5. On the Home page of the Oracle WebLogic Server Administration Console, click the Servers link.
On the Summary of Servers page of the Administration Console, the administrative server (AdminServer) has a status of RUNNING.
Oracle WebLogic Server is started. In this practice, you started the administrative server for your domain (Oracle WebLogic Server). You are ready to start two servers managed by Oracle WebLogic Server: Oracle Identity Manager Server and Oracle SOA Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 6
Practice 3-2: Start Oracle Identity Manager Server and Oracle SOA Server
Overview In this practice titled Start Oracle WebLogic Server, you launched Oracle WebLogic Server. Oracle WebLogic Server is the administrative server for your domain. You are ready to start two servers managed by Oracle WebLogic Server: Oracle Identity Manager Server and Oracle SOA Server.
Assumptions You started Oracle WebLogic Server.
Tasks 1. Open a DOS window. 2. Navigate to the D:\app\oracle\product\middleware\user_projects\
domains\IDMDomain\bin directory. Note: This directory contains the startManagedWebLogic.cmd file. This file is used to start Oracle Identity Manager Server.
3. At the DOS prompt, enter startManagedWebLogic.cmd oim_server1 (and press Enter).
Note: For this course, oim_server1 is the name of the Oracle Identity Manager Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 7
4. At the username and password prompts, enter weblogic and Welcome1 (and press Enter).
Note: weblogic and Welcome1 are the login credentials for Oracle WebLogic Server. Also, the password is hidden for security purposes. You started Oracle Identity Manager Server. You are ready to start Oracle SOA Server. Important: Before proceeding to step 5, ensure that you see in the DOS window used to launch Oracle Identity Manager Server.
5. Open a second DOS window. 6. Navigate to the D:\app\oracle\product\middleware\user_projects\
domains\IDMDomain\bin directory. Note: This directory contains the startManagedWebLogic.cmd file. This file is used to start Oracle SOA Server.
7. At the DOS prompt, enter startManagedWebLogic.cmd soa_server1 (and press Enter).
Note: For this course, soa_server1 is the name of the Oracle SOA Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 8
8. At the username and password prompts, enter weblogic and Welcome1 (and press Enter).
Note: weblogic and Welcome1 are the login credentials for Oracle WebLogic Server. Also, the password is hidden for security purposes. You started Oracle SOA Server. You are ready to verify that both managed servers are started. Important: Before proceeding to step 9, ensure that you see in the DOS window used to launch Oracle SOA Server.
9. Make the Summary of Servers page of the Oracle WebLogic Server Administration Console active. On this page, both the Oracle Identity Manager Server (oim_server1) and the Oracle SOA Server (soa_server1) have a status of RUNNING.
Oracle Identity Manager Server and Oracle SOA Server are started.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 9
10. This is an optional step. Several shortcut scripts have been provided to start and stop Oracle Identity Manager Server, Oracle SOA Server, and Oracle WebLogic server.
a. From a File Manager, change to the directory, D:\stage\labs\lab_03\Shortcuts.
b. Copy all of the files located in the directory.
c. Paste these files to the desktop.
Double-click the appropriate shortcut when you need to shut down or start the Oracle WebLogic Administration Server, Oracle Identity Manager Server, or the Oracle SOA Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 10
In the practice titled Start Oracle WebLogic Server, you started the administrative server for your domain (Oracle WebLogic Server). In this practice, you started the two servers managed by this administrative server: Oracle Identity Manager Server and Oracle SOA Server. You are ready to launch the Administration Consoles associated with Oracle Identity Manager and Oracle SOA.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 11
Practice 3-3: Launch the Oracle SOA and Oracle Identity Manager Administration Consoles
Overview In the practices titled Start Oracle WebLogic Server and Start Oracle Identity Manager Server and Oracle SOA Server, you launched Oracle WebLogic Server, Oracle Identity Manager Server, and Oracle SOA Server. You are ready to launch three Administration Consoles associated with Oracle Identity Manager and Oracle SOA. They are:
Oracle SOA Platform Console. The primary goal of any provisioning system is to manage requests submitted by users and provision resources to users. Request completion involves execution of associated approval processes. These approval processes are deployed as Service Oriented Architecture (SOA) composites running on the SOA Server. The Oracle SOA Platform Console is a Web-based console that contains predefined SOA composites in Oracle Identity Manager to be used for approval processes. Oracle Identity Manager approvers and administrators are responsible for executing and managing such approval processes.
Oracle BPM Worklist Console. This Web-based console is used by approvers or administrators to manage approval process tasks that require their attention, as well as to view tasks that they initiate.
Oracle Identity Manager Administrative and User Console. This Web-based console supports access to unauthenticated and authenticated self-service, as well as delegated administration features for Oracle Identity Manager.
Assumptions You started Oracle WebLogic Server, Oracle Identity Manager Server, and Oracle SOA Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 12
Tasks 1. Open an Internet Explorer Web browser. 2. Enter the following URL into the Address field:
http://.us.oracle.com:7006/soa-infra Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
3. On the Connect window, enter xelsysadm in the User Name field, Welcome1 in the Password field, and click OK.
Note: For security purposes, the password that you enter appears as a series of bullets.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 13
The Home page of the Oracle SOA Platform Console appears.
The Oracle SOA Platform Console contains predefined SOA composites in Oracle Identity Manager to be used for approval processes. Oracle Identity Manager approvers and administrators are responsible for executing and managing such approval processes. You launched the Oracle SOA Platform Console. You are ready to launch the Oracle BPM Worklist Console. Note: For more information about the SOA composites that compose this console, refer to the lesson of the Oracle Identity Manager 11g: Essentials course titled Launching Oracle Identity Manager.
4. Open an Internet Explorer Web browser. 5. Enter the following URL into the Address field:
http://.us.oracle.com:7006/integration/worklistapp Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 14
6. If prompted, on the login page, enter xelsysadm into the Username field, Welcome1 into the Password field, and click Login.
Note: For security purposes, the password that you enter appears as a series of bullets. The Home page of the Oracle BPM Worklist Console appears.
The Oracle BPM Worklist Console is used by approvers or administrators to manage approval process tasks that require their attention, as well as view tasks they initiate. You launched the Oracle BPM Worklist Console. You are ready to launch the Oracle Identity Manager Administrative and User Console. Note: For more information about the features and functionalities of this console, refer to the lesson of the Oracle Identity Manager 11g: Essentials course titled Launching Oracle Identity Manager.
7. Open an Internet Explorer Web browser. 8. Enter the following URL into the Address field:
http://hostname.us.oracle.com:7007/oim. Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 15
9. On the Oracle Identity Manager login page, enter xelsysadm into the User Name field, Welcome1 into the Password field, and click Sign In.
Note: Because you did not yet create an administrator account, you must log in to the Oracle Identity Manager Administrative and User Console with your superuser account (that is, xelsysadm). However, after you create your own administrator account, you can log in to Oracle Identity Manager with that account. Also, for security purposes, the password that you enter appears as a series of bullets.
10. Populate the Password Management screen, as follows:
Challenge Question Challenge Answer
What is your mothers maiden name? agneta
What is the name of your pet? matty
What is the city of your birth? new york
Note: The first time that you log in to Oracle Identity Manager with a particular user account, you must select and answer challenge questions. These questions are used to verify your identity if you must reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Oracle Identity Manager Administrative and User Console.
11. Click Submit.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 16
The Home page of the Oracle Identity Manager Administrative and User Console appears.
The Oracle Identity Manager Administrative and User Console supports access to unauthenticated and authenticated self-service, as well as delegated administration features for Oracle Identity Manager. In this practice, you started three Web-based Administration Consoles associated with Oracle Identity Manager and Oracle SOA: Oracle SOA Platform Console, Oracle BPM Worklist Console, and Oracle Identity Manager Administrative and User Console. You are ready to navigate the Oracle Identity Manager Administrative and User Console. By navigating this console, you familiarize yourself with the embedded consoles and their features. Important: When you launch the Oracle SOA Platform Console, Oracle BPM Worklist Console, and Oracle Identity Manager Administrative and User Console, and log in with your superuser account (that is, xelsysadm), you have read- and write-access rights for all of the links that compose each console.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 17
Practice 3-4: Navigate the Oracle Identity Manager Administrative and User Console
Overview In the practices titled Start Oracle WebLogic Server and Start Oracle Identity Manager Server and Oracle SOA Server, you launched Oracle WebLogic Server and Oracle Identity Manager Server. In this practice, you perform a series of tasks to navigate the Oracle Identity Manager Administrative and User Console. By navigating the console, you familiarize yourself with the embedded consoles and their features. There are three main embedded consoles within the Oracle Identity Manager Administrative and User Console:
Oracle Identity Manager Authenticated Self Service Console Oracle Identity Manager Administration Console Oracle Identity Manager Advanced Administration Console
The fourth console, Oracle Identity Manager Unauthenticated Self Service interface, is accessed directly from the Login page. In this practice, you focus on the first three embedded consoles.
Assumptions You started Oracle WebLogic Server and Oracle Identity Manager Server. You have launched the Oracle Identity Manager Administrative and User Console and
have logged in as the superuser account, xelsysadm.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 18
Tasks 1. En sure that the Oracle Identity Manager Identity Administration Console is active. 2. From the Oracle Identity Manager Identity Administration Console, two main tabs are
displayed to the left-side of the console: Administration and Authorization Policy. When initially accessing the Oracle Identity Administration Console, you are placed into the Administration tab. From the Welcome tab on the right side of the console, you can manage users, organizations, roles, role categories, and authorization policies.
3. In the left-hand Search and Browse panel, click the right-arrow to the right of the Search
field to search for all users for which the superuser account is allowed to search.
Note: The left Search and Browse area enables you to not only search for Oracle Identity Manager entities, but also allows you to either create or modify existing entities.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 19
4. Select the line for, but do not click the link for, System Administrator. By selecting the line for an entity, you have several actions available to you in the area directly above the search results.
5. Move your mouse cursor over each of the action buttons listed above the search results.
You have the ability to create ( ), edit ( ), and delete ( ) users as well as reset their passwords ( ). If you have multiple users selected, you can modify some of the attributes of these users by clicking the Bulk Modify Users button ( ). You can refresh your search results ( ) and expand the search interface ( ) so that it launches the Advanced Search: Users window with the information that you specified in the regular search window. These actions are replicated in the Action drop-down list as well as on the Welcome tab on the right side of the console.
Note: You can also search for Roles and Organizations from the Search field. The action button and the Action drop-down menu change based on the type of entity that you select.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 20
6. Click the Browse subtab in the Search and Browse area.
This area enables you to view the roles and organizations in a hierarchical view. Once again, as with the user search, you have access to several actions including creating, opening the details of, and deleting roles and role categories from the Roles subpanel. The same actions are accessed for organizations through the Organizations subpanel.
7. Click on the Authorization Policy tab to access the Authorization Policies management area. You can also access authorization policies from the Welcome tab from the Administration tab.
8. Access the Oracle Identity Manager Advanced Administration Console by clicking the
Advanced link on the right side of the banner area.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 21
9. You are presented with five main: Administration, Event Management, Policies, Configuration, and System Management. You are automatically placed in the Administration tab, where you can access, from the Welcome subtab, all of the features for Advanced Administration.
10. Click the Event Management tab. Note that the navigation area directly below the
Administration and Event Management tabs updates according to the tab selected. The Search field is also updated to reflect the features accessible from the tab.
11. Click the remaining tabs to see the functions that are accessible from the navigation
area below the main tabs. These features match the features displayed in each of the panels on the Welcome tab.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 22
12. Click the Self-Service link in the banner area to access the Oracle Identity Manager Authenticated Self Service Console.
13. Once again, as with the other embedded consoles, several main tabs are available to
you: Tasks, Requests, and Profile. You automatically start in the Welcome tab for this console. Click Tasks to access the Tasks tab.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 23
14. From the Tasks tab, you have access to several subtabs that match what was shown on the Welcome tab.
In this case, you can search for any approval, provisioning, or attestation tasks based on the subtab selected and the filters used in the search fields.
15. Click the remaining main tabs, Requests and Profile, to view the subtabs available to you.
16. Now that you have navigated the Oracle Identity Manager Administrative and User Console, you can shut down the Oracle SOA server, as it will no longer be required until a later lab. To shut down the Oracle SOA services:
a. At the DOS prompt, change to the directory, D:\app\oracle\product\middleware\user_projects\domains\ IDMDomain\bin.
b. Enter stopManagedWebLogic.cmd soa_server1 (and press Enter).
Note: For this course, soa_server1 is the name of the Oracle SOA Server.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 24
c. At the username and password prompts, enter weblogic and Welcome1 (and press Enter)
Note: weblogic and Welcome1 are the login credentials for Oracle WebLogic Server. Also, the password is hidden for security purposes. When stopping the server, the default values of weblogic and welcome1 are provided. At the minimum, you must enter the correct password.
It may take a few minutes to shut down Oracle SOA server. After the services have been stopped and the server has shut down, you may proceed with the next practice. You are ready to launch the Oracle Identity Manager Design Console. This console is a stand-alone Java application that provides the full range of the products system configuration and development capabilities.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 25
Practice 3-5: Launch and Navigate the Oracle Identity Manager Design Console
Overview In the practices titled Start Oracle WebLogic Server and Start Oracle Identity Manager Server and Oracle SOA Server, you launched Oracle WebLogic Server and Oracle Identity Manager Server. In this practice, you launch the Oracle Identity Manager Design Console: This console is a stand-alone Java application that provides the full range of the products system configuration and development capabilities, including Form Designer, Workflow Designer, and Adapter Factory. After launching the console, you navigate one of the folders to familiarize yourself with how to search for and access the features listed. You can launch the Design Console through the Oracle Identity Manager Client icon on your desktop.
Assumptions You started Oracle WebLogic Server and Oracle Identity Manager Server.
Tasks 1. Double-click the Oracle Identity Manager Client icon on your desktop. The Oracle
Identity Manager Design Console login window appears. 2. Enter xelsysadm into the User ID field, Welcome1 into the Password field, and click
Login.
Note: For security purposes, the password that you enter appears as a series of bullets.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 26
The Oracle Identity Manager Design Console appears.
You started the Oracle Identity Manager Design Console. Important: When you launch the Design Console, and log in with your superuser account (that is, xelsysadm), you have read-access and write-access rights for all of the forms and records that compose this console. Note: Two other ways to display the Oracle Identity Manager Design Console login window are by: Selecting the Oracle Identity Manager Client command from your Windows Start
menu (that is, Start > Programs > Oracle IDM Suite 11g Home1 > Oracle Identity Manager Client)
Double-clicking the xlclient.cmd file (which can be found in the D:\app\oracle\product\middleware\iam_home\designconsole directory).
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 27
3. Expand the User Management folder.
From this folder, you can manage several features that affect users or roles.
4. Double-click Roles. This opens a blank Roles form, enabling you to search for or create a Roles form.
5. Click on the Query for records button.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 28
This searches through the Oracle Identity Manager repository for all records that match this type of form.
The first role is preloaded into the form on the Roles tab. In this example, the ACCESS POLICY ADMINISTRATORS role is loaded into the form.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 29
6. Select the Roles Table tab.
This lists all the roles that you searched for by clicking the Query for Records button.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 30
7. Select the field for the Administrators role.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 31
8. Select the Roles tab.
The Roles form is updated with the information related to the Administrators role. The Roles table enables you to select the item that you want to view for that form type.
9. You can change to the previous, next, first, or last record by using the directional arrows in the menu bar. Click the Go to Last Record button.
This automatically preloads the form with the information for the last record listed in Roles Table.
10. If you make any updates to the form, you can click the Save button to save your changes. In this case, because you have made no changes, close the form by clicking the Close this form button.
This closes the form and the correlating table tab.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 32
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4 Chapter 4 - Page 1
Practices for Lesson 4 Chapter 4
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4 Chapter 4 - Page 2
Practices for Lesson 4
Practices Overview There are no practices for Lesson 4.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 1
Practices for Lesson 5 Chapter 5
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 2
Practices for Lesson 5
Practices Overview In these practices, you create and manage records for organizations, roles, and users. This includes completing the following tasks:
Creating records and attributes for organizations, suborganizations, Oracle Identity Manager users, and role categories
Creating roles and assigning them to role categories Assigning roles to Oracle Identity Manager users Using the Bulk Load utility to import predefined role categories, roles, and users into
Oracle Identity Manager Important: For the practices in this lesson, represents the host name of the machine on which the practices are completed. Because the host name for your machine is unique, replace all references of with the host name of your machine. To retrieve the host name of your machine:
1. Open a DOS window. 2. At the DOS prompt, enter hostname. The host name of your machine appears.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 3
Practice 5-1: Create Organizations
Overview In this practice, use the Oracle Identity Manager Identity Administration Console to create organizations for the Curriculum, Process Owners, Reviewers, and Approvers departments.
Assumptions You installed, configured, and launched the Administrative and User Console for Oracle Identity Manager 11g.
Tasks 1. Click the Create Organization link on the Home page of the Identity Administration
Console.
Note: If the Identity Administration Console does not appear, click the Administration link in the upper-right corner of the active console.
2. Enter values for the organizational record that you are creating, as follows:
Field Value
Name Curriculum
Type Department
Parent Organization [leave blank]
Note: The Parent Organization field indicates the parent organization of your organization (that is, your organization is a suborganization). Because your organization is a parent organization, and is not a suborganization, leave this field empty.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 4
3. Click Save.
The organization is created. Oracle Identity Manager sets the organizations status to Active automatically.
Note: The Status field indicates the current status of an organization (that is, whether it is active, disabled, or deleted). Oracle Identity Manager sets this value automatically (to Active).
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 5
4. Repeat steps 1 through 3 to create the following organizations:
Field Value
Name Process Owners
Type Department
Parent Organization [leave blank]
Name Reviewers
Type Department
Parent Organization [leave blank]
Name Approvers
Type Department
Parent Organization [leave blank]
You can create suborganizations, and assign these suborganizations to parent organizations that you created in this practice.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 6
Tip: For efficiency, close all open tabs before beginning the next practice. To do so: a. Click Close Multiple Tabs, located in the upper-right corner of the active tab.
b. On the Close Multiple Tabs window, select all open tabs (for this example, select
the Curriculum, Process Owners, Reviewers, and Approvers tabs). c. Click OK.
The Home page of the Identity Administration Console appears.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 7
Practice 5-2: Create Suborganizations
Overview In this practice titled Create Organizations, you used the Oracle Identity Manager Identity Administration Console to create parent organizations for the Curriculum, Process Owners, Reviewers, and Approvers departments. You are ready to use the Identity Administration Console to create a suborganization for the Training department, and assign this suborganization to the Curriculum parent organization. In addition, in this practice, you create a Legal suborganization for the Reviewers parent organization.
Assumptions You created parent organizations for the Curriculum, Process Owners, Reviewers, and Approvers departments.
Tasks 1. On the Home page of the Identity Administration Console, click the Create Organization
link. 2. Enter values for the suborganizational record you are creating, as follows:
Field Value
Name Training
Type Department
Parent Organization Curriculum
Note: The Parent Organization field indicates the parent organization of your organization (that is, your organization is a suborganization). Because you want the Training organization to be a suborganization of the Curriculum organization, select and assign Curriculum to be the parent organization of Training. To do so: a. Click the magnifying glass to the right of the Parent Organization field.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 8
b. In the Search: Organizations window, enter Curriculum into the Organization Name field (because you want Curriculum to be the parent organization for Training). Click Search.
c. In the Search Results pane of the Search: Organizations window, select the
parent organization for which you searched (for this practice, Curriculum). Click Add.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 9
d. On the Create Organization page, click Save.
The suborganization is created. Oracle Identity Manager sets the suborganizations status to Active automatically.
3. Repeat steps 1 and 2 to create the following suborganization:
Field Value
Name Legal
Type Department
Parent Organization Reviewers
You can create records for Oracle Identity Manager users and assign these users to their respective organizations.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 10
Practice 5-3: Create Users
Overview In this practice, use the Oracle Identity Manager Identity Administration Console to create two users and assign these users to the Curriculum organization.
Assumptions You created a parent organization for the Curriculum department in the practice titled Create Organizations.
Tasks 1. Close all open tabs. 2. On the Home page of the Identity Administration Console, click the Create User link.
3. Enter values for the user record that you are creating, as follows:
Field Value
First Name Robert
Last Name La Vallie
Design Console Access check box [selected]
User Login RLAVALLI
Password Welcome1
Confirm Password Welcome1
Organization Curriculum
User Type Full-Time Employee
Note: For security purposes, the password is displayed as a series of bullets (). For this example, because the password is Welcome1, it appears as .
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 11
Also, to assign an organization to the user record, complete the following steps: a. Click the magnifying glass to the right of the Organization field.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 12
b. On the Select and Search Organizations window, in the Search field, enter the name of the organization that you want to assign to the user record. For this practice, enter Curriculum into the Search field. Click the right arrow button.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 13
c. Click the name of the organization in the Organization Name field to select it. Click Add.
The organization that you assigned to the user record appears in the Organization field.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 14
4. Click Save.
The user is created. Oracle Identity Manager sets the users identity status to Active and the account status to Unlocked automatically.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 15
5. Repeat steps 1 through 4 to create the following user:
Field Value
First Name Leonard
Last Name Agneta
Design Console Access check box [selected]
User Login LAGNETA
Password Welcome1
Confirm Password Welcome1
Organization Curriculum
User Type Full-Time Employee
You are ready to create a role category. A role category is a way of categorizing roles for navigation and authorization purposes. Roles are used to create and manage records of a collection of users to whom you want to permit access to common functionality, such as access rights, roles, or permissions.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 16
Practice 5-4: Create a Role Category
Overview In this practice, you create a role category. A role category is a way of categorizing roles for navigation and authorization purposes. It is stored internally in Oracle Identity Manager as an attribute of the role. Roles are used to create and manage records of a collection of users to whom you want to permit access to common functionality, such as access rights, roles, or permissions. For this practice, use the Oracle Identity Manager Identity Administration Console to create the Administrative role category. Note: In the practice titled Using the Bulk Load Utility to Import a Role category into Oracle Identity Manager, you are to use the Bulk Load utility to load a second role category into Oracle Identity Manager (Technical). All roles that you are to create or import for this course are to belong to one of these two role categories.
Assumptions You created the user account specified in the practice titled Create Users.
Tasks 1. Close all open tabs. 2. On the Home page of the Identity Administration Console, click the Create Role
Category link.
3. Enter values for the role category record that you are creating, as follows:
Field Value
Category Name Administrative
Description Role category for nontechnical roles
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 17
4. Click Save.
The role category is created.
You are ready to create roles and assign them to the Administrative role category that you created in this practice.
David M
iddleton
(davidm
iddleton3
@ontario
ca) has
a
non-tran
sferable
license
to use t
his Stude
nt Guide
Una
utho
rized
repr
oduc
tion
or d
istri
butio
n pr
ohib
ited
Cop
yrig
ht
201
1, O
racl
e an
d/or
its
affil
iate
s
-
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 18
Practice 5-5: Create Roles
Overview In this practice, you create roles. You use roles to create and manage the records of a collection of users to whom you want to permit access to common functionality, such as access rights, roles, or permissions. Roles can be independent of an organization, span across multiple organizations, or contain users from a single organization. For this practice, use the Oracle Identity Manager Identity Administration Console to create two roles: Oracle 11g Approvers and Oracle 11g Users. You are to assign these roles to the Administrative role category that you created in the practice titled Create a Role Category.
Assumptions You created an Administrative role category.
Tasks 1. Close all open tabs. 2. On the Home page of the Identity Administration Console, click the Create Role link.
3. Enter values for the role you are creating, as follows:
Field Value
Name Oracle 11g Approvers
Description This role is designated for users wh