In OIM 11g R2, Oracle introduced a new feature called "Catalog", using which a user of an Organization can search and request for roles using a shopping cart type of functionality. There is also an option to generate emails to notify the user at what stage his/ her Role Request is at. Since, the Role request could go through multiple approvals, emails are sent for each stage of approval. Currently with OOTB Role Request workflow, upto 9 emails sent for the whole Role Approval processes completion and around 5 to 8 emails generated for Role Rejection. Though this could be a useful feature to some customers, it could be a nuisance for others who would be expecting at the most 2 emails for either Role Approval or Rejection.
This post describes a way to limit the number of emails generated to 2, one when the initial Role Request is made and one when a final decision (either Approve or Reject) is made.
After installing Patch 14760806 also called ORACLE IDENTITY MANAGEMENT SUITE BUNDLE PATCH 22.214.171.124.2 (BP02), to fix a few existing issues with OIM 126.96.36.199.1, we saw "access denied" issues while accessing OIM Identity Console as an "End User". "System Administrator" users could access the console with out any issues. The reason for this is that an OOTB Authorization plugin that allows an "End User" to access his/ her profile is not applied after applying the patch and it has to be manually deployed. The same plugin is also responsible for allowing a user to request roles using Catalog tool. This post describes the error messages displayed, the worked around (suggested by Oracle) and a few missing instructions in Oracle documentation for the plugin deployment.
Oracle has just released an updated version of its Identity Management 11.1.2 Enterprise Deployment Blueprint and I must say, this is tremendous effort from Oracle to fill in some of the gaps in its documentation. It is nice to have a single place to go to for the steps that are required for setting up OAM and OIM to work together in a clustered, highly available design.
While trying to create a DIP (188.8.131.52) profile for Database Import using manageSyncProfiles command from ../Oracle_IDM1/bin, I was getting the following error.
[oracle@somehost bin]$ ./manageSyncProfiles register -h localhost -p 7005 -D weblogic -f dbimp.properties
Properties file dbimp.properties does not have correct key-value format.
Oracle Waveset 8.1.1 Patch 6 is available for download
Trevor Roskewich, Senior Identity Consultat at Nulli will be presenting to the Calgary Oracle User Group (COUG) at the Suncor Energy Centre at 8:00 AM on December 15, 2011. His presentation, co-produced with Lisa Gryschuk, Senior Human Information Consultant at Nulli, addresses the critical business integration between Human Capital Management and Identity Management.
HCM applications are a principle source of an organizations’ identity data and thus critical to your identity, access governance and security processes. Leveraging job classifications / codes an organization's identity and security processes are dependent on tightly integrating at the business and system levels to provide Request Based Access Control and Role Based Access Control (RBAC). Identity Access Management architects and analysts are working more strategically with their peers in Human Capital Management to provide their organizations with fluid management of human information while leveraging the two systems to increase productivity for all employees in the organization.
This presenation will be of interest to HCM Analysts, HR Supervisors, HR Managers, Middleware Architects, IAM Architects, Enterprise Architects and Security professionals looking to automate securing applications, databases and providing transparent information on who has access to what information within the organization.
Presentation: Identity of the Enterprise
Human Capital Management (HCM), also known as Human Resources (HR), is a critical application forming the foundation of every business’ success. Trevor will be speaking to best practices for HCM/HR and how they can support maximizing the financial and business process returns of deploying and managing enterprise provisioning and role management.
Aside from the wonderful grammar, this 11:15 AM session being held at Western Canada Regional User Group (WCRUG) in Vancouver, BC on November 10, 2011 will be of interest to everyone in the enterprise.
Human Capital Management (HCM), also known as Human Resources (HR), is a critical application forming the foundation of every business’ success. Knowing who your people are and what role they play along with associated cost/benefit metrics is what HCM/HR applications are best at performing. Nulli believes this Human Information (HI) is central to the success of many applications. High quality Human Information is a key requirement for reliable security and identity processes as well as for HCM.
For many years, Oracle has provided a well documented OAM SSO solution for PeopleSoft using typical header variable integration. However, PeopleBooks for PeopleTools 8.51 has become so, shall we say, refined, it's now harder to acheive success with such time-tested integration steps.
OVD 11g installed on Windows 2008 workstation fails to start with the following diagnostic log error:
While preparing to install OAM 11g, some of us were curious whether all the "ob..." attributes would remain intact or if they would be renamed with, for instance, an "orcl..." prefix. It struck one of my colleagues that the "ob" attributes would survive, if only to facilitate a workable upgrade path or to ease product development.
The Oracle Enterprise Manager Fusion Middleware Control 11g shows OID is down even though opmnctl shows OID is up.
ForgeRock, the open source Identity-Oriented middleware company, has joined a global community to launch a new open source project today. The OpenICF, Identity Connector Framework (ICF) community will provide a home for the development of multi-purpose connectors used by identity providers such as ForgeRock's OpenIDM, Oracle Waveset (formerly Sun Identity Manager) and other governance and compliance software.
Oracle has designated Nulli as an Oracle Gold Partner in the Oracle PartnerNetwork Specialized Program. Nulli having achieved Pillar Partner - Security and Identity status is now being recognized as a Gold Specialized partner for our implementation services excellence for the Oracle Access Manager, Identity Manager, Internet Directory, Virtual Directory and the Oracle suite of identity products including the Oracle Entitlement Server.
If you are using the OVD Shadow Joiner feature then you will need to add the vdeShadowObject object class to the directory hosting the shadow objects. Here is a little LDIF file for just such a need...