Integrating Oracle Identity Manager with Oracle Database: Modifying a User's Password
Integrating Oracle Identity Manager with Oracle Database:
Modifying a User's Password
This OBE tutorial describes and shows you how to use Oracle Identity Manager to
change the password of a centralized user account and pass this modification into
a resource with which the user is provisioned. That is, the modified Oracle Identity
Manager password replaces the existing resource-related password, thereby synchronizing
the user's account with both systems. For this tutorial,
Robert functions as the user and an Oracle database serves as the resource. Approximately two hours
This
OBE tutorial covers the following topics:  Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response time
may be slow depending on your Internet connection.)
Note:
Alternatively, you can place the cursor over each individual icon in the following
steps to load and view only the screenshot associated with that step. The
screenshots will not reflect the specific environment you are using. They are
provided to give you an idea of where to locate specific functionality in Oracle
Identity Manager.
Oracle
Identity Manager is a highly flexible and scalable enterprise identity management
system that controls user accounts and access privileges within enterprise IT
resources centrally. It provides the functionalities of provisioning, identity
and role administration, approval and request management, policy-based entitlement
management, technology integration, and audit and compliance automation. Features
and benefits of Oracle Identity Manager include identity and role administration
(user and group management, self-service functionalities for users, and delegated
administration), provisioning (approval and request management, and configurable
workflow models), policy-based entitlements, reconciliation, and attestation support
(for audit and compliance purposes). Back
to Topic List
Linda
works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda
is responsible for performing identity and access management tasks on various
users within the organization. One of these tasks
is changing the password of a user's centralized account and passing this modification
into a resource with which the user is provisioned. By doing so, the modified
Oracle Identity Manager password replaces the existing resource-related password,
thereby synchronizing the user's account with both systems. Robert
works within the Engineering department of Mydo Main Corporation. For security
purposes, Linda needs to update the password for Robert's resource-related account
(that is, an Oracle database) periodically. An
efficient way for Linda to complete this action is to modify the password of Robert's
centralized user account. Then, Oracle Identity Manager can transfer this updated
password into Robert’s resource-related account. By doing so, she synchronizes
Robert’s account with both systems. Back
to Topic List
Before starting this tutorial, you should: Back to Topic
List
Linda wants to configure
Oracle Identity Manager so that when she changes the password of a centralized
user account, this modification is passed into a resource with which the user
is provisioned. That is, the modified Oracle Identity Manager password replaces
the existing resource-related password, thereby synchronizing the user's account
with both systems. For this OBE, Robert functions as the
user and an Oracle database serves as the resource. For
this to occur, Linda needs to provide a way for Oracle Identity Manager to transfer
the password modification from the centralized user account into the resource-related
account. To do this, she needs to build a process task adapter. To
create a process task adapter within Oracle Identity Manager, perform the following
steps:
| 1. |
Launch your Oracle Identity Manager Server, Administrative
Console, and Design Console. Note: For
more information about loading, setting up, or starting Oracle Identity Manager,
refer to the OBE titled "Installing
Oracle Identity Manager." |
| 2. |
Log in to your Design Console with the "superuser" account for Oracle
Identity Manager (that is, enter xelsysadm in the
User ID field and abcd1234 in the
Password field).
|
| 3. |
Expand the Development Tools folder and double-click the
Adapter Factory node. |
| 4. |
Complete the upper portion of the Adapter Factory form as
follows: | Field
Name | Field Value | | Adapter
Name | Update Oracle Identity Manager
Password | | Adapter Type | Process
Task | | Description | Oracle
Identity Manager uses this adapter to modify the password of a centralized user
account and transfer this value into the resource with which the user is provisioned. |
| Compile Status | [do
not populate] | | Last Edit | [do
not populate] | | | 5. |
Click Save. Linda
is now ready to create a task and variable for this process task adapter. An adapter
task is a Java class that she can create through the Adapter
Factory form. As Linda creates this adapter, she may need to map data
to the parameters of this task for the adapter to work. For this reason, Linda
must create a placeholder to map this data at run time. This placeholder is known
as an adapter variable. In the next section of this procedure,
Linda is to create an adapter variable. This variable is created through the Variable
List tab of the Adapter Factory form. |
| 6. |
Click the Variable List tab of this form. |
| 7. |
Click Add. The
"Add a variable" window appears.
| | 8. |
Complete the fields of this window as follows:
| Field Name |
Field Value | | Final | [do
not select] | | Variable Name | Password
| | Type | String |
| Description | This
variable contains the password that Oracle Identity Manager transfers from the
centralized user account to the resource-related account. |
| Map To | Resolve
at runtime | Note: By selecting Resolve
at runtime from the Map To drop-down menu, Linda specifies
that this adapter variable’s mapping occurs later, at run time. By selecting
this option, the reusability of the adapter increases. |
| 9. |
Click Save. Then, click Close.
Note:
If a Closing Form window appears, click Yes. The
Variable List tab is active again. Linda
is now ready to create an adapter task. This task is created through the Adapter
Tasks tab of the Adapter Factory form. |
| 10. |
Click the Adapter Tasks tab of this form. |
| 11. |
Click Add. The
Adapter Task Selection window appears.
| | 12. |
Select the Logic Task option. Then, from the display area
to the right of it, select SET VARIABLE, and click Continue.
The
Add Set Variable Task Parameters window appears.
Note: Linda is creating a set variable task because she
needs to reassign the value of an adapter variable to another adapter variable.
The task that enables her to reallocate an adapter variable’s value is known
as a set variable task. |
| 13. |
Complete the fields of this window as follows:
| Field Name |
Field Value | | Variable Name | Adapter
return value | | Operand Type | Variable
| | Operand Qualifier | Password |
| | 14. |
Click Save. Then, click Close.
Note:
If a Closing Form window appears, click Yes. The
Adapter Tasks tab is active again. Linda
is now ready to compile this process task adapter. As a result, the adapter can
be used to transfer a modified password from a centralized user account into the
user's resource-related account. Linda compiles the process task adapter by clicking
the Build button on the Adapter Factory form.
| | 15. |
Click Save. |
| 16. |
Click Build. OK
appears within the Compile Status field. This
signifies that Linda compiled this process task adapter successfully. It can now
be used to transfer the modified password of a centralized user account into the
resource with which a user is provisioned. For this OBE, Robert functions as the
user and an Oracle database serves as the resource. However, for this
to happen, Linda needs to add a process task to the provisioning process of the
Oracle Identity Manager Connector that is associated with the resource. This way,
she can attach the process task adapter to it and map the adapter's run-time variables. In
the next section of this OBE, Linda learns how to create a task for the provisioning
process. | Back
to Topic List
In the previous section of
this OBE, Linda created a process task adapter within Oracle Identity Manager.
This adapter transfers the modified password of a centralized user account into
the resource with which a user is provisioned, thereby synchronizing the user's
account with both systems. For this OBE, Robert functions as the user and an Oracle
database serves as the resource. In this section, Linda
is ready to modify the provisioning process of the Oracle Identity Manager Connector
that is associated with the resource. Specifically, she is to add a process task
to this process. This way, she can attach the process task adapter to it and map
the adapter's run-time variables. For this OBE, the record that represents the
provisioning process is titled DataBase Access (Login). To
modify the DataBase Access (Login) provisioning process, perform
the following steps:
1. | Expand
the Process Management folder of the Design Console and double-click
the Process Definition node. |
2. | Enter
DataBase Access (Login) in the Name
field and click Query. |
3. | Click
Add. The
Creating New Task window appears.
| | 4. |
Complete the fields of this window as follows:
| Field Name |
Field Value | | Task Name | Change
User Password | | Task Description | This
task represents the action that Oracle Identity Manager is to perform on the target
resource (that is, transfer the modified password of a centralized user account
into the resource with which a user is provisioned). | | Days
| [do not populate] |
| Hours | [do
not populate] | | Minutes | [do
not populate] | | Conditional | [selected] |
| Required for Completion | [selected] |
| Constant Duration | [do
not select] | | Disable Manual Insert | [selected] |
| Allow Cancellation while Pending | [selected] |
| Allow Multiple Instances | [selected] |
| Retry Period in Minutes | [do
not populate] | | Retry Count | [do
not populate] | | Task Effect | No
Effect | | Child Table | [do
not select] | Note: To modify a value,
which appears within a field of the form that holds a centralized user account
(that is, the Create User form), Oracle Identity Manager uses
the “Change User + Label” naming convention. Therefore, because
Linda is updating Robert's password, and the form label, which holds this value,
is Password, the name of the process task must be Change
User Password. | | 5. |
Click Save. The
Change User Password task is created. Linda is now ready to specify
a dependency for this task. That is, Oracle Identity Manager cannot execute the
Change User Password task unless an account, containing a password,
is first created for a user. This action is represented by the Create
Login task. Linda sets the dependency between
the Create Login task and the Change User Password
task through the Task Dependency tab of the Creating New Task
window. | 6. | Click
the Task Dependency tab. |
| 7. |
From the Preceding Tasks pane of this tab,
click Assign. The
Assign Preceding Tasks window appears.
| |
8. | From
the Existing Tasks pane of this window, select and assign the
Create Login task. Then, click OK. The
Creating New Task window is active again.
| |
9. |
Click Save. Then, click Close.
Note:
If a Closing Form window appears, click Yes. The
Process Definition form is active again. Linda
added the Change User Password process task to the DataBase
Access (Login) provisioning process. In the next section of this OBE,
she is to attach the Update Oracle Identity Manager Password
adapter to this process task and map the adapter's run-time variables. By doing
so, Oracle Identity Manager can pass the modified password of a centralized user
account into the resource with which a user is provisioned, thereby synchronizing
the user's account with both systems. In the next section of this OBE,
Linda learns how to attach an adapter to a provisioning process task and map the
adapter’s variables. | Back
to Topic List
In the previous section
of this OBE, Linda added the Change User Password process task
to the DataBase Access (Login) provisioning process. Linda is
now ready to attach the Update Oracle Identity Manager Password adapter
to this process task and map the adapter's run-time variables. By doing so, Oracle
Identity Manager can transfer the modified password of a centralized user account
into the resource with which a user is provisioned, thereby synchronizing the
user's account with both systems. To attach an adapter
to a provisioning process task and map the adapter’s variables, perform
the following steps:
| 1. |
Double-click the number of the row header for the Change
User Password process task. Note:
If a Closing Form window appears, click Yes. The
Editing Task window appears. |
| 2. |
Click the Integration tab.
|
| 3. |
Click Add. The
Handler Selection window appears.
| | 4. |
Select the Adapter option. Select the adpUPDATEORACLEIDENTITYMANAGERPASSWORD
adapter from the Handler Name pane. Click Save.
|
| 5. |
A Confirmation window appears. Click OK. Note:
If a Closing Form window appears, click Yes. The
Editing Task window is active again. Note:
The status of this adapter is Mapping Incomplete because its
variables are not yet mapped. Linda is now ready to map the variables for this
adapter. | | 6. |
Click the Adapter return value variable. Click Map. The
Edit Data Mapping For Variable window appears. |
7. | Complete
the fields of this window as follows: | Field
Name | Field Value | | Map
To | Process Data |
| Qualifier | Password |
| Old Value | [do
not select] | | | 8. |
Click Save. Then, click Close. The
Editing Task window is active again. |
| 9. | Click
the Password variable. Click Map. The
Edit Data Mapping For Variable window appears. |
10. | Complete
the fields of this window as follows: | Field
Name | Field Value | | Map
To | User Definition |
| Qualifier | Password |
| Old Value | [do not select] |
| | 11. | Click
Save. Then, click Close. The
Editing Task window is active again. Note:
The status of this adapter is now Ready because all of its variables
are mapped. | | 12. | Click
Save. Then, click Close. Note:
If a Closing Form window appears, click Yes. The
Process Definition form is active again. Linda
attached the Update Oracle Identity Manager Password adapter
to the Change User Password process task and mapped the adapter's
run-time variables. As a result, Linda can use Oracle Identity Manager to change
the password of a user's centralized account. After this happens, Oracle Identity
Manager transfers this modified password into the resource
with which a user is provisioned, thereby synchronizing the user's account with
both systems. For this OBE, Robert functions as the
user and an Oracle database serves as the resource. In the
next section of this OBE, Linda changes the password of Robert's centralized user
account. Then, Oracle Identity Manager passes this modified password into Robert's
resource-related account (that is, an Oracle database). |
Back to Topic List
In the previous section of this
OBE, Linda attached an adapter to a process task and mapped
the adapter's run-time variables. As a result, Linda can now use Oracle Identity
Manager to change the password of a user's centralized account. After this occurs,
Oracle Identity Manager transfers this modified password into the resource with
which a user is provisioned, thereby synchronizing the user's account with both
systems. For this OBE, Robert functions as the user and an Oracle database
serves as the resource. In this section of this OBE, Linda
changes the password of Robert's centralized user account. Then, Oracle Identity
Manager passes this modified password into Robert's resource-related account (that
is, an Oracle database). To modify a user's password,
perform the following steps:
| 1. |
Open the Manage User form in the Users
folder. |
2. |
Select User ID from the combo box that appears in this form.
Then, in the text box that appears to the right of the combo box, enter the ID
of the target user (that is, RLAVALLI). Click Search User.
|
| 3. | From
the result set that appears, click the link that represents the ID of the target
user. |
| 4. | The
User Detail form is displayed. Click Change Password. The
Change Password form appears. |
| 5. |
Complete the fields of this form as follows:
| Field Name |
Field Value | | Password | robert
| | Confirm Password | robert |
| | 6. |
Click Save Password. The
User Detail form is active again. This signifies that Linda changed
the password of Robert's centralized account. Oracle Identity Manager transfers
this modified password into the resource with which Robert is provisioned (that
is, an Oracle database). As a result, Robert's account is synchronized with both
systems. In the next section of this OBE, Linda verifies
that the updated login credentials for Robert (that is, his existing ID and modified
password) can be used to access this database. For this OBE, this is accomplished
by using Oracle SQL*Plus Client. | Back
to Topic List
In this OBE, Linda learned how to
use Oracle Identity Manager to change the password of Robert's centralized user
account. After this occurs, Oracle Identity Manager passes this modification into
the resource with which Robert is provisioned (that is,an Oracle database). As
a result, the modified Oracle Identity Manager password replaces the existing
resource-related password, thereby synchronizing Robert's account with both systems.
Now, Linda must verify that the updated
login credentials for Robert (that is, his existing ID and modified password)
can be used to access this database. For this OBE, this is accomplished by using
Oracle SQL*Plus Client. To access the external
resource, perform the following steps.
| 1. |
To start Oracle SQL*Plus Client, navigate to SQL Plus
(via Start > Programs > Oracle - OraDb10g_home1 > Application Development
> SQL Plus) An
Oracle*SQL Plus window and a Log On window appear. |
| 2. |
Populate the fields of the Log On window as follows:
| Field |
Value | | User Name |
RLAVALLI | | Password | robert
| | Host String | orcl
| | | 3. |
Click OK. The
following text appears within the Oracle*SQL Plus window: This
signifies that Robert's updated login credentials (that is, his existing ID and
modified password) can be used to access the Oracle database. As a result, the
modified Oracle Identity Manager password replaces his existing resource-related
password, thereby synchronizing Robert's account with both systems. |
Back
to Topic List In
this lesson, you learned how to:
 | Create
a process task adapter | | Modify
a provisioning process | | Assign
an adapter to a process task | |
Modify a user's password | | Access
a resource | Back
to Topic List
| To
ask a question about this OBE tutorial, post a query on the OBE
Discussion Forum. | Back
to Topic List
Place the cursor over this icon to hide
all screenshots.
|
Bookmark
