Create Custom Approval Processes for Assigning Resources to a User

<Do not delete this text because it is a placeholder for the generated list of "main" topics when run in a browser>

Purpose

This OBE tutorial describes and shows you how to use Oracle Identity Manager 11.1.1.5.0 to create custom approval processes and use them to approve requests to assign resources to a user.

In the request and approval processes, you have five actors who fall into four categories: administrators, requesters, approvers, and beneficiaries. These actors are:

Time to Complete

Approximately 4 hours.

Overview

Oracle Identity Manager is a highly flexible and scalable enterprise identity management system that manages the access privileges of users within enterprise IT resources. It helps to answer the critical compliance questions of "Who has access to What, When, How, and Why?"

Oracle Identity Managerís flexible architecture can handle the most complex IT and business requirements without requiring changes to existing infrastructure, policies, or procedures. With this hallmark flexibility, Oracle Identity Manager excels at handling the constant flow of business changes that impact real-world identity management deployments. This flexibility is derived from the productís architecture, which abstracts core provisioning functions into discrete layers.

Changes to workflow, policy, data flow, or integration technology are isolated within the respective functional layers of Oracle Identity Manager, thus minimizing application-wide impact. In addition, Oracle Identity Manager is flexible because all configurations are done via its powerful user interface. The product does not rely on any scripting language for setup, configuration, or process modeling. As a result, Oracle Identity Manager is the most-advanced enterprise identity management solution available.

Scenario

Shirley Schmidt is employed as a system administrator for Mydo Main Corporation. In Mydo Main, she is responsible for performing identity and access management tasks on various users in the organization. One such task is customizing approval processes for assigning resources to users. As a result, these custom approval processes can be used to approve requests for assigning both the Microsoft Active Directory (AD) and eBusiness User Suite (EBS) resources to a user in Oracle Identity Manager.

In addition to creating and managing the custom approval processes, Ms. Schmidt functions as a requester. For this tutorial, she makes requests for Brad Chase to be assigned to both the AD and EBS resources.

As a result, Oracle Identity Manager uses the custom approval processes to assign the requests to three other Mydo Main users:

After all three users approve the requests, Oracle Identity Manager assigns the AD and EBS resources to Brad Chase.

Software Requirements

Before starting this tutorial, you should have:

Note: Screen captures for this tutorial were taken in a Windows XP Professional environment; therefore, Start menu options will vary.

Creating and Assigning Organizations, Roles, and Users

In this section of the OBE, you create and assign organizations, roles, and users in Oracle Identity Manager. You need these records to create custom approval processes for requests for assigning resources to a user. Specifically, you:

To create and assign organizations, roles, and users in Oracle Identity Manager, perform the following steps:

.

Launch the Oracle Identity Manager Server, Administrative and User Console, and Design Console.

 

.

Log in to the Administrative and User Console with the "superuser" account for Oracle Identity Manager. For this tutorial, enter xelsysadm in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

 

.

Click the Create Organization link on the home page of the Delegated Administration Console.

Note: If you see the Self Service Console or Advanced Administration Console instead of the Delegated Administration Console, click the Administration link in the upper-right corner of the active console's Home page.

 

.

On the Create Organization page, enter IT in the Name field, select Department from the Type drop-down menu, and click Save.

Note: The Parent Organization field indicates the parent organization of your organization (that is, your organization is a suborganization). Because your organization is a parent organization, and is not a suborganization, leave this field empty.

 

.

Repeat steps 3 and 4 of this procedure to create the BUSINESS and ADMINISTRATION organizations.

You created the IT, BUSINESS, and ADMINISTRATION organizations. You are ready to create the AD_ADMINISTRATORS and EBS_ADMINISTRATORS roles.

 

.

Click the Create Role link on the home page of the Delegated Administration Console.

 

.

On the Create Role page, enter AD_ADMINISTRATORS in the Name field and click Save.

 

.

Repeat steps 6 and 7of this procedure to create the EBS_ADMINISTRATORS role.

You created the AD_ADMINISTRATORS and EBS_ADMINISTRATORS roles. You are ready to create user records for Danny Crane and Clark Brown, and assign both Mr. Crane and Mr. Bauer to the IT organization.

For this tutorial, Danny Crane is the administrator for the AD resource, and Clark Brown is the administrator for the EBS resource. Because they are resource administrators, they are responsible for approving requests for all users who are to be assigned to AD and EBS, respectively (including Brad Chase).

 

.

Click the Create User link on the home page of the Delegated Administration Console.

 

.

Use the following screenshot to populate the Basic User Information region of the Create User page.

 

.

On the Account Settings region of the Create User page, enter DCRANE in the User Login field, and Welcome1 in both the Password and Confirm Password fields. Click Save.

Note: For security purposes, the password is displayed as a series of bullets (·). For this example, because the password is Welcome1, it appears as ········.

 

.

Click the Create User link on the home page of the Delegated Administration Console.

 

.

Use the following screenshot to populate the Basic User Information region of the Create User page.

 

.

On the Account Settings region of the Create User page, enter CBROWN in the User Login field, and Welcome1 in both the Password and Confirm Password fields. Click Save.

You created user records for Danny Crane and Clark Brown, and assigned both Mr. Crane and Mr. Brown to the IT organization.

You are ready to create user records for Jerry Espenson and Brad Chase, and assign both users to the BUSINESS organization. For this tutorial:

  • Brad Chase is the beneficiary, or end-user who is to be assigned to both the AD and EBS resources
  • Jerry Espenson is Brad Chase's manager, and is responsible for approving the requests Shirley Schmidt makes for Brad Chase to be assigned to the resources

 

.

Use the following tables to create user records for Jerry Espenson and Brad Chase:

Field Value
First Name Jerry
Last Name Espenson
Design Console access check box [selected]
Email jerry.espenson@mydomain.com
Organization BUSINESS
User Type Full-Time Employee
Display Name Jerry Espenson
User Login JESPENSON
Password Welcome1
Confirm Password Welcome1

 

Field Value
First Name Brad
Last Name Chase
Design Console access check box [cleared]
Email brad.chase@mydomain.com
Manager Jerry Espenson
Organization BUSINESS
User Type Full-Time Employee
Display Name Brad Chase
User Login BCHASE
Password Welcome1
Confirm Password Welcome1

Note: For this tutorial, Jerry Espenson is the manager of Brad Chase. As a result, the Manager field for the user account of Mr. Chase is populated accordingly.

You created user records for Brad Chase and Jerry Espenson, and assigned both users to the BUSINESS organization.

You are ready to create a user record for Shirley Schmidt and assign Ms. Schmidt to the ADMINISTRATION organization. For this tutorial, she is the:

  • Administrator responsible for creating the custom approval processes
  • Requester who makes requests for Brad Chase to be assigned to both the AD and EBS resources

 

.

Use the following table to create a user record for Shirley Schmidt.

Field Value
First Name Shirley
Last Name Schmidt
Design Console access check box [selected]
Email shirley.schmidt@mydomain.com
Organization ADMINISTRATION
User Type Full-Time Employee
Display Name Shirley Schmidt
User Login SSCHMIDT
Password Welcome1
Confirm Password Welcome1

You created a user record for Shirley Schmidt, and assigned Ms. Schmidt to the ADMINISTRATION organization. For this tutorial, she is the administrator responsible for creating both the custom approval processes and the requests for Brad Chase to be assigned to both the AD and EBS resources.

You are ready to assign the AD_ADMINISTRATORS role to Danny Crane, and designate the role as an Administrative role for the Microsoft Active Directory (AD) resource. By doing so, Mr. Crane can approve requests for all users who are to be assigned to AD (including Brad Chase).

 

.

On the page that contains the user record for Danny Crane, click the Roles tab.

 

.

On the Roles tab, click Assign.

 

.

On the Add Role window, enter AD_ADMINISTRATORS in the Display Name field. Click Search.

 

.

On the Search Results region of the Add Role window, select the AD_ADMINISTRATORS role. Click Add.

The AD_ADMINISTRATORS role appears in the Roles tab.

You assigned the AD_ADMINISTRATORS role to Mr. Crane. You are ready to designate this role as an Administrative role for the Microsoft Active Directory (AD) resource.

 

.

Log in to the Oracle Identity Manager Design Console with the "superuser" account for Oracle Identity Manager. For this tutorial, enter xelsysadm in the User ID field, Welcome1 in the Password field, and click LogIn.

 

.

On the main screen of the Oracle Identity Manager Design Console, expand the Resource Management folder. Then, double-click the Resource Objects entry.

Note: You double-click the Resource Objects entry to open the Resource Objects form in the Oracle Identity Manager Design Console. You use this form to create and manage the resource objects for the Oracle Identity Manager resources that you want to assign to users. For this example, you want to designate the AD_ADMINISTRATORS role as an Administrative role for the AD resource.

 

.

Enter AD User in the Name field. Click Query.

Note: You enter AD User in the Name field because, for this tutorial, you are designate the AD_ADMINISTRATORS role as an Administrative role for the AD resource. This resource is represented in Oracle Identity Manager by the AD User resource object.

 

.

Click the Administrators tab.

 

.

On the Administrators tab, click Assign.

Note: You click Assign on the Administrators tab because you want to designate the AD_ADMINISTRATORS role as an Administrative role for the AD resource.

 

.

On the Roles window, select the AD_ADMINISTRATORS role from the Unassigned Roles pane. Click the right arrow button.

The AD_ADMINISTRATORS role appears in the Assigned Roles pane.

 

.

Click OK.

The Resource Objects form is active. The AD_ADMINISTRATORS role appears in the Administrators tab.

 

.

Click Save.

You designated the AD_ADMINISTRATORS role as an Administrative role for the AD resource (represented by the AD User resource object).

You are ready to assign the EBS_ADMINISTRATORS role to Clark Brown, and designate the role as an Administrative role for the EBS resource. By doing so, Mr. Brown can approve requests for all users who are to be assigned to EBS (including Brad Chase).

 

.

Use steps 17-28 of this procedure to assign the EBS_ADMINISTRATORS role to Clark Brown, and designate the role as an Administrative role for the EBS resource (represented by the eBusiness Suite User resource object)

You are ready to assign the SYSTEM ADMINISTRATORS role to Shirley Schmidt.

Note: You did not create the SYSTEM ADMINISTRATORS role. Rather, this role is created automatically when Oracle Identity Manager is installed.

 

.

On the page that contains the user record for Shirley Schmidt, click the Roles tab.

 

.

On the Roles tab, click Assign.

 

.

On the Add Role window, enter SYSTEM ADMINISTRATORS in the Display Name field. Click Search.

 

.

On the Search Results region of the Add Role window, select the SYSTEM ADMINISTRATORS role. Click Add.

The SYSTEM ADMINISTRATORS role appears in the Roles tab.

You assigned the SYSTEM ADMINISTRATORS role to Ms. Schmidt. You created and assigned organizations, roles, and users in Oracle Identity Manager. You need these records to create custom approval processes for requests to assign resources to a user in Oracle Identity Manager.

For this tutorial, Shirley Schmidt acts as the administrator responsible for creating the custom approval processes. You are ready to authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

 

Authorizing an Administrator to Create Custom Approval Processes

In the previous section of this OBE, you created a user account for Shirley Schmidt. For this tutorial, Ms. Schmidt is the administrator responsible for creating the custom approval processes.

However, just because a user is an Oracle Identity Manager administrator does not mean that the user is authorized to create custom approval processes. Approval processes determine how Oracle Identity Manager is to provision Mydo Main Corporation's resources to the company's users and organizations. Therefore, by ensuring that only those administrators who have the proper credentials to create custom approval processes can do so, you prevent potential security violations, which can include unauthorized users having access to the company's resources.

In this section of the OBE, you authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager. To do so, you use the Oracle Enterprise Manager Fusion Middleware Control 11g.

To authorize an administrator to create approval processes in Oracle Identity Manager, perform the following steps:

.

Launch Oracle Enterprise Manager Fusion Middleware Control 11g.

 

.

Log in to Oracle Enterprise Manager Fusion Middleware Control 11g with the "superuser" account for Oracle WebLogic Server. For this tutorial, enter weblogic in the User Name field, Welcome1 in the Password field, and click Login.

Note: For security purposes, the password is displayed as a series of bullets (·). Also, if the Accessibility Preference window appears, select the Do not show me these options again check box.

 

.

On the home page of Oracle Enterprise Manager Fusion Middleware Control 11g, expand the WebLogic Domain folder (by clicking the plus icon to the left of the folder).

 

.

Select the base domain for Oracle WebLogic Server. For this OBE, the base domain is base_domain.

Note: You select the base domain for Oracle WebLogic Server (base_domain) because, for this section of the OBE, you authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

Approval processes are created in containers known as Service Oriented Architecture (SOA) composites. Therefore, you must authorize Ms. Schmidt for both Oracle Identity Manager and SOA.

By selecting the base domain for Oracle WebLogic Server, you are authorizing Ms. Schmidt for all administrative and managed servers associated with Oracle WebLogic Server, including the servers for Oracle Identity Manager and SOA.

 

.

From the base_domain menu, select Security > Credentials.

Note: You select Security > Credentials from the base_domain menu because you are storing the login credentials of Shirley Schmidt into the Oracle Identity Manager database for security purposes. By doing so, you are authorizing Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

 

.

On the Credentials page, click Create Map.

 

.

On the Create Map window, enter oracle.oim.sysadminMap in the the Map Name field and click OK.

Note: You click Create Map on the Credentials page and enter oracle.oim.sysadminMap in the the Map Name field of the Create Map window because you want to create a dynamic data structure known as a hash map. This type of map uses hash functions to map identifying values, known as keys, to their associated values.

For this type of map (oracle.oim.sysadminMap), you are mapping key-value pairs for Oracle Identity Manager system administrators. You assigned the SYSTEM ADMINISTRATORS role to Shirley Schmidt; therefore, she is a system administrator.

For this example, you are to map two keys (the login ID and password for an administrator who is authorized to create custom approval processes in Oracle Identity Manager) to the login credentials of Ms. Schmidt. For this OBE, these credentials are SSCHMIDT and Welcome1.

By mapping key-value pairs for Ms. Schmidt in the oracle.oim.sysadminMap map, Oracle Identity Manager can verify that she is authorized to create custom approval processes.

 

.

On the Credentials page, select the map you created (oracle.oim.sysadminMap). Click Create Key.

Note: You click Create Key because you want to map key-value pairs for Ms. Schmidt in the oracle.oim.sysadminMap map. For this example, you map two key-value pairs:

Key Value
sysadmin SSCHMIDT
Password Welcome1

 

.

Use the following screenshot to populate the Create Key window, and click OK.

 

.

The Credentials page appears. The sysadmin key, which represents the two key-value pairs you mapped, is created.

You mapped two keys (the login ID and password for an administrator who is authorized to create custom approval processes in Oracle Identity Manager) to the login credentials of Shirley Schmidt. As a result, Oracle Identity Manager can verify that she is authorized to create custom approval processes.

You are ready to access Oracle Identity Manager as Shirley Schmidt to create custom approval processes.

 

Creating Custom Approval Processes

In the section of this OBE titled Authorizing an Administrator to Create Custom Approval Processes, you used Oracle Enterprise Manager Fusion Middleware Control 11g to authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

You are now ready to create two custom approval processes:

For Oracle Identity Manager, approval processes are created in containers known as Service Oriented Architecture (SOA) composites. Therefore, you must use the Oracle SOA application to create the custom SOA composites that hold the custom approval processes.

To facilitate matters, Oracle Identity Manager has a helper utility for creating custom SOA composites. This utility creates a SOA template that is to be used for each custom approval process. This template adheres to all the necessary standards.

In this section of the OBE, you create the custom SOA composites that hold the custom approval processes. To do so, you use the helper utility.

To use the helper utility to create custom SOA composites for the custom approval processes, perform the following steps:

.

Download the developing_oim_custom_approval_process_for_resource_provision.zip file.

Note: This zip file contains the files that you need to create a custom approval process.

 

.

Open a Terminal window.

 

.

Navigate to the <MIDDLEWARE_HOME>/wlserver_10.3/server/bin directory.

Note: <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

 

.

At the prompts, enter the following commands (and press Enter after each command):

  • bash
  • source setWLSEnv.sh

Note: By entering the bash and source setWLSEnv.sh commands, you call the setWLSEnv.sh script that comes with Oracle WebLogic Server. This script sets up all of the environment variables so that you can run the helper utility.

 

.

At the prompt, enter ant -f <OIM_HOME>/server/workflows/new-workflow/new_project.xml (and press Enter).

Note: ant represents the ant.sh file. This shell script file supplies built-in tasks used to run Java applications, such as the helper utility. By using the –f command, you are forcing the utility to run. <OIM_HOME> represents the base directory for Oracle Identity Manager. For this tutorial, <OIM_HOME> is represented by /opt/oracle/Middleware/Oracle_IDM1. new_project.xml is the name of the XML file associated with the helper utility.

 

.

Enter values for the prompts that appear, as follows (and press Enter after each value):

Prompt Value
Please enter application name ResourceSerialApprovalApp
Please enter project name ResourceSerialApproval
Please enter the service name for the composite. This needs to be unique across applications. ResourceSerialApprovalService

Important: The application, project, and service names that you enter are case-sensitive.

Note: The project name you define (ResourceSerialApproval) is the name of the SOA composite, and eventually forms the name of the custom approval process. It should be a descriptive name so that it is easily recognizable when you are ready to use it as an approval process. The service name (ResourceSerialApprovalService) is the ADF binding name used for this specific SOA composite. It must be unique to this composite.

Oracle Identity Manager creates the custom SOA composite that holds the custom approval process. After the SOA composite is created, a BUILD SUCCESSFUL message appears.

By default, Oracle Identity Manager saves the custom SOA composite you created using the helper utility to the <OIMHOME>/server/workflows/new-workflow/process-template directory. This SOA composite contains the custom approval aprocess.

You created the ResourceSerialApproval approval process. This approval process is to contain two approval process tasks that are to be completed sequentially. For this process, Oracle Identity Manager is to trigger the second task only after the first task is completed.

You are ready to create a second approval process: ResourceParallelApproval. This approval process is also to contain two approval process tasks; however, Oracle Identity Manager triggers them simultaneously. So, Oracle Identity Manager assigns both tasks to the appropriate users in parallel.

 

.

Open a second Terminal window.

 

.

Repeat steps 3-5 of this procedure.

 

.

Enter values for the prompts that appear, as follows (and press Enter after each value):

Prompt Value
Please enter application name ResourceParallelApprovalApp
Please enter project name ResourceParallelApproval
Please enter the service name for the composite. This needs to be unique across applications. ResourceParallelApprovalService

Oracle Identity Manager creates the custom SOA composite that holds the second custom approval process. After the SOA composite is created, a BUILD SUCCESSFUL message appears.

You created two approval processes: ResourceSerialApproval and ResourceParallelApproval. You are ready to modify these approval processes.

 

Modifying the Custom Approval Processes

In the previous section of this OBE, you used the helper utility to create custom SOA composites for two custom approval processes: ResourceSerialApproval and ResourceParallelApproval. These processes are to be used to approve requests to assign resources to a user. For this tutorial:

By default, a task associated with each approval process is assigned to xelsysadm: an Oracle Identity Manager superuser account. You want to modify this approval process task so that the task is assigned to the following individuals:

Because you assigned Shirley Schmidt to the ADMINISTRATION organization in the section of this OBE titled Creating and Assigning Organizations, Roles, and Users, she can create the custom approval processes. As a result, after she makes requests for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager sends the requests to Jerry Espenson (who belongs to the BUSINESS organization), and Clark Brown and Danny Crane (members of the IT organization), so they can approve them. After all three users approve the requests, Oracle Identity Manager assigns Brad Chase to AD and EBS.

In this section of the OBE, you use JDeveloper to modify each custom approval process by so that the approval process task is assigned to Jerry Espenson, Clark Brown, and Danny Crane, instead of the xelsysadm superuser account.

As a result, for the ResourceSerialApproval approval process, after Shirley Schmidt makes a request for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager assigns the process to two individuals (represented by a Resource Administrators approval process task):

After both Mr. Crane and Mr. Brown approve the request, Oracle Identity Manager assigns the custom approval process to the individual represented by a Beneficiary Manager task: Jerry Espenson. Because Mr. Espenson manages Mr. Chase, he is responsible for approving requests for all resources assigned to Mr. Chase (including AD and EBS).

The ResourceSerialApproval approval process is to be completed sequentially. Oracle Identity Manager is to trigger the Beneficiary Manager approval process task only after both Danny Crane and Clark Brown complete the Resource Administrators task.

Then, you modify the ResourceParallelApproval approval process. For this approval process, Oracle Identity Manager triggers the Resource Administrators and Beneficiary Manager approval process tasks simultaneously. So, after Shirley Schmidt makes a request for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager assigns the custom approval process to Danny Crane, Clark Brown, and Jerry Espenson in parallel.

To modify the ResourceSerialApproval and ResourceParallelApproval custom approval processes, complete the following steps:

.

Launch JDeveloper.

 

.

Select the Application navigation panel, if not already selected.

Note: If the Application navigation panel is not visible, select View > Application Navigator from the menu bar.

 

.

Click Open Application ...

 

.

On the Open Application(s) window, change to the <OIMHOME>/server/workflows/new-workflow/process-template/ResourceSerialApprovalApp directory, select the ResourceSerialApprovalApp.jws file, and click Open.

Note: For this tutorial, <OIM_HOME> is represented by /opt/oracle/Middleware/Oracle_IDM1.

 

.

On the Open Warning window, click Yes.

 

.

On the Migration Status window, click OK.

Note: By clicking Yes on the Open Warning window and OK on the Migration Status window, you are loading the ResourceSerialApprovalApp application into JDeveloper. This application contains the custom approval process that you are to modify.

 

.

On the Application Navigator panel, expand the ResourceSerialApproval > SOA Content directory.

 

.

Open the composite.xml file (by double-clicking it).

The contents of the composite.xml file are loaded into the editor of JDeveloper.

You open this file because you want to add a property to it. This property is associated with the URL for the Oracle Identity Manager Administrative and User Console. By adding this property in the composite.xml file, instead of hard-coding a value for the property, you can change its value at runtime (through the Oracle Enterprise Manager 11g Fusion Middleware Control).

Tip: You can minimize the Resource Palette tab to the right of the editor to extend the width of the editor.

 

.

On the JDeveloper editor, click the Source tab.

Note: By clicking the Source tab, the source code for the composite.xml file appears. By accessing this code, you can add a value to a property in the file quickly and easily.

 

.

Locate the following lines of code:

<component name="ApprovalProcess">
<implementation.bpel src="ApprovalProcess.bpel"/>
</component>

Add the following line of code after the <implementation> line of code:

<property name="bpel.preference.oimurl">t3://localhost:14000</property>

The composite.xml file should appear, as follows:

Note: You can specify localhost because, for this tutorial, Oracle Identity Manager and SOA reside on the same machine. Also, 14000 is the port number reserved for Oracle Identity Manager.

 

.

Save and close the composite.xml file.

 

.

On the Application Navigator panel, open the ApprovalProcess.bpel file (by double-clicking it).

Note: The ApprovalProcess.bpel file contains the code for the custom approval process you created. For this section of the OBE, you are to modify this approval process so that a task associated with the process is assigned to Jerry Espenson, Clark Brown, and Danny Crane, instead of the xelsysadm superuser account.

 

.

On the JDeveloper editor, click the Design tab. Click (x) in the editor.

 

.

On the Variables window, click the green plus icon (+).

Note: You click (x) in the JDeveloper editor and (+) on the Variables window to add variables to the custom approval process.

 

.

Populate the Create Variable window, as follows (and click OK):

Field Value
Name oimurl
Type option string

Note: The oimurl variable is associated with the property you defined in step 10 of this procedure. Also, to select string as the data type for the variable, click the magnifying glass to the right of the Type option, select string from the Type Chooser window, and click OK.

 

.

Repeat steps 14-15 of this procedure to create second variable named resourceAdmins with a data type of string. Both variables should appear in the Variables window.

Note: The resourceAdmins variable is a placeholder for the resource administrators who approve any requests for users who are to be assigned to particular resources (for example, the AD or EBS resources). For this tutorial, Danny Crane and Clark Brown are administrators for the AD and EBS resources, respectively. As a result, Mr. Crane and Mr. Brown are responsible for approving requests for all users (including Brad Chase) who are to be assigned to AD and EBS.

 

.

Click OK to close the Variables window.

You are ready to add two tasks to the custom approval process:

  • AssignOimUrl. Oracle Identity Manager uses this approval process task to obtain the URL for the Administrative and User Console. This URL is to be used by the person creating requests for Brad Chase to be assigned to be assigned to both the AD and EBS resources. For this tutorial, Shirley Schmidt is the requester.
  • GetAssigneesInfo. Oracle Identity Manager uses this task to assign the approval process to Jerry Espenson, Clark Brown, and Danny Crane (instead of the xelsysadm superuser account).

 

.

Open the Component Palette of JDeveloper.

Note: The Component Palette is where you are to add the AssignOimUrl and GetAssigneesInfo tasks to the custom approval process.

 

.

On the Component Palette, drag and drop the Assign activity so that it rests in between the receiveInput activity and the ApprovalTask_1 activity.

Note: By default, JDeveloper assigns a name of Assign1 to the activity (because this is the first Assign activity you are adding to the custom approval process). This activity represents a task you are adding to the custom approval process.

You are ready to change the name of the approval process task from Assign1 to a more descriptive name (AssignOimUrl). Oracle Identity Manager uses this task to obtain the URL for the Administrative and User Console.

 

.

Right-click the Assign1 task. Select Edit from the menu that appears.

 

.

Click the General tab on the Edit Assign window. In the Name field, replace the existing name of the approval process task (Assign1) with the desginated name (AssignOimUrl).

You are ready to use the Expression Builder feature of JDeveloper to create an expression that is used to fetch the URL associated with Oracle Identity Manager. This URL is to be used by the person creating requests for Brad Chase to be assigned to the AD and EBS resources. For this tutorial, Shirley Schmidt is the requester.

 

.

Click the Copy Rules tab on the Edit Assign window.

Note: The Copy Rules tab is where you access the Expression Builder feature of JDeveloper.

 

.

Click the Expression icon (which resembles a calculator) and drag it onto the target variable for which you want to create an expression. For this example, you click and drag the Expression icon onto the oimurl variable because you want to create an expression that is used to fetch the URL associated with Oracle Identity Manager.

Note: The green box around the oimurl variable signifies that you can now create an expression for this variable. As a result, the Expression Builder window appears automatically for the variable.

 

.

Select BPEL XPath Extension Functions from the Functions area of the Expression Builder window.

 

.

Select the getPreference function and click Insert Into Expression.

The Expression area of the Expression Builder window contains the function you created.

Note: You select BPEL XPath Extension Functions from the Functions area of the Expression Builder window because you want to use BPEL capabilities and XPath standards predefined in JDeveloper. You select the getPreference function because this function returns the value of a property. For this example, the value to be returned is the URL associated with Oracle Identity Manager.

 

.

Click inside the parenthetical portion of the expression ( ). Enter 'oimurl' inside of the parenthesis. The expression should appear, as follows:

Important: Make sure you include the single quotation marks around the oimurl variable.

Note: You enter 'oimurl' into the expression because you want the getPreference function to return the value of the URL associated with Oracle Identity Manager.

 

.

Click OK to close the Expression Builder window.

 

.

Click OK to close the Edit Assign window.

You are ready to add the GetAssigneesInfo task to the custom approval process. Oracle Identity Manager uses this task to assign the approval process to Jerry Espenson, Clark Brown, and Danny Crane (instead of the xelsysadm superuser account).

 

.

On the Component Palette, select the Oracle Extensions menu. Select the Java Embedding activity.

Note: You select the Java Embedding activity because you want to include some "inline" Java code into the GetAssigneesInfo task that you are adding to the custom approval process.

 

.

Drag and drop this activity so that it rests directly below the AssignOimUrl activity.

Note: By default, JDeveloper assigns a name of Java_Embedding1 to the activity (because this is the first Java Embedding activity you are adding to the custom approval process).

You are ready to change the name of the approval process task from Java_Embedding1 to a more descriptive name (GetAssigneesInfo). Oracle Identity Manager uses this task to assign the approval process to Jerry Espenson, Clark Brown, and Danny Crane (instead of the xelsysadm superuser account).

 

.

Right-click the Java_Embedding1 task. Select Edit from the menu that appears.

 

.

Click the General tab on the Edit Assign window. In the Name field, replace the existing name of the approval process task (Java_Embedding1) with the desginated name (GetAssigneesInfo).

 

.

Remove all code that appears in the Code Snippet text area. Then, enter the code contained in this file.

Note: Oracle Identity Manager uses this code to access its internal APIs to assign the approval process to Jerry Espenson, Clark Brown, and Danny Crane (instead of the xelsysadm superuser account).

 

.

Click OK to close the Edit Java Embedding window.

Note: Oracle Identity Manager uses the code you entered to access its internal APIs to assign the approval process to Jerry Espenson, Clark Brown, and Danny Crane (instead of the xelsysadm superuser account).

To enable Oracle Identity Manager to use these APIs, the approval process must be able to reference the oimclient.jar file. Oracle Identity Manager requires this jar file to compile the code you entered properly. As a result, Oracle Identity Manager can access the APIs.

 

.

Open File Browser. Copy the oimclient.jar file in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/client directory. Paste this jar file into the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/new-workflow/process-template/ResourceSerialApprovalApp/ResourceSerialApproval/SCA-INF/lib directory.

Note: For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

You are ready to make Oracle Platform Security Services (OPSS) available for the custom approval process. OPSS is the underlying security platform that provides security to Oracle Fusion Middleware products and services, including approval workflows created through SOA.

To make OPSS available for the approval process, you must add the jps-manifest.jar file to the project library files associated with the process.

 

.

In JDeveloper, right-click the ResourceSerialApproval project. Select Project Properties... from the menu that appears.

 

.

Select Libraries and Classpath from the left pane of the Project Properties window. Click Add JAR/Directory...

 

Note: You select Libraries and Classpath from the left pane of the Project Properties window and click Add JAR/Directory... because you want to add the jps-manifest.jar file to the project library files associated with the custom approval process.

 

.

On the Add Archive or Directory window, select the jps-manifest.jar file from the <MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1 directory. Click Select.

 

.

Click OK.

You added the jps-manifest.jar file to the project library files associated with the custom approval process. As a result, you made OPSS available for the approval process.

You are ready to create the ResourceAdministrators parameter. This parameter is to contain the values for the resource administrators who approve any requests for users who are to be assigned to particular resources (for this tutorial, the AD or EBS resources). For this tutorial, Danny Crane and Clark Brown are administrators for the AD and EBS resources, respectively. As a result, Mr. Crane and Mr. Brown are responsible for approving requests for all users (including Brad Chase) who are to be assigned to AD and EBS.

Oracle Identity Manager is to retrieve the values for the resource administrators by referencing its internal APIs.

 

.

On the Application Navigator panel, expand the ResourceSerialApproval > SOA Content directory. Open the ApprovalTask.task file (by double-clicking it).

 

.

On the Create Form pane, select Data.

 

.

On the Data page, click the green plus icon. Select Add string parameter from the menu that appears.

 

.

On the Add Task Parameter window, enter ResourceAdministrators in the Parameter Name field. Click OK.

You created the ResourceAdministrators parameter. This parameter is to contain the values for the resource administrators who approve any requests for users who are to be assigned to particular resources. Oracle Identity Manager is to retrieve these values by referencing its internal APIs.

You are ready to associate this parameter with the task of the custom approval process used to assign the process to the designated organization (the ApprovalTask_1_AssignTaskAttributes task). For this example, Oracle Identity Manager uses this task to assign the approval process to the IT or BUSINESS organizations (of which Jerry Espenson, Clark Brown, and Danny Crane are members) instead of the xelsysadm superuser account.

You use the ApprovalProcess.bpel file to associate the ResourceAdministrators parameter with the ApprovalTask_1_AssignTaskAttributes task.

 

.

Make the ApprovalProcess.bpel file active (by clicking the ApprovalProcess.bpel tab).

 

.

Expand the ApprovalTask_1 task by clicking the plus icon to the left of the task.

Note: By expanding the ApprovalTask_1 task, the ApprovalTask_1_AssignTaskAttributes task appears.

 

.

Click the ApprovalTask_1_AssignTaskAttributes task. Select the Source tab.

Note: By selecting the Source tab, you can modify the ApprovalTask_1_AssignTaskAttributes task directly through the source code. This is a quicker and more efficient way to modify code associated with an approval process task.

 

.

Locate the following lines of code:

<payload xmlns="http://xmlns.oracle.com/bpel/workflow/task">
<RequestID xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
<RequestModel xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
<RequestTarget xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
<url xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
<RequesterDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
<BeneficiaryDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
<ObjectDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
<OtherDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
<RequesterDisplayName xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
<BeneficiaryDisplayName xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
<Requester xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
</payload>

Add the following line of code after the <Requester xmlns="http://xmlns.oracle.com/bpel/workflow/task"/> line of code:

<ResourceAdministrators xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>

The ApprovalTask_1_AssignTaskAttributes task should appear, as follows:

You are ready to associate the initiate task condition with the ResourceAdministrators parameter. By doing so, Oracle Identity Manager can inititate the allocation of the custom approval process to the IT or BUSINESS organizations (of which Jerry Espenson, Clark Brown, and Danny Crane are members) instead of the xelsysadm superuser account.

 

.

Select the Design tab. Right-click the ApprovalTask_1_AssignTaskAttributes task. Select Edit from the menu that appears.

 

.

On the Edit Assign window, click the Copy Rules tab.

 

.

Click the resourceAdmins variable on the left pane of the Copy Rules tab. Drag this variable to the /ns2:initiateTask/task:task/task:payload item (on the right pane). The Copy Rules tab should appear, as follows:

 

.

In the To Xpath field, append /task:ResourceAdministrators to the xpath (and click OK). The path should appear, as follows: /ns2:initiateTask/task:task/task:payload/task:ResourceAdministrators.

Tip: To verify that you have the correct path, click the Source tab. Verify that you see the following lines of code:

<copy>
<from variable="resourceAdmins"/>
<to variable="initiateTaskInput" part="payload"
query="/ns2:initiateTask/task:task/task:payload/task:ResourceAdministrators"/>
</copy>

 

.

Open the Edit Assign window. In the lower region of the Edit Assign window, click the resourceAdmins copy operation (to select it). Click the blue down arrow button repeatedly until theresourceAdminscopy operation appears after the inputVariable/payload//ns3:process/ns4:RequesterDetails copy operation. Click OK.

 

You associated the initiate task condition with the ResourceAdministrators parameter. By doing so, Oracle Identity Manager can inititate the allocation of the custom approval process to the IT or BUSINESS organizations (of which Jerry Espenson, Clark Brown, and Danny Crane are members) instead of the xelsysadm superuser account.

You are ready to specify that the tasks of the custom approval process are to be assigned to Jerry Espenson (who belongs to the BUSINESS organization), and Clark Brown and Danny Crane (members of the IT organization). These three users are responsible for approving the request Shirley Schmidt makes for Brad Chase to be assigned to both the Microsoft Active Directory (AD) and eBusiness User Suite (EBS) resources.

 

.

Make the ApprovalTask.task file active (by clicking the ApprovalTask.task tab).

 

.

On the Create Form pane, select Assignment.

Note: You select the Assignment item because you want to assign the custom approval process to the IT or BUSINESS organizations (of which Jerry Espenson, Clark Brown, and Danny Crane are members) instead of the xelsysadm superuser account.

First, you want to create a task in the approval process titled Resource Administrators. Oracle Identity Manager uses this task to assign the approval process to two individuals after Shirley Schmidt makes a request for Brad Chase to be assigned to AD and EBS:

  • Danny Crane, an administrator for the AD resource. Because he is an administrator for this resource, Mr. Crane is responsible for approving requests for all users who are to be assigned to AD (including Brad Chase).
  • Clark Brown, an administrator for the EBS resource. As a result, Mr. Brown is responsible for approving requests for all users who are to be assigned to EBS (including Mr. Chase).

 

.

Double-click the Stage1.Participant1 icon.

Note: The Stage1.Participant1 icon represents the entity in Oracle Identity Manager to which the custom approval process is to be assigned.

 

.

On the Edit Participant Type window, select Single from the Type menu and enter Resource Administrators in the Label field. Then, select Names and expressions from the Build a list of participants using menu.

 

.

On the Starting Participants table, click the green plus icon. Then, select Add Group from the popup menu that appears.

 

.

Select Group from the Identification Type menu and By Expression from the Data Type menu. Click the ellipsis button [...] to the right of the Value field.

 

.

In the Expression Builder window, select the /task:task/task:payload/task:ResourceAdministrators expression in the Schema pane, and click Insert Into Expression.

Note: You select the /task:task/task:payload/task:ResourceAdministrators expression because you want Oracle Identity Manager to assign the custom approval process to Danny Crane and Clark Brown, administrators for the AD and EBS resources, respectively.

 

.

Click OK to close the Expression Builder window.

 

.

On the Starting Participants table of the Edit Participant Type window, select the row that contains the xelsysadm user account. Click Delete.

Note: You delete the row that contains the xelsysadm user account because you want Oracle Identity Manager to assign the custom approval process to Danny Crane and Clark Brown, resource administrators for AD and EBS, respectively (instead of the xelsysadm account).

 

.

Click OK to close the Edit Participant Type window.

You created a task in the approval process titled Resource Administrators. Oracle Identity Manager uses this task to assign the approval process to two individuals after Shirley Schmidt makes a request for Brad Chase to be assigned to the AD and EBS resources:

  • Danny Crane, administrator for the AD resource
  • Clark Brown, administrator for the EBS resource

You are ready to create a second task in the approval process titled Beneficiary Manager. Oracle Identity Manager uses this task to assign the approval process to Jerry Espenson, Brad Chase's manager. Because Mr. Espenson manages Mr. Chase, he is responsible for approving requests for all resources assigned to Mr. Chase (including AD and EBS).

 

.

On the Create Form pane, select the Resource Administrators task.

 

.

Click the green plus icon, and select Sequential participant block from the popup menu that appears.

Note: You select the Resource Administrators task and select the Sequential participant block item from the popup menu because you want Oracle Identity Manager to trigger the Beneficiary Manager approval process task only after both Danny Crane and Clark Brown complete the Resource Administrators task.

 

.

Use the following table to populate the Add Participant Type window:

Field Value
Type menu Single
Label Beneficiary Manager
"Build a list of participants" menu Names and expressions
"Specify attributes using" option Value-based
Identification Type menu User
Data Type menu By Expression
Value /task:task/task:payload/ns1:BeneficiaryDetails/ns1:ManagerLogin

Note: You select Single from the Type menu and specify the /task:task/task:payload/ns1:BeneficiaryDetails/ns1:ManagerLogin expression because you want Oracle Identity Manager to assign the custom approval process to one user: Jerry Espenson, Brad Chase's manager.

 

.

Click OK.

The ApprovalTask.task tab appears, as follows:

 

.

Click Save All on the JDeveloper toolbar to save your work.

You used JDeveloper to modify the custom approval process so that the approval process task is assigned to Clark Brown, Danny Crane, and Jerry Espenson (instead of the xelsysadm superuser account).

As a result, after Shirley Schmidt makes a request for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager assigns the custom approval process to two individuals (represented by the Resource Administrators task):

  • Danny Crane, an administrator for the AD resource. Because he is an administrator for this resource, Mr. Crane is responsible for approving requests for all users who are to be assigned to AD (including Brad Chase).
  • Clark Brown, an administrator for the EBS resource. As a result, Mr. Brown is responsible for approving requests for all users who are to be assigned to EBS (including Mr. Chase).

After both Mr. Crane and Mr. Brown approve the request, Oracle Identity Manager assigns the custom approval process to the individual represented by the Beneficiary Manager task: Jerry Espenson. Because Mr. Espenson manages Mr. Chase, he is responsible for approving requests for all resources assigned to Mr. Chase (including AD and EBS).

This approval process is to be completed sequentially. Oracle Identity Manager is to trigger the Beneficiary Manager approval process task only after both Danny Crane and Clark Brown complete the Resource Administrators task.

You are ready to modify the ResourceParallelApproval custom approval process. For this process, Oracle Identity Manager triggers the Resource Administrators and Beneficiary Manager approval process tasks simultaneously. So, after Shirley Schmidt makes a request for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager assigns the custom approval process to Danny Crane, Clark Brown, and Jerry Espenson in parallel.

 

.

On JDeveloper, click Open Application ...

 

.

On the Open Application(s) window, change to the <OIMHOME>/server/workflows/new-workflow/process-template/ResourceParallelApprovalApp directory, select the ResourceParallelApprovalApp.jws file, and click Open.

 

.

Repeat steps 5-6 of this procedure.

 

.

On the Application Navigator panel, expand the ResourceParallelApproval > SOA Content directory.

 

.

Repeat steps 8-34 of this procedure.

 

.

Open File Browser. Copy the oimclient.jar file in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/client directory. Paste this jar file into the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/new-workflow/process-template/ResourceParallelApprovalApp/ResourceParallelApproval/SCA-INF/lib directory.

 

.

In JDeveloper, right-click the ResourceParallelApproval project. Select Project Properties... from the menu that appears.

 

.

Repeat steps 37-39 of this procedure.

 

.

On the Application Navigator panel, expand the ResourceParallelApproval > SOA Content directory. Open the ApprovalTask.task file (by double-clicking it).

 

.

Repeat steps 41-63 of this procedure.

You are ready to create a second task in the approval process titled Beneficiary Manager. Oracle Identity Manager uses this task to assign the approval process to Jerry Espenson, Brad Chase's manager. Because Mr. Espenson manages Mr. Chase, he is responsible for approving requests for all resources assigned to Mr. Chase (including AD and EBS).

 

.

Click the green plus icon, and select Parallel participant block from the popup menu that appears.

Note: You select the Resource Administrators task and select the Parallel participant block item from the popup menu because you want Oracle Identity Manager to trigger the Resource Administrators and Beneficiary Manager approval process tasks in parallel.

 

.

Use the following table to populate the Add Participant Type window:

Field Value
Type menu Single
Label Beneficiary Manager
"Build a list of participants" menu Names and expressions
"Specify attributes using" option Value-based
Identification Type menu User
Data Type menu By Expression
Value /task:task/task:payload/ns1:BeneficiaryDetails/ns1:ManagerLogin

 

.

Click OK. The ApprovalTask.task tab appears, as follows:

You are ready to create a Vote Outcome and assign it to the ResourceParallelApproval custom approval process. The Vote Outcome is used to specify the percentage of votes required for an outcome to take effect. For this example, the Vote Outcome is used to verify that all three users (Jerry Espenson, Clark Brown, and Danny Crane) approved the request Shirley Schmidt makes for Brad Chase to be assigned to both the AD and EBS resources.

 

.

Double-click the Edit icon (which appears as a pencil).

 

.

Use the following table to populate the Vote Outcome window:

Field Value
Voted Outcomes menu APPROVE
Outcome Type menu By Percentage
Value 100
Default Outcome menu REJECT
"Wait until all votes are in before triggering outcome" option [selected]

Note: By selecting APPROVE from the Voted Outcomes menu, By Percentage from the Outcome Types menu, and entering 100 in the Value field, Oracle Identity Manager is to assign Brad Chase to AD and EBS only after Jerry Espenson, Clark Brown, and Danny Crane (or 100% of the users) approve Shirley Schmidt's request for Mr. Chase to be assgined to the resources.

If all three users do not approve the request, Oracle Identity Manager rejects it (because you selected REJECT from the Default Outcome menu). Also, because you selected the "Wait until all votes are in before triggering outcome" option, Oracle Identity Manager does not assign AD and EBS to Mr. Chase until after Mr. Espenson, Mr. Brown, and Mr. Crane approve the request.

 

.

Click OK.

 

.

Click Save All on the JDeveloper toolbar to save your work.

You used JDeveloper to modify the ResourceSerialApproval and ResourceParallelApproval custom approval processes so that the approval process task for each process is assigned to Jerry Espenson, Clark Brown, and Danny Crane, instead of the xelsysadm superuser account.

For the ResourceSerialApproval process, you created two approval process tasks (Resource Administrators and Beneficiary Manager) that are to be completed sequentially. Oracle Identity Manager is to trigger the second task only after the first task is completed.

You also created the Resource Administrators and Beneficiary Manager approval process tasks for the ResourceParallelApproval process. However, Oracle Identity Manager triggers them simultaneously. So, Oracle Identity Manager assigns both tasks to the appropriate users in parallel.

You are ready to deploy the custom approval processes directly to SOA. After the approval processes are deployed, you then register each approval process to Oracle Identity Manager.

 

Deploying the Custom Approval Processes

In the previous section of this OBE, you modifed the ResourceSerialApproval and ResourceParallelApproval custom approval processes so that they are assigned to Jerry Espenson, Clark Brown, and Danny Crane, instead of the xelsysadm superuser account.

Two actions you completed to modify each approval process were:

You must include these two jar files as part of the classpath so that they can be referenced by SOA. Then, you can use JDeveloper to deploy the approval processes to SOA.

To deploy the custom approval processes, perform the following steps:

.

Launch Oracle Enterprise Manager Fusion Middleware Control 11g.

 

.

Log in to Oracle Enterprise Manager Fusion Middleware Control 11g with the "superuser" account for Oracle WebLogic Server. For this tutorial, enter weblogic in the User Name field, Welcome1 in the Password field, and click Login.

 

.

On the home page of Oracle Enterprise Manager Fusion Middleware Control 11g, expand the WebLogic Domain folder (by clicking the plus icon to the left of the folder).

 

.

Select the base domain for Oracle WebLogic Server. For this OBE, the base domain is base_domain.

 

.

From the base_domain menu, select System MBean Browser.

 

.

On the System MBean Browser page, expand the Application Defined MBeans folder (by clicking the plus icon to the left of the folder). Then, expand the oracle.as.soainfra.config, Server: <SOA_SERVER>, and BPELConfig folders. Lastly, click the bpel item.

Note: For this tutorial, <SOA_SERVER> represents the base directory for Oracle SOA, and is represented by soa_server1.

 

.

On the Attributes tab , click the BpelcClasspath item.

Note: You click the BpelcClasspath item because you want to include the oimclient.jar and
jps-manifest.jar
files
as part of the classpath so that they can be referenced by SOA.

 

.

On the Attribute: BpelcClasspath page, click Use Multiple Line Editor.

Note: You click Use Multiple Line Editor because you are to include both the oimclient.jar and jps-manifest.jar files as part of the classpath. This information you are to add occupies more than one line of code.

 

.

In the text area, provide the full path for the oimclient.jar and jps-manifest.jar files. To do so, enter the following lines of code in the text area:

<MIDDLEWARE_HOME>/Oracle_IDM1/server/client/oimclient.zip:<MIDDLEWARE_HOME>/ oracle_common/modules/oracle.jps_11.1.1/jps-manifest.jar

Important: For a Microsoft Windows environment, separate the full paths for the oimclient.jar and
jps-manifest.jar files
with a semicolon instead of a colon.

Note: <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

 

.

Click Apply.

A Confirmation message appears.

You include the oimclient.jar and jps-manifest.jar files as part of the classpath so that they can be referenced by SOA. You are ready to use JDeveloper to deploy the custom approval process to SOA.

 

.

Make JDeveloper active.

 

.

From the Projects tab, right-click the project name, ResourceSerialApproval, and select Deploy > ResourceSerialApproval...

 

.

On the Deployment Action screen, select the Deploy to Application Server deployment action. Click Next.

Note: The Deploy to Application Server deployment action creates a JAR file for the ResourceSerialApproval custom approval process and deploys it to SOA. The Deploy to SAR deployment action creates a SAR (JAR) file of the approval process, but does not deploy it.

 

.

On the Deploy Configuration screen, select the Overwrite any existing composites with the same revision ID check box. Click Next.

Note: You select this check box because you want the ResourceSerialApproval custom approval process you are deploying to SOA to replace any existing approval workflows that may have the same revision identification number. For this tutorial, this ID is 1.0.

 

.

On the Select Server screen, click the green plus icon.

Note: You click this icon to add <SOA_SERVER> to the list of application servers to which JDeveloper can connect. JDeveloper must communicate with SOA for the custom approval process, which you created and modified in JDeveloper, to be deployed to SOA. For this tutorial, <SOA_SERVER> is represented by soa_server1.

 

.

On the Name and Type screen, enter a unique name for the connection between JDeveloper and SOA in the Connection Name field, and click Next. For this tutorial, soaserver represents the name of the connection.

 

.

On the Authentication screen, enter the login credentials of the "superuser" account for Oracle WebLogic Server. For this tutorial, enter weblogic in the Username field, Welcome1 in the Password field, and click Next.

Note: For security purposes, the password is displayed as a series of bullets (·). For this example, because the password is Welcome1, it appears as ·······.

 

.

On the Configuration screen, enter the base domain for Oracle WebLogic Server in the Weblogic Domain field, and click Next. For this OBE, the base domain is base_domain.

 

.

On the Test screen, click Test Connection.

Note: You click Test Connection to verify that JDeveloper can connect to SOA successfully.

 

.

After confirming that all nine connection tests are successful, click Finish.

 

.

On the Select Server screen, select the name you provided for the connection between JDeveloper and SOA in step 16 of this procedure, and click Finish. For this tutorial, soaserver represents the name of the connection.

 

.

After two minutes, click the Deployment tab in JDeveloper. Verify that you see the following message:

Successfully deployed archive sca_ResourceSerialApproval_rev1.0.jar

This message signifies you deployed the ResourceSerialApproval custom approval process successfully.

You deployed the ResourceSerialApproval process to SOA. You are ready to deploy the ResourceParallelApproval custom approval process.

 

.

From the Projects tab, right-click the project name, ResourceParallelApproval, and select Deploy > ResourceParallelApproval...

 

.

On the Deployment Action screen, select the Deploy to Application Server deployment action. Click Next.

 

.

On the Deploy Configuration screen, select the Overwrite any existing composites with the same revision ID check box. Click Next.

 

.

On the Select Server screen, select the name you provided for the connection between JDeveloper and SOA in step 16 of this procedure, and click Finish. For this tutorial, soaserver represents the name of the connection.

 

.

After two minutes, click the Deployment tab in JDeveloper. Verify that you see the following message:

Successfully deployed archive sca_ResourceParallelApproval_rev1.0.jar

This message signifies you deployed the ResourceParallelApproval custom approval process successfully.

In this section of the OBE, you deployed the ResourceSerialApproval and ResourceParallelApproval custom approval processes to SOA. You are ready to register each approval process so that Oracle Identity Manager can use it.

 

Registering the Custom Approval Processes

In the previous section of this OBE, you included the oimclient.jar and jps-manifest.jar files as part of the classpath so that they can be referenced by SOA. Then, you used JDeveloper to deploy the ResourceSerialApproval and ResourceParallelApproval custom approval processes to SOA.

You are ready to register each custom approval process so that Oracle Identity Manager can use it. This includes creating a properties file for each approval process and then using the Register utility to register the process.

The properties files for all approval processes are found in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/registration directory. The file name is the same as the approval process, followed by a PROPS extension. For example, the properties files for the ResourceSerialApproval and ResourceParallelApproval custom approval processes are ResourceSerialApproval.props and ResourceParallelApproval.props.

To register the custom approval processes, perform the following steps:

.

Using File Browser, navigate to the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/registration directory.

Note: You navigate to this directory because you are creating a properties file for the ResourceSerialApprovalcustom approval process, and properties files for all approval processes are found in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/ workflows/registration directory. Also, <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

 

.

Right-click the ResourceAuthorizerApproval.props file, and select Copy from the menu that appears.

Note: You are copying this file because it is easier to modify an existing properties file than it is to create it from scratch.

 

.

[Select Edit from the menu bar. Select Paste from the menu that appears.

 

.

Rename the copied file to ResourceSerialApproval.props.

Note: The properties file for the custom approval process has the same name as the approval process, followed by a PROPS extension. For this example, the properties file for the ResourceSerialApproval custom approval process is ResourceSerialApproval.props.

The properties file sets the parameters required for registering the ResourceSerialApproval custom approval process to Oracle Identity Manager. It defines the name, the type of approval process, the provider information, the service name used to access the process, the default domain associated with the process, the version deployed, the packet name for the payload information, the operation, and finally, the list of approval tasks available in the process.

 

.

Using a text editor, open the ResourceSerialApproval.props file. To do so, right-click the file, and select Open with "Text Editor" from the popup menu that appears.

 

.

Locate the following lines of code:

# ResourceAuthorizerApproval
name=ResourceAuthorizerApproval

 

.

Modify these lines of code, as follows:

# ResourceSerialApproval
name=ResourceSerialApproval

The ResourceSerialApproval.props file should appear, as follows:

 

.

Save and close the ResourceSerialApproval.props file.

You created a properties file for the ResourceSerialApproval custom approval process. You are ready to use the Register utility to register the process so that Oracle Identity Manager can use it.

 

.

Open a Terminal window.

 

.

Navigate to the <MIDDLEWARE_HOME>/wlserver_10.3/server/bin directory.

Note: <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

 

.

At the prompts, enter the following commands (and press Enter after each command):

  • bash
  • source setWLSEnv.sh

Note: By entering the bash and source setWLSEnv.sh commands, you call the setWLSEnv.sh script that comes with Oracle WebLogic Server. This script sets up all of the environment variables so that you can run the Register utility.

 

.

At the prompt, enter ant -f <OIM_HOME>/server/workflows/registration/registerworkflows-mp.xml register (and press Enter).

Note: ant represents the ant.sh file. This shell script file supplies built-in tasks used to run Java applications, such as the Register utility. By using the –f command, you are forcing the utility to run.

<OIM_HOME> represents the base directory for Oracle Identity Manager. For this tutorial, <OIM_HOME> is represented by /opt/oracle/Middleware/Oracle_IDM1.

registerworkflows-mp.xml is the name of the XML file associated with the Register utility, and register is the command to register the custom approval process.

 

.

Enter values for the prompts that appear, as follows (and press Enter after each value):

Prompt Value
Enter the username xelsysadm
Enter the password Welcome1
Provide oim managed server t3 URL t3://localhost:14000
inputpath(complete file name) of the property file ResourceSerialApproval.props

Important: The values passed to the Register utility include the username for the Oracle Identity Manager system administration account, the password for the account, the t3 URL to connect to Oracle Identity Manager, and the properties file created earlier in this procedure. Also, the values that you enter for the username, password, URL, and property file are case-sensitive. Lastly, the password value is hidden for security purposes.

The Register utility begins to register the ResourceSerialApproval custom approval process. After the approval process is registered, a BUILD SUCCESSFUL message appears.

You created a properties file for the ResourceSerialApproval custom approval process and used the Register utility to register this process. As a result, Oracle Identity Manager can use this approval process.

You are ready to create the ResourceParallelApproval.props file for the ResourceParallelApproval custom approval process and use the Register utility to register this process.

 

.

Repeat steps 1-3 of this procedure.

 

.

Rename the copied file to ResourceParallelApproval.props.

 

.

Using a text editor, open the ResourceParallelApproval.props file.

 

.

Locate the following lines of code:

# ResourceAuthorizerApproval
name=ResourceAuthorizerApproval

 

.

Modify these lines of code, as follows:

# ResourceParallelApproval
name=ResourceParallelApproval

The ResourceParallelApproval.props file should appear, as follows:

 

.

Save and close the ResourceParallelApproval.props file.

 

.

Open a second Terminal window.

 

.

Repeat steps 10-12 of this procedure.

 

.

Enter values for the prompts that appear, as follows (and press Enter after each value):

Prompt Value
Enter the username xelsysadm
Enter the password Welcome1
Provide oim managed server t3 URL t3://localhost:14000
inputpath(complete file name) of the property file ResourceParallelApproval.props

The Register utility begins to register the custom approval process. After the approval process is registered, a BUILD SUCCESSFUL message appears.

In this section of the OBE, you created a properties file for the ResourceSerialApproval and ResourceParallelApproval custom approval processes and used the Register utility to register each process. As a result, Oracle Identity Manager can use both approval processes.

You are ready to create the approval policies that are to be used by Oracle Identity Manager to invoke the approval processes.

 

Creating Policies for the Custom Approval Processes

In the previous section of this OBE, you registered the ResourceSerialApproval and ResourceParallelApproval custom approval processes. By doing so, Oracle Identity Manager can use both approval processes.

You are ready to build three approval policies to support the custom approval processes. Oracle Identity Manager uses the first approval policy to bypass the request level of approval. Oracle Identity Manager uses the other approval policies to assign the ResourceSerialApproval and ResourceParallelApproval custom approval processes to the AD resource, the EBS resource, and to Jerry Espenson, Brad Chase's manager, who is responsible for approving the requests.

At runtime, Shirley Schmidt makes requests for Brad Chase to be assigned to both the AD and EBS resources. As a result, Oracle Identity Manager uses the custom approval processes to assign this request to:

After all three users approve the requests, Oracle Identity Manager assigns the AD and EBS resources to Brad Chase.

To create policies for the custom approval processes, perform the following steps:

.

Log in to the Administrative and User Console as Shirley Schmidt. For this tutorial, enter SSCHMIDT in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

 

.

Click the Advanced link on the home page of the Delegated Administration Console.

Note: You click the Advanced link to access the Advanced Administration Console. This console is used to create policies for the custom approval processes.

 

.

On the home page of the Advanced Administration Console, click the Policies tab.

 

.

On the Policies tab, click Create.

You are ready to configure each custom approval process so that it bypasses the request level of approval. As a result, at runtime, after Shirley Schmidt makes requests for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager assigns the requests to Jerry Espenson, Clark Brown, and Danny Crane.

 

.

Populate the "Set Approval Policy details" page, as follows:

Field Value
Policy Name ProvisionResourceApprovalPolicyOne
Request Type menu Provision Resource
Level menu Request Level
Auto Approval check box [selected]

Note: You select Provision Resource from the Request Type menu because the custom approval processes are associated with requests for assigning the AD and EBS resource to a user (Brad Chase). By selecting the Auto Approval check box, you are configuring each approval process so that it bypasses the request level of approval.

 

.

Click Next.

You are ready to create a rule for the approval policy. At runtime, Oracle Identity Manager evaluates the criteria of the rule. If the result of the evaluation is true, Oracle Identity Manager executes the approval policy, and bypasses the request level of approval.

As a result, at runtime, after Shirley Schmidt makes requests for Brad Chase to be assigned to the AD and EBS resources, Oracle Identity Manager assigns the requests to Jerry Espenson, Clark Brown, and Danny Crane.

 

.

On the Set Approval Rule and Component page, enter ProvisionResourceApprovalRuleOne in the Rule Name field. Click Add Simple Rule.

 

.

Populate the Add Simple Rule window, as follows:

Menu Value
Entity Request
Attribute Request Type
Condition Equals
Value Provision Resource
Parent Rule Container Approval Rule

Note: For this example, because the classification type of the request is associated with a request for provisioning resources to a user, Oracle Identity Manager evaluates the criteria of the rule to be true (because Shirley Schmidt makes a request for Brad Chase to be assigned to the AD and EBS resources). As a result, Oracle Identity Manager executes the approval policy, and bypasses the request level of approval.

 

.

Click Save.

 

.

On the Set Approval Rule and Component page, click Next.

 

.

On the Review Approval Policy Summary page, click Finish.

 

.

On the Message window, click OK.

You created an approval policy to support the custom approval process. Oracle Identity Manager uses this policy to bypass the request level of approval.

You are ready to create a second approval policy. Oracle Identity Manager uses this policy for the ResourceSerialApproval custom approval process. This process is used to assign the AD resource to Brad Chase.

 

.

On the Policies tab, click Create.

 

.

Populate the "Set Approval Policy details" page, as follows:

Field Value
Policy Name ProvisionResourceApprovalPolicyTwo
Request Type menu Provision Resource
Level menu Operation Level
All Scope check box [selected]
Approval Process default/ResourceSerialApproval!1.0

Note: By selecting the All Scope check box, Oracle Identity Manager examines all entities that match the item that appears in the Scope Type field. For this example, Oracle Identity Manager evaluates this policy against every Oracle Identity Manager resource (because Resource is displayed in the Scope Type field).

ResourceSerialApproval is the name of the custom approval process you created, deployed, and registered in this OBE.

 

.

Click Next.

You are ready to create a rule for the approval policy. At runtime, Oracle Identity Manager evaluates the criteria of the rule. If the result of the evaluation is true, Oracle Identity Manager executes the approval policy, and assigns the custom approval process to Jerry Espenson (Brad Chase's manager) and to the AD_ADMINISTRATORS role. Because Danny Crane is a member of this role, he can complete the ResourceSerialApproval custom approval process.

 

.

On the Set Approval Rule and Component page, enter ResourceProvisionApprovalRuleTwo in the Rule Name field. Click Add Simple Rule.

 

.

Populate the Add Simple Rule window, as follows:

Menu Value
Entity Resource
Attribute Resource Name
Condition Equals
Value AD User
Parent Rule Container Approval Rule

 

.

Click Save.

Important: The value of AD User that you enter in the Value field is case-sensitive.

Note: You enter AD User in the Value field because this approval policy is associated with assigning the AD resource to a user. This resource is represented in Oracle Identity Manager by the AD User resource object.

As a result, Oracle Identity Manager evaluates the criteria of the rule to be true (because Shirley Schmidt makes a request for Brad Chase to be assigned to the AD resource). As a result, Oracle Identity Manager executes the approval policy.

 

.

On the Set Approval Rule and Component page, click Next.

 

.

On the Review Approval Policy Summary page, click Finish.

 

.

On the Message window, click OK.

You created an approval policy to support the ResourceSerialApproval custom approval process. Oracle Identity Manager uses this policy to assign the AD resource to a user.

You are ready to create a third approval policy. Oracle Identity Manager uses this policy for the ResourceParallelApproval custom approval process. This process is used to assign the EBS resource to Brad Chase.

 

.

On the Policies tab, click Create.

 

.

Populate the "Set Approval Policy details" page, as follows:

Field Value
Policy Name ProvisionResourceApprovalPolicyThree
Request Type menu Provision Resource
Level menu Operation Level
All Scope check box [selected]
Approval Process default/ResourceParallelApproval!1.0

 

.

Click Next.

You are ready to create a rule for the approval policy. At runtime, Oracle Identity Manager evaluates the criteria of the rule. If the result of the evaluation is true, Oracle Identity Manager executes the approval policy, and assigns the custom approval process to Jerry Espenson (Brad Chase's manager) and to the EBS_ADMINISTRATORS role. Because Clark Brown is a member of this role, he can complete the ResourceParallelApproval custom approval process.

 

.

On the Set Approval Rule and Component page, enter ResourceProvisionApprovalRuleThree in the Rule Name field. Click Add Simple Rule.

 

.

Populate the Add Simple Rule window, as follows:

Menu Value
Entity Resource
Attribute Resource Name
Condition Equals
Value eBusiness Suite User
Parent Rule Container Approval Rule

Important: The value of eBusiness Suite User that you enter in the Value field is case-sensitive.

 

.

Click Save.

 

.

On the Set Approval Rule and Component page, click Next.

 

.

On the Review Approval Policy Summary page, click Finish.

 

.

On the Message window, click OK.

You built three approval policies to support the ResourceSerialApproval and ResourceParallelApproval custom approval processes. Oracle Identity Manager uses the first approval policy to bypass the request level of approval. Oracle Identity Manager uses the other approval policies to assign the ResourceSerialApproval and ResourceParallelApproval custom approval processes to the AD resource, the EBS resource, and to Jerry Espenson, Brad Chase's manager, who is responsible for approving the requests.

You are ready to make requests to assign the AD and EBS resources to a user. By doing so, you verify the custom approval processes.

 

Completing the Custom Approval Processes

IIn the previous section of this OBE, you created three approval policies for the custom approval processes. Oracle Identity Manager uses the other approval policies to assign the ResourceSerialApproval and ResourceParallelApproval custom approval processes to the AD resource, the EBS resource, and to Jerry Espenson, Brad Chase's manager, who is responsible for approving the requests.

You are ready to make two requests as Shirley Schmidt for Brad Chase to be assigned to the AD and EBS resources. Oracle Identity Manager uses the ResourceSerialApproval custom approval process to assign the AD resource to Mr. Chase, and the ResourceParallelApproval process to assign EBS to him.

At runtime, Shirley Schmidt makes requests for Brad Chase to be assigned to both the AD and EBS resources. As a result, Oracle Identity Manager uses the ResourceSerialApproval custom approval processes to assign this request to:

Then, Oracle Identity Manager uses the ResourceParallelApproval custom approval processes to assign this request to Mr. Espenson and Clark Brown. For this tutorial, Mr. Brown is an administrator for the EBS resource (and responsible for approving the request for Mr. Chase to be assigned to EBS).

After all three users approve the requests, Oracle Identity Manager assigns Brad Chase to the AD and EBS resources.

To complete the custom approval processes, perform the following steps:

.

Verify that you are logged in to to the Administrative and User Console as Shirley Schmidt. If not, log in by entering SSCHMIDT in the User ID field, Welcome1 in the Password field, and clicking Sign In.

 

.

Click the Requests tab on the Authenticated Self Service Console.

Note: If you see the Delegated Administration Console or Advanced Administration Console instead of the Authenticated Self Service Console, click the Self-Service link in the upper-right corner of the active console's Home page.

 

.

On the Requests tab, click Create Request.

Note: You select the Requests tab and click Create Request because, as Shirley Schmidt, you are making requests for Brad Chase to be assigned to the AD and EBS resources.

 

.

On the Request Beneficiary page, select the Request for Others option. Click Next.

 

Note: You select the Request for Others option because you are making a request for another user (Brad Chase) to be assigned to the AD and EBS resources.

 

.

On the Self Request Template page, select Provision Resource from the Request Template menu. Click Next.

 

 

.

On the Select Users page, select and assign Brad Chase. Click Next.

 

.

On the Select Resources page, select and assign the AD User resource. Click Next.

Note: You select Provision Resource from the Request Template menu on the Self Request Template page, select Brad Chase as the user on the Select Users page, and select AD User as the resource on the Select Resources page because you are making a request for Brad Chase to be assigned to the AD resource. This resource is represented in Oracle Identity Manager by the AD User resource object.

 

.

On the following page, do not select the Service Account check box (and click Next).

Note: You do not select this check box because, for this tutorial, AD is not to be associated with a service account. Service accounts are general administrator accounts (for example, admin1, admin2, admin3, and so on) that are used for maintenance purposes.

 

.

Use the following screenshot to populate the Justification page (and click Finish):

The Create Request tab is active, and displays a message that is request is created and sent successfully.

Important: Specify today's date in the Effective Date field of the Justification page. For this OBE, the current date is December 15, 2011.

Note: 1 is the ID number of the request. By default, Oracle Identity Manager assigns the number one to the request (because this is the first request you made in Oracle Identity Manager).

As Shirley Schmidt, you created a request for Brad Chase to be assigned to the AD resource. As a result, Oracle Identity Manager uses the ResourceSerialApproval custom approval process to assign the request to:

  • Danny Crane, an administrator for the AD resource (and responsible for approving the request for Mr. Chase to be assigned to AD)
  • Jerry Espenson, Brad Chase's manager

You are ready to log in to Oracle Identity Manager as each user to approve the request. After both users approve the request, Oracle Identity Manager assigns the AD resource to Brad Chase.

 

.

Log out of Oracle Identity Manager.

 

.

Log in to Oracle Identity Manager as Danny Crane. To do so, enter DCRANE in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

 

.

On the home page of the Authenticated Self Service Console, click the Search Approvals Tasks link.

Note: You click this link to see all approval process tasks assigned to Danny Crane.

 

.

On the Approvals tab, click the link that contains the number 1.

Note: 1 is the ID number of the request.

 

.

On the Task Details page, click Approve Task.

 

.

On the Message window, click OK.

 

.

Repeat steps 10-15 of this procedure to approve the request as Jerry Espenson.

Note: Oracle Identity Manager uses the ResourceSerialApproval custom approval process to assign the AD resource to Mr. Chase. This approval process is completed sequentially. Oracle Identity Manager assigns the request to Jerry Espenson only after Danny Crane approves the request.

Danny Crane and Jerry Espenson completed the ResourceSerialApproval custom approval process. As a result, the request is complete, and Oracle Identity Manager assigns the AD resource to Brad Chase.

You are ready to verify that Mr. Chase is assigned to the AD resource in Oracle Identity Manager.

 

.

Log out of Oracle Identity Manager.

 

.

Log in to the Administrative and User Console with the "superuser" account for Oracle Identity Manager. For this tutorial, enter xelsysadm in the User ID field, Welcome1 in the Password field, and click Sign In.

 

.

On the home page of the Delegated Administration Console, enter BCHASE in the text field to the right of the Users menu. Click the right-arrow button.

Note: BCHASE is the ID of Brad Chase, the end-user for whom you made the request.

Also, If you see the Authenticated Self Service Console or Advanced Administration Console instead of the Delegated Administration Console, click the Administration link in the upper-right corner of the active console's Home page.

 

.

On the Search Results tab, click the link that contains the full name of Brad Chase.

 

.

On the page that contains the record for Brad Chase, click the Resources tab.

Verify that the AD resource appears in the Resources tab.

Note: The AD resource is represented in Oracle Identity Manager by the AD User resource object.

Oracle Identity Manager assigned the AD resource to Brad Chase. You are ready to create a second request as Shirley Schmidt to assign the EBS resource (represented by the eBusiness Suite User resource object) to Mr. Chase.

 

.

Repeat steps 1-6 of this procedure.

 

.

On the Select Resources page, select and assign the eBusiness Suite User resource. Click Next.

Note: You select Provision Resource from the Request Template menu on the Self Request Template page, select Brad Chase as the user on the Select Users page, and select eBusiness Suite User as the resource on the Select Resources page because you are making a request for Brad Chase to be assigned to the EBS resource. This resource is represented in Oracle Identity Manager by the eBusiness Suite User resource object.

 

.

Repeat steps 8-9 of this procedure. The Create Request tab is active, and displays a message that is request is created and sent successfully.

Note: 2 is the ID number of the second request. By default, Oracle Identity Manager assigns the number two to the request (because this is the second request you made in Oracle Identity Manager).

As Shirley Schmidt, you created a request for Brad Chase to be assigned to the EBS resource. As a result, Oracle Identity Manager uses the ResourceParallelApproval custom approval process to assign the request to:

  • Clark Brown , an administrator for the EBS resource (and responsible for approving the request for Mr. Chase to be assigned to EBS)
  • Jerry Espenson, Brad Chase's manager

You are ready to log in to Oracle Identity Manager as each user to approve the request. After both users approve the request, Oracle Identity Manager assigns the EBS resource to Brad Chase.

 

.

Log out of Oracle Identity Manager.

 

.

Log in to Oracle Identity Manager as Clark Brown. To do so, enter CBROWN in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

 

.

On the home page of the Authenticated Self Service Console, click the Search Approvals Tasks link.

 

.

On the Approvals tab, click the link that contains the number 2.

 

.

Repeat steps 14-16 of this procedure.

Note: Oracle Identity Manager uses the ResourceParallellApproval custom approval process to assign the EBS resource to Mr. Chase. This approval process is completed simultaneously. Oracle Identity Manager assigns the request to Clark Brown and Jerry Espenson in parallel.

Clark Brown and Jerry Espenson completed the ResourceParallelApproval custom approval process. As a result, the request is complete, and Oracle Identity Manager assigns the EBS resource to Brad Chase.

You are ready to verify that Mr. Chase is assigned to the EBS resource in Oracle Identity Manager.

 

.

Repeat steps 17-21 of this procedure. Verify that the EBS resource appears in the Resources tab.

Note: The EBS resource is represented in Oracle Identity Manager by the eBusiness Suite User resource object.

Oracle Identity Manager assigned the AD and EBS resources to Brad Chase. The requests for assigning resources to a user is complete.

 

Summary

In this tutorial, you used Oracle Identity Manager 11.1.1.5.0 to create custom approval processes and used them to approve requests to assign resources to a user.

In this tutorial, you should have learned how to:

Resources

Hardware and Software Engineered to Work Together Copyright © 2012, Oracle and/or its affiliates. All rights reserved