This tutorial covers the steps required to integrate Oracle Identity Manager with Oracle Identity Analytics.
Time to Complete
Approximately 2 hours.
Oracle Identity Manager is a class-leading provisioning solution, allowing the delegated administration of accounts and passwords on diverse managed resources, such as ERP systems, databases, and directories.
Oracle Identity Analytics provides a powerful means of analyzing and certifying the access granted to employees, allowing organizations to meet regulatory requirements for governance and control.
By integrating Oracle Identity Manager and Oracle Identity Analytics, the data in Oracle Identity Manager can be automatically imported into Oracle Identity Analytics, minimizing manual entry and errors, and reducing the length of the identity governance cycle.
The scope of the integration in this tutorial is restricted to copying data from Oracle Identity Manager into Oracle Identity Analytics to allow analysis and certification in Oracle Identity Analytics. The reverse flow (updating objects in Oracle Identity Manager as a result of role and policy changes in Oracle Identity Analytics) is not covered in this tutorial.
In this tutorial, you are the administrator of Example Corporation. You have been given the task of configuring and verifying the integration between Oracle Identity Manager and Oracle Identity Analytics. In your deployment, you have an existing installation of Oracle Identity Manager, which has been integrated with an LDAP directory server.
Users have already been created in Oracle Identity Manager. A role, Portal User, and an associated access policy Portal User on Corporate LDAP have been created. When a user in Oracle Identity Manager is assigned the Portal User role, a user account is created on the LDAP directory server, and the LDAP account is assigned membership in the LDAP group Portal User.
After configuring the integration, you import the user, resource and role data from Oracle Identity Manager into Oracle Identity Analytics. You then verify at each step, that the required data has been correctly imported.
Hardware and Software Requirements
The following is a list of hardware and software requirements:
- Oracle Identity Manager 11gR2
- Oracle Identity Analytics 11gR1 PS1 BP5 (patch 14831724)
Before starting this tutorial, you should have:
- Installed and configured Oracle Identity Manager 11gR2
- Installed an LDAP directory server
- Created a connector in Oracle Identity Manager 11gR2 to provision accounts on the LDAP directory server
- Created the Portal User role
- Created the Portal User on Corporate LDAP access policy on Oracle Identity Manager, which provisions users with accounts and groups on the LDAP directory Server
- Created users in Oracle Identity Manager, and assigned the Portal User role to the user DBRATTEN
- Installed and configured Oracle Identity Analytics 11gR1 PS1 BP5
You should also be familiar with:
- Working in a Linux environment
- Editing XML files
- Basic WebLogic server administration
In this tutorial, RBACX_HOME is the installation directory for Oracle Identity Analytics and in this example has the value /u01/app/oia.
It is assumed that the exploded WAR file for the Oracle Identity Analytics application is in the rbacx directory below this directory.
OIM_HOME is the installation directory for Oracle Identity Manager and in this example has the value /u01/app/Oracle/Middleware/Oracle_IDM1.
Verifying Roles and Access Policies in Oracle Identity Manager
To verify the roles and access policies in Oracle Identity Manager, perform the following steps:
You have verified that the Access Policy Portal User on Corporate LDAP is applied to the role Portal User.
Verifying User Role Assignments in Oracle Identity Manager
To verify the roles assigned to a user in Oracle Identity Manager, perform the following steps:
Note: The ALL USERS role is a role that Oracle Identity Manager assigns, by default, to every user automatically.
You have verified that the Portal User is assigned to the user DBRATTEN.
Verifying Process Form Properties in Oracle Identity Manager
Oracle Identity Manager prepares account data based on the properties associated with account and resource objects. Most predefined connectors are already configured correctly. For example, the ICF-based LDAP connector used in this tutorial already has these properties set. Older connectors and custom connectors will require further configuration. To verify that the correct properties are set on the account and resource objects, perform the following steps.
Configuring Oracle Identity Analytics
To configure Oracle Identity Analytics, you must:
- Copy the required library files from Oracle Identity Manager to Oracle Identity Analytics
- Edit the configuration files to activate the integration code
- Configure Oracle Identity Analytics with connection information
Copying required library and configuration files to Oracle Identity Analytics
You have now copied the required library and configuration files to the Oracle Identity Analytics installation folder.
Editing Oracle Identity Analytics configuration files
Configuring Oracle Identity Analytics to connect to Oracle Identity Manager
Importing Data from Oracle Identity Manager
By importing data from Oracle Identity Manager into Oracle Identity Analytics, you populate the Oracle Identity Analytics identity warehouse. The data in the identity warehouse can then be used for certification, auditing, role management and role mining. To import data, the following import jobs must be performed in Oracle Identity Analytics:
- Importing Resource Metadata
- Importing Resources
- Importing Glossary Data
- Importing Policies
- Importing Roles
- Importing Users, Accounts, User Role Memberships, and Entitlements
Importing Resource Metadata
Importing Glossary Data
Importing Users, Accounts, User Role Memberships, and Entitlements
Now that you have completed this tutorial, you have configured the integration between Oracle Identity Analytics and Oracle Identity Manager. By integrating these products, data can be automatically transferred into Oracle Identity Analytics in order to perform certification, auditing, role management and role mining.
In this tutorial, you have learned how to:
- Configure Oracle Identity Analytics for integration
- Import data from Oracle Identity Manager into Oracle Identity Analytics
- Verify that data is correctly imported
Please refer to the following resources for more information on the products and procedures discussed in this tutorial:
- System Integrator's Guide for Oracle Identity Analytics
- Troubleshooting Oracle Identity Manager and Oracle Identity Analytics integration
- To learn more about Oracle Identity Manager refer to additional OBEs in the Oracle Learning Library
Put credits here
- Lead Curriculum Developer: Deeran Peethamparam
- Reviewer / Tester : Rober Lavallie
- Subject Matter Expert / Reviewer: Lex Lim Chee-Mum
To navigate this Oracle by Example tutorial, note the following:
- Hide Header Buttons:
- Click the title to hide the buttons in the header. To show the buttons again, click the title again.
- Topic List:
- Click a topic to navigate to that section.
- Expand All Topics:
- Click the button to show or hide the details for the sections. By default, all topics are collapsed.
- Hide All Images:
- Click the button to show or hide the screenshots. By default, all images are displayed.
- Click the button to print the content. The content that is currently displayed or hidden is printed.
To navigate to a particular section in this tutorial, select the topic from the list.