Create a Custom Approval Process for Self Registration

<Do not delete this text because it is a placeholder for the generated list of "main" topics when run in a browser>

Purpose

This OBE tutorial describes and shows you how to use Oracle Identity Manager 11.1.1.5.0 to create a custom approval process and use it to approve a user's request for self registration.

In the request and approval process, you have three main actors: the requester, the approver, and the beneficiary. For this tutorial, Shirley Schmidt acts as the requester, as well as the administrator responsible for creating the custom approval process. Danny Crane serves as the approver. Ernest Allen functions as the beneficiary, the end-user making the self-registration request.

Time to Complete

Approximately 3 hours.

Overview

Oracle Identity Manager is a highly flexible and scalable enterprise identity management system that manages the access privileges of users within enterprise IT resources. It helps to answer the critical compliance questions of "Who has access to What, When, How, and Why?"

Oracle Identity Managerís flexible architecture can handle the most complex IT and business requirements without requiring changes to existing infrastructure, policies, or procedures. With this hallmark flexibility, Oracle Identity Manager excels at handling the constant flow of business changes that impact real-world identity management deployments. This flexibility is derived from the productís architecture, which abstracts core provisioning functions into discrete layers.

Changes to workflow, policy, data flow, or integration technology are isolated within the respective functional layers of Oracle Identity Manager, thus minimizing application-wide impact. In addition, Oracle Identity Manager is flexible because all configurations are done via its powerful user interface. The product does not rely on any scripting language for setup, configuration, or process modeling. As a result, Oracle Identity Manager is the most-advanced enterprise identity management solution available.

Scenario

Shirley Schmidt is employed as a system administrator for Mydo Main Corporation. In Mydo Main, she is responsible for performing identity and access management tasks on various users in the organization. One such task is customizing approval processes for self-registration requests. As a result, this custom approval process can be used to approve a user's request for self registration.

Danny Crane also works for Mydo Main Corporation as an administrator of the Finance organization. One of Mr. Crane's responsibilities is approving any self-registration user requests for this organization. Ernest Allen functions as the beneficiary, the end-user making the self-registration request to belong to the Finance organization of Mydo Main Corporation.

Software Requirements and Prerequsities

Before starting this tutorial, you should have:

Note: Screen captures for this tutorial were taken in a Windows XP Professional environment; therefore, Start menu options will vary.

Creating and Assigning Organizations, Roles, and Users

In this section of the OBE, you create and assign organizations, roles, and users in Oracle Identity Manager. You need these records to create a custom approval process for a self registration request. Specifically, you:

To create and assign organizations, roles, and users in Oracle Identity Manager, perform the following steps:

.

Launch the Oracle Identity Manager Server, Administrative and User Console, and Design Console.

 

.

Log in to the Administrative and User Console with the "superuser" account for Oracle Identity Manager. For this tutorial, enter xelsysadm in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

 

.

Click the Create Organization link on the home page of the Delegated Administration Console.

Note: If you see the Self Service Console or Advanced Administration Console instead of the Delegated Administration Console, click the Administration link in the upper-right corner of the active console's Home page.

.

On the Create Organization page, enter FINANCE in the Name field, select Company from the Type drop-down menu, and click Save.

Note: The Parent Organization field indicates the parent organization of your organization (that is, your organization is a suborganization). Because your organization is a parent organization, and is not a suborganization, leave this field empty.

You created the FINANCE organization. You are ready to create the FINANCE_APPROVERS role.

.

Click the Welcome tab.

Note: By clicking the Welcome tab, you return to the home page of the Delegated Administration Console.

.

Click the Create Role link on the home page of the Delegated Administration Console.

.

On the Create Role page, enter FINANCE_APPROVERS in the Name field and click Save.

You created the FINANCE_APPROVERS role. You are ready to create a user record for Danny Crane and assign Mr. Crane to the FINANCE organization. For this tutorial, Mr. Crane functions as the administrator responsible for approving any self-registration user requests for this organization.

.

Click the Welcome tab.

.

Click the Create User link on the home page of the Delegated Administration Console.

.

Use the following screenshot to populate the Basic User Information region of the Create User page.

.

On the Account Settings region of the Create User page, enter DCRANE in the User Login field, and Welcome1 in both the Password and Confirm Password fields. Click Save.

Note: For security purposes, the password is displayed as a series of bullets (·). For this example, because the password is Welcome1, it appears as ········.

You created a user record for Danny Crane and assigned Mr. Crane to the FINANCE organization. You are ready to assign the FINANCE_APPROVERS role to Mr. Crane.

.

On the page that contains the user record for Danny Crane, click the Roles tab.

.

On the Roles tab, click Assign.

.

On the Add Role window, enter FINANCE_APPROVERS in the Display Name field. Click Search.

.

On the Search Results region of the Add Role window, select the FINANCE_APPROVERS role. Click Add.

The FINANCE_APPROVERS role appears in the Roles tab.

You assigned the FINANCE_APPROVERS role to Mr. Crane. You are ready to designate the FINANCE_APPROVERS role as an Administrative role for the FINANCE organization.

.

Select the FINANCE tab.

Note: You select the FINANCE tab to display the contents of the FINANCE organizational record.

.

Click Administrative Roles.

.

On the Administrative Roles window, click Assign.

.

On the Assign window, select the Assign check box to the right of the FINANCE_APPROVERS role (because you want to designate the FINANCE_APPROVERS role as an Administrative role for the FINANCE organization). Click Assign.

.

A Confirmation window appears. Click Confirm.

 

.

On the Administrative Roles window, click the Next link.

The FINANCE_APPROVERS role appears in the Administrative Roles window.

You designated the FINANCE_APPROVERS role as an Administrative role for the FINANCE organization. You are ready to create the ADMINISTRATION organization.

.

Close the Administrative Roles window.

.

Click the Welcome tab.

.

Click the Create Organization link on the home page of the Delegated Administration Console.

.

On the Create Organization page, enter ADMINISTRATION in the Name field, select Department from the Type drop-down menu, and click Save.

You created the ADMINISTRATION organization. You are ready to create a user record for Shirley Schmidt, and assign Ms. Schmidt to this organization. For this tutorial, Ms. Schmidt acts as the requester, as well as the administrator responsible for creating the custom approval process.

.

Click the Welcome tab.

.

Click the Create User link on the home page of the Delegated Administration Console.

.

Use the following screenshot to populate the Basic User Information region of the Create User page.

.

On the Account Settings region of the Create User page, enter SSCHMIDT in the User Login field, and Welcome1 in both the Password and Confirm Password fields. Click Save.

You created a user record for Shirley Schmidt, and assigned Ms. Schmidt to the ADMINISTRATION organization. You are ready to assign the SYSTEM ADMINISTRATORS role to Ms. Schmidt.

Note: You did not create the SYSTEM ADMINISTRATORS role. Rather, this role is created automatically when Oracle Identity Manager is installed.

.

On the page that contains the user record for Shirley Schmidt, click the Roles tab.

.

On the Roles tab, click Assign.

.

On the Add Role window, enter SYSTEM ADMINISTRATORS in the Display Name field. Click Search.

.

On the Search Results region of the Add Role window, select the SYSTEM ADMINISTRATORS role. Click Add.

The SYSTEM ADMINISTRATORS role appears in the Roles tab.

You assigned the SYSTEM ADMINISTRATORS role to Ms. Schmidt. You created and assigned organizations, roles, and users in Oracle Identity Manager. You need these records to create a custom approval process for a self registration request.

For this tutorial, Shirley Schmidt acts as the requester, as well as the administrator responsible for creating the custom approval process. You are ready to authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

Authorizing an Administrator to Create Custom Approval Processes

In the previous section of this OBE, you created two user accounts:

However, just because a user is an Oracle Identity Manager administrator does not mean that the user is authorized to create custom approval processes. Approval processes determine how Oracle Identity Manager is to provision Mydo Main Corporation's resources to the company's users and organizations. Therefore, by ensuring that only those administrators who have the proper credentials to create custom approval processes can do so, you prevent potential security violations, which can include unauthorized users having access to the company's resources.

In this section of the OBE, you authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager. To do so, you use the Oracle Enterprise Manager Fusion Middleware Control 11g.

To authorize an administrator to create approval processes in Oracle Identity Manager, perform the following steps:

.

Launch Oracle Enterprise Manager Fusion Middleware Control 11g.

 

.

Log in to Oracle Enterprise Manager Fusion Middleware Control 11g with the "superuser" account for Oracle WebLogic Server. For this tutorial, enter weblogic in the User Name field, Welcome1 in the Password field, and click Login.

Note: For security purposes, the password is displayed as a series of bullets (·).

.

On the home page of Oracle Enterprise Manager Fusion Middleware Control 11g, expand the WebLogic Domain folder (by clicking the plus icon to the left of the folder).

.

Select the base domain for Oracle WebLogic Server. For this OBE, the base domain is base_domain.

Note: You select the base domain for Oracle WebLogic Server (base_domain) because, for this section of the OBE, you authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

Approval processes are created in containers known as Service Oriented Architecture (SOA) composites. Therefore, you must authorize Ms. Schmidt for both Oracle Identity Manager and SOA.

By selecting the base domain for Oracle WebLogic Server, you are authorizing Ms. Schmidt for all administrative and managed servers associated with Oracle WebLogic Server, including the servers for Oracle Identity Manager and SOA.

.

From the base_domain menu, select Security > Credentials.

Note: You select Security > Credentials from the base_domain menu because you are storing the login credentials of Shirley Schmidt into the Oracle Identity Manager database for security purposes. By doing so, you are authorizing Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager.

.

On the Credentials page, click Create Map.

.

On the Create Map window, enter oracle.oim.sysadminMap in the the Map Name field and click OK.

Important: The value you enter in the Map Name field is case-sensitive.

Note: You click Create Map on the Credentials page and enter oracle.oim.sysadminMap in the Map Name field of the Create Map window because you want to create a dynamic data structure known as a hash map. This type of map uses hash functions to map identifying values, known as keys, to their associated values.

For this type of map (oracle.oim.sysadminMap), you are mapping key-value pairs for Oracle Identity Manager system administrators. You assigned the SYSTEM ADMINISTRATORS role to Shirley Schmidt; therefore, she is a system administrator.

For this example, you are to map two keys (the login ID and password for an administrator who is authorized to create custom approval processes in Oracle Identity Manager) to the login credentials of Ms. Schmidt. For this OBE, these credentials are SSCHMIDT and Welcome1.

By mapping key-value pairs for Ms. Schmidt in the oracle.oim.sysadminMap map, Oracle Identity Manager can verify that she is authorized to create custom approval processes.

.

On the Credentials page, select the map you created (oracle.oim.sysadminMap). Click Create Key.

Note: You click Create Key because you want to map key-value pairs for Ms. Schmidt in the oracle.oim.sysadminMap map. For this example, you map two key-value pairs:

Key Value
sysadmin SSCHMIDT
Password Welcome1

.

Use the following screenshot to populate the Create Key window, and click OK.

.

The Credentials page appears. The sysadmin key, which represents the two key-value pairs you mapped, is created.

You mapped two keys (the login ID and password for an administrator who is authorized to create custom approval processes in Oracle Identity Manager) to the login credentials of Shirley Schmidt. As a result, Oracle Identity Manager can verify that she is authorized to create custom approval processes.

You are ready to access Oracle Identity Manager as Ms. Schmidt to create a custom approval process.

Creating a Custom Approval Process

In the previous section of this OBE, you used Oracle Enterprise Manager Fusion Middleware Control 11g to authorize Ms. Schmidt so that she can create custom approval processes in Oracle Identity Manager. You are now ready to create a custom approval process.

For Oracle Identity Manager, approval processes are created in containers known as Service Oriented Architecture (SOA) composites. Therefore, you must use the Oracle SOA application to create the custom SOA composite that holds the custom approval process.

To facilitate matters, Oracle Identity Manager has a helper utility for creating custom SOA composites. This utility creates a SOA template that is to be used for the custom approval process. This template adheres to all the necessary standards.

In this section of the OBE, you create the custom SOA composite that holds the custom approval process. To do so, you use the helper utility.

To use the helper utility to create a custom SOA composite for the custom approval process, perform the following steps:

.

Download the developing_oim_custom_approval_process_for_self_registration.zip file.

Note: This zip file contains the files that you need to create a custom approval process.

.

Open a Terminal window, and navigate to the <MIDDLEWARE_HOME>/wlserver_10.3/server/bin directory.

Note: <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

.

At the prompts, enter the following commands (and press Enter after each command):

$ bash
$ source setWLSEnv.sh 

Note: By entering the bash and source setWLSEnv.sh commands, you call the setWLSEnv.sh script that comes with Oracle WebLogic Server. This script sets up all of the environment variables so that you can run the helper utility.

.

At the prompt, enter ant -f <OIM_HOME>/server/workflows/new-workflow/new_project.xml (and press Enter).

Note: ant represents the ant.sh file. This shell script file supplies built-in tasks used to run Java applications, such as the helper utility. By using the –f command, you are forcing the utility to run. <OIM_HOME> represents the base directory for Oracle Identity Manager. For this tutorial, <OIM_HOME> is represented by /opt/oracle/Middleware/Oracle_IDM1. new_project.xml is the name of the XML file associated with the helper utility.

.

Enter values for the prompts that appear, as follows (and press Enter after each value):

Prompt Value
Please enter application name SelfRegistrationApprovalApp
Please enter project name SelfRegistrationApproval
Please enter the service name for the composite. This needs to be unique across applications. SelfRegistrationApprovalService

Important: The application, project, and service names that you enter are case-sensitive.

Note: The project name you define (SelfRegistrationApproval) is the name of the SOA composite, and eventually forms the name of the custom approval process. It should be a descriptive name so that it is easily recognizable when you are ready to use it as an approval process. The service name (SelfRegistrationApprovalService) is the ADF binding name used for this specific SOA composite. It must be unique to this composite.

Oracle Identity Manager creates the custom SOA composite that holds the custom approval process. After the SOA composite is created, a BUILD SUCCESSFUL message appears.

By default, Oracle Identity Manager saves the custom SOA composite you created using the helper utility to the <OIMHOME>/server/workflows/new-workflow/process-template directory. This SOA composite contains the custom approval aprocess.

You are ready to modify this approval process.

Modifying the Custom Approval Process

In the previous section of this OBE, you used the helper utility to create a custom SOA composite for a custom approval process. This process is to be used to approve a user's request for self registration. For this tutorial, Shirley Schmidt acts as the requester, as well as the administrator responsible for creating the custom approval process, and Danny Crane functions as the administrator responsible for approving any self-registration user requests for the FINANCE organization of Mydo Main Corporation.

By default, a task associated with the approval process is assigned to xelsysadm: an Oracle Identity Manager superuser account. You want to modify this approval process task so that the task is assigned to the ADMINISTRATION organization.

Because you assigned Shirley Schmidt to the ADMINISTRATION organization in the section of this OBE titled Creating and Assigning Organizations, Roles, and Users, she can approve the task. By doing so, she approves the request-level workflow. As a result, Oracle Identity Manager assgins the self-registration request to Danny Crane (because he is the administrator responsible for approving any self-registration user requests for the FINANCE organization of Mydo Main Corporation). After Mr. Crane approves the request, Oracle Identity Manager assigns Ernest Allen (the end-user making the self-registration request) to the FINANCE organization.

In this section of the OBE, you use JDeveloper to modify the custom approval process so that the approval process task is assigned to the ADMINISTRATION organization instead of the xelsysadm superuser account.

To modify the custom approval process, perform the following steps:

.

Launch JDeveloper.

.

Select the Application navigation panel, if not already selected.

Note: If the Application navigation panel is not visible, select View > Application Navigator from the menu bar.

.

Click Open Application ...

.

On the Open Application(s) window, change to the <OIMHOME>/server/workflows/new-workflow/process-template/SelfRegistrationApprovalApp directory, select the SelfRegistrationApprovalApp.jws file, and click Open.

Note: For this tutorial, <OIM_HOME> is represented by /opt/oracle/Middleware/Oracle_IDM1.

.

On the Open Warning window, click Yes.

.

On the Migration Status window, click OK.

Note: By clicking Yes on the Open Warning window and OK on the Migration Status window, you are loading the SelfRegistrationApprovalApp application into JDeveloper. This application contains the custom approval process that you are to modify.

.

On the Application Navigator panel, expand the SelfRegistrationApproval > SOA Content directory.

.

Open the composite.xml file (by double-clicking it).

The contents of the composite.xml file are loaded into the editor of JDeveloper.

You open this file because you want to add a property to it. This property is associated with the URL for the Oracle Identity Manager Administrative and User Console. By adding this property in the composite.xml file, instead of hard-coding a value for the property, you can change its value at runtime (through the Oracle Enterprise Manager 11g Fusion Middleware Control).

Tip: You can minimize the Resource Palette tab to the right of the editor to extend the width of the editor.

.

On the JDeveloper editor, click the Source tab.

Note: By clicking the Source tab, the source code for the composite.xml file appears. By accessing this code, you can add a value to a property in the file quickly and easily.

.

Locate the following lines of code:

<component name="ApprovalProcess">
  <implementation.bpel src="ApprovalProcess.bpel"/>
</component> 

Add the following line of code after the <implementation> line of code:

<property name="bpel.preference.oimurl">t3://localhost:14000</property> 

The composite.xml file should appear, as follows:

Note: You can specify localhost because, for this tutorial, Oracle Identity Manager and SOA reside on the same machine. Also, 14000 is the port number reserved for Oracle Identity Manager.

.

Save and close the composite.xml file.

.

On the Application Navigator panel, open the ApprovalProcess.bpel file (by double-clicking it).

Note: The ApprovalProcess.bpel file contains the code for the custom approval process you created. For this section of the OBE, you are to modify this approval process so that a task associated with the process is assigned to the ADMINISTRATION organization instead of the xelsysadm superuser account.

.

On the JDeveloper editor, click the Design tab. Click (x) in the editor.

.

On the Variables window, click the green plus icon (+).

Note: You click (x) in the JDeveloper editor and (+) on the Variables window to add variables to the custom approval process.

.

Populate the Create Variable window, as follows (and click OK):

Field Value
Name oimurl
Type option string

Note: The oimurl variable is associated with the property you defined in step 10 of this procedure. Also, to select string as the data type for the variable, click the magnifying glass to the right of the Type option, select string from the Type Chooser window, and click OK.

.

Repeat steps 14-15 of this procedure to create a second variable named orgadmin with a data type of string. Both variables should appear in the Variables window.

Note: The orgadmin variable is a placeholder for the organization responsible for approving the self-registration request (the ADMINISTRATION organization).

.

Click OK to close the Variables window.

You are ready to add two tasks to the custom approval process:

  • Assign_oimurl. Oracle Identity Manager uses this approval process task to obtain the URL for the Administrative and User Console. This URL is to be used by the person approving a user's request for self registration. For this tutorial, Shirley Schmidt acts as the requester.
  • GetOrgAdmin. Oracle Identity Manager uses this task to assign the approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account). Because you assigned Shirley Schmidt to the ADMINISTRATION organization, she can approve the workflow.

.

Open the Component Palette of JDeveloper.

Note: The Component Palette is where you are to add the Assign_oimurl and GetOrgAdmin tasks to the custom approval process.

.

On the Component Palette, drag and drop the Assign activity so that it rests in between the receiveInput activity and the ApprovalTask_1 activity.

Note: By default, JDeveloper assigns a name of Assign1 to the activity (because this is the first Assign activity you are adding to the custom approval process). This activity represents a task you are adding to the custom approval process.

You are ready to change the name of the approval process task from Assign1 to a more descriptive name (Assign_oimurl). Oracle Identity Manager uses this task to obtain the URL for the Administrative and User Console.

.

Right-click the Assign1 task. Select Edit from the menu that appears.

.

Click the General tab on the Edit Assign window. In the Name field, replace the existing name of the approval process (Assign1) with the desginated name (Assign_oimurl).

You are ready to use the Expression Builder feature of JDeveloper to create an expression that is used to fetch the URL associated with Oracle Identity Manager. This URL is to be used by the person approving a user's request for self registration. For this tutorial, Shirley Schmidt Shirley Schmidt acts as the requester.

.

Click the Copy Rules tab on the Edit Assign window.

Note: The Copy Rules tab is where you access the Expression Builder feature of JDeveloper.

.

Click the Expression icon (which resembles a calculator) and drag it onto the target variable for which you want to create an expression. For this example, you click and drag the Expression icon onto the oimurl variable because you want to create an expression that is used to fetch the URL associated with Oracle Identity Manager.

Note: The green box around the oimurl variable signifies that you can now create an expression for this variable. As a result, the Expression Builder window appears automatically for the variable.

.

Select BPEL XPath Extension Functions from the Functions area of the Expression Builder window.

 

.

Select the getPreference function and click Insert Into Expression.

The Expression area of the Expression Builder window contains the function you created.

Note: You select BPEL XPath Extension Functions from the Functions area of the Expression Builder window because you want to use BPEL capabilities and XPath standards predefined in JDeveloper. You select the getPreference function because this function returns the value of a property. For this example, the value to be returned is the URL associated with Oracle Identity Manager.

.

Click inside the parenthetical portion of the expression ( ). Enter 'oimurl' inside of the parenthesis. The expression should appear, as follows:

Important: Make sure you include the single quotation marks ' around the oimurl variable.

Note: You enter 'oimurl' into the expression because you want the getPreference function to return the value of the URL associated with Oracle Identity Manager.

 

.

Click OK to close the Expression Builder window.

.

Click OK to close the Edit Assign window.

You are ready to add the GetOrgAdmin task to the custom approval process. Oracle Identity Manager uses this task to assign the approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account). Because you assigned Shirley Schmidt to the ADMINISTRATION organization, she can approve the workflow.

.

On the Component Palette, select the Oracle Extensions menu. Select the Java Embedding activity.

Note: You select the Java Embedding activity because you want to include some "inline" Java code into the GetOrgAdmin task that you are adding to the custom approval process.

.

Drag and drop this activity so that it rests directly below the Assign_oimurl activity.

Note: By default, JDeveloper assigns a name of Java_Embedding1 to the activity (because this is the first Java Embedding activity you are adding to the custom approval process).

You are ready to change the name of the approval process task from Java_Embedding1 to a more descriptive name (GetOrgAdmin). Oracle Identity Manager uses this task to assign the approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

.

Right-click the Java_Embedding1 task. Select Edit from the menu that appears.

.

Click the General tab on the Edit Assign window. In the Name field, replace the existing name of the approval process (Java_Embedding1) with the desginated name (GetOrgAdmin).

.

Remove all code that appears in the Code Snippet text area. Then, enter the code contained in this file.

Note: Oracle Identity Manager uses this code to access its internal APIs to assign the approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

.

Click OK to close the Edit Java Embedding window.

Note: Oracle Identity Manager uses the code you entered to access its internal APIs to assign the approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

To enable Oracle Identity Manager to use these APIs, the approval process must be able to reference the oimclient.jar file. Oracle identity Manager requires this jar file to compile the code you entered properly. As a result, Oracle Identity Manager can access the APIs.

.

Open File Browser. Copy the oimclient.jar file in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/client directory. Paste this jar file into the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/new-workflow/process-template/SelfRegistrationApprovalApp/SelfRegistrationApproval/SCA-INF/lib directory.

Note: For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

You are ready to make Oracle Platform Security Services (OPSS) available for the custom approval process. OPSS is the underlying security platform that provides security to Oracle Fusion Middleware products and services, including approval workflows created through SOA.

To make OPSS available for the approval process, you must add the jps-manifest.jar file to the project library files associated with the process.

.

In JDeveloper, right-click the SelfRegistrationApproval project. Select Project Properties... from the menu that appears.

.

Select Libraries and Classpath from the left pane of the Project Properties window. Click Add JAR/Directory...

Note: You select Libraries and Classpath from the left pane of the Project Properties window and click Add JAR/Directory... because you want to add the jps-manifest.jar file to the project library files associated with the custom approval process.

.

On the Add Archive or Directory window, select the jps-manifest.jar file from the <MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1 directory. Click Select.

On the Project Properties window, click OK.

You added the jps-manifest.jar file to the project library files associated with the custom approval process. As a result, you made OPSS available for the approval process.

You are ready to create the OrganizationAdmin parameter. This parameter is to contain the value of the organization to which the custom approval process is to be assigned (the ADMINISTRATION organization). Oracle Identity Manager is to retrieve this value by referencing its internal APIs.

.

On the Application Navigator panel, expand the SelfRegistrationApproval > SOA Content directory. Open the ApprovalTask.task file (by double-clicking it).

 

.

On the Create Form pane, select Data.

.

On the Data page, click the green plus icon. Select Add string parameter from the menu that appears.

.

On the Add Task Parameter window, enter OrganizationAdmin in the Parameter Name field. Click OK.

You created the OrganizationAdmin parameter. This parameter is to contain the value of the organization to which the custom approval process is to be assigned (the ADMINISTRATION organization). Oracle Identity Manager is to retrieve this value by referencing its internal APIs.

You are ready to associate this parameter with the task of the custom approval process used to assign the process to the designated organization (the ApprovalTask_1_AssignTaskAttributes task). For this example, Oracle Identity Manager uses this task to assign the approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

You use the ApprovalProcess.bpel file to associate the OrganizationAdmin parameter with the ApprovalTask_1_AssignTaskAttributes task.

.

Make the ApprovalProcess.bpel file active (by clicking the ApprovalProcess.bpel tab).

 

.

Expand the ApprovalTask_1 task by clicking the plus icon to the left of the task.

Note: By expanding the ApprovalTask_1 task, the ApprovalTask_1_AssignTaskAttributes task appears.

 

.

Click the ApprovalTask_1_AssignTaskAttributes task. Select the Source tab.

Note: By selecting the Source tab, you can modify the ApprovalTask_1_AssignTaskAttributes task directly through the source code. This is a quicker and more efficient way to modify code associated with an approval process task.

 

.

Locate the following lines of code:

 <payload xmlns="http://xmlns.oracle.com/bpel/workflow/task">
  <RequestID xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
  <RequestModel xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
  <RequestTarget xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
  <url xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
  <RequesterDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
  <BeneficiaryDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
  <ObjectDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
  <OtherDetails xmlns="http://xmlns.oracle.com/request/RequestDetails"/>
  <RequesterDisplayName xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
  <BeneficiaryDisplayName xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
  <Requester xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>
</payload>

Add the following line of code after the <Requester xmlns="http://xmlns.oracle.com/bpel/workflow/task"/> line of code:

<OrganizationAdmin xmlns="http://xmlns.oracle.com/bpel/workflow/task"/>

The ApprovalTask_1_AssignTaskAttributes task should appear, as follows:

You are ready to associate the initiate task condition with the OrganizationAdmin parameter. By doing so, Oracle Identity Manager can inititate the allocation of the custom approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

.

Select the Design tab. Right-click the ApprovalTask_1_AssignTaskAttributes task. Select Edit from the menu that appears.

.

On the Edit Assign window, click the Copy Rules tab.

.

Click the orgadmin variable on the left pane of the Copy Rules tab. Drag this variable to the /ns2:initiateTask/task:task/task:payload item (on the right pane). The Copy Rules tab should appear, as follows:

.

In the To Xpath field, append /task:OrganizationAdmin to the xpath (and click OK). The path should appear, as follows: /ns2:initiateTask/task:task/task:payload/task:OrganizationAdmin.

Tip: To verify that you have the correct path, click the Source tab. Verify that you see the following lines of code:

<copy>
  <from variable="orgadmin"/>
  <to variable="initiateTaskInput" part="payload"
 	query="/ns2:initiateTask/task:task/task:payload/task:OrganizationAdmin"/>
</copy>

.

Open the Edit Assign window. In the lower region of the Edit Assign window, click the orgadmin copy operation (to select it). Click the blue down arrow button repeatedly until the orgadmin copy operation appears after the inputVariable/payload//ns3:process/ns4:RequesterDetails copy operation. Click OK.

You associated the initiate task condition with the OrganizationAdmin parameter. By doing so, Oracle Identity Manager can inititate the allocation of the custom approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

You are ready to specify that the tasks of the custom approval process are to be assigned to an Oracle Identity Manager organization instead of a user.

.

Make the ApprovalTask.task file active (by clicking theApprovalTask.task tab).

.

On the Create Form pane, select Assignment.

Note: You select the Assignment item because you want to assign the custom approval process to the ADMINISTRATION organization (instead of the xelsysadm superuser account).

.

Double-click the Stage1.Participant1 icon.

Note: The Stage1.Participant1 icon represents the entity in Oracle Identity Manager to which the custom approval process is to be assigned.

.

On the Edit Participant Type window, select Group from the Identification Type menu and By Expression from the Data Type menu. Click the ellipsis button [...] to the right of the Value field.

.

In the Expression Builder window, delete the xelsysadm item from the Expression pane. Then, in the Schema pane, select the /task:task/task:payload/task:OrganizationAdmin expression, and click Insert Into Expression.

Note: You delete the xelsysadm item from the Expression pane because you do not want to assign the custom approval process to the xelsysadm superuser account. You select the /task:task/task:payload/task:OrganizationAdmin expression because you want Oracle Identity Manager to assign the custom approval process to the ADMINISTRATION organization.

.

Click OK to close the Expression Builder window.

.

Click OK to close the Edit Participant Type window.

.

Click Save All on the JDeveloper toolbar to save your work.

You used JDeveloper to modify the custom approval process so that the approval process task is assigned to the ADMINISTRATION organization instead of the xelsysadm superuser account.

You are ready to deploy the custom approval process directly to SOA. After the approval process is deployed, you then register the approval process to Oracle Identity Manager.

Deploying the Custom Approval Process

In the previous section of this OBE, you modifed the custom approval process so that it is assigned to the ADMINISTRATION organization instead of the xelsysadm superuser account.

Two actions you completed to modify the approval process were:

You must include these two jar files as part of the classpath so that they can be referenced by SOA. Then, you can use JDeveloper to deploy the approval process to SOA.

To deploy the custom approval process, perform the following steps:

.

Launch Oracle Enterprise Manager Fusion Middleware Control 11g.

.

Log in to Oracle Enterprise Manager Fusion Middleware Control 11g with the "superuser" account for Oracle WebLogic Server. For this tutorial, enter weblogic in the User Name field, Welcome1 in the Password field, and click Login.

.

On the home page of Oracle Enterprise Manager Fusion Middleware Control 11g, expand the WebLogic Domain folder (by clicking the plus icon to the left of the folder).

.

Select the base domain for Oracle WebLogic Server. For this OBE, the base domain is base_domain.

.

From the base_domain menu, select System MBean Browser.

Note: You select System MBeans Browser from the base_domain menu because you want to modify system-related MBeans associated with SOA. MBeans are managed beans, or Java objects that represent resources to be managed. For this example, you want to include the oimclient.jar and jps-manifest.jar files as part of the classpath so that they can be referenced by SOA.

.

On the System MBean Browser page, expand the Application Defined MBeans folder (by clicking the plus icon to the left of the folder). Then, expand the oracle.as.soainfra.config, Server: <SOA_SERVER>, and BPELConfig folders. Lastly, click the bpel item.

Note: For this tutorial, <SOA_SERVER> represents the base directory for Oracle SOA, and is represented by soa_server1.

.

On the Attributes tab , click the BpelcClasspath item.

Note: You click the BpelcClasspath item because you want to include the oimclient.jar and jps-manifest.jar files as part of the classpath so that they can be referenced by SOA.

.

On the Attribute: BpelcClasspath page, click Use Multiple Line Editor.

Note: You click Use Multiple Line Editor because you are to include both the oimclient.jar and jps-manifest.jar files as part of the classpath. This information you are to add occupies more than one line of code.

.

In the text area, provide the full path for the oimclient.jar and jps-manifest.jar files. To do so, enter the following lines of code in the text area:

<MIDDLEWARE_HOME>/Oracle_IDM1/server/client/oimclient.zip:<MIDDLEWARE_HOME>/ oracle_common/modules/oracle.jps_11.1.1/jps-manifest.jar

Important: For a Microsoft Windows environment, separate the full paths for the oimclient.jar and jps-manifest.jar files with a semicolon instead of a colon.

Note: <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

.

Click Apply.

A Confirmation message appears.

You include the oimclient.jar and jps-manifest.jar files as part of the classpath so that they can be referenced by SOA. You are ready to use JDeveloper to deploy the custom approval process to SOA.

.

Make JDeveloper active.

.

From the Projects tab, right-click the project name, SelfRegistrationApproval, and select Deploy > SelfRegistrationApproval...

.

On the Deployment Action screen, select the Deploy to Application Server deployment action. Click Next.

Note: The Deploy to Application Server deployment action creates a JAR file for the custom approval process and deploys it to SOA. The Deploy to SAR deployment action creates a SAR (JAR) file of the approval process, but does not deploy it.

.

On the Deploy Configuration screen, select the Overwrite any existing composites with the same revision ID check box. Click Next.

Note: You select this check box because you want the custom approval process you are deploying to SOA to replace any existing approval workflows that may have the same revision identification number. For this tutorial, this ID is 1.0.

.

On the Select Server screen, click the green plus icon.

Note: You click this icon to add <SOA_SERVER> to the list of application servers to which JDeveloper can connect. JDeveloper must communicate with SOA for the custom approval process, which you created and modified in JDeveloper, to be deployed to SOA. For this tutorial, <SOA_SERVER> is represented by soa_server1.

.

On the Name and Type screen, enter a unique name for the connection between JDeveloper and SOA in the Connection Name field, and click Next. For this tutorial, soaserver represents the name of the connection.

.

On the Authentication screen, enter the login credentials of the "superuser" account for Oracle WebLogic Server. For this tutorial, enter weblogic in the Username field, Welcome1 in the Password field, and click Next.

Note: For security purposes, the password is displayed as a series of bullets (·). For this example, because the password is Welcome1, it appears as ·······.

.

On the Configuration screen, enter the base domain for Oracle WebLogic Server in the Weblogic Domain field, and click Next. For this OBE, the base domain is base_domain.

.

On the Test screen, click Test Connection.

Note: You click Test Connection to verify that JDeveloper can connect to SOA successfully.

.

After confirming that all nine connection tests are successful, click Finish.

.

On the Select Server screen, select the name you provided for the connection between JDeveloper and SOA in step 16 of this procedure, and click Finish. For this tutorial, soaserver represents the name of the connection.

.

After two minutes, click the Deployment tab in JDeveloper. Verify that you see the following message:

Successfully deployed archive sca_SelfRegistrationApproval_rev1.0.jar

This message signifies you deployed the approval process successfully.

In this section of the OBE, you deployed the custom approval process to SOA. You are ready to register this approval process so that Oracle Identity Manager can use it.

The new logical column is now qualified properly within the Facts Revenue Presentation layer table. You can use this script to update the Presentation layer of the repository with your new logical column or to create a new repository.

Registering the Custom Approval Process

In the previous section of this OBE, you included the oimclient.jar and jps-manifest.jar files as part of the classpath so that they can be referenced by SOA. Then, you used JDeveloper to deploy the custom approval process to SOA.

You are ready to register the custom approval process so that Oracle Identity Manager can use it. This includes creating a properties file for this approval process and then using the Register utility to register the process.

The properties files for all approval processes are found in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/registration directory. The file name is the same as the approval process, followed by a PROPS extension. For example, the properties file for the SelfRegistrationApproval custom approval process is SelfRegistrationApproval.props.

To register the custom approval process, perform the following steps:

.

Using File Browser, navigate to the <MIDDLEWARE_HOME>/Oracle_IDM1/server/workflows/registration directory.

Note: You navigate to this directory because you are creating a properties file for the custom approval process, and properties files for all approval processes are found in the <MIDDLEWARE_HOME>/Oracle_IDM1/server/ workflows/registration directory. Also, <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

 

.

Right-click the ResourceAuthorizerApproval.props file, and select Copy from the menu that appears.

Note: You are copying this file because it is easier to modify an existing properties file than it is to create it from scratch.

.

Select Edit from the menu bar. Select Paste from the menu that appears.

.

Rename the copied file to SelfRegistrationApproval.props.

Note: The properties file for the custom approval process has the same name as the approval process, followed by a PROPS extension. For this example, the properties file for the SelfRegistrationApproval custom approval process is SelfRegistrationApproval.props.

The properties file sets the parameters required for registering the SelfRegistrationApproval custom approval process to Oracle Identity Manager. It defines the name, the type of approval process, the provider information, the service name used to access the process, the default domain associated with the process, the version deployed, the packet name for the payload information, the operation, and finally, the list of approval tasks available in the process.

.

Using a text editor, open the SelfRegistrationApproval.props file. To do so, right-click the file, and select Open with "Text Editor" from the popup menu that appears.

 

.

Locate the following lines of code:

# ResourceAuthorizerApproval
name=ResourceAuthorizerApproval

.

Modify these lines of code, as follows:

# SelfRegistrationApproval
name=SelfRegistrationApproval 

The SelfRegistrationApproval.props file should appear, as follows:

.

Save and close the SelfRegistrationApproval.props file.

You created a properties file for the custom approval process. You are ready to use the Register utility to register the custom approval process so that Oracle Identity Manager can use it.

.

Open a Terminal window.

.

Navigate to the <MIDDLEWARE_HOME>/wlserver_10.3/server/bin directory.

Note: <MIDDLEWARE_HOME> represents the base directory for the Oracle Fusion Middleware suite of products, including Oracle Identity Manager and Oracle SOA. For this tutorial, <MIDDLEWARE_HOME> is represented by /opt/oracle/Middleware/.

.

At the prompts, enter the following commands (and press Enter after each command):

$ bash
$ source setWLSEnv.sh 

Note: By entering the bash and source setWLSEnv.sh commands, you call the setWLSEnv.sh script that comes with Oracle WebLogic Server. This script sets up all of the environment variables so that you can run the Register utility.

.

At the prompt, enter ant -f <OIM_HOME>/server/workflows/registration/registerworkflows-mp.xml register (and press Enter).

Note: ant represents the ant.sh file. This shell script file supplies built-in tasks used to run Java applications, such as the Register utility. By using the –f command, you are forcing the utility to run.

<OIM_HOME> represents the base directory for Oracle Identity Manager. For this tutorial, <OIM_HOME> is represented by /opt/oracle/Middleware/Oracle_IDM1.

registerworkflows-mp.xml is the name of the XML file associated with the Register utility, and register is the command to register the custom approval process.

.

Enter values for the prompts that appear, as follows (and press Enter after each value):

Prompt Value
Enter the username xelsysadm
Enter the password Welcome1
Provide oim managed server t3 URL t3://localhost:14000
inputpath(complete file name) of the property file SelfRegistrationApproval.props

Important: The values passed to the Register utility include the username for the Oracle Identity Manager system administration account, the password for the account, the t3 URL to connect to Oracle Identity Manager, and the properties file created earlier in this procedure. Also, the values that you enter for the username, password, URL, and property file are case-sensitive. Lastly, the password value is hidden for security purposes.

The Register utility begins to register the custom approval process. After the approval process is registered, a BUILD SUCCESSFUL message appears.

In this section of the OBE, you created a properties file for the custom approval process and used the Register utility to register this process. As a result, Oracle Identity Manager can use this approval process.

You are ready to create the approval policies that are to be used by Oracle Identity Manager to invoke the approval process.

Creating Policies for the Custom Approval Process

In the previous section of this OBE, you registered the custom approval process. By doing so, Oracle Identity Manager can use this approval process.

You are ready to build two approval policies to support the custom approval process. Oracle Identity Manager uses the first approval policy to assign the approval process to the SYSTEM ADMINISTRATORS role, and the second policy to assign the process to the FINANCE APPROVERS role. Oracle Identity Manager executes these approval policies sequentially.

At runtime, Ernest Allen, an end-user, makes a self-registration request. Because Shirley Schmidt is a member of the SYSTEM ADMINISTRATORS role, Oracle Identity Manager assigns the custom approval process to her. After she completes the process (by approving it), Oracle Identity Manager assigns the approval process to Danny Crane (because he belongs to the FINANCE APPROVERS role). After he completes the approval process, the self-registration user request is complete, and Ernest Allen is registered with Oracle Identity Manager successfully.

To create policies for the custom approval process, perform the following steps:

.

Log in to the Administrative and User Console as Shirley Schmidt. For this tutorial, enter SSCHMIDT in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

 

.

Click the Advanced link on the home page of the Delegated Administration Console.

Note: You click the Advanced link to access the Advanced Administration Console. This console is used to create policies for the custom approval process.

.

On the home page of the Advanced Administration Console, click the Policies tab.

.

On the Policies tab, click Create.

You are ready to create your first policy to support the custom approval process. Oracle Identity Manager is to use this policy to assign the approval process to the SYSTEM ADMINISTRATORS role. Because Shirley Schmidt is a member of this role, Oracle Identity Manager is to assign the custom approval process to her.

 

.

Populate the "Set Approval Policy details" page, as follows:

Field Value
Policy Name SelfRegisterPolicyOne
Request Type menu Self-Register User
Level menu Request Level
Approval Process default/DefaultRoleApproval!1.0

Note: You select Self-Register User from the Request Type menu because the custom approval process is associated with a self-registration user request. By selecting DefaultRoleApproval, Oracle Identity Manager assigns the approval process to the SYSTEM ADMINISTRATORS role automatically. Because Shirley Schmidt is a member of this role, she can complete the approval process.

 

.

Click Next.

You are ready to create a rule for the approval policy. At runtime, Oracle Identity Manager evaluates the criteria of the rule. If the result of the evaluation is true, Oracle Identity Manager executes the approval policy, and assigns the custom approval process to the SYSTEM ADMINISTRATORS role.

.

On the Set Approval Rule and Component page, enter SelfRegistrationRuleOne in the Rule Name field. Click Add Simple Rule.

.

Populate the Add Simple Rule window, as follows:

Menu Value
Entity Request
Attribute Request Type
Condition Equals
Value Self-Register User
Parent Rule Container Approval Rule

Note: For this example, because the classification type of the request is for self registering a user, Oracle Identity Manager evaluates the criteria of the rule to be true (because Ernest Allen is to make a self-registration request). As a result, Oracle Identity Manager executes the approval policy, and assigns the custom approval process to the SYSTEM ADMINISTRATORS role.

 

.

Click Save.

.

On the Set Approval Rule and Component page, click Next.

.

On the Review Approval Policy Summary page, click Finish.

.

On the Message window, click OK.

You created an approval policy to support the custom approval process. Oracle Identity Manager uses this policy to assign the approval process to the SYSTEM ADMINISTRATORS role.

You are ready to create a second approval policy. Oracle Identity Manager uses this policy to assign the approval process to the FINANCE APPROVERS role.

 

.

On the Policies tab, click Create.

 

.

Populate the "Set Approval Policy details" page, as follows:

Field Value
Policy Name SelfRegisterPolicyTwo
Request Type menu Self-Register User
Level menu Operation Level
All Scope check box [selected]
Approval Process default/SelfRegistrationApproval!1.0

Note: By selecting the All Scope check box, Oracle Identity Manager examines all entities that match the item that appears in the Scope Type field. For this example, Oracle Identity Manager evaluates this policy against every Oracle Identity Manager organization (because Organization is displated in the Scope Type field).

SelfRegistrationApproval is the name of the custom approval process you created, deployed, and registered in this OBE.

 

.

Click Next.

You are ready to create a rule for the approval policy. At runtime, Oracle Identity Manager evaluates the criteria of the rule. If the result of the evaluation is true, Oracle Identity Manager executes the approval policy, and assigns the custom approval process to the FINANCE_APPROVERS role. Because Danny Crane is a member of this role, he can complete the approval process.

.

On the Set Approval Rule and Component page, enter SelfRegistrationRuleTwo in the Rule Name field. Click Add Simple Rule.

.

Populate the Add Simple Rule window, as follows:

Menu Value
Entity Request
Attribute Request Type
Condition Equals
Value Self-Register User
Parent Rule Container Approval Rule

.

Click Save.

.

On the Set Approval Rule and Component page, click Next.

.

On the Review Approval Policy Summary page, click Finish.

You built two approval policies to support the custom approval process. Oracle Identity Manager uses the first approval policy to assign the approval process to the SYSTEM ADMINISTRATORS role, and the second policy to assign the process to the FINANCE APPROVERS role. Oracle Identity Manager executes these approval policies sequentially.

You are now ready to make a self-registration user request to verify the custom approval process.

Completing the Custom Approval Process

In the previous section of this OBE, you created two approval policies for the custom approval process. Oracle Identity Manager uses the first approval policy to assign the approval process to the SYSTEM ADMINISTRATORS role, and the second policy to assign the process to the FINANCE APPROVERS role. Oracle Identity Manager executes these approval policies sequentially.

You are ready to make a self-registration user request as Ernest Allen, an end-user. Because Shirley Schmidt is a member of the SYSTEM ADMINISTRATORS role, Oracle Identity Manager assigns the custom approval process to her. After she completes the process (by approving it), Oracle Identity Manager assigns the approval process to Danny Crane (because he belongs to the FINANCE APPROVERS role). After he completes the approval process, the self-registration user request is complete, and Ernest Allen is registered with Oracle Identity Manager successfully.

To complete the custom approval process, perform the following steps:

.

Log out of Oracle Identity Manager.

.

Click the Register link on the Login page of the Oracle Identity Manager.

Note: You click the Register link to make a user request for self registration.

.

Use the following screenshot to populate the "Tell us about yourself" region of the User Registration page (and click Next).

Note: For this example, you are making a self-registration user request as Ernest Allen.

.

Use the following screenshots to populate the Select a User ID and Password and "Set your challenge questions and answers" regions of the User Registration page (and click Register).

Note: The password you enter in the Select a User ID and Password region appears as a set of bullets for security purposes. Also, Oracle Identity Manager uses the questions you select and answer in the "Set your challenge questions and answers" region to verify your identity if you need to reset your password.

.

Log out of Oracle Identity Manager.

.

Log in to Oracle Identity Manager as Shirley Schmidt. To do so, enter SSCHMIDT in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: You log in to Oracle Identity Manager as Shirley Schmidt because Ms. Schmidt belongs to the SYSTEM ADMINISTRATORS role. Therefore, Oracle Identity Manager assigns the custom approval process to her.

The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

.

On the home page of the Authenticated Self Service Console, click the Search Approval Tasks link.

Note: You click this link to see all approval process tasks assigned to Shirley Schmidt.

.

On the Approvals tab, click the link that contains the number 1.

Note: 1 is the ID number of the self registration user request. By default, Oracle Identity Manager assigns the number one to the request (because this is the first request you made in Oracle Identity Manager).

.

On the Task Details page, specify FINANCE as the organization. Click Approve Task.

Note: FINANCE is the name of the organization in Oracle Identity Manager to which Ernest Allen is to belong after the self-registration user request is complete.

.

On the Message window , click OK.

Shirley Schmidt completed the custom approval process. Oracle Identity Manager assigns the approval process to Danny Crane (because he belongs to the FINANCE APPROVERS role).

You are ready to access Oracle Identity Manager as Mr. Crane to complete the custom approval process. After he completes the approval process, the self-registration user request is complete, and Ernest Allen is registered with Oracle Identity Manager successfully.

.

Log out of Oracle Identity Manager.

.

Log in to Oracle Identity Manager as Danny Crane. To do so, enter DCRANE in the User ID field, Welcome1 in the Password field, and click Sign In.

Note: You log in to Oracle Identity Manager as Danny Crane because Mr. Crane belongs to the FINANCE APPROVERS role. Therefore, Oracle Identity Manager assigns the custom approval process to him.

The first time you log in to Oracle Identity Manager with a particular account, you must select and answer "challenge" questions. These questions are used to verify your identity if you need to reset your password. However, for all subsequent logins with that account, these questions do not appear. Instead, you are taken directly to the Home page of the Administrative and User Console.

.

On the home page of the Authenticated Self Service Console, click the Search Approval Tasks link.

Note: You click this link to see all approval process tasks assigned to Danny Crane.

.

On the Approvals tab, click the link that contains the identification number for the request. For this tutorial, click the link that contains the number 1.

.

On the Task Details page, click Approve Task.

.

On the Message window , click OK.

Danny Crane completed the custom approval process. As a result, the self-registration user request is complete, and Ernest Allen is registered with Oracle Identity Manager successfully.

You are ready to verify that a user account is created for Ernest Allen in Oracle Identity Manager.

.

Log out of Oracle Identity Manager.

.

Log in to the Administrative and User Console with the "superuser" account for Oracle Identity Manager. For this tutorial, enter xelsysadm in the User ID field, Welcome1 in the Password field, and click Sign In.

.

On the home page of the Delegated Administration Console, enter EALLEN in the text field to the right of the Users menu. Click the right-arrow button.

Note: EALLEN is the ID of Ernest Allen, the end-user for whom you made the self-registration request.

Also, If you see the Self Service Console or Advanced Administration Console instead of the Delegated Administration Console, click the Administration link in the upper-right corner of the active console's Home page.

.

Verify that the Search Results tab contains an entry for Ernest Allen.

Oracle Identity Manager created a user account for Ernest Allen. The self-registration user request is complete, and Ernest Allen is registered with Oracle Identity Manager successfully.

Summary

In this tutorial, you used Oracle Identity Manager 11.1.1.5.0 to create a custom approval process and use it to approve a user's request for self registration.

In this tutorial, you should have learned how to:

Resources

Hardware and Software Engineered to Work Together Copyright © 2011, Oracle and/or its affiliates. All rights reserved