Getting Started with Oracle Identity Manager Entities

Purpose

In this tutorial, you learn how to create, search, modify, and delete the main Oracle Identity Manager entities: users, roles, and organizations.

Time to Complete

30 minutes

Context

This tutorial is a part of the Getting Started with Oracle Identity Manager(OIM) 11gR2 PS3 series which includes:

• Installing a Database for Identity and Access Management (IdM) Suite
• Setting-up an Oracle Identity Manager 11gR2 PS3 environment
• Getting Started with Oracle Identity Manager Entities (this tutorial)
• Provisioning OIM Accounts

Background

Oracle Identity Manager Entities - An Overview

Oracle Identity Manager manages an organizations' accounts, privileges, and authorizations through entities. This tutorial covers three of the most basic OIM entities: Users, Roles, and Organizations.
Note: For more information about other OIM entities such as administration roles, refer to the Oracle Identity Management 11g documentation or the Oracle Identity Governance 11g R2: Essentials course (links provided in the 'Want to Learn More section).

What Do You Need?

For completing this tutorial you will need:

• An Environment with an Oracle Identity Management 11gR2 PS3 Environment installed and running.
  Note: The tutorial Setting-up an Oracle Identity Management 11gR2 PS3 Environment provides instructions on how to setup an Oracle Identity Management 11g R2 PS3 environment.
  

An organization entity represents a logical container of entities such as users and other organizations in Oracle Identity Manager. Organizations are containers that can be used for delegated administrative models. In addition, an organization defines the scope of other Oracle Identity Manager entities, such as users. Oracle Identity Manager can have a flat organization structure or a hierarchical structure, which means that an organization can contain other organizations. The hierarchy represents departments, geographical areas, or other logical divisions facilitating management of Oracle Identity Manager entities.

In this section you will create a organization called Marketing. You will perform this task using the Oracle Identity Manager Identity Self Service Console.

1. Open the browser and enter the url http://host01.example.com:14000/identity . The Identity Self Service Console login page is displayed. Enter xelsysadm as the username and Welcome1 as the password. Click Sign In.

   

2. Click Manage:

   

3. Click Organizations:

   

4. Click Create:

   

5. In the Organization Name field, enter Marketing. Select Department from the Type drop-down list. Click the search icon in the Parent Organization Name field:

   

6. The Search Organizations window is displayed. Enter Top in the Organization Name field and click Search:

   

7. Select Top from the search results and click Select:

   

8. Click Save:

   

9. A message indicating that the organization has been created is displayed. Click Refresh. The Marketing organization is displayed in the Organizations List:

   

In Oracle Identity Manager, users are associated with OIM accounts that allow them to access Oracle Identity Manager. In this section, you will add a user called Daniel Smith and assign this user to the Marketing Organization.

1. Click Home:

   

2. Click Users:

   

3. Click Create:

   

4. Enter the following values in the Basic Information section and then click the search icon next to the Organization field:

• First Name: Daniel
• Last Name: Smith
• E-mail: dsmith@example.com



5. Enter Marketing in the Organization Name field and click Search:

   

6. From the search results, select the Marketing department and click Select:

   

7. The Organization field in the Create User window displays the selected organization. Select Employee in the User Type field, enter the following details in the Account Settings section and click Submit:

• User Login: dsmith
• Password: Welcome1
• Confirm Password: Welcome1



8. A message indicating that the user has been created is displayed.

   

9. Click Refresh. The newly created user DSMITH is displayed in the Users list:

   

Roles are used to create and manage the records of a collection of users who should be permitted to access common functionality, such as access rights, roles, or permissions. You will now create a role called Workflow Approver. Later you will assign the user Daniel Smith to this role.

1. Click Home:

   

2. Click Roles:

   

3. Click Create:

   

4. Enter the following values in the General Role Information section and click Next:

• Name: Workflow Approver
• The Display Name is automatically updated. You can change it if you want.
• Role Description: This role approves workflows



5. Click Next:

   

6. Click Next:

   

7. Click Next:

   

8. Click Next:

   

9. Review the Summary page and click Finish:

   

10. A message indicating that the role has been created is displayed. Click Refresh:

    

11. The newly created role is displayed in the Roles list:

    

You will now update the organization Marketing and change its name to Marketing Department.

1. In the Home page click Organizations:

   

2. From the Organizations list, click Marketing:

   

3. In the Organization Name field, change the value to Marketing Department and click Apply (Note: After entering the value, you might have to click outside the Organization Name field for the Apply button to become active):

   

4. A message indicating that the organization is modified appears:

   

You will now update the role Workflow Approver to change its description.

1. In the Home page click Roles:

   

2. In the roles list, Click Workflow Approver:

   

3. Update the Role Description field to This role approves workflows for the Marketing Department and click Apply (Note: After entering the value, you might have to click outside the Role Description field for the Apply button to become active):

   

4. A message indicating that the role has been updated is displayed:

   

5. Close all the open tabs.

You will now update the user DSMITH and assign the user to the Marketing Department. You will also update the users phone number.

1. In the Home page click Users:

   

2. In the users list, click DSMITH:

   

3. Ensure that the Roles tab is selected and click Request Roles:

   

4. Click Add to Cart next to the Workflow Approver role:

   

5. Observe that the cart indicates that one item is added. Click Next:

   

6. Click Submit:

   

7. A message indicating that the request for role access is completed appears. Click Refresh:

   

8. In the Roles tab, all the roles assigned to the user Daniel Smith are displayed. The newly assigned role Workflow Approver is also listed:

   

9. Click Attributes:

   

10. Click Modify:

    

11. Scroll down to the Contact Information section. In the Telephone Number field, enter +1 408 555 4798:

    

12. Scroll up and click Submit:

    

13. A message indicating that the operation completed successfully is displayed:

    

14. Close all open tabs.

In this section you will search for a user using a search criteria and view the results.

1. In the Identity Self Service home page, click Users:

   

2. Click Advanced:

   

3. You will search for all users that belong to the Marketing department. Click the search icon next to the Organization field:

   

4. In the Organization Name field, enter Marketing and click Search:

   

5. In the search results, select the Marketing Department and click OK:

   

6. Click Search:

   

7. The search result displays the user DSMITH, because the user belongs to the Marketing organization. Click DSMITH:

   

8. The details of the user Daniel Smith are displayed.

   

9. Close all the open tabs.

When users no longer exist in the organization, you can delete them from the system. Deleted users are marked in the system as deleted and are not completely removed. You cannot create another user with the same name as the deleted user.

1. In the home page, click Users:

   

2. In the users list, click the row corresponding to the user DSMITH to select it:

   

3. Click Delete:

   

4. Click Submit:

   

5. A message indicating that the operation is successful is displayed. Click Refresh:

   

6. The users list is updated. You no longer see the user DSMITH listed:

   

7. Close the Users tab.

When roles are no longer needed you can delete them from the system.

1. In the home page, click Roles:

   

2. In the roles list, click the row corresponding to the role Workflow Approver to select it:

   

3. Click Delete:

   

4. Click Yes:

   

5. A message indicating that the operation is successful is displayed. Click Refresh:

   

6. The role list is updated. You no longer see the role Workflow Approver listed:

   

7. Close the Roles tab.

When organizational restructuring occurs, some organizations need to be deleted and newer ones created. Organizations that are deleted from the system are marked deleted. You cannot create new organizations with the same names are the ones deleted. The organization should be empty before you can delete the organizations - you will need to delete all users that are part of the organization or assign them to other departments.

1. In the home page, click Organizations:

   

2. In the organizations list, click the row corresponding to the Marketing Department to select it:

   

3. Click Delete:

   

4. Click Delete:

   

5. A message indicating that the operation is successful is displayed. Click Refresh:

   

6. Click xelsysadm and click Sign Out:

   

7. Close the browser.

• Oracle University Training: Oracle Identity Governance 11g R2: Essentials
  
• Oracle Identity Management 11g documentation

• Fusion Middleware User's Guide for Oracle Identity Manager

• Installing a Database for Identity and Access Management (IdM) Suite

• Setting-up an Oracle Identity Management 11gR2 PS3 Environment
• Provisioning OIM Accounts

• Developer: Sanjay Kumar Kunithala
• Lead Developer: Frederico Hakamine