OIG 11G R2 Field Enablement Training

Similar documents
Lab 3: Configuration of OIM to manage user accounts lifecycle in DSEE application

OIG 11G R2 Field Enablement Training

OIG 11G R2 Field Enablement Training

OIG 11G R2 PS2 Field Enablement Training. Table of Contents

Oracle Identity Manager 11gR2-PS2 Hands-on Workshop Tech Deep Dive Provisioning and Reconciliation

OIG 11G R2 Field Enablement Training

OIG 11G R2 Field Enablement Training

OIG 11G R2 Field Enablement Training

OIG 11G R2 PS1 Field Enablement Training

OIG 11G R2 Field Enablement Training

OIG 11G R2 Field Enablement Training

Lab 19: Event Handlers for User Entities

OIG 11G R2 Field Enablement Training

Lab 13: Configure Advanced Provisioning Infrastructure for Request based scenarios

Oracle Banking Platform Collections

Customizing Oracle Identity Governance: Populating Request Attributes

CU Identity Manager Process Guide: Process Guide for Security Coordinators

Oracle Identity Manager Training

ServiceNow Deployment Guide

1Z Oracle Identity Governance Suite 11g PS3 Implementation Essentials Exam Summary Syllabus Questions

IBM Atlas Policy Distribution Administrators Guide: IER Connector. for IBM Atlas Suite v6

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Hands-On-Labs for. Microsoft Identity Integration Server Microsoft Identity Integration Server 2003 Hand-On-Labs

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

Oracle Identity Manager 11gR2-PS2 Hands-on Workshop Tech Deep Dive Upgrade

Xton Access Manager GETTING STARTED GUIDE

San Jacinto College. Secure SSL VPN Instruction Manual. Contents

Lab 1 - Getting started with OIM 11g

ServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Inc.

Table of Contents. VMware AirWatch: Technology Partner Integration

Question: 1 Which item must be enabled on the client side to allow users to complete certification in offline mode?

Hitachi ID Systems Inc Identity Manager 8.2.6

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Hosted Voice Console Assistant Set-up and User Guide V

Setting Up Resources in VMware Identity Manager

MITEL. Live Content Suite. Mitel Live Content Suite Installation and Administrator Guide Release 1.1

eshop Installation and Data Setup Guide for Microsoft Dynamics 365 Business Central

Table of Contents. CPS Supplier Portal 05 - Self-Service "Admin"

HP ALM Overview. Exercise Outline. Administration and Customization Lab Guide

Accops HyWorks v3.0. Quick Start Guide. Last Update: 4/25/2017

VMware End User Computing Global Demo Environment Walkthrough Guide

TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

Real Application Security Administration

Cisco Unified Communications Domain Manager manual configuration

User guide NotifySCM Installer

CMS Enterprise Portal User Manual

akkadian Global Directory 3.0 System Administration Guide

VMware AirWatch - Mobile Application Management and Developer Tools

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

DSS User Guide. End User Guide. - i -

DOWNLOAD PDF SQL SERVER 2012 STEP BY STEP

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More

AppController :28:18 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

VMware AirWatch: Directory and Certificate Authority

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

MANAGEMENT AND CONFIGURATION MANUAL

New World ERP-eSuite

Oracle Policy Automation The modern enterprise advice platform

SharePoint General Instructions

Table of Contents HOL-1757-MBL-6

Managing System Administration Settings

DYNAMICS 365 BUSINESS PROCESS VISUALIZATION USING VISIO

Admin Table is oftr Caoto ntr e s U ntsser Guide Table of Contents Introduction Accessing the Portal

Plexxi Connect vsphere Plugin User Guide Releases through 2.5.0

Oracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites

Does not add an additional server to the configuration. Limits communication failures between the webnetwork Server and Directory Service

BEST PRACTICES ARCHIVE in contentaccess

SharePoint AD Administration Tutorial for SharePoint 2007

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

OneLogin Integration User Guide

Administrator User Manual Alandalus

System Center 2012 R2 Lab 4: IT Service Management

Web Console Setup & User Guide. Version 7.1

NetBackup 7.6 Replication Director A Hands On Experience

End User Manual. December 2014 V1.0

How to setup Failover in Linux NVR

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Oracle Identity Governance 11g R2 PS1 - Creating a Parallel Approval Process

Published on Online Documentation for Altium Products (

EMS WEB APP Configuration Guide

Oracle Identity Manager: Administration and Implementation

Reset the Admin Password with the ExtraHop Rescue CD

Installing and Configuring vcloud Connector

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

Realms and Identity Policies

VMware AirWatch Directory Services Guide Integrating your Directory Services

Manage Administrators and Admin Access Policies

Kendo UI. Builder by Progress : What's New

Oracle Enterprise Manager. 1 Before You Install. System Monitoring Plug-in for Oracle Unified Directory User's Guide Release 1.0

VMware Identity Manager Administration

EMPLOYEE DIRECTORY (SHAREPOINT ADD-IN)

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Using vrealize Operations Tenant App as a Service Provider

NetMotion Integration with GreenRADIUS - Quick Start Guide

Key Features: Learning Objectives: Table of Contents:

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

IBM Security Identity Manager Version Administration Topics

Perceptive Nolij Web. Administrator Guide. Version: 6.8.x

Classification: Public ANZ TRANSACTIVE GLOBAL ADMINISTRATION USER GUIDE

Transcription:

OIG 11G R2 Field Enablement Training Lab 2 - Install and Configure Connector Disclaimer: The Virtual Machine Image and other software are provided for use only during the workshop. Please note that you are responsible for deleting them from your computers before you leave. If you would like to try out any of the Oracle products, you may download them from the Oracle Technology Network (http://www.oracle.com/technology/index.html) or the Oracle E-Delivery WebSite (http://edelivery.oracle.com) 1 P a g e

Table of Contents OIG 11G R2 Field Enablement Training... 1 Install and Configure Connector... 1 1. Introduction... 3 2. Install OUD Connector... 4 3. Create IT Resource... 9 4. Create Application Instance... 12 5. Execute required Lookup reconciliation scheduled jobs... 17 6. Execute Direct Provisioning for Connector health-check... 22 7. Extend the connector to add support of custom attributes... 26 7.1 Update Provisioning Lookup... 28 8. Configure Pre-populate adapters... 30 9. Configure few Important Parameters for Request and RBAC based provisioning scenarios... 33 10. Access Policy Based Provisioning... 34 10.1 Create Role Membership Rule... 34 10.2 Create Access Policy... 37 11. On board a user from HRMS and Test Access Policy Based Provisioning... 42 Conclusion... 48 2 P a g e

1. Introduction GENERAL FINACIAL is all set to extend the provisioning solution to accommodate extra applications coming onboard from MEDICLAIM acquisition. The Permanent Contact Number information for GENERAL OIM Users needs to be maintained. Also OIM has to be used to provision to GENERAL OUD application instances and LCM of the OUD accounts of existing MEDICLAIM users would also be done from OIM, moving forward, account reconciliation would be needed from initially from OUD to OIM. The need is recognized to install the OIM Generic LDAP connector pack to provide GENERAL the user/account provisioning/reconciliation capabilities w.r.t. GENERAL OUD application instances and also extend the connector to support the attribute homephone storing the Permanent Contact Number information. 3 P a g e

2. Install OUD Connector This step includes the configuration required to install OIM Generic LDAP connector (named as OID- 11.1.1.5.0) to integrate OIM with OUD. Services that need to be started: Ensure that OIM Managed Server is up and running. 1. In the VM navigate to the following directory. Use GUI to make it easier. cd /app/software 2. Extract OID-11.1.1.5.0.zip. Unzip OID-11.1.1.6.0.zip 3. Copy it to the following directory. $ cd /app/software $ cp -r OID-11.1.1.6.0/ /app/middleware/oracle_idm1/server/connectordefaultdirectory/ 4. Hit the Sysadmin console in a new browser window. 5. Login as ADMIN. 6. In the System Management menu, click on Manage Connector. 7. A new Connector Management window will pop up. Click on Install button. 8. From the Connector List list, select ODSEE/OUD/LDAPV3 Connector 11.1.1.6.0. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory. 4 P a g e

9. Click Load. 10. To start the installation process, click Continue. 11. If all three tasks of the connector installation process are successful a message indicating successful installation is displayed. Note: Do not click refresh on the Install Connector window. It will refresh by itself during the installation process. Wait till the process completes and you see this screen below. 12. Click on Exit. Checkpoint Start the Design Console. Search for the Process Form UD_LDAP_USR. It should show up 5 P a g e

Search for the Process Definition LDAP User, it should show up 6 P a g e

Search for the Resource Objcet LDAP User, It should show up 7 P a g e

These are used in the next section of the Lab. Now you can continue. If you don t see these objects you need to check your connector Import before proceeding to next step. 8 P a g e

3. Create IT Resource These steps include the configuration required to create an IT Resource and Application Instance for the relevant instance of OUD server. 1. Click IT Resource under Configuration. A new window will pop up. 2. Click Create IT Resource. 3. On the Step 1: Provide IT Resource Information page, enter the following information: IT Resource Name IT Resource Type Remote Manager Enterprise Directory - OUD Click the lookup which will open another popup. On that one, select LDAP and click Select. leave this field blank 4. Click Continue. 5. On the Step 2: Specify IT Resource Parameter Values page, specify values for the parameters of the IT resource, and then click Continue. Parameter basecontexts Configuration Lookup Connector Server Name Credentials Description Base DN where all the user operations are to be carried out. The value is: dc=example,dc=com Password of the user who has administrator rights on Sun Java System Directory The value is: Lookup.LDAP.OUD.Configuration Remote Connector Server Details Leave it Blank Password of the Administrator 9 P a g e

Parameter Failover Host Port Principal Ssl Description The value is: Oracle123 Failover Server Details Leave it Blank IP address or Host name of the target OUD Server The value is: identity.oracleads.com Port number to connect to the target OUD Server The value is: 2389 DN value of the user who has administrator rights on Sun Java System Directory The value is: cn=directory Manager Specifies whether or not an SSL connection is used for communication between Oracle Identity Manager and the target OUD The value is: false 6. Click on Continue. 7. On the Step 3: Set Access Permission to IT Resource page just click Continue. 8. On the Step 4: Verify IT Resource Details page, review the information that you provided on the first, second, and third pages. If you want to make changes in the data entered on any page, click Back to revisit the page and then make the required changes. 9. Click Continue. 10 P a g e

10. The Step 5: IT Resource Connection Result page displays the results of a connectivity test that is run using the IT resource information. OUD connector which we are using in this lab does not support any connectivity test. 11. Click Continue. 12. Step 6: Click Finish. Checkpoint At this point you have just created the IT Resource that will be used in the next labs. 11 P a g e

4. Create Application Instance This step includes the configuration required to create an Application Instance for the relevant instance of OUD server. 1. In order to create an Application Instance for OUD Connector, log in to the SYSADMIN Console by using the ADMIN account. 2. Click Application Instances under Configuration. 3. Click Create. 4. Fill in the following data. Name Display Name Description Disconnected Resource Object IT Resource Instance Form EnterpriseDirectoryOUD Enterprise Directory OUD It is the corporate directory in which all the enterprise users should have accounts Unchecked Search and Assign LDAP User Search and Assign Enterprise Directory OUD Leave it blank 12 P a g e

5. Click Save. 6. At the top of the screen click on Sandboxes. 7. Click on Create Sandbox. 8. Create a sandbox by name createconnectorform. 9. Click on Save and Close. 10. Now Click on Form Designer on the left under Configuration 13 P a g e

11. Search and Select LDAP User as the resource. Then Click on Search to Display the existing forms 12. Click on Create Button to Create a new form 13. For the Resource Type Search and Select LDAP User 14. Provide the form name as LDAPAccountSchema Specify the Default value Parent Form + Child tables for Form Type 14 P a g e

15. Click on Create button to create the form 16. Now if you go back to Form Designer Screen and Search you should see the newly created form. 17. Go back and Click on Application Instances under Configuration. 18. Click on Search. 19. Click on the display name, Enterprise Directory OUD to open the same. 20. Under the Form Section click on Refresh to update the available forms 21. Specify the Form Name as LDAPAccountSchema. And click on Apply to save the change 22. Now we need to publish this application instance to organizations so that users can request this application instance. Click on the Organizations tab 15 P a g e

23. For the Organization Top click on Include sub-orgs check box. Click on Apply to save the change Note: The top org is there for POC scenarios. In an actual deployment you need to publish the application instance to your designed organizations and remove the top organization from the list. 24. Close all tabs except the Manage Sandboxes tab. 25. Select the createconnectorform sandbox. 26. Click on Publish Sandbox from the menu above. 27. Click on Yes. This will publish the changed we have done. Checkpoint At this point you have just created the Application Instance that will be used in the succeeding labs. 16 P a g e

5. Execute required Lookup reconciliation scheduled jobs This section includes the steps required to populate the relevant lookup codes with valid data entries present in the OUD, namely for OUD groups, roles and organizations. The lookup codes will then be used by LOVs on connector UI elements - process forms and request datasets. 1. In order to run the Scheduled Job for the Organization lookup, log in to the SYSADMIN Console by using the ADMIN account. 2. Click Scheduler under System Management panel. 3. Search for scheduled job LDAP Connector OU Lookup Reconciliation. 4. Click on the name field to open the job. 5. Update the following parameters with the specified values. IT Resource Name Enterprise Directory - OUD 6. Click Apply. 7. Click Run Now. 8. Keep clicking on Refresh to check the status of the job. 9. Similarly search for the following job. LDAP Connector Group Lookup Reconciliation 10. Update the following parameters with the specified values. IT Resource Name Enterprise Directory - OUD 11. Click on Apply. 12. Click on Run Now. 13. Keep clicking on Refresh to check the status of the job. 14. Search for a task by name Entitlement List. 15. Click on Run Now. 16. Similarly search for a task by name Catalog Synchronization Job. 17. Click on Run Now. 18. Keep clicking on Refresh to check the status of the job. 19. Close the popup. 20. Logout and close the browser. Checkpoint The First two Jobs you ran will populate the Organization and Group Look up using the values pulled from OUD server. Go back to Sysadmin console. Click on Lookups 17 P a g e

Search for Lookup.LDAP.Organization. You should have the value in this lookup as shown below Now search for Lookup.LDAP.Group. This lookup also should have the values populated from OUD. 18 P a g e

If you are not able to see the values for these 2 lookups. Stop here as you need to debug the last steps to check why you are not able to get the values from OUD. Start with checking your IT Resource created for OUD first followed by check the schedule jobs (i.e IT Resource name you have provided should match the IT Resource you have created). 5-A Define Security These steps describe the procedure to publish Application Instance, Entitlements and Roles into Information Systems Organization so that requesters can see these entities in the catalog. 1. Login to the Sysadmin console as ADMIN. 2. Click Application Instances link under Configuration. 3. Search for Enterprise Directory OUD. 19 P a g e

4. Open Enterprise Directory OUD Application Instance. 5. Navigate to Organization tab. 6. Click Assign. 7. Search for Information Systems Organization. 8. Select Information Systems organization and click on Add Selected. 9. Ensure that the Hierarchy check box is checked/selected. 10. Select/check Apply to Entitlements. 20 P a g e

11. Click OK. Application Instance and Entitlements both are published into Information Systems and its sub organizations. 12. Let s check one entitlement. 13. Click on Entitlements tab and select first entitlement. Because we have selected Apply to Entitlements while publishing Application Instance into the organization, all entitlements of this application instance will automatically be published into the Information Systems organization. 21 P a g e

6. Execute Direct Provisioning for Connector health-check This step is required to test if the provisioning module of installed OUD connector is working properly. 1. Navigate to the OIM Self Service web console in a new browser window. 2. Logon as ADMIN. 3. Navigate to Users under Administration. 4. Search for user AADAM (Ana Adam). 5. Click on the User Login field to open the record. 6. Navigate to the Account sub tab. 7. Click on Request Accounts. You shall be redirected to Catalog. 8. Catalog will display existing Accounts (Application Instances) you can request 9. Click on Add to Cart for the Application Instance Enterprise Directory OUD 10. You should see the Cart getting updated 11. Now the beneficiary should have been added already. 22 P a g e

12. Click on Checkout. 13. Fill up the form as follows. User ID Password First Name Last Name Container DN AA24144 Default Password (Oracle123) Ana Adam Search for Enterprise Directory OUD~People 23 P a g e

Note: Look at the Appendix-B-PrePopulate-Plugin Lab for how to automatically populate the fields using pre populate adapter. 14. Click on Ready to Submit. 15. Click Submit. 16. Close the catalog tab after the request is successfully submitted. 17. Go to User Details Page and click Refresh. 18. You should be able to see that the new Enterprise Directory account is provisioned. 19. Using LDAP Browser available in the VM, verify in the OUD server if the user got successfully provisioned. To start the ldap browser double click on launchapachestudio.sh in Startup_Scripts on VM Desktop. 24 P a g e

Checkpoint In this step you just created a user and executed a direct provisioning to test the connector. 25 P a g e

7. Extend the connector to add support of custom attributes This step includes the configuration required to extend the OIM connector (OID-11.1.1.5.0) to add the support for one more OUD user account attribute: homephone. Extend the process form to add the support for homephone attribute. This will add the Home Phone attribute on the LDAP connector process form UD_LDAP_USR. 1. Login into SYSADMIN Console. 2. Login as ADMIN. 3. Click on Sandboxes at the top of the screen. 4. Click on Create sandbox 5. Name it as Extend-Connector. 6. Click on Save and Close. 7. Click OK on confirmation screen. 8. Close Sandbox window. 9. Click on Form Designer under Configuration. 10. Search for Resource Type = LDAP User 11. Open LDAPAccountSchema Form by clicking on the name. 26 P a g e

12. Click on the Create a Custom Field button. 13. Choose Text as the option. 14. Click OK. 15. Fill the form as follows. Display Label Home Phone Display Width 40 Name Auto populates Searchable Checked Maximum Length 64 16. Click on Save and Close at the top of the screen. 17. To add the new attribute to the form, click Regenerate View. Note: Once again, please do not forget to click the button Regenerate View. 27 P a g e

Keep the Default Option. Click Ok 18. Now close all open tabs Mandatory Step. 19. Click on Sandboxes at the top. 20. Select the Extend-Connector sandbox. 21. Click on Publish Sandbox. 22. Click on Yes. 7.1 Update Provisioning Lookup 1. Click on Lookup under Configuration. 2. Search for Code field with value as Lookup.LDAP.UM.ProvAttrMap. 3. From the search results select the Lookup.LDAP.UM.ProvAttrMap row. The Edit button now appears. 4. Click on Edit. 5. Under Lookup Codes click on the Create icon. 28 P a g e

6. Add the following entry 6.1. Meaning: homephone 6.2. Code: Home Phone Note: homephone is the name of the attribute in OUD and Home Phone is the display name (label) of the attribute in OIM form. 7. Click on Save. 8. Click on Ok. 9. Logout and close the browser. Checkpoint In this step you have extended the connector to support a custom attribute called Home Phone which maps the LDAP attribute homephone. 29 P a g e

8. Configure Pre-populate adapters This step describes the procedure to configure a pre-populate adapter on LDAP connector process form. In this section, you will Add the pre-populate adapter on the LDAP connector process form UD_LDAP_USR. Attach the pre-populate adapter on the LDAP/OID connector process form US_LDAP_USR with Home Phone attribute. 1. Launch Design console. To launch double click on the launchdesignconsole.sh under Startup_Scripts on the VM Desktop. 2. Login as xelsysadm. 3. Navigate to Development Tools Form Designer. 4. Click on the search button. 5. Navigate to the Form Designer Table tab. 6. Find and double click UD_LDAP_USR. 7. Navigate back to the Form Designer tab. 8. Ensure that you the following. Else you will not be able to find the attribute Home Phone. 8.1. current version = LDAP User_xxxx 9. Click button Create New Version. 10. Provide a Label value as Add PrePopulate. 11. Click Save icon. 12. Click Close. 13. From the Current Version dropdown select the newly created Version. 14. Click the tab Pre-Populate. 15. Click Add button. 16. On the window Pre-Populate Adapter set the following configuration. Field Name Home Phone Rule Default Adapter LDAP String 17. Click Save. Order will get populated automatically. 18. In the section Adapter Variables, select the only entry and click Map. 19. New window Adapter Variable will open up. 20. Set the following configuration. Variable Name attrval Data Type Map To String User Definition 30 P a g e

Qualifier Home Phone 21. Click on Save. 22. Click on Close. 23. Click on Save. 24. Click on Close. 25. Click on Save in the form window. 26. Click on Make Version Active. 31 P a g e

27. Click on OK in the warning. You should have your version Active 32 P a g e

9. Configure few Important Parameters for Request and RBAC based provisioning scenarios This step descries the procedure to configure a pre-populate adapter on LDAP connector process form. In this section, you will Update LDAP connector Process Definition. 1. Launch Design console if already closed. 2. Navigate to Process Management Form Process Definition. 3. In the Name field enter LDAP User and click on the search icon. It looks like binoculars. 4. Check the checkboxes Auto Pre-populate and Auto Save Form. 5. Click Save icon. Auto Pre-populate flag is required to automatically trigger the pre-populate adapters configured on the process form of resource object LDAP User when provisioning operation is getting executed for the same. If this flag is not checked, Pre-populate button has to be clicked to fill in the form on the OIM UI if direct provisioning is taken into practice. Auto Save Form flag is required for automatically saving the instance of process form of resource object LDAP User during a provisioning operation. If this flag is not checked, the process form would launch on the OIM UI with pre-populated data (if pre-populate adapters and the Auto Pre-populate flag are configured) or blank before provisioning data is finally saved and passed forward to the provisioning target. 33 P a g e

10. Access Policy Based Provisioning This step descries the procedure to configure Access Policy based provisioning. 10.1 Create Role Membership Rule 1. Login to Identity Console as Admin. 2. Navigate to Roles under Administration. 3. Search for Employee role. 4. Open Employee Role. 5. Navigate to Members sub tab, if not already there. 6. Under Membership Rules click on Add Rule. This opens the Rule Builder. 34 P a g e

7. In the Select Operand value frame sort by Display Name column. 8. Scroll down to find User Type. Select it. 9. Click on Add. 10. For the Value of String enter the following. Full-Time 11. Click on Add. 12. The expression should look like this now. 13. Click on Preview Results Tab and you should see the Members added to this role as part of the rule we just created. 35 P a g e

14. Click on Save. at the bottom of the screen. 15. Now we are back on the Main members screen. The role membership is not evaluated immediately. 16. Click on Apply and Evaluate Button Note: There are two buttons. When you click on Apply the membership is not calculated immeidtaly. It will be calculated offline when you run the Refresh Role Memberships schedule Job. If you need immediate role membership evaluation, you need to click on Apply and Eveluate. We provide both options so that customers can chosse how they want the role membership rules needs to be evaluated. 36 P a g e

17. Click on Refhesh couple of times and you should see the new users as members in the role. 10.2 Create Access Policy 1. Navigate to Sysadmin console in a new browser window. 2. Login as ADMIN. 3. Click Access Policies under Policies. A new pop up window will open. 4. Click on Create Access Policy. 5. Fill the form with the following values. Access Policy Name Access Policy Description Provision Retrofit Access Policy Onboard Employee Onboard Employee Without Approval Checked 37 P a g e

Priority One greater than the Current lowest priority 6. Click on Continue. 7. From the list of resources, select LDAP User and click on Add. 8. Click on Continue. 9. Click on Continue. 10. Fill the form with the following values Server Container DN Enterprise Directory - OUD Enterprise Directory - OUD~people 38 P a g e

11. Click on Set Additional data. 12. In the Group Name field, click on search. 13. A new screen with all the available Groups pops up. 14. Click on the Next link until you are navigated to the last screen. 15. Select the following group. 15.1.Enterprise Directory - OUD~Vacation Tool 16. Click Select. 39 P a g e

17. Click on Add. 18. And repeat the same steps to add the following groups. 18.1.Enterprise Directory - OUD~VPN Access 18.2.Enterprise Directory - OUD~Information Systems 18.3.Enterprise Directory - OUD~Denver 18.4.Enterprise Directory - OUD~Employee Portal 19. Click on Continue. 20. In the Role selection screen click on Continue. 21. Select the radio button under Disable if no longer applies (DNLA) choice. 40 P a g e

22. Click on Continue. 23. Click on Continue. We do not want to deny any resources using this Access Policy. 24. Select the Employee Role and click on Add to move it to the Selected list. 25. Click on Continue. 26. Verify all the information is correct. Click on Create Access Policy. A confirmation of success is displayed in the successive screen. 27. Close the Popup window. 28. Logout of sysadmin console and close the browser. 41 P a g e

11. On board a user from HRMS and Test Access Policy Based Provisioning Create user from HR and onboard them in OIM 1. Launch the HR App. 2. Logon as hradmin/oracle123 3. Click on the New Employee link to onboard a new employee. 4. Hire an employee with the details below. First Name Last Name Employee Type Marc Johnson Employee 42 P a g e

Organization Location Active 5. Navigate to the Job tab. 6. Fill the form with the below details. Information Systems Denver Yes, Active Is Manager No Manager Crane, Danny Cost Center 101 Cost Center 101 Is head of dept No Position Information Systems Developer 7. Click on Create New Employee. The employee is created and a HR ID and a User Login are generated automatically. 8. Logout of the HR application and close the browser. 9. Open Sysadmin console of OIM in a new browser. 10. Login as ADMIN. 11. Click on Scheduler under System Management. 12. Search for a task by the following name. HR APPLICATION TABLES_GTC 13. From the search results click on the name to open it. 14. Execute the scheduled task by clicking on Run now. 15. Refresh it to check until the Job status as Stopped and Execution status shows as Success. 16. Click on Event Management Tab, you should see the events 43 P a g e

17. Similarly search for another job with name 17.1.Evaluate User Policies 18. Execute the scheduled task by clicking on Run now. 19. Refresh it to check until the Job status as Stopped and Execution status shows as Success. The evaluate USER policy shall take a while to complete, as it is now provisioning all the users to OUD and the respective groups. Check Point Launch the Apache Studio using the link in Startup_Scripts folder on Desktop Login by double clicking the link. 44 P a g e

Look at ou=people Node. You should have lot of users entry s in there. 45 P a g e

If you don t see user s in there. Stop the OIM Server and Start again. This should start provisioning the users into LDAP according to the Access Policy. If you see the users Move to next step below. 20. Navigate to Identity Self service console. 21. Login as admin/oracle123. Navigate to Users under Administration. 22. Search for user 22.1.First name: Marc 22.2.Last name: Johnson. 23. Click on the user login field to open the user identity. 24. Navigate to the Roles tab. Employee role would have been assigned. 25. Navigate to Account and Entitlements tabs. You should see all the basic access provisioned. 46 P a g e

26. Launch thunderbird in the VM and you would also see a new hire email being sent to the Danny Crane Inbox: Danny.Crane@oracleads.com 26.1.Subject of the email New Account Information. 26.2.It will have UserID and Password for the newly hired user and 26.3.You may logon using those credentials if you would want to demo the scenario where the end user logs on to self service and views My Access. If you want to test the de-provisioning aspect 27. Remove user from Role Employee role. 28. Run the Evaluate User Policies task. 29. Navigate to Account tab, the account will show up as Disabled. Navigate to the Entitlements tab,all of them would have been revoked. 47 P a g e

Conclusion 1. In this lab, you have accomplished all the basic configuration which one would need after installing a connector the following: 2. Install Connector 3. Create IT Resource, Application Instance, Account schema/form 4. Extend Attribute Mapping, Create Pre-populate adapters for the extended attribute 5. Create Role based Access control configurations using Access policies and then onboard users from an authoritative source and get them basic access provisioned. 6. Relevant features that you can explore further: 7. Password Policy configuration If you want to attach one or more password policies to the application instance form that gets rendered on the catalog, you will have to 1) create/edit a password policy by navigating to the System Administration console and choose the Password Policy menu item 2) attach the password policy to the application instance by navigating to the Design console, searching for the underlying resource object and attaching the policy using the Password Policy tab. 48 P a g e

8. Explore further form properties: Navigate to the design console, form designer and check what all various properties have been introduced in R2 release which you can use. E.g. If you want to configure OIM Access policy engine to be able to provision multiple account in multiple LDAP server application instances to the same physical enterprise user, you would have to set the 49 P a g e

property Account Discriminator as true for IT resource field. This will help the provisioning engine isolate between multiple LDAP accounts of the same user as different/unique ones based on the value of IT resource field value. There are more such important properties introduced which you should research out from OIM R2 documentation AccountName (true/false), ITResource (true/false). 50 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback