Oracle Identity Manager 11g: Develop Identity Provisioning

Course Description

Changes to workflow, policy, data flow, or integration technology are isolated within the respective functional layers of Oracle Identity Manager, thus minimizing application-wide impact. In addition, Oracle Identity Manager is flexible because all configurations are done via its powerful user interface. The product does not rely on any scripting language for setup, configuration, or process modeling. As a result, Oracle Identity Manager is the most-advanced enterprise identity management solution available.

This course begins by providing participants with a refresher of concepts associated with identity management, identity administration, and Oracle Identity Manager. Participants learned these concepts in the Oracle Identity Manager 11g: Essentials course. As a result, participants review the importance, benefits, terminology, functional aspects, and infrastructure of identity management and identity administration. In addition, participants receive refresher material about Oracle Identity Manager, including how it uses connectors manage reconciliation and provisioning workflows. In addition, participants become reacquainted with Oracle Identity Manager and its two types of consoles: Administrative Consoles (Web-based) and Design Console (Java-based), as well as forms, folders, and links that compose the Design Console and each Administrative Console.

This course teaches participants how to create configurations to provision users with external resources, both manually and through autoprovisioning. Participants then learn about key provisioning functionalities: disabling, enabling, changing the password of, and deleting a user’s account with an external resource. Then, participants learn how to modify an Oracle Identity Manager configuration to include these functionalities.

Participants learn about the concepts of reconciliation, including how authoritative reconciliation is used to identify new user accounts on trusted sources and transfer them into Oracle Identity Manager. Similarly, participants learn how account reconciliation is used to recognize changes to user accounts on no authoritative sources and transfer these modifications into Oracle Identity Manager. In addition, participants learn how to customize their reconciliation workflows by developing and deploying plug-ins.

This course teaches participants about components that compose an request and approval workflow, including the request dataset, approval processes, and approval tasks. Participants learn how to create and manage an approval workflow, including creating and assigning email notifications for the approval workflow, incorporating the approval workflow into a provisioning workflow, and using it to approve the provisioning of a user before providing the user with access rights to an external resource.

This course teaches participants about the Generic Technology Connector (GTC) framework. Participants learn about providers associated with a GTC and how to use these providers to provision and reconcile users with an Oracle Database table.

Participants learn about basic and advanced techniques used to customize the Oracle Identity Manager User Interface.

Participants learn about services and APIs. Oracle provides a network-aware, Java-based API that exposes services available in Oracle Identity Manager. Services are used for building clients for Oracle Identity Manager and for integrating third-party products with the Oracle Identity Manager platform.

Skills Gained

• Create configurations to provision users to external resources, both manually and through autoprovisioning
• Work with Oracle Identity Manager and Java APIs
• List key provisioning functionalities of Oracle Identity Manager
• Describe authoritative and account reconciliation workflows
• Customize Oracle Identity Manager by developing and deploying event handlers and plug-ins
• Create and manage approval workflows that allow an administrator to approve requests before the user is provisioned to an external resource
• Create and manage requests to approve and provision users to external resources
• Use Generic Technology Connector (GTC) and its providers to provision and reconcile users with an Oracle Database table
• Explain the role of Oracle Identity Manager in identity management and identity administration
• Customize the Oracle Identity Manager user interfaces

Who Can Benefit

• Functional Implementer
• SOA Architect
• Security Administrators
• Architect
• Business Analysts
• Technical Consultant
• Technical Administrator
• System Integrator

Prerequisites

• A general comprehension of Oracle Database 11g
• A high-level understanding of Service Oriented Architecture (SOA), BPEL, and JDeveloper
• Oracle Identity Manager 11g: Essentials

Syllabus

Introduction

• Course Objectives
• Course Units
• Lesson Summary

Refresher of Oracle Identity Manager 11g Concepts

• Discuss the importance of identity management and identity administration
• Explain identity management benefits, values, terminology, and functional aspects
• Describe the identity administration infrastructure
• Define the role Oracle Identity Manager has in identity management
• Discuss the business challenges Oracle Identity Manager addresses
• Examine two topics for identity management: provisioning and reconciliation
• Configure the lab environment for the course

Creating Configurations for Direct Provisioning

• Identify resources
• Compare assigning resources and provisioning resources
• Examine the steps Oracle Identity Manager performs to provision organizations and users with resources
• Compare mandatory, supplementary, and custom components for an Oracle Identity Manager connector
• Build and run a connector

Creating Configurations for Automated Provisioning

• Build a prepopulate adapter
• Build and implement a prepopulate rule
• Modify a custom connector to incorporate the prepopulate adapter and rule

Creating Configurations for Key Provisioning Functionalities

• Discuss key provisioning functions of a system integrator, including:
• Temporarily disabling a user’s account
• Enabling the account
• Modifying the user’s resource-related password
• Permanently revoking access rights to an external resource
• Modify the connector to include key provisioning functions

Performing Reconciliation

• Define reconciliation
• Identify and compare two types of reconciliation associated with Oracle Identity Manager: authoritative and account reconciliation
• Discuss three reconciliation events that Oracle Identity Manager can perform with a resource
• Explain authoritative reconciliation and account reconciliation conceptually
• Identify scheduled tasks
• Discuss the role that scheduled tasks have with authoritative reconciliation and account reconciliation
• Explain how to implement authoritative reconciliation and account reconciliation workflows

Using Event Handlers and Plug-Ins

• Discuss operations, user management operations, event handlers, and plug-ins
• Explain how event handlers can extend user management operations
• Compare plug-ins, plug-in points, and the plug-in framework
• Describe how plug-ins are used to implement event handlers
• Explain how to build and run event handlers and plug-ins

Creating Approval Processes for Request and Approval Workflows

• Describe the components of the request and approval workflow and how Oracle Identity Manager interfaces with Oracle SOA
• Identify the components of a Service-Oriented Architecture (SOA) composite used for the request and approval workflow
• Define a SOA composite with multiple approvers defined
• Modify notification headers within a SOA composite

Understanding the Generic Technology Connector (GTC) Framework

• Discuss the Generic Technology Connector (GTC) framework
• Identify GTC providers
• Import GTC providers and connectors into Oracle Identity Manager
• Use the GTC framework to create connectors to reconcile and provision users with Oracle Database tables
• Reconcile users with an authoritative source and provision users to a target resource
• Export GTC providers and connectors from Oracle Identity Manager

Customizing the Oracle Identity Manager User Interfaces

• Identify the five web-based user interfaces for Oracle Identity Manager
• Define customization levels for the Oracle Identity Manager user interfaces
• Modify the look and feel of these interfaces to brand them for your company
• Change interface appearance and functionality by modifying Oracle Identity Manager code
• Deploy customizations so that they are visible and operable in an Oracle Identity Manager environment

Working with APIs

• Access Oracle Identity Manager services programmatically
• Distinguish between the OIMClient and the tcUtilityFactory approach
• Compare Oracle Identity Manager 10g and 11g with respect to Oracle Identity Manager APIs
• Identify and explain commonly used Oracle Identity Manager services
• Develop Oracle Identity Manager clients
• Describe a code sample that Oracle Identity Manager uses to retrieve information