Following are the deployment configurations of Oracle Identity Manager
Provisioning
We can use Oracle Identity Manager to create, maintain, and delete accounts on target systems. Oracle Identity Manager becomes the front-end entry point for managing all the accounts on these systems. After the accounts are provisioned, the users for whom accounts have been provisioned are able to access the target systems without any interaction with Oracle Identity Manager. This is the provisioning configuration of Oracle Identity Manager.
The purpose of provisioning is to automate the creation and maintenance of user accounts on target systems. Provisioning is also used to accommodate any requirement for workflow approvals and auditing that may be a component of that provisioning lifecycle.
Provisioning Configuration of Oracle Identity Manager
Provisioning events are initiated either through requests or by direct provisioning.
A request can be manually created by an administrator or, in certain cases, by target users themselves. Oracle Identity Manager automatically creates requests for some events. For example, a request is automatically created when Oracle Identity Manager enforces the requirements of an access policy. We can also use Oracle Identity Manager to create approval processes that can be run as part of the request-based provisioning cycle.
Direct provisioning is a special administrator-only function for creating an account for a particular user on a target application without having to wait for any workflow or approval processes.
Reconciliation
Oracle Identity Manager provides a centralized control mechanism to manage user accounts and entitlements and to control user access to resources. However, we can choose not to use Oracle Identity Manager as the primary repository or the front-end entry point of user accounts. Instead, we can use Oracle Identity Manager to periodically poll your system applications to maintain an accurate profile of all accounts that exist on those systems. This is the reconciliation configuration of Oracle Identity Manager.
Reconciliation Configuration of Oracle Identity Manager
Oracle Identity Manager is used only as an archive for all account management actions that are performed on the target system. It is assumed that user accounts are created, deleted, and maintained by the local resource-specific administrators.
Reconciliation involves using the user discovery and account discovery features of Oracle Identity Manager.
User discovery is the process of recognizing the existence of a user account on a primary database. The primary database is the repository that is considered to contain the master list of user accounts. Within the context of user discovery and reconciliation, the primary database is also referred to as the trusted source or authoritative source. There may be more than one trusted source for each Oracle Identity Manager environment.
Account discovery is the process of recognizing changes to user-related information on resources. If the information that is changed affects the user's primary record, it is generally a change associated with a trusted source. If the information that is changed is related to a user's access to a resource, it is generally a change associated with a target resource.
Different forms of reconciliation:
One-Time Reconciliation
We can use Oracle Identity Manager to perform a single, one-time reconciliation with a legacy target system. The purpose of this form of reconciliation is to import all accounts on that system into Oracle Identity Manager. After one-time reconciliation is performed, we can use Oracle Identity Manager to provision accounts for your users.
Target Resource Reconciliation
Trusted Source Reconciliation
Provisioning and Reconciliation
Provisioning and reconciliation configuration in which we can use Oracle Identity Manager to perform both provisioning and reconciliation tasks. In this configuration, it is assumed that allow accounts on target systems to be created and maintained by both local administrators and Oracle Identity Manager.
To achieve this configuration, one must perform all the steps associated with setting up both provisioning and reconciliation.
Subscribe to:
Post Comments (Atom)
Some Tips About FNDLOAD
Data Synchronization Data Synchronization is a process in which some setup data would be synchronized, and this would be more important w...
-
How to customize Java Virtual Machine Settings in Oracle WebLogic Server To achieve the best performance of the application and avoid perfor...
-
Error: Checking for existing adop sessions. Continuing with existing session [Session ID: 13]. [UNEXPECTED]Master node for the curre...
-
This test will verify Oracle Workflow Java Mailer connection with IMAP Server. $AFJVAPRG -classpath $AF_CLASSPATH -Dprotocol=imap -Ddbcfile=...
No comments:
Post a Comment