It's all about IAM

Identity And Access Management - Rajiv Dewan

Oracle Identity Manager Terminologies

IT Resource:

IT Resource stores the configuration data of Actual Target Resource

Example: Above we have created Resource Object which is virtual representation of target Resource. But we have to create user into Active Directory so we should store configuration data related to actual Active Directory somewhere in OIM like FQDN of Administrator of AD, password of AD Admin, Root DN of AD, IP Address, SSL or not etc for setting up connection with Active Directory. We store this information in IT Resource and use this information while creating user into Active Directory.

Forms in OIM: There are two types of forms in OIM which are used for showing and storing user data for provisioning. Forms are:

1. Object Form
2. Process Form

Object Form: Object form is associated with Resource Object. It is visible at the time of provisioning. It is used for getting some input from the user while provisioning.

Example: user is raising request for some resource say “Resource A”. Client wants to store the Previous Company Name in the target resource and he doesn’t want to store this attribute in user Profile of that user. So we create one object form with one field say “Last Company Name”. While raising request for “Resource A”, user would be able to see this form and he has to fill his last company name.

Limitation: Can’t populate Target User Data on Object Form.

Process Form: This form is associated with provisioning process of any target resource. During a provisioning process, data flows to the actual target resource from process form only.


• Can populate Target User Data on Process Form which can be used while provisioning
• Used for Best Practice

Need: Just consider a scenario. Manager A is raising request for his subordinate User JMD. We have to create account in actual target resource for JMD but from where we’ll get JMD’s data. If we get from user profile then we’ll get Manager’s data not JMD’s data. In this case we use process form. Om process form we’ll get JMD’s data.

Adapter: It is smallest component in IDM which is used to perform a particular function in IDM. It can be attached with a form, task. Depending on its type, it performs various operations in OIM. Adapters are reusable components which is the biggest advantage. Here are five types of Adapters in OIM:

1. Process Task Adapter
2. Task Assignment Adapter
3. Pre populate Adapter
4. Entity Adapter
5. Rule Generator Adapter

Process Task Adapter: As the name suggests, it can be attached only in task.

Example: Suppose in your provisioning workflow you have one task which is used for creating user then you can attach one Process task Adapter in this workflow which will create user.

Task Assignment Adapter: It is used for assigning the task to any particular user/group. Task assignment adapter is used when you want to perform some operation to find the user to whom you want to assign task.

Example: If you want to assign the request to some user based on target user’s attributes then we need task Assignment Adapter. In my OIM implementation user has an attribute Country. Client wants that if user is from INDIA the request should be approved by JMD01, if user is from USA then request should be approved by JMD02.. so .. on… In this case we’ll have to use Task Assignment Adapter.

Pre Populate Adapter: This adapter is used for populating any field on forms (Process/Object) with some data.

Example: I have a process form which has fields like First Name, Last Name, User ID. I want to fill these fields from User Data. Then we use Pre Populate Adapter which populates the value from user Profile to Process form Field. In general terms, it copies the User ID, First Name etc from user profile and paste it on the process form fields.

Entity Adapters: When you want to perform any operation on any Entity like user/group then we use Entity Adapters. It can be attached only with forms. These adapters can be used

1. Before inserting data into Database (Pre Insert)
2. After inserting data into Database (Post Insert)
3. Before updating data into database (Pre Update)
4. After updating data into database (Post Update)
5. Before deleting data into database (Pre Delete)
6. After deleting data into database (Post Delete)

Example: Client wants to generate default password say ‘Jmd123’ while creating user. You will create entity adapter which will return a string “Jmd123”. You’ll attach that adapter in Design Console > Data Object Manager > Users form on Pre Insert i.e. before inserting data into Database of OIM.

Event Handler: It is similar as Entity Adapter but can be attached only on Pre Insert or Pre Update.

Difference between Event Handler and Entity Adapter:

Event Handler Entity Adapter

Need to extend tcBaseEvent class No need to extend any class
Can’t take any parameter from form Can take any field from form as parameter
Can’t return any value on the form Can return any value to any form field depending upon
the form