HAPPY NEW YEAR 2017

Identity And Access Management - Rajiv Dewan

OIM 11g R2 PS1 : Target Resource Not Visible On Accounts Tab

Issue Description:

Sometimes when we provision some target resource in OIM 11g R2 PS1, we can see from the log that tasks got triggered which are responsible for creating the account but when we go to "Accounts" tab for that user, we don't see that Target Resource instance there.

Root Cause - Missing Application Instance Key:

Look for the entry in OIU table for that user, you would be able to see that data exists in the table but still it is not visible on the screen. Look for APPLICATION_INSTANCE_KEY column, you would see NULL. 

Solution:

Populate that column with correct "Application Instance Key" and Refresh the screen. You can use SQL Query to do that.

OR

We have an OOTB schedule job "Update Accounts With App Instance Job" for updating the Application Instance Key in OIU table.


Question:
Why Application Instance Key is null for few accounts.

Answer:
As per Oracle, here is the explanation:

The application instance might not be available when the account is provisioned. This is possible when:

  • Oracle Identity Manager is upgraded, when app_instance_key is to be populated for all the existing entries in the OIU table.
  • Accounts are brought in via reconciliation, but the application instances are not available when the accounts are reconciled. The application instances are created after the reconciliation.
  • Accounts are provisioned via access policies, but the application instances are not available when the accounts are provisioned. The application instances are created after the provisioning.

    But I believe there may be some other reasons as well for "NULL APPLICATION_INSTANCE_KEY"



OIM 11g R2 PS2 Features



  • ·         Organization Assignment Based on Membership Rules
  • ·         Better UI To Add Beneficiary From Same Screen
  • ·         Flexibility To Submit Request For Entitlement Provisioning Without Primary Account
  • ·         OOTB - Insert Start Date and End Date For Entitlements
  • ·         Save And Submit Later Feature
  • ·         Enhanced Certifications/Attestations
  • ·         Better Handling Of Multiple Accounts
  • ·         Hierarchical Entitlements

Other OIM 11g R2 Features




OIM 11g R2 PS2 : High Level Step Installation


 Here are the High Level Steps for OIM 11g R2 PS2 Suite Installation:

OIM 11g R2 PS2 - Screens


  • Installation of Database
  • Schema Creation Through RCU
  • Installation of Weblogic
  • Installation of SOA Suite
  •  Mandatory Patches for SOA Suite  (11.1.1.7) -> Will be available under IAM Suite Disk 1
  •  Installation of OIM Suite
  •  Weblogic Domain Creation
  •  Upgrading OPSS Schema using Patch Set Assistant
  •  Configure Database Security Store for OIM Domain
  •  Start Servers
  •  Configuration of OIM Servers, Design Console

OIM 11g R2 PS2 : New Feature Screens


Here are some screens for OIM (Oracle Identity Manager)11g R2 PS2 (11.1.2.2.0):




New Login Screen - New Look and Feel



Home Page


New Catalog Screen - Add Beneficiary Within Same Same Screen




New Organization Screen (Certifier)



Membership Rule for Organization



Not Equal To In Membership Rule



System Entities in Sysadmin Console



















Enetitlement Revocation Information

Something to share (OIM 11g R2 PS1):

If entitlements get provisioned to users, we can verify from the Entitlement Tab under User Details but if entitlement gets "Revoked" from a user, there's no way to find that information from OIM User Interface (Enhancement request can be opened with Oracle).

OIM is a tool for Auditing so I believe that it stores that information somewhere but Where ???

"ENT_ASSIGN_HIST". It contains a column called "VALID_TO_DATE" which stores the Revocation Date.