Skip to main content

OIG 11g R2 PS3 : Features

Oracle Identity Governance PS3:


Main themes:
1)      Identity Services for Mobile and Extranet
2)      Comprehensive Role Management and Continuous Compliance
3)      Simplified and Scalable Provisioning
4)      Enhanced Privileged Access
5)      Enhanced Cloud integration

Overall Goals, Themes & Features:
1)      Identity Services for Mobile and Extranet
a)      Users can manage their devices, request for apps via the Enterprise App Store through the Governance self-service console
b)      Birthright access to mobile apps and devices driven by Enterprise roles
c)       Simplified deployment with LDAP as ID Store, no SOA and approvals
d)      SCIM/ REST for Extranet-focused Identity Services
2)      Mobile Security Suite Integration:
a)      Provision Devices and App’s with Roles
b)      Common Policy framework for Devices, App’s and Identities
c)       App’s request able through common catalog


3)      Continued UI Simplification:
a)      Cleaner UI with a Cloud look and feel, with faster performance
b)      End-users get easy access to business functions without requiring customization


4)      Intelligent Access Catalog:

a)      Access Catalog provides ability to browse and search
b)      Smart search forms allow users to navigate the Catalog in a guided manner
c)       Catalog search results indicate relevance
d)      Access Catalog can recommend access based on pre-defined and user-defined criteria

5)      Comprehensive Role Lifecycle Management:
a.       Business users can request creation of new roles and changes to existing ones
b.      Role requests can leverage the same request and approval framework available for Access Requests and Certification
c.       Role owners can see comprehensive auditing and prior versions
d.      Comprehensive role analytics allows business users to see the impact of new roles and changes to existing ones
e.      Role owners can reduce role explosion by review the effectiveness of the roles and consolidate new roles with existing ones
f.        Business users can create roles using “model users”

6)      Simplified yet Granular Security
a.       Administrators can define custom security roles to control who can do what at an attribute level
b.      Users can be assigned security roles via rules reducing administration burden
c.       User actions and the context that they used to perform the action are audited
7)      Simplified Application On-boarding
a.       Business users can on-board authoritative and target applications without involving IT
b.      Applications use the same ICF Connectors used by OPAM and in previous OIM versions
c.       Browser-based schema discovery and Business rules for on-boarding
d.      Drag and Drop Upgrade
8)      Enhanced Privileged Access
a)      Session Recording and Management for Windows and Unix
b)      Agent-based recording for highly secured systems
c)       Network devices, Windows local accounts, SAP privileged account management
d)      Support for Scripted connectors and Connector Servers for bespoke integration



9)      Enhanced cloud Integration and new integrations
a)      Windows native account management
b)      SSH Connector for use with Network Devices, Hypervisors
c)       Connectors for Office 365 and Fusion Applications
d)      New Cloud Integration Framework using REST


Labels:

Comments

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected.  Connected application  instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected  application instance - It is used for the provisioning of a disconnected resource, for which  a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.
Post a Comment
Read more