oim interview questions

8/16/2019 OIM Interview Questions

1/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 3

1. What is Identity2. What is Identity Management3. What is Oracle Identity Manager4. Major Difference between OIM 10g, 11gR1, 11gR25. What is Reconciliation6. Elaborate the types of Reconciliation in OIM7. What is Provisioning

8. How many types of Provisioning is present in OIM9. What are Connectors10. Different Type of Connectors in OIM11.

What is GTC12. What is Event Handlers

13. What is Adapter14. Differentiate Adapters and Event Handlers

15. Different Types of Event Handlers16. Different Types of Adapters17. General Process of Creating any Event Handler

18. General Process of Creating any Adapter19. General Process of Creating Connectors

20. In How many ways we can create a Connector21. Access Policies in OIM

22.

Approval Policies in OIM23. What is Custom Approval Policies?24. Explain the Life Cycle of Approval Process

25. Steps of creating a Custom Approval Policy.26. Steps of Installing OIM27. What is SPML

28. Explain Deployment Process of OOTB Connector29. What are Resources?

30. Different type of Resources31. What is High Availability Mode32. Explain the Architecture of OIM in High Availability Mode

33. What is UDF?

34.

Explain the process of creating any custom Attribute in OIM 11g R1 and 11g R235. What are Scheduler Tasks36. Process of creating Scheduler Tasks37. Ways of Triggering Event Handlers38. What is Process Definition39. What is Process Form

40. What is IT resource41. What is cloning of Connectors? Why it is required?42. What is Resource Object43. What is the use of Deployment Manager44. What is Application Instances in 11g R2

45. What is Sandbox in 11g R2

46.

What is the use of Catalog Synchronization Job47. What is Trusted Reconciliation?48. In which Scenario Trusted Reconciliation is used?

!"# "%&'()"'* +,'-&"!%-


2/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 4

49. What is Target Reconciliation?50. In which Scenario Target Reconciliation is used?51. How can we achieve the Password Synchronization between Different Target systems in OIM52.

What are Look-Ups53. What is the use of Look-Ups in OIM54. What is Connector Server and in which scenario it is generally implemented55. What is Flat File Reconciliation56. How can we move our customized codes and functionality of OIM from Test to Production57. What is RBAC (Role Based Access Policies)58. What is OID59. What is OVD60. What is LDAP61. Different types of Directory Servers62. Explain the Difference between Identity, Role and Organization

63.

What is the use of Bulk Upload Utility? How can we use it?

What is an Identity?

An identity is the virtual representation of an enterprise resource user including employees, customers, partnersand vendors. Identity Management shows the rights and relationships the user has when interacting with acompany’s network.

What are the benefits of Identity Management?

Centralized auditing and reporting – Know who did what and report on system usage.Reduce IT operating costs – Immediate return on investment is realized by eliminating the use of paper forms,

phone calls and wait time for new account generation and enabling user self service and password management.Minimize Security Risk – Control access to the network and instantaneously update accounts in a complex

enterprise environment including: layoffs, acquisitions, partner changes, temporary and contract workers.Improved quality of IT services.Legal compliance – Many government mandates require secure control of access.

How does Identity Management (IDM) work?

The process involves creating user accounts that are able to be modified, disabled or deleted. Delegated

workflows, rules and policies are applied to the users account.

A user profile will tell the company: who they are, what they are entitled to do, when they are allowed to perform

specific functions, where they are allowed to perform functions from and why they have been granted permissions.

How are Identity Management Solutions Implemented?

Step One:

Inventory and assess current investments and processes. Clean and consolidate identity data stores. Create virtualidentities for enterprise users.

Step Two:

Design and deploy identity infrastructure components. Create identity provisioning and deploy passwordmanagement, user self-service, and regulatory compliance.

Step Three:


3/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 5

Deliver applications and services. Access management deployed to a clean environment. Leverage federatedidentity for improving supply chain and employee efficiencies.

Explain the Architecture of Oracle identity Manager?

The Oracle Identity Manager architecture consists of three tiers

Tier 1: Client:

The Oracle Identity Manager application GUI component reside in this tier. Users log in by using the OracleIdentity Manager client.The Oracle Identity Manager client interacts with the Oracle Identity Manager server, providing it with the user's login credentials.

Tier 2: Application Server:

The second tier implements the business logic, which resides in the Java Data Objects that are managed by thesupported J2EE application server (JBoss application server, BEA WebLogic, and IBM WebSphere). The JavaData Objects implement the business logic of the Oracle Identity Manager application, however, they are notexposed to any methods from the outside world. Therefore, to access the business functionality of OracleIdentity Manager, you can use the API layer within the J2EE infrastructure, which provides the lookup and

communication mechanism.

Tier 3: Database: The third tier consists of the database. This is the layer that is responsible for managing thestorage of data within Oracle Identity Manager.

What is OIM user? How many Types of users are there in oracle identity manager?

OIM User:

OIM user is an account which helps in managing the compliance of any organization and helps in providingthe access rights according to its identity in the related organization.

An Oracle Identity Manager user entity describes the user within the Oracle Identity Manager namespace. Theattributes used to describe the user entity include the user’s first, middle, and last name, the user’s displayedname, the user’s login ID to Oracle Identity Manager, and an email address for the user. Other attributes areused to associate the user entity to resources, roles, organizations, and other Oracle Identity Manager objects. Auser is associated with a single user entity within the Oracle Identity Manager environment.

The life cycle of the user entity is tied to the identity status. Oracle Identity Manager maintains two types ofstatus information on an account. The first is the identity status, while the second is the account status. Theidentity status for an account can be one of active, disabled, or deleted. The account status can be locked orunlocked.

Types of Users:

Two types of Oracle Identity Manager users determine access rights to specific aspects of Oracle IdentityManager. These types include:

• End-User Administrator:

An end-user administrator is a user who has access to both the Administrative and User Console and theDesign Console. An end-user administrator may be tasked with managing access rights for users, changing thestatus of process tasks, or other tasks that include managing the Oracle Identity Manager environment fromhigher levels. These tasks are normally associated with system administrators, who are responsible for ensuring


4/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 6

that Oracle Identity Manager continues to be operable. The need to access forms and troubleshooting OracleIdentity Manager compels access to both the Oracle Identity Manager Administrative and User Console andthe Design Console. The user can access the Design Console through Design Console Access in the detailsview for the user.

• End-User:

End users are normally recipients of resources provisioned to them by Oracle Identity Manager. They have theability to log in to the Oracle Identity Manager Administrative and User Console to perform tasks such asviewing their user profiles, allocated resources, and assigned roles. By default, they can perform self-servicetasks from the console.

What is the Life Cycle of Users? Or what is a User Entity Life Cycle?

A user entity can be created, managed, and terminated in the Oracle Identity Manager environment through aconcept known as the user life cycle. The stages within the user life cycle, known as the identity status, are Non-existent, Disabled, Active, and Deleted. These states are managed by events or tasks performed within thesystem, or are based on time factors.

• A user entity can be created if it did not previously exist in the environment. This user entity can be active ordisabled. An active user is capable of logging in to the Oracle Identity Manager environment, whereas a

disabled account exists in the system, but the user cannot log in to the account. In a sample scenario of thelatter state, the user is a new employee whose account is being readied for a future start date. The account willnot become active until the day that the employee’s actual start date occurs.

• An active user entity can be modified, disabled, or deleted. By disabling the account, the user cannot log in toOracle Identity Manager. Modification to a user entity may include new provisioning, for example, if the user

has been moved to a different job and requires access to new systems. Disabling an account might occur if theemployee is leaving the company for a specified period of time or permanently. This disabling preventsunauthorized access after the employee’s termination, leave of absence, or retirement date. Deleting the

account removes the account from the Oracle Identity Manager environment.

• A disabled user can be modified, enabled, or deleted from the environment. Remember, a disabled accountmeans that the user may not log in to their account. The account can still be modified to reflect changes to theemployee’s status and access to objects. Additionally, the account can be enabled to be made active, or deletedto mark a user entity for removal from the environment.

• A deleted user cannot be modified within the Oracle Identity Manager environment. You can specifically

search for users marked as deleted by using the Advanced Search capabilities within the Oracle IdentityManager environment. Though the user status is deleted, the user entity data remains in the database until it has been purged.

What is Oracle Identity Manager Organizations?

An Oracle Identity Manager organization is a logical container of entities including users and otherorganizations defined within Oracle Identity Manager . Oracle Identity Manager can have a flat organizational structure or a hierarchical structure, which means that an organization can contain other organizations. Thesechild organizations are known as suborganizations. An organization can mimic the hierarchical structure foundwithin a company, department, branch, division, cost center, or geographical regions. The organizationhierarchy should be designed to best manage the environment to which Oracle Identity Manager is being

deployed .

In addition to acting as a container for user and organization entities, resources can be provisioned to anorganization. Resources provisioned to the organization become available to members of the organization.


5/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 7

Organizations are used not only as logical containers for organizing Oracle Identity Manager entities, but also tosupport a delegated administrative model. In such a model, permissions associated with an organization withinthe hierarchical structure are inherited by the organization’s child entities.

Organizations are closely related to Resources and User getting provisioned into.

What is Oracle Identity Manager Roles?

An Oracle Identity Manager role is used to define the access rights that an entity may have. These defined rolesuse unique role names to differentiate them within the Oracle Identity Manager environment. A role may beassociated with one or more access rights to Oracle Identity Manager Function. For example, a single roleenables a user to create other Oracle Identity Manager user accounts and manage a specific organization. Rolesdetermine the links and menus that are available to users when they log in to the console.

Roles assigned to organizations determine the access rights that members of that organization inherit. Users mayalso be directly assigned to a role instead of inheriting the role through the organizational structure.

As with organizations, roles can be organized into a hierarchical structure. This hierarchical structure enablesroles to inherit access rights from other roles, creating parent and children roles.

Roles are closely related to Access Rights of users to use the Resources.

Explain Role Hierarchy?


6/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 8

Role hierarchy describes the relationship between two or more roles defined within Oracle Identity Manager. Arole may act as both a parent and a child to other roles.

A child role would be considered a specialized role providing access rights to a smaller group of users. A childrole may therefore have one or more parents. The relationship between parent and child is one fromgeneralization to specialization. An example of a generalized role would be the employee role. An employee hasthe ability to update or request access to resources. An employee may be an individual contributor or a manager.The manager role is a more specialized role than the employee role. It assigns access rights allowing an individualassigned to the manager role to manage requests from their employees, approving or rejecting requests. A directoris an even more specialized role in relation to the manager role. The director role provides the associated userswith the ability to manage their organization. As you move further down the tree, the role becomes more andmore specialized.

A child role inherits the permissions associated with its parent role or roles. In addition to its own access rights,the director role inherits the access rights defined in the manager and employee roles.

A parent role differs from the child role in that it does not inherit the access rights defined for any of its children.

The parent role does, however, inherit the members of its child roles. Any users associated with the director roleare also members of the manager role. Members of the manager role are indirectly members of the employee role.

Explain Role Category?

Roles can be grouped into a category, organizing the roles for the purpose of navigation and authorization. Twocategories exist by default in an out-of-the-box installation of Oracle Identity Manager:

• OIM Roles: The OIM Roles category contains the list of predefined roles that exist in Oracle Identity Manager by default. These roles are primarily used for managing permissions and access rights to menu items, links, and

buttons within the Oracle Identity Manager environment.

• Default: Any roles created within Oracle Identity Manager that are not assigned to a category at the time ofcreation are assigned to the Default category by default.

Create role categories to organize the custom roles to be created for managing organizations.


7/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 9

Explain the Provisioning process? What are the Types of Provisioning?

Resources:

To know about Provisioning, one should know about Resources. So, A resource is an external system, service, orapplication with which Oracle Identity Manager communicates to perform either provisioning or reconciliation.

Provisioning:

Provisioning is a process where Users are created, maintained and deleted in Resources or Target Systems. Provisioning of Users can be achieved by using connectors and other configuration in OIM to save theirinformation in Target Systems.

Oracle Identity Manager acts as the front-end entry point for managing user data on the target systems. After

accounts are provisioned, the users for whom the accounts have been provisioned can access the target systemswithout any interaction with Oracle Identity Manager.

Oracle Identity Manager provisions the related resource to the user. For this to occur, fields in the custom processform (contained in the connector that represents the resource and associated with the designated provisioningworkflow) must be populated with data. This information must then be saved to a database so that Oracle IdentityManager can use it to provision a user with the corresponding resource.

The outward flow of User Information from OIM to Resources or Target Systems is known as Provisioning.

Types of Provisioning:

There are two ways in which the fields of a custom process form are populated with information andcorresponding data used by Oracle Identity Manager to provision a user with a resource:

• Manual Provisioning:

An Oracle Identity Manager administrator completes the form and saves values to the database. Manualintervention is required by the administrator for provisioning to occur.

Manual provisioning is the process by which an Oracle Identity Manager administrator:• Populates the process form of the connector that represents the resource to be provisioned• Saves form values to a database

• Auto Provisioning:

Oracle Identity Manager fills out the form, saves information to its database, and uses this data to

provision the user with the resource. Oracle Identity Manager completes these actions (instead of anadministrator) with no manual intervention required.

Oracle Identity Manager populates this form through adapters that are activated when certain rules or conditionsare met. Oracle Identity Manager itself completes these three actions (instead of an administrator).

Autoprovisioning eliminates the manual steps performed by an administrator to fill out the custom process formand save form values to the database.

What is De-provisioning? Explain auto-de-provisioning process?

Explain the Reconciliation Process?


8/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# :

Oracle Identity Manager provides a centralized control mechanism to manage users and entitlements and tocontrol user access to resources. However, you can choose not to use Oracle Identity Manager as the primaryrepository or the front-end entry point of your user accounts. Instead, you can use Oracle Identity Manager to periodically poll your target systems for maintaining an up-to-date profile of all accounts that exist on thosesystems.

Reconciliation is the process by which an action to create, modify, or delete an identity for a designated resource(a target system identity) in Oracle Identity Manager is initiated from another external resource. Oracle IdentityManager communicates with this resource to receive user information.

The reconciliation process compares the entries in the Oracle Identity Manager repository and the target system

repository, determines the difference between the two repositories, and applies the latest changes to the OracleIdentity Manager repository.

Reconciliation of roles, role memberships, and role hierarchy changes are handled as separate reconciliationevents. The best practice is to submit role events first, followed by role membership events. This is done to avoid

dependency issues where one reconciliation event cannot be processed until another event is reconciled. Thesedependency issues are called race conditions. For example, before the reconciliation engine can reconcile anevent that is supposed to create an account, the engine needs to reconcile an event that is supposed to create auser.

In terms of data flow, reconciliation provides an inward flow of user information into Oracle Identity Manager byusing either a push model or a pull model, through which it learns about any activity on the external resource.

Types of Reconciliation:

Target Resource Reconciliation:

While configuring reconciliation, you can designate a target system as a target resource. In a target resourcereconciliation run, resources assigned to OIM Users are synchronized with target system accounts of the sameusers.

The following example illustrates how target resource reconciliation works:


9/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# ;

Suppose an account is created for user John Doe on Microsoft Active Directory. After the next target resource

reconciliation run, the Microsoft Active Directory resource is allocated to the OIM User identity of John Doe.

The attributes of the resource allocated to the OIM User have the same values as the attributes of the account

created in Microsoft Active Directory.

If changes are made to the account in Microsoft Active Directory, then the same changes are made to the resource

allocated to the OIM User during subsequent reconciliation runs.

Trusted Resource Reconciliation:

An external resource functions as a trusted source (such as an HR system or corporate directory). In addition, it

drives the creation, modification, and deletion of users, roles, role memberships, or role hierarchies in the Oracle

Identity Manager repository.

In the operating environment of your organization, multiple target systems might act as trusted sources for the

various attributes that constitute the user account. For example, employees' first names and last names might

come from the HR system, and employees' e-mail addresses might come from Microsoft Active Directory. In

such a scenario, you can configure each target system as a trusted source for a specific attribute or set of attributes

of the user accounts. By doing this, you configure multiple trusted source reconciliation, which is a special

implementation of trusted source reconciliation.

Reconciliation Mode: Full or Incremental

You can use Oracle Identity Manager to perform full reconciliation with a target system. The purpose of thismode of reconciliation is to fetch all target system accounts for processing during reconciliation. Full

reconciliation is performed by default during the first reconciliation run performed on a target system. Thetimestamp at which this reconciliation run begins is recorded in Oracle Identity Manager. For the nextreconciliation run, accounts that have been added, modified, or deleted after the recorded time stamp are fetchedfor reconciliation. In other words, from the second reconciliation run onward,incremental reconciliation becomesthe default reconciliation mode.

You can manually switch from incremental reconciliation to full reconciliation or from full reconciliation to

incremental reconciliation.

Reconciliation Events:

•

Update Received• Create Received

• Delete Received

What is purpose of Reconciliation Manager?

You can look here for reconciliation data once reconciliation is complete. You can determine whether eventreceived and linked or not.

What do mean by Connectors?

Connectors are the plugins that helps in integrating OIM with External Sources or Target Systems. In any OIMimplementation, Reconciliation and Provisioning is dependent on configuration provided by this Connectors.


10/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 3<

Connectors are the containers that consist of several components like IT Resources, Process Forms, Adapters, andEvent Handlers which are needed to integrate the External Sources, Applications and Target Systems.

Scalable and flexible integration architecture is critical for the successful deployment of a company’s provisioning solutions. Oracle Identity Manager offers proven integration architecture and predefined connectorsfor fast and low-cost deployments.

There are three types of integration solutions:

Predefined or OOTB (Out Of The Box) Connector.

Oracle Identity Manager offers an extensive library of predefined connectors for commercial applications andother identity-aware systems that are used widely. By using these connectors, an organization can get a head starton application integration. Each connector supports a wide range of identity management functions. Theseconnectors use the most appropriate integration technology recommended for the target resource, whether it is proprietary or based on open standards. These connectors enable out-of-the-box integration between a set ofheterogeneous target systems and Oracle Identity Manager. Because the connectors provide a set of componentsthat were originally developed by using the Adapter Factory, you can further modify them with the AdapterFactory to enable the unique integration requirements of each organization.

GTC – Generic Technology Connector:

If you do not need the customization features of the Adapter Factory to create your custom connector, you canuse the Generic Technology Connector feature of Oracle Identity Manager to create the connector.

Adaptor Factory or Custom Connectors:

Integrating most provisioning systems with managed resources is not easy. Connecting to proprietary systemsmight be difficult. The Adapter Factory eliminates the complexity associated with creating and maintaining theseconnections. The Adapter Factory provided by Oracle Identity Manager is a code-generation tool that enables youto create Java classes. The Adapter Factory provides rapid integration with commercial or custom systems. Userscan create or modify integrations by using the graphical user interface of the Adapter Factory, without programming or scripting. When connectors are created, the Oracle Identity Manager repository maintains theirdefinitions, creating self-documenting views. You use these views to extend, maintain, and upgrade connectors.

Steps to Install OOTB Connectors:

o Extract zip file

o

Copy the extracted folder in ConnectorDefaultDirectory under OIM_HOME/server/o Goto Administration Console of OIMo Click on Manage Connectors from the Left Pane.o Select Install Connector.o Select the Connector you want to install from list given.o Start Installation.

What is Event Handler?

In an Identity Management system, any action performed by a user or system is called an operation or Event .Examples of Events are creating users, updating users, creating password policy, and so on. In a nutshell

whatever actions performed for a user or identity is an Event. Each Event goes through pre- and post-

processing stages.


11/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 33

Each operation performed in an identity management environment can have consequences for users or otherentities. For example, creating a user might result in provisioning of resources to that user, updating the historyresults in changes to the reporting tables, and creating a new password policy might make certain user passwordsinvalid and require changes during next login.

Operations specific to a user, such as creation, modification, deletion, enable, disable, and so on are referred toas user management operations. The lifecycle of an operation consists of these stages:

• validation• pre-processing• audit• action• post-processing• compensation•

finalization

You can customize the consequences of user management operations such as create, update, delete, enable,disable, lock, unlock, and change password - also referred to as the post-processing functions of usermanagement operations - by writing event handlers.

Types:

1. Pre-process Event Handler2. Post-Process Event Handler

Pre-process Event Handler

Mostly Pre-process Event Handlers are used for Validation Purpose.

Post-process Event Handler

Post-process Event Handlers are written mainly when there is a need of making changes internally after any eventis triggered in OIM. For E.g.: Assign Role according to Organization, Auto Assign an email ID using Firstnameand Lastname of user and so on.

General Steps to Create a Custom Event Handler:

1.

Include the following JAR files in the class path to compile a custom class:

From OIM_INSTALL_HOME/server/platform

o iam-platform-kernel.jaro iam-platform-utils.jaro iam-platform-context.jaro iam-plaftorm-authz-service.jar

From OIM_INSTALL_HOME/designconsole/lib

o

oimclient.jaro xlAPI.jar


12/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 34

2. The following jar files are required to compile the Custom Scheduler Task Java file. They are1) wlfullclient.jar2) wlclient.jar

Generating wlfullclient.jar

Go to the WL_Home/server/lib directory and Run the following command

java -jar wljarbuilder.jar

It will generate the wlfullclient.jar file and set the class path for the wlfullclient.jar and wlclient.jar file.

3. Create a library of JAR4. Write custom classes to achieve the purpose5. Make Jar File

Jar cvf NamePreProcessEventHandlers.jar * 6. Develop the Custom Event Handler Config File or Metadata File.

Save this file as EventHandlers.xml and the directory structure of the file is /oracle/home/eventhandlers/metadata/EventHandlers.xml.

7. Create Plug-in (plugin.xml file) for Custom Event Handlers

8.

Make the EventHandler.zip File

plugin.xml filelib/NamePreProcessEventHandlers.jar

9. Register the Plug-in File into the OIM Server

ant -f pluginregistration.xml register

It will ask the following details after running the above command

1) OIM Admin User Name : xelsysadm2) OIM Admin Password : xelsysadm password3) OIM URL : t3://localhost:140004) Plugin Zip File absolute path.

http://www.oracle.com/schema/oim/platform/kernelhttp://www.oracle.com/schema/oim/platform/kernelhttp://www.oracle.com/schema/oim/platform/kernel


13/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 35

It will deploy the OIM Plugin without any issue. Some Times it will throw error if the class file is not foundin the jar file.

10.

Importing the Custom Event into MDS Schema

Go to the OIM_HOME/bin directory and modify the following properties in the weblogic.properties file

wls_servername=oim_server1application_name=OIMMetadatametadata_from_loc=/home/oracle/eventhandlers

Event Handler Config file location as /home/oracle/eventhandlers/metadata/EventHandlers.xml

Run the weblogicImportmetada.sh file and will ask the following details

1) Weblogic Admin User Name : weblogic2) Weblogic Admin Password : weblogic admin password3) weblogic Admin URL : t3://localhost:7001

After running the above command the custom scheduler task will be imported into the MDS Schema.11. Clear the OIM Cache

Run the PurgeCache.sh All file and it will ask the following details.

1) OIM Admin User Name : xelsysadm2) OIM Admin Password : xelsysadm password

3) OIM URL : t3://localhost:14000

After running the above command and it will clear the OIM cache12. Restart the OIM Server

Go to the WL_DOMAIN_HOME/bin direcory and run stopManagedServer.sh oim_server1 commandand it will stop the oim managed server.

Run the startManagedServer.sh oim_server1 and it will start the OIM Managed Server.

What is Adapter? What Adapters available in OIM?

An adapter is a Java class which helps in automation of process within OIM and is created by an Oracle Identity Manager user through the Adapter Factory.

• Process Tasks adapters - automate completion of a process task and are attached to a Process DefinitionForm (AD user, OID User, etc)

• Entity Adapter - automatically populates a field on the OIM User form or custom User Form on pre-update,

pre-delete, pre-insert, post-insert, post-update, or post-delete

• Pre-Populate Adapter - specific type of rule generator attached to a user-created form field that canautomatically generate data to the Process form but does not save that data to the OIM database but does sendthat information to appropriate directory user object. The data can come from manual entry on a form or fromautomated entry from the OIM defined forms.


14/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 36

• Rule Generator - can populate fields automatically on an OIM form or a user-created form and save to theOIM database based on business rules

•

Task Assignment Adapter - automates the assignment of a process task to a user or group

Types of Adapters

This section provides additional details about the five adapter types.

Rule Generator Adapters

Certain business rules must be applied to perform field validations and enter default values into the formswhich either come packaged with Oracle Identity Manager or are created by Oracle Identity Manager users. Forexample, for the Users form, you might want Oracle Identity Manager to generate the User ID automatically by

concatenating the user's first name and last name.

To do this, you must create a specific type of adapter, which is designed to modify the field value in aform. This type of adapter, which can generate, modify, or verify the value of a form field automatically, is calleda rule generator. Oracle Identity Manager triggers a rule generator on preinsert and preupdate.

After you create this adapter and attach it to a form, Oracle Identity Manager automatically updates thefield value for all records of that form, and saves this information to the Oracle Identity Manager database.

If you create a rule generator that contains adapter variables, you must map these adapter variables totheir proper locations. Otherwise, the adapter will not be functional.

You can also attach this type of adapter to a provisioning process. Once the process is provisioned to atarget user or organization, Oracle Identity Manager will trigger the associated rule generator.

On occasion, a rule generator which has been assigned to a provisioning process might no longer be

needed to complete the process. If this happens, you can remove the rule generator from the provisioning process.Similarly, after you attach one rule generator to a form field, you can connect a different rule generator to thatform field. When this occurs, you must first remove the rule generator currently attached to the form field.

Entity Adapters

Similar to rule generator adapters, entity adapters are also responsible for generating, modifying, or

verifying the value of a form field automatically, and saving this information to the Oracle Identity Managerdatabase.

Some differences between rule generators and entity adapters are:

• Execution schedule. Entity adapters can be triggered by Oracle Identity Manager on preinsert, preupdate,

predelete, postinsert, postupdate, and postdelete. A rule generator adapter can be executed only on preinsert and preupdate.

• Manual field value modification. The adapter populates the form field to which an entity adapter is attached. AnOracle Identity Manager user should not edit this value because the entity adapter will overwrite thismodification. As a result, the modification will not be saved to the database.

Similarly, the adapter also populates the form field to which a rule generator adapter is attached. However, anOracle Identity Manager user can edit this value because this modification will take precedence over the value

that the rule generator adapter generates. Because of this, the modification will be saved to the database.


15/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 37

• Background color of form field. If a rule generator is attached to a form field, the field will appear in a particular background color such as pink. This is a visual indicator that the field has a rule generator attached to it. On theother hand, when an entity adapter is attached to a form field, the field will not have a distinct background color.

Task Assignment Adapters

For a process task that must be completed manually, you can configure Oracle Identity Manager to automatethe assignment of the task to either a specific user or a user who belongs to a particular role. This is achieved through

the use of a task assignment adapter. Task assignment adapters are used only for assigning a task to a particular useror role.

When a task that is associated with specific provisioning process is created using the Tasks tab in the ProcessDefinition form of the Design Console, you can choose the rule that decides if adapter will be picked up forexecution. Note that this rule is defined in the Rule Definition form of the Design Console. An example of a rule is

"Target User's Org name is XYZ. If this rule is satisfied, then the corresponding task assignment is picked up.However, you can have multiple rules defined and used while deciding task assignment. For multiple rules, OracleIdentity Manager associates priority with the task assignment functionality to decide the order in which the ruledetermination must occur. When the rule is determined, corresponding task assignment is run.

Note:

In other words, the task assignment rule allows Oracle Identity Manager to decide whether to assign a processtask to a user or role. The task assignment adapter enables Oracle Identity Manager to determine which user or role

will be the recipient of the process task.

For this example, Oracle Identity Manager will trigger the Associate Adapter with User rule first (because ithas the highest priority). If the condition of this rule is TRUE, it is successful. As a result, Oracle Identity Managerwill associate the related task assignment adapter (the Assign Task to User adapter) with the process task.

On the other hand, when the condition of a rule is FALSE, the rule has failed. Oracle Identity Managertriggers the rule with the next highest priority. If this rule is successful, then Oracle Identity Manager assigns thedesignated adapter to the target process task.

So, in this example, if the Associate Adapter with User rule fails, then Oracle Identity Manager triggers theAssociate Adapter with Role rule. If this rule is successful, then Oracle Identity Manager associates the related taskassignment adapter (the Assign Task to Role adapter) to the process task.

After assigning a rule to a task assignment adapter, if this type of adapter contains adapter variables, you mustmap these variables to their proper locations. Otherwise, the adapter will not be functional.

Finally, when a task assignment adapter becomes invalid, or is no longer necessary for Oracle IdentityManager to allocate the process task to a user or group, you must remove the adapter from the task.

Prepopulate Adapters

Sometimes a user-created form contains both fields that can be populated by Oracle Identity Manager andfields into which an Oracle Identity Manager user must enter data. When the information that the user types into afield is contingent upon the data that appears in a system-generated field, Oracle Identity Manager must first populate

this field. When the form is displayed, the user can view the system-generated data to enter information into theappropriate fields.


16/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 38

This is achieved by creating a type of rule generator known as a prepopulate adapter. By attaching it to a fielddesignated to be system-generated, you enable Oracle Identity Manager to automatically populate this field with theappropriate information, without saving this information to the Oracle Identity Manager database.

The data generated by a prepopulate adapter can appear automatically or it can be manually entered. OracleIdentity Manager displays this information automatically when the Auto-prepopulate check box is selected for a provisioning process. When this check box is cleared, an Oracle Identity Manager user must manually generate thedisplaying of the data that is generated by the prepopulate adapter. To do this, click the prepopulate button on the

form section of the Direct Provisioning wizard in the Web client, while provisioning the form to a user.

You can use the same prepopulate adapter for different form fields. In addition, you can designate multiple prepopulate adapters to be associated with a particular field. As a result, Oracle Identity Manager must know which prepopulate adapter it must select for the form field. This requires the use of prepopulate rules. These rules enable

Oracle Identity Manager to select one prepopulate adapter, which is associated with a form field, when this

prepopulate adapter is assigned to the field.

Each prepopulate adapter has a prepopulate rule associated with it. In addition every rule has a prioritynumber which indicates the order in which Oracle Identity Manager triggers it.

For example, Oracle Identity Manager can trigger the Rule for Uppercase User ID rule first because it has thehighest priority. If the condition of this rule is TRUE, it is successful. As a result, Oracle Identity Manager will attachthe related prepopulate adapter (the Display Uppercase Letters for User ID adapter) to the User ID field.

On the other hand, when the condition of a rule is FALSE, the rule has failed. Oracle Identity Manager willtrigger the rule with the next highest priority. If this rule is successful, Oracle Identity Manager will attach the

associated adapter to the designated field.

So, in this example, if the Rule for Uppercase User ID rule fails, Oracle Identity Manager will trigger theRule for Lowercase User ID rule. If this rule is successful, Oracle Identity Manager will attach the related prepopulateadapter (the Display Lowercase Letters for User ID adapter) to the User ID field.

After assigning a rule to a prepopulate adapter, if this type of adapter contains adapter variables, you mustmap these adapter variables to their proper locations. Otherwise, the adapter will not be functional.

Finally, when a prepopulate adapter associated with a field is no longer valid, you must remove the adapterfrom the field.

Process Task Adapters

A process task adapter enables Oracle Identity Manager to automatically execute process tasks in provisioning processes.

Each process and process task has a status, which indicates the stage of its completion. The statuses for a process or process task are listed in the following table in order of importance.

Task Status Description

C Completed: This process/process task has been completed successfully.

MC Manually Completed: This process task has been completed successfully by an Oracle IdentityManager user (that is, manually).


17/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 39

Task Status Description

P Pending: This process/process task is in the process of being completed. All preceding tasks and processes, respectively, have been completed.

PX Pending Cancellation: This process task will be canceled, but this task has to be completed first beforeit can be canceled.

R Rejected: This process/process task has not been completed successfully or has not been approved.

The status of rejected process tasks can only be changed to Canceled or Unsuccessfully Completed.

S Suspended: This process/process task has been put on hold temporarily.

UC Unsuccessfully Completed: This process task has been set to Completed. However, it had beenrejected before.

W Waiting: This process/process task cannot be completed until all preceding process tasks or processesare completed.

X This process/process task has been stopped. Its status cannot change anymore

The status level of a process represents the most important status level of its process tasks, which must becompleted for the process to be completed. Suppose a process has three process tasks, each process task has adifferent status level (Completed, Waiting, and Rejected), and all three process tasks must be completed for the process to complete. Because the highest task status level is Rejected, the status level of the process isalso Rejected.

A process task can be managed in these ways:

• It can be handled manually by using the Object Process Console tab of the Organizations or Users forms, or the

Oracle Identity Manager Web Application.• An Oracle Identity Manager process can be configured so that one (or more) of its tasks is triggered automatically

once it achieves a status of Pending.

What is Resource Object (RO)?

A RO is in its most basic form basically a virtual representation of an account on a target system. If anOIM user has an account on the target system the user has an RO instance associated with it.

The most basic process that you do with ROs is to provision the account to a target system. The provisioning ishandled by a provisioning process. The provisioning processes usually consists of a number of provisioning tasksthat fires adapters that in turn calls code, often Java code, that actually does the provisioning work.

What is Application Server and Web server?

A Web server exclusively handles HTTP requests, whereas an application server serves business logic to

application programs through any number of protocols.

Webserver mainly handles the Http requests but app server can be used to handle the http, rmi, TCP/IP and manymore protocols. Webserver just handles the requests of the webpage – means suppose, a html page(presentationlayer) requests a data - here script is written containing the business logic , then it just give the response with the

required data from the database. Then the html page with script is used to show the retrieved information. In caseof application server, it does the same thing, of getting and gives the response but it can process the requests. i.e.in this case, instead of script know how to fetch the data, the script is simply used to call the applications server's


18/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

!"#$%#& ()* +,%#-. /$&&$0$ 1$2# 3:

lookup service to retrieve and process the data. i.e here, application server is used for processing/applyinglogic. The web server can be considered as the subset of app server

The basic difference between a web server and an application server isWebServer can execute only web applications i.e. servlets and JSPs and has only a single container known asWeb container which is used to interpret/execute web applications

Application server can execute Enterprise application, i,e (servlets, jsps, and EJBs) it is having two containers 1.WebContainer (for interpreting/executing servlets and jsps)

2. EJB container (for executing EJBs). It can perform operations like load balancing , transaction demarcation etc

What is the purpose of rule designer?

Use this form to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters

General

Process Determination

Task Assignment

Pre-Populate

Explain the Approval process?

What is suppress standard approval process?

Have u involved to develop a custom connector?

Have u involved to develop a custom adapter?

Explain the attestation process?

What is clustering in IDM?

Explain the process of user defined field(Custome Field) provisioning process?

Explain the deligate administration process(Design console&Admin console)?

How do refer Logs for OIM Server?

Explain the password Sync?

How to configer the connector?

What is on boarding, off boarding process?

Explain the architecture of OVD,OID?

Can you Generate connector using GTC?

What is proxy,How to modify and remove proxy?


19/19

!"# "%&'()"'* +,'-&"!%- "#$%#&'#( )*+ ),-.

Can you explain how to export aconnector?

What is report?what is difference between operational reports and historical reports?

Operational Report:

User Entitlements

Resource Access List

Group Membership

Policy List

OIM Password Expiration

Approval Status by Approver

Historical Reports:

User Access History

Resource Access List History

User Profile History

User Membership History

Group Membership History

User Lifecycle

Users Deleted

Task Assignment History

How to Change the functionality of the Administrative console without modifying the Oracle Identity Manager

code?

How to modify look and feel of Administrative console?

HOW to version Upgrade in OIM?

Difference between Object Form and Process Form?

oim interview questions

Documents