How can HelpDesk manage users in multiple Organizations in OIM R2

Hi All,
I looking to satisfy a requirement for OIM 11g R2 where a helpdesk administrator can only manage users that belong to a particular institution. However, there are approximately 50% of users that belong to more than one institution, where helpdesk staff from each institution should be able to manage the user. Customer is currently
doing this in Waveset by assigning users to orgs dynamically through rules which allows multiple virtual orgs. OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management very difficult.
How can a administrators from different org manage same User. If that user belongs to different org?
How to achieve this in OIM R2?
Thanks
Akshat

Hi Adr,
I know the OIM Authorization is around the Organization, and a user can present in only one org in OIM.
I wanted to know, can we force the authorization based on Department/Institutions rather than Org. I am thinking in reagards of OES Authorization policies.
OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management slightly difficult.
I am looking to determine the best approach to accommodate this requirement. Due to the high number of users that reside within multiple institutions, leveraging organizations will not work. Asa far i know OES APM should be able to accommodate this, but could not find any solid guidance in the Oracle training or Oracle by Example documentation.
Any thoughts?
-Ak

Similar Messages

  • How can point single user to multiple groups in ACS

    Hi,
    we are having almost 150 NDG groups in my ACS Server, in that one group is specifically for Security devices like pix & ASA's.
    Now My requirement is that i want to Restrict this Security NDG group to one Specific Group under Group setup menu in ACS.
    is it possible in ACS Server.
    If it possible how can i point multiple multiple groups to single user.
    Because not all users required access to this Security NDG group. only few users require the access.

    Give a read to how NAR works, then apply it to the security group on ACS.
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
    Regards,
    Prem
    Please rate if it helps!

  • How can I manage new Firefox for Mac on my network. Control users Home Pages for Mobile User Accounts.

    I am running Mac Computers in a School. Current Mountain Lions OS and current Firefox Browser. We log in using mobile accounts. How can we manage Firefox so all users get the same home page and settings.
    If I can do locally or through a profile, that would be great

    hello, you could use the mozilla.cfg file in the firefox program folder in order to lock or set certain preferences - here is some general information on how to set that up: http://kb.mozillazine.org/Locking_preferences
    and specific guide to set the homepage can be found here: http://mike.kaply.com/2012/08/29/setting-the-default-firefox-homepage-with-autoconfig/ (this blog also contains may other helpful resources for deploying firefox)

  • How do you manage RequestCenter in your organization?

    How do you manage RequestCenter in your organization?
    We are involved in discussions/debate as to where RequestCenter/Request Management falls in the organization.
    Some feel that building services in RC constitutes development and thus should fall under the companies development organization and be managed as such (e.g. Code Management, Version Control, Code Migration Policies, Separation of Duties etc.). Others feel it is not development and fits in the engineering/operations side of the house and managed accordingly.
    We are currently managing RC/Request Management in our engineering/operations side of the house. Most of the team do not have “hard core” development backgrounds and are doing quite well with the product, although a little development knowledge does help.
    From the newScale website – “Active Form Components: For an actionable Service Catalog with streamlined request fulfillment, end users must be able to easily request services using an intuitive and interactive online form. With the new active form components feature, service designers can quickly create and update complex interactive form elements that can be re-used throughout the catalog without any programming required.”
    I would be interested to know how your company is managing your installation of RC in your organization.

    I see RC as falling in the operations side of the organization, and that's how we'll likely develop support for the service.  We're new to implementing the product, so I can't give any advice on past experience, just my vision for the product and how we might develop and roll services out to the organization.

  • How can l block users from backing dating transactions

    1. How can l block users from back dating transactions in SAP B1. It was discovered that, in production dept there is this allowance given to them to keep producing for the previous month in the new month; this according to line staff is to enable them meet up their monthly target, after a meeting with the management it was resolved to block that right of backdation of enteries. how can l  correct  this.
    2. How can l change the decimal places backward in the general settings of administration of SAP B1( iniatially it was set to be 5 under Quantity now want to correct it to 3 how do l go about this).
    Joel

    Joel,
    By forum rule, one question for one thread.  I will answer you the second:  If you are using 2007 version, the option to decrease decimal place is not available.  Check this thread to know more:
    Re: REDUCE NUMBER OF DECIMAL PLACES
    Also note: this forum is just for B1 system administration.  Please post it on the main forum.
    Thanks,
    Gordon

  • How to identify a user across multiple pages

    Hi,
    I'm doing a homebanking and I would like to know how to identify a user across multiple pages.
    I have already take a look at HTTPSESSION, but I didn't understand.
    Can someone help me.
    I'm send the servlet Logon.
    import java.io.*;
    import java.sql.*;
    import java.util.Date;
    import java.util.*;
    import javax.servlet.*;
    import javax.servlet.http.*;
    public class Cons_logon extends HttpServlet
         private Connection conexao = null;
         Login1 login1;
         public void init (ServletConfig cfg) throws ServletException
              super.init(cfg);
              try
                   Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                   conexao = DriverManager.getConnection("jdbc:odbc:bank");
              catch (Exception e)
                   System.out.println(e.getMessage());
         public void doPost (HttpServletRequest req,
    HttpServletResponse res)
    throws ServletException, IOException
              String Suser, Spassword;
         PrintWriter out;
              res.setContentType("text/html");
    out = res.getWriter();
    String opcao = req.getParameter("log");
    Thanks

    I would recommend using the authentication mechanism that's guaranteed by the servlet spec. If you do that, you can just call
    request.getRemoteUser()
    to get the user name across multiple pages.
    If you want to use your own login scheme, you can create a new session object and map it to a user name somewhere in your app. Or you can just put the name of the user on the session. But the preferred way is to use the default authentication scheme defined by the spec.

  • How can I manage these two requirement in SLCM ?

    I have 2 conflict requirements on event offerring module.
    One is lock the user for set up the same resource (same room , same advisor , same date and same time) in difference SM.
    Another one is have to allow pair of SM to set up with the same resource (no need to lock)
    How can I manage this requirement ?
    BR
    Vo Cha.

    Hi Vorad,
    One is lock the user for set up the same resource (same room , same advisor , same date and same time) in difference SM.
    Colliding of resources is already taken care when you create events during event planning .
    Another one is have to allow pair of SM to set up with the same resource (no need to lock)
    You can set up a same resource provided the resouce should not collide with the same time .
    Eg : Lecturer A handling Maths at different sections , time .
    Note :
    Eg : For an year, session . Event Package design varies depend upon the university and it is very flexible .
    => Event Package has its own capacity , you can assign the events to the event package . Events are short term and it also has it own capacity .
    => But once the event package is booked for students , it cannot be modified .
    For more understanding :
    Event Planning :
    http://help.sap.com/erp2005_ehp_03/helpdata/EN/5c/2dfe2acd4d11d2abe700a0c943a389/frameset.htm
    Regards
    Gajalakshmi

  • How can I manage 'recent destinations' in Tomtom o...

    Hi all,
    I have a Nokia N73 with Tomtom installed. I use it all the time and have a long list of destinations to which I have navigated. Many of these were one-off trips and will not be needed again. How can I delete the ones I don't want?
    Thanks

    1. At what level we can convert OTL hours to Day ???OTL stores data whatever you enter. It will store hours in the table so as per your rules you can write custom formula/ plsql code to convert hours to day whenever you want
    2. how can we manage OTL Leave/Absence bcoz they are in Hours in OTL and days in HRMS????In HRMS also you can store leaves in hours. If you still want to store the leaves in days in HRMS then in OTL you can apply rules that employees should enter leaves only in the multiples of 8 e.g. 8 hours (or whatever work schedule hours person has). Then while putting leaves in HRMS you can add those leaves as days.

  • ***How can i manage Leave deduction in OTL???

    AoA
    How can i manage Leave deduction in OTL???
    Thanx

    1. At what level we can convert OTL hours to Day ???OTL stores data whatever you enter. It will store hours in the table so as per your rules you can write custom formula/ plsql code to convert hours to day whenever you want
    2. how can we manage OTL Leave/Absence bcoz they are in Hours in OTL and days in HRMS????In HRMS also you can store leaves in hours. If you still want to store the leaves in days in HRMS then in OTL you can apply rules that employees should enter leaves only in the multiples of 8 e.g. 8 hours (or whatever work schedule hours person has). Then while putting leaves in HRMS you can add those leaves as days.

  • How Can I Manage Topic Statuses and Workflow (RoboHelp 8)

    I'm the sole RoboHelp author in a company with a project lifecycle that didn't require me to work concurrent Help updates. I had time to finish an update and publish before starting work on another. Now I have multiple projects hitting my desk that need to publish on differing schedules.
    My question is, how can I more effectively manage my workflow? For example, I currently need to publish a Help update for Project 1 that only impacts two topics; however, I have updates for three existing topics in review for Project 2 that doesn't rollout for three more weeks. If I generate an update for Project 1 now, my Project 2 topics that I don't want to publish yet will be included in the compiled file. How can I manage this situation?
    It looks like I can set a topic status. Currently, all my topics use the default "In Progress" status. Should I set all my topics to "Complete" and reserve "In Progress" and "Ready for Review" for those that I'm working on for my various projects? Would it enable me to publish completed topics for Project 1 and default to the original content for the three Project 2 topics I status as "In Progress" or "Ready for Review?" As I noted, I don't want Project 2 updates to compile with Project 1, but do want their original content to be included in the file until such time as I'm ready to release the updates.
    Thanks

    I'm not clear how source control will help here. I believe the problem is about working on topics that are not to be included in an output. This is achieved by using conditional build tags. Apply a tag of say WIP to topics and content that is not ready to be generated. When the help is generated, apply a build expression of Not WIP.
    Source control would only be necessary if there is more than one person working on the project.
    See www.grainge.org for RoboHelp and Authoring tips
    @petergrainge

  • In ADF how can i insert data in multiple table if they have foreign key

    I have started working on ADF and can anybody inform me in ADF how can i insert data in multiple table if they have foreign key,please?
    Thnak you very much.

    Hello,
    Still no luck.I am surely doing silly mistakes.Anyway,Here are my workings-
    1> student_mst (id(pk),studentname) and student_guard_mst(id(fk),guardianname)
    2> created EO from both of the tables,made id in both EO as DBSequence and an association was also generated.
    3> i made that association composite by clicking the checkbox
    4> i created 2 VO from 2 EO.
    5> put those VO in Application Module.
    6> dragged and dropped 2 VO on my jspx page and dropped them as ADF Form.
    Now what to do please?

  • How can I manage six email accounts WITHOUT them all appearing (twice) in the Folders column?

    How can I manage six email accounts WITHOUT them all appearing (twice) in the Folders column?
    All I need is ONE INBOX (like Windows Mail used to do) ...
    I can see in the 'Account' column of each message which email account it's using.
    Then, I either junk or read the message, followed by delete or file to one of my created folders.
    As it is, half my page is depth is taken up by 12 lines of Account names !!!

    That still leaves SIX lines of Account names down the side. All I want is ONE INBOX ... (I can see which account each message belongs to in the 'Account' column...)

  • I have several phones on my itunes accousnt how can i manage to see only my information

    I have both my daughter and my sons iphone onmy itunes account.  How can I manage my storage to seeonly my apps and my music?

    I don't believe that there is a way to do that.  I would sugest using automatic downloads to keep your apps synced across both phones.  You might also want to note that just about any app you have ever download will be available for free download via icloud.
    Wish I could be more help.

  • How can I get rid of multiple pictures at the same time?

    how can I get rid of multiple pictures at the same time?

    Adobe Bridge, lightroom and your file browser (windows explorer or Mac Finder) can select multiple pictures at once and then delete. If you are looking for more than that for information, you will need to be more specific at what your doing, what OS you have, and version of software your using. If necessary post screen shots so we can see what your doing. The more information we have the more detailed of an explaination can can give back to you.

  • How can i restrict user to access database object (procedure) or JSP

    Hi
    I have 9ias infrastructure 902, on win2k box with 9i DB.
    and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
    Now we are looking forward to couple both with SSO.
    I have deloyed samples of both and works fine.
    Each application have different set of users, i mean there is no common user.
    How can i restrict user not to view the web page which is not authorised to them.
    as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
    can any one through light upto my concern.
    regards
    [email protected]

    Hey Mary
    No i haven't try to do that via pl/sql....
    as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
    still finding to do so....
    what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
    thanx...
    samir....

Maybe you are looking for