OIM 11g searching users by UDF, using API

Similar Messages

• Oim 11g r2: data access restriction using roles instead of organisations

  can i implement data access restriction using roles instead of organisations in oim 11g r2?

  in my use case a particular user can be member of more than one organisation. as far as i know oim does not suoport this use case using organisation, so i decide to use roles to represent my "organizations", but now i loose all the data access restrictions (scope).

• OIM 11g, Get users from table and insert them into Approval Task

  Hi All,
  I have OIM 11.1.1.5.4 in Solaris 10 and I have an Oracle Table configured as Trusted Source.
  I am using Database_App_Tables_9.1.0.5.0 connector.
  I want Reconciliate new users from a Oracle Table as follow:
  1. I ran the scheduled job
  2. The new users reconciled Must get into an Approval Task before of insert them into USR Table.
  3. The Administrator User Approved o Rejected the new users.
  4. The new users that were approval Must insert them into USR Table.
  Is there any form of implement this?, Can you guide me please?.
  Thanks for your Help.

  Through your Schedule Task, generate "*Create User*" (Request Type) request and assign approval workflow for such requests.
  After completion of approval ONLY, users will get created into OIM 11g.

• How to search users in Outlook Using Last Name and First Name

  During recent times we change the naming convention in AD, FirstName , LastName
  We can search users using More Columns but I would like to know alternate method to search users. The search result should sort results by last name as query
  Regards Chen V [MCTS SharePoint 2010]

  Hi Chen,
  Based on my knowledge, there is no related method to enforce all users using More Columns as the default search option in Outlook Address Book. We can just change the search option for individual Outlook user by remembering the last search using as I mentioned
  above.
  Sorry for any inconvenience and thanks for your understanding.
  Regards,
  Winnie Liang
  TechNet Community Support

• OIM 11g Modify User Profile for Updating End Date

  Hi Gurus!
  We have an OIM implementation where users may request the creation of other users by means of a Create User request template. In this template we set the End Date to be 3 months after the request date.
  In order for the requester to extend the period of a user's OIM user account (along with its provisioned resources) we customized a Modify User Profile by displaying the End Date field and automatically populate it again to 3 months after the request date. Also we developed a custom event handler to enable the user when it is disabled and the End Date is updated to a future date.
  This Modify User Profile is working great when the user is still enabled (the End Date is still in the future), however, when the End Date has passed (and the user is Disabled) the requester is not able to see the user when selecting the Modify User Profile request template.
  Is there a way to allow requesters to also see disabled users in the Modify User Profile request template?
  Thank you in advance.
  Regards,

  Hi Kevin,
  thanks for your reply!
  But, in this case, when the user is already disabled due to his End Date, how can a requester, through the Self Service TAB, enable it?
  The Enable User request template does not work since when trying to enable the user, OIM sees the End Date is already passed and the DataSet validation throws an exception.
  The only way I saw was providing a Modify User Profile Request template to change the End Date and developing a custom event handler to enable the user upon the extension of the End Date...
  How can, in this situation, a requester enable the user and extend its End Date?
  Thank you!
  Regards,

• OIM 11g r2  User  UDF fields  Updation based on AD ID

  Hi,
  We have to update the UDF fields created for the users in OIM using the data from a table.
  This table contains the AD ID, and other fields.
  OIM User (already available) will be updated based on AD ID ….i;e AD ID column will be used to find the user in OIM and then his UDF will be updated based on the respective data from other columns in the table .
  Please can you help me on this task?
  Thanks,

  Your requirement doesn't tell much like when you want to update your user. If it would be on daily basis then go for Schedule Task, if you want to at the time of provisioning then you can have one task and attach your code to bring AD ID in OIM..
  You may leverage Event Handlers as well if your use case requires that.

• OIM 11g create user with API - double resources

  Hello.
  We have a custom web client for creating a user in OIM. When we create a user with the OOTB web app (formerly xlWebApp), it creates the user and the Access Policies work correctly to give the user one of each resource.
  When we create the user with the API from our custom web app, it tries to assign 2 of each resource to the new user. Has anyone seen this behavior before? Thank you.

  Bump Thanks.

• Provision and modify user's access using API

  We have a requirement where user can request new/ modify access to an application in a custom UI. In the backend we need to use OIM apis to do the task. For account creation I can make use of access policies to trigger prvisioning but not sure how I can modify the access. Please suggest.
  There is a new API oracle.iam.provisioning.api introduced in R2 but not sure how to make use of it.

  Kiril,
  So, i'd like to "map" Database Authentication and Application Express Authentication.That doesn't mean anything to me. What do you mean in technical terms?
  From FROMS i'll call Applcation Express to display some information - like report or...Call it by placing a hyperlink on the screen? When the user clicks the link to the Application Express application are you expecting the user to have to login or not (what is the requirement)?
  Realize that when the Oracle APEX application runs (after USERA authenticates) it will not be like running a Forms application as USERA. The Oracle APEX app will run as the parsing schema of the application, no matter who logs in to it. Of course internally you can recognize who the user is and do different things based on querying the user roles/privs in the data dictionary, but you have to code that yourself. You can also use VPD and base predicates on the authenticated user. Can you live with that?
  Scott

• OIM 11g R2 - User random password Generation

  Hi All,
  In my case users are getting created in OIM using Trusted source reconciliation and need to populate a random password for each user.
  Please suggest me which of the following methods is better and why?
  Method 1: Created a post Event Handler and populate password attribute. This case I created a custom Post event handler and populated password attribute and is success but the password stored in database is plain text and so not able login to Adminconsole with same password. So, how to encrypte password and then store in DB?
  Method 2: Create entity adapter and attach to user form using Data object manager
  Or, please suggest me any other best way.
  Thanks in advance.

  Hi,
  Users are being created thru trusted source recon and password is not automatically getting populated. I verified it, by checking USR_PASSWORD attribute in USR table and it is empty.

• OIM 11g R1 - User Login activities

  Hello,
  we have OAM-OIM-OID integration. A user authenticates against OAM/OID.
  It is possible to track any user login or user password changes?
  Where will this activities stored? OAM or OID?

  you can check the OAM or OID Audit logs.
  OID: ORACLE_INSTANCE/auditlogs/OID/oid1
  OAM: <MW_HOME>/user_projects/domains/OAM_domain/servers/oam_server1/logs/auditlogs
  Reference:
  http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/audit.htm
  http://docs.oracle.com/cd/E15523_01/oid.1111/e10029/auditing.htm

• OIM 11g , Ignore User Creation

  Folks ,
  I am facing a issue , hoping you guys could throw some pointers ..
  I have a trusted recon set up via GTC DB connector . There is particular condition when i dont want the user to created in OIM though it will be pulled by GTC (Unfortunately i cant stop that).
  So in nutshell, i want to ignore the OIM user creation when a particular reconciled attribute lets say firstName = ABC AND user is not already present in oim, then ignore the user creation ..
  Any pointers how to achieve this ..
  Thanks
  Suren

  Thanks Raghav for your response , but how ill this work .
  So , when FirstName = ABC record will come , as per your recon rule .., it wont link to any existing user and it will land up in No Match Found status and as its trusted recon it will create the user .., which i dont want ..
  I cant delete rest of the action rules , they are required for processing the updates etc ...
  Please let me know if you need more info ..
  Thanks
  Suren

• USER LOGIN GENERATION USING EVENT HANDLER IN OIM 11G

  Hi
  I am looking to generate user logins in OIM 11g (11.1.1.5) using event handlers. Can anyone guide me with the process and which API need to be used?
  Regards

  You have to write your custom class which implements oracle.iam.identity.usermgmt.api.UserNamePolicy. Then you have to register the plugin which will contain the plugin.xml and class file of your custom code.
  More in this metalink ID 1228035.1

• OIM 11g R1 - Add user to group after AD Reconciliation

  Hi,
  i want to add all reconcilated users from AD to OIM to a special role in oim, after a AD reconciliation.
  By default, all users get the role ALL_USERS. I want to add a futher role, for example ALL_AD_USERS.
  How to do this?
  Edited by: 960944 on Jan 15, 2013 5:11 AM

  I assume that here you are talking about AD TRUSTED RECONCILIATION and you don't have any other TRUSTED Reconciliation and this is the only way to bring users into OIM, then you can create a role and attach a membership rule say "Organization doesn't contain ZZZZ". It will satisfy all the users
  CONS: Here you won't be able to distinguish between users which are creating through Admin Console or from AD Trusted or from some other Trusted Recon.
  Now if you want only those users who are coming from AD then Add a task on Reconciliation Insert/Update Received and add user into Role using APIs.

• Use of Orchestration in OIM 11g

  Hi,
  Can anyone help me in understanding the concept of orchestration in OIM 11g?
  I have seen using orchestration in eventhandlers. I don't have any idea on this. Can you please elobrate it's uses?
  Thanks,
  Saravanan

  An orchestration is automated management of operations in Oracle Identity Manager. In case of event handlers, at what stage (pre-process/post-process etc) that event handler is about to be executed, on what object(user/role/resource etc) and in what order it is to be executed, are all handled by orchestration. Orchestration also holds data during these operations as well.
  You can use doc referred above by Nayan to use the orchestration. I hope this helps.
  regards,
  GP

• OIM 11g integration AutoLogin error (first login or forgot password)

  Hi,
  We are currently integrating OAM+OIM 11g (R2). We have used a 10g webgate for this.
  When the user logs in for the first time, and sets his password and answers the challenge questions, he should be "Auto logged in" when he is finished.
  The same scenario should happen, if the user forgot his password, and resets it. He should be "Auto-logged in" when finished.
  This is not happending for us.
  The OIM logs tells us this:
  ERROR: Autologin failed oracle.iam.ui.platform.sso.exception.AutoLoginException: Error occured while retrieving TAP partner key from Credential store
  We have tried to verify everything recommended by this Oracle Support article:
  How to Solve Autologin problems in OIM with OAM? [ID 1475297.1]
  Any ideas what we are missing?
  Thanks & Regards,
  Henrik

  Maybe this is a something?
  Whate should the value of the property OAM_SERVER_VERSION be, when running idmConfigTool.sh and using a 10g webgate for the integration?
  Chapter 7.6 in the integration documentation states this:
  OAM_SERVER_VERSION: 11g (use 10g if Oracle Access Manager 10g is used)
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CACFCJHI
  Under chapter 2.4.5 in the idmConfigTool documentation it's described like this:
  OAM_SERVER_VERSION: Required only when Access Manager server does not support 11g webgate in Oracle Identity Manager-Access Manager integration. In that case, value should be provided as '10g'.
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/idmcfgtool.htm#CIHCICHD
  When we ran the script, we had the value set to "11g" (because that's our OAM version)... now I'm wondering if I need to set this value at all..
  Regards,
  Henrik