OIM approval -  End User Experiance

Similar Messages

• OIM 11g Modify User Profile for Updating End Date

  Hi Gurus!
  We have an OIM implementation where users may request the creation of other users by means of a Create User request template. In this template we set the End Date to be 3 months after the request date.
  In order for the requester to extend the period of a user's OIM user account (along with its provisioned resources) we customized a Modify User Profile by displaying the End Date field and automatically populate it again to 3 months after the request date. Also we developed a custom event handler to enable the user when it is disabled and the End Date is updated to a future date.
  This Modify User Profile is working great when the user is still enabled (the End Date is still in the future), however, when the End Date has passed (and the user is Disabled) the requester is not able to see the user when selecting the Modify User Profile request template.
  Is there a way to allow requesters to also see disabled users in the Modify User Profile request template?
  Thank you in advance.
  Regards,

  Hi Kevin,
  thanks for your reply!
  But, in this case, when the user is already disabled due to his End Date, how can a requester, through the Self Service TAB, enable it?
  The Enable User request template does not work since when trying to enable the user, OIM sees the End Date is already passed and the DataSet validation throws an exception.
  The only way I saw was providing a Modify User Profile Request template to change the End Date and developing a custom event handler to enable the user upon the extension of the End Date...
  How can, in this situation, a requester enable the user and extend its End Date?
  Thank you!
  Regards,

• ChaRM: approving of a change request by various list of end users

  Dear, experts.
  Can I customize ChaRM so, that before initiating change request  a support message should be approved by  by various list of end users depending on component (component A - list 1, component B - list 2)?
  For example some end-user wants to change  established business-process. In this process are involved other end-users, so to trigger changes he have to ensure that other end-users are agree.
  can you suggest any profitable solution?
  thanks in advance

  Hey talgat,
  what you need is an action that uses pfac (it s a transaction for defining rooting rules). Thanks to this transaction you can define rules that will be based on different fields of ticket od crmd_order to assign the right person to the ticket
  There is a standard action that does those kind of things called SLFN0001_ADVANCED_FIND_PARTNER of action profile SLFN0001_ADVANCED available in transaction sppfcadm. You ll notice that this action uses rule id AC13200137. Well you ll need to define your action that will be alike with your own rule that you ll have predefined in transaction pfac.
  Use a copy of the standard rule AC13200137 to do your own; it will ease the task for you.
  PS: this link could maybe help your understanding
  Support Team Determination
  Hope this helps
  Regards
  Khalil

• OIM 11g, Get users from table and insert them into Approval Task

  Hi All,
  I have OIM 11.1.1.5.4 in Solaris 10 and I have an Oracle Table configured as Trusted Source.
  I am using Database_App_Tables_9.1.0.5.0 connector.
  I want Reconciliate new users from a Oracle Table as follow:
  1. I ran the scheduled job
  2. The new users reconciled Must get into an Approval Task before of insert them into USR Table.
  3. The Administrator User Approved o Rejected the new users.
  4. The new users that were approval Must insert them into USR Table.
  Is there any form of implement this?, Can you guide me please?.
  Thanks for your Help.

  Through your Schedule Task, generate "*Create User*" (Request Type) request and assign approval workflow for such requests.
  After completion of approval ONLY, users will get created into OIM 11g.

• How to view just Reports by one end user in OIM

  Hello
  How could I make just one end user to view only "Reports link" in OIM web console? When I login with xelsysadm into OIM then i can view all links in left panel. I would like to provide one end user just to view reports but not the others.
  Pls suggest.
  Thanks!!

  Those are probably set on the "All Users" group. You'll need to remove the default menu items all user's get and create new groups that provide what is needed to those users. You cannot remove a user from the All Users group.
  -Kevin

• OIM : End user should be able to edit his resource data

  Hi,
  When the end user logs in and requests for AD resource, he does not see the AD resource form. All the data for the form is prepopulated according to some predefined rules. What i want to do is to allow the End-user to modify his AD form data.
  How can i do the above?????
  What privilages do i have to grant to End Users???/
  Kindly Help.
  null

  Hi,
  So here are my thoughts...
  1) The only fields that should go into the resource form are those fields that you want a requester (or approver) to modify or see during a request workflow. If it is provisioning related, for example, the uSNCreated of an AD User, it should not go on the Resource Object form (let's call it the object form from here on out). Also, you can have fields on the object form that don't ever need to go on the process form (provisioning process)... and these would be request related fields, not provisioning.
  2) This is where we need to be specific about terminology.. Resource Administrators are those people that can modify the resource... typically they have access to the design console... for some reason, I don't think you mean these people, right? You mean the people who will approve the requests, right? If that is the case, you can have them just see one form or the other, and you can also give them rights to modify one form or the other. This is done at the group level through Permissions and Menu Items (a combination).
  3) Resource Object Data Flow trumps pre-populate. (I am like 99% sure on this.. I would have to test it to be sure.. I believe it is the same as Access Policies, which does trump pre-populate adapters)
  4) I have NO clue :) I would love some improvements in the forum... especially separating out the products in the IDM stack into their own forums.
  Good luck,
  Deborah

• Imlpementing EULA / end user declaration using OIM/OAM

  Hi,
  We have a requirement in which we have to make user accept EULA /end user declaration prior to adding details in portal, does any one has pointers on how to do the same using OIM/OAM.
  Early response would be much appreciated.

  I would have done it in this way: Assuming you have decent knowledge of using existing components of OOTB connector for re-usability. Also I have never tried this, its just an approach which could possibly work.
  - The only way for an end user to change its own password in OIM is via self-service which means the tcUtilityFactory would be instantiated by the user itself. If that is the case then you can obtain the User ID in the pre-insert entity adapters/plugin. Now when the password reset operation is being done, you can check the User ID of the Logged In user and the Target User and take a decision whether it was the user itself or some other admin.
  - If it was some other admin then you can set the Force Password Change at next Logon check-box in the User Profile to true.
  - Now modify the Change User Password task to use the IT Resource connection credentials if that check box is selected to create a connection OR use the credentials form the Process Form if that check box is not selected.
  This way the connection to the LDAP would be done via the user itself if it was a self-service password reset and your LDAP Policy would have no complaints.
  Assumption The user has the permissions to establish a JNDI connection with SDS and modify its own account which I am sure would be there.
  Thanks
  SRS

• OIM 11g - Reset End-User Password by Helpdesk

  Hi,
  Help Desk Administrators can search the "End Users" and can "Reset the Password". I have to customize the "Reset Password Menu" which is having two options to reset the password.
  1. Manually Change the Password
  2. Auto generate the Password (Randomly Generated)
  Here i have to disable the option of selecting the "Manually Change the Password". So that the HelpDesk Administrators can select only one option which "Auto Generate the Password".
  Urgent Help, highly appreciated.
  Thanks,
  Sandeep D
  Edited by: user13476138 on Jun 7, 2011 2:29 AM
  Edited by: user13476138 on Jun 7, 2011 2:29 AM

  I think I remember (if I am not wrong) it is the xlWebApp.war/tiles/changePasswordTiles.jsp file. Actually, most of the JSP files are in this place (folder). One thing yuo should be aware of is when you change JSP file. You have to recomplie the war file using patch_your_app_server.sh (patch_your_app_server.bat for Windows) under xellerate/setup folder. Becarefull this will change your configuration files back to original (OOTB) so besure to back up your custom configuration files and put them back after that.

• OIM - Approval process

  Hi All
  I have OIM integrated with application 1. Application 1 has many responsibilities which are to be maintained by OIM by 1 level approval process. This means the end user can log into OIM admin console and request for more responsibilities. I have a table for Resource object and another table for Responsibilities similar to AD Resource Object and its child table for AD groups.
  Problem is that every responsibility has a separate owner and if a user raises a request for responsibilityX, it should go to the owner of the responsibility. How should I go about it..
  Please help !!
  Thanks

  Thanks Kevin
  This is really helpful. I guess this would probably work in case when the number of responsibilities and user groups are limited. But in my case I have almost 1500 responsibilities and having a user group corresponding to these responsibilties would not be an easy task.
  I take your suggestion of creating a lookup for the mapping of responsibility and its corresponding owner. To move further, shall I go ahead and use API's to handle the object form and assign the task based on this lookup. Can you please suggest if this will be a good approach and provide some basic startup.
  **** Another thing which I am not able to understand is - When I provision a user using direct provisioning, these reponsibilities are attached to the process form as child table. How should I go ahead with creating a object form for the responsibilities.
  Currently, when an end user logs into admin console, he can only request for RO provisioning with no details or responsibilities. (No object form is attached to RO).
  This is similar to Group assignment in Active Directory, but in that case I wrote a separate piece of code that was adding the user directly to the AD group.
  Thanks

• OIM - Approval

  Hi
  I am trying to configure 1 level approval process in OIM so that whenever an end-user raises a request for an application (RO), it goes to his manager for approval. Once it is approved by his manager, he should get provisioned to the target application. To achieve this , I have done the following:
  1. Added tcCompleteTask adapter in Standard approval process
  2. Created New process as 'Manager Approval' giving type as Approval and object name as my RO
  3. Added a task as 'Manager Approval' and specified 'Request Target User's Manager' in the Assignment tab under default rule
  Now whenever the user raises a request for this RO, it goes to the user itself and gets approved. Please let me know if I am missing something.
  Thanks

  You should check out the Oracle By Example articles and walk throughs available. You need to put in some kind of effort on your own to learn at least the basics. The OBEs will give you samples of importing a connector and creating an approval process. There is a notification tab on the process tasks where you can assisgn a status of the event and a notification. You'll also need to configure an email server as well.
  I would also suggest you create your own topic once you have gone through the OBE samples. And posting the same question onto multiple existing topics will making tracking answers more difficult.
  -Kevin

• Push Notifications to end users and Conditional Success Screen Name ?

  Hi,
  Scenario: PO Approval
  Description: I am developing a PO approval application with 3 levels of approval. The HWC application is based on the push notification ( DCN with payload ). When a PO ( Purchase Order ) is created/modified the end user will get the notification. Once the first 2 levels of approval is done from the mobile devices the notification should reach the 3rd level for approval. And Conditional Based Users only View there Profiles, If an User1 Approved PO Approval then only User2 Will get Push Notification but  for User3 it will not Visible, Oncethe User2 Approved then Only User3 will get Push Notifications and these 3 Profiles have to be log in Based on Condition Name & Conditional Success Screen Name.
  Question: How to set to which user the notification should reach. In the "to" field of JSON when I am providing "supAdmin" means the notification will reach all the devices who has the application. Once a PO is created the notification should reach only to user in the first level. Once he approves the PO, then only it should reach to the user in the 2nd level. And finally 3rd level.
  Here Conditional Name is the best way to Log In or is there any other way to show the User based Log in Details, Because Here I am showing a List of Items Based On Log In,  and Based On Log In user Has to view there List of Products and Status.
  How to manage this situation.
  Midhun VP can you please help me on this.
  Thanks,
  Vamsi K

  Yes, DNS is is fundamental for networks, even for Windows networks. The DNS is working well for the existing Windows network and there are no problems in distributing certificates etc.
  There are more than 150 users and 180 devices on the network without DNS problems.
  I don't know how to discover a DNS problem... Windows works well.
  DNS resolves fine... dig does it for "a" records and "ptr" records. nslookup resolves, too.
  When the problem is a faulty DNS, why does the usage of users/devices from OD work with Profile Manager?
  Renaming and/or migrating the ActiveDirectory is not possible. First, I want to be sure that there is a faulty DNS.
  The .local TLD is not optimal for Bonjour/mDNS but I can't believe that there is no workaround

• Error while creating user in OIM using Create User API

  Hi All,
  My Setup:
  OIM running on Jboss Server where as my custom application to create user using CreateUser API in Tomcat Server.
  Below is the code that im trying to run.
  try
            System.out.println("Started ---");
                 ConfigurationClient.ComplexSetting config = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
                 System.out.println("Login ---");
                 Hashtable env = config.getAllSettings();
                 tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,"xelsysadm","abcd1234");
                 System.out.println("Authenticated");
                 if (ioUtilityFactory!=null)
                      System.out.println("Login OK ---");
                 System.out.println("Getting utility interfaces...");
                 tcUserOperationsIntf moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
                 System.out.println("Starting processing...");
                 Map attrs = new Hashtable();
                 attrs.put("Users.User ID",request.getParameter("userid"));
                 attrs.put("Users.Last Name",request.getParameter("lname"));
                 attrs.put("Users.First Name",request.getParameter("fname"));
                 attrs.put("Organizations.Key","1");
                 attrs.put("Users.Role","Full-Time");
                 attrs.put("Users.Xellerate Type","End-User");
                 attrs.put("Users.Password",request.getParameter("password"));
                 long key = moUserUtility.createUser(attrs);
                 System.out.println("Processing DONE...");
                 ioUtilityFactory.close();
       catch(Exception e )
       System.out.println("---" + e.getMessage());
       e.printStackTrace();
  When i am trying to create user it's throwing the below error message.
  HTTP Status 500 -
  type Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  javax.servlet.ServletException: Servlet execution threw an exception
  root cause
  java.lang.NoClassDefFoundError: Could not initialize class com.thortech.xl.util.config.ConfigurationClient
       com.emulex.productsellers.CreateUser.doPost(CreateUser.java:33)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
  note The full stack trace of the root cause is available in the Apache Tomcat/5.0.28 logs.
  Apache Tomcat/5.0.28
  And one more thing is if i place this code in jboss and it was working there with out any issues.
  Please let me know if i am missing anything.
  It's bit urgent.
  Thanks in Advance.
  Siva Pokuri.

  URGENT** How to change  OIM user password from outside OIM

• Activating a Windows 7 installation (for an end user) as a MS Registered Refurbisher.

  I have applied to join the MRR program and have passed the test and am awaiting approval.
  I was reading in the MRR manual that MS prefers that a refurbished PC is set up with sysprep so that the end user has to accept the license agreements and activate before using Windows.
  However, the manual went on to say that the Refurbisher can choose to activate windows as a courtesy for his customers as long as he configures the PC to display the license agreements when the end user uses the PC for the first time.
  This is probably a stupid question, but how is this achieved? Can Sysprep be somehow set to retain the activation information?
  Or is this achieved using one of the tools on the OEM Preinstallation Disk or with the RPK tools described in the MRR manual?
  Thank you for your patience with me :)

  Hi,
  Regarding to sysprep,  the activation information will be removed or I mean it doesn't work (even the reference PC is activated) when you deploy the image to other computers.
  This is the exact sentence from TechNet website
  You cannot make an image of an activated Windows installation and duplicate that image to another computer. If you do, Windows fails to recognize the activation and forces the end user to reactivate the installation manually.
  http://technet.microsoft.com/en-us/library/cc766514(v=ws.10).aspx
  Add:
  For a Refurbished PC, the PC has two labels; either the original Certificate of Authenticity (COA) label the PC manufacturer installed or the Genuine Microsoft Label AND a COA from the PC refurbisher. for manually activation, the end user can only use
  COA from the PC refurbisher.
  Yolanda Zhu
  TechNet Community Support

• GRC AC 10.1 - End User Login - Request issue

  Hi experts!
  Im working in GRC AC 10.1 SP07. I have configured END USER LOGIN services; the idea is that end user from ECC system could submit request without having user in GRC box, this is working fine but i´m experimenting next problem.
  When i go to search request, those request submited by end user appears like created by Z_END_USER, this is the user in GRC that i have configured in services GRAC_UIBB_END_USER_LOGIN and GRAC_OIF_REQUEST_SUBMISSION_EU.
  ¿Is possible to configure that request appears "Created By" the requester and not the service´s user? I don´t think so, but if not, ¿is there any way to add the column User ID in Result screen? because it is avaible in parameters search but im not being able to add this in result screen (it´s not like hidden neither).
  Parameters "Created by user ID" would be service´s user and "User ID" would be the requester.
  Thanks!
  Emiliano

  Hi Emiliano,
  Your understanding is correct, request created by UserID will always show GUEST UserID configured in the End User Logon service.
  In search requests there is option to search requests by UserID but the same field has not been enabled to be available in Search Request result screen. This is as per standard functionality. You can check with SAP or can work with ABAPer to make the UserID column as display field in Search Request results.
  Regards,
  Madhu.

• GRC AC Filter for System in GRC AC End user Home

  Hi,
  I need to create a filter for system (for all user) in the ALV, from END USER HOME when try to select roles and system from Model User
  I see the instructions in the link:
  http://scn.sap.com/community/grc/blog/2013/09/04/customizing-access-request-and-approval-screens-in-grc-access-control
  But i try to open application GRAC_UIBB_END_USER_LOGIN from SE80 transacction, appears a error in the navigator.
  This is what I want to accomplish

  Hello Cristian,
  Try to add the below string at the end of the URL for which you are getting error.
  &SAP_CONFIG_MODE=X&OBJECT_ID=ACCREQ
  Hope it helps.
  Regards,
  Neeraj Agarwal