Home‎ > ‎Oracle Access Manager‎ > ‎

Managing Web Single Sign on


User identity is a combination of unique name in the directory and the identity domain itself (typically the name of the identity store).


Authentication triggers calculation of user group membership. There is no way to flush a user's group memberships, information to force Oracle Access Management to recalculate it at a later date.

Information is used as follows:
When evaluating policies during authentication
When evaluating identities for authorization conditions in a policy
When using LDAP to search for identities for conditions in an authorization policy


OAMIdentity is the token that contains the detail about the user that has been authenticated and that can be referred to in rules. The domain is asserted as a Name Qualifier within the token.