Home‎ > ‎Oracle Identity Manager‎ > ‎Manage Identity‎ > ‎

User Profile Account Mapping


One of the core functionality of OIM is it's ability to track the User Profile to Account mapping and manage it on receiving external events/triggers and processing them using standard and configured rules.

The following table tries to document the various source and associated events. In addition to that that it also documents the standard and customizable rules that will be used to process these events and then associated impact of such processing.

 SourceEvent Processing Rule Impact Application/Service Accounts
Trusted Reconciliation

Direct Change (using UI); once approved, if applicable

User Profile attribute value change 
Change Triggers



Role Membership Rules
OIM Accounts - Provisioning Process Change Attribute Task (across all assigned accounts)


User Profile - Role Changes
Account Updates as implemented by provisioning tasks


None
 User Profile attribute value change

Direct Change (using UI); once approved, if applicable


User Role changes



Access Policy
OIM Accounts - Account Creation with specific attribute values and status

OIM Accounts - attribute value updates and associated Provisioning Process Change Attribute Task (TODO: Does this happen)

OIM Accounts - Account disable/enable/revocation based on changes to access policy applicability



Account Creation, Updates, Deletion as implemented by  provisioning Tasks
 Trusted Reconciliation

Direct Change (using UI); once approved if applicable

User Profile Status 
 ??OIM Accounts - Status changes and triggering of associated status change provisioning tasks 
Account updates as implemented by provisioning tasks
     
     
     
     


The events that typically trigger the changes to these mapping and updates to associated accounts are
  1. Changes to OIM User Profile's attribute value either due to trusted reconciliation or direct change to user's profile by an OIM User (once approved, if applicable).
  2. Changes to OIM User Profile's status (Active/Disabled/Enabled). TODO: Is Lock/Unlock supported.
  3. Assignment or removal of OIM Role either due changes in User Profile attribute (more on this below) or direct change to user's profile
  4. Request for new account (through Catalog) by an OIM user
  5. Request for enabling, disabling or revocation of an existing assigned account by an OIM user
  6. Identification and mapping of a new Application/Service account (i.e. account that was present in the system itself but was not known to OIM) during target reconciliation process (See OIM Accounts section for more information)

These events are typically processed based on standard (built in to OIM as either code/configuration) and custom rules identified below

Disqus for Google Sites


Comments