Oracle University | Contact Us: 1.800.529.

0165

Oracle Identity Manager 11g R2: Develop Identity Provisioning

Duration: 5 Days

What you will learn

This course begins with a refresher of concepts associated with identity management, identity administration and Oracle
Identity Manager 11g R2. Through hands-on training, you'll deep dive into the following concepts.

Learn To:

Perform direct provisioning and automated provisioning.

Manage key provisioning functionalities.
Perform reconciliation.
Create and manage plug-ins and event handlers.
Handle approval workflows.
Create and manage requests.

Benefits to You:

Secure your organization's critical applications and sensitive data to lower operational costs. Manage the entire user
identity life cycle across all enterprise resources.

Reconciliation

This course will also help you explore the concept of reconciliation. Learn how authoritative reconciliation is used to
identify new user accounts on trusted sources and transfer them into Oracle Identity Manager. Find out how account
reconciliation is used to recognize changes to user accounts on non-authoritative sources and transfer these
modifications into Oracle Identity Manager.

Event Handlers and Plug-Ins

The course also teaches you how to add plug-ins and event handlers to a connector configuration to extend the
customization of the connector. As a result, you'll learn how to customize Oracle Identity Manager by developing and
deploying event handlers and plug-ins.

Provisioning Request and Approval Workflows

Examine components that compose a request and approval workflow, including the request dataset, approval processes
and approval tasks. You'll learn how to create and manage an approval workflow; create and assign email notifications
for the approval workflow, incorporate the approval workflow into a provisioning workflow and use it to approve the
provisioning of a user. This is done before providing the user with access rights to an external resource.

Copyright 2013, Oracle. All rights reserved. Page 1

Oracle Identity Manager APIs

Lastly, you will learn about services and APIs. Oracle provides a network-aware, Java-based API that exposes services
available in Oracle Identity Manager. Services are used for building clients for Oracle Identity Manager and for
integrating third-party products with the Oracle Identity Manager platform.

Audience
Business Analysts
Functional Implementer
SOA Architect
Security Administrators
Support Engineer
Technical Administrator
Technical Consultant

Related Training

Required Prerequisites

Identity Management Concepts

Java Programming

Web Services

Oracle Identity Manager 11g R2: Essentials

Course Objectives
Concepts associated with identity management, identity administration, and Oracle Identity Manager, learned in the
Oracle Identity Manager 11g R2: Essentials course

Create configurations to provision users with external resources, both manually and through auto-provisioning

Key provisioning functionalities of Oracle Identity Manager

Two types of reconciliation workflows associated with Oracle Identity Manager: authoritative and account reconciliation

How to customize Oracle Identity Manager by developing and deploying event handlers and plug-ins

How to create approval processes for request and approval workflows

How to use the Identity Connector Framework (ICF) and its providers to provision and reconcile users with an Oracle
Database table

Basic and advanced techniques used to customize the Oracle Identity Manager User Interfaces

How to use APIs to build clients for Oracle Identity Manager and to integrate third-party products with the Oracle Identity
Manager platform

Copyright 2013, Oracle. All rights reserved. Page 2

Course Topics

Introduction
After completing this lesson, you should be able to understand the objectives, units, and lessons that compose this course

Oracle Identity Manager 11g Concepts, Architecture, and Development

Review identity management and identity administration concepts
Identify Oracle Identity Manager as a solution for identity management tasks
Review Oracle Identity Manager architectures
Identify use-cases for Oracle Identity Manager
Describe and compare provisioning approaches (direct, automated, request-based)
Review Oracle Identity Manager user-interfaces
Explore Oracle Identity Manager development tools
Explore the course practice environment and start up the services

Integrating Systems with Identity Connectors

Discuss the Identity Connector Framework (ICF)
Identify ICF providers
Install the LDAP and Active Directory ICF connectors with Oracle Identity Manager
Create application instances and associated metadata (IT resource type, IT resource, and resource object) to configure access t
Manage the life cycle of connectors: including updating, defining, and removal (on non-production systems)

Developing an Identity Connector

Start and configure JDeveloper Connections
Create JDeveloper workspaces and Java projects configured with Connector SPI libaries
Build and develop a custom file-based ICF connector
Install the custom file-based ICF connector
Work with the Design Console
Create Resource Objects and IT Resources needed for the custom ICF connector
Create application instances and associated metadata (IT resource type, IT resource, and resource object)

Creating Configurations for Manual Provisioning

Review the types of provisioning organizations and users
Integrate an ICF Connector with Oracle Identity Manager
Create the common metadata: IT Resource Type definition, Resource Object, and lookups
Create the provisioning metadata: Process Form, Adapters for connector operations, Process Definition, and Provisioning Attribu
Create an application instance for target resources
Provision resources to Oracle Identity Manager users

Creating Configurations for Automated Provisioning

Explain techniques for automating provisioning (adapters, access policies)
Describe adapter types for extending Oracle Identity Manager functionality
Create a pre-populate adapter
Attach a pre-populate adapter to process form attributes
Describe Access Policies
Create an Access Policy with rules create with the expression builder
Test automatic provisioning with pre-populate adapter and access policies

Developing Entitlements for Provisioning

Run a scheduled task retrieve entitlements from a target resource (if supported)
Create a child table with fields to be used for entitlements
Mark form attributes to be used as an entitlement

Copyright 2013, Oracle. All rights reserved. Page 3

Copy entitlement attributes to lookup tables and the catalog
Deploy a composite application for approval of entitlement requests
Request an entitlement for a user account
Handle approvals of the entitlement request

Creating Scheduled Tasks

Create a scheduled task
Define metadata for a scheduled task
Configure the XML file for a scheduled task
Develop a Java class for a scheduled task
Create the directory structure for a registering a scheduled task as a plug-in
Register the scheduled task as a plug-in
Create Scheduled Task Jobs

Implementing Reconciliation Tasks

Review reconciliation concepts
Explain authoritative reconciliation and account reconciliation conceptually
Identify and compare two types of reconciliation (authoritative and account reconciliation)
Discuss three reconciliation events that Oracle Identity Manager can perform with a resource
Identify scheduled tasks associated with reconciliation
Implement an authoritative reconciliation workflow
Implement an account reconciliation workflow

Creating Provisioning Request and Approval Workflows

Describe the components of the request and approval workflow
Describe how Oracle Identity Manager interfaces with Oracle SOA Suite
Identify the components of a SOA composite used for the request and approval workflow
Create a provisioning request workflow that require approval
Work with request profiles and the request API
Implement catalog customization (where is information on how to do this from a developer perspective?)

Customizing Approval Processes in SOA Suite

Extend a SOA composite with additional functionality for approval processing
Configure Oracle SOA Suite Universal Message Service (UMS) for email notification
Define a SOA composite with multiple approvers defined
Modify notification headers within a SOA composite
Implement Oracle Business Rules in the SOA composite

Implementing Event Handlers and Plug-Ins

Compare plug-ins, plug-in points, and the plug-in framework
Describe how plug-ins are used to implement event handlers
Develop and run plug-ins
Discuss operations, user management operations, event handlers
Explain how event handlers can extend user management operations
Develop and run event handlers

Customizing the Oracle Identity Manager User Interfaces

Customize the branding Oracle Identity Management Console pages
Create custom skins and style sheets

Working with Oracle Identity Manager APIs

Identify and explain commonly used Oracle Identity Manager Web services

Copyright 2013, Oracle. All rights reserved. Page 4

Consume and invoke Oracle Identity Manager web services
Distinguish between the OIMClient and the tcUtilityFactory approach
Develop Oracle Identity Manager clients

Understanding Segregation of Duties

Describe SoD Validation Processes
Install SoD-enabled connectors
Deploying SIL Providers
Configure SoD Engine
Enable and disable SoD
Implement SoD with Oracle Identity Analytics

Copyright 2013, Oracle. All rights reserved. Page 5