Identity Management : Benefits
>New users gain faster access to the resources needed
>Dynamically adjusts to meet user changing needs.
>Faster processing of requests.
>Common processes across multiple accounts standardize procedures, reducing mistakes and cost.
>Reduced security costs through task automation
>Audit and reporting capabilities
>Account clean up or deletion validation across all platforms & applications based on single
action.
>Flexible, rule-driven provisioning approach allows routine, yet complex, provisioning processes to be automated, improving efficiency and reducing the possibility of errors.
>Information Security support and operating costs are greatly reduced with automation, delegation, and self-service features.
>Implementation of the common processes across multiple accounts will standardize and simplify procedures, reducing mistakes and cost.
>Enable growth with reduced need to increase the size and expertise of the account administrative staff.
>Improved enterprise security with complete visibility into user access privileges.
>Improved ability to automatically detect and react to potential risks.
Identity Management: Values
>Delivering the right information to the right people at the run time
>Save costs by automating users to different resources
>Ability to better track user and access activity is invaluable for security audits.
>Single click de-provisioning prevents loss of sensitive data to unauthorized individuals.
>Improve user experience
>Simplifies application development and deployment.
>Identity Management: Features
>Establishing an enterprise identity and roles
>Enforcing strong and granular security policies
>Automate security related processes
>Define an audit and control framework
>Deploy a scalable integration architecture
>Provide security and control for enterprise applications
>Provide manageability and security for databases
>Provide compliance and fraud management for financial services.
Identity Management: Terminology
Identity: Set of attributes that uniquely identify a user/service
Identity database: Stores and manages identity information
Entitlement: An action that an entity is entitled to perform in a network
Policy: Governs management of identities in an enterprise system.
Provisioning: Automated creation, modification, and deletion of user identities and accounts across multiple resources.
Reconciliation: Process by which an identity creation, modification or deletion action in a resource is initiated from another resource
Identity Administration: Managing information associated with an identity which can be a user or a service.
Identity Management :
Functional Areas
Identity Administration
Access Management
Directory services
Audit and compliance
Suite management
Identity Administration
Identity life-cycle :
Role management:
User and organization management
Provisioning
Password management
Approval workflows
Self-service applications
Delegated administration
Starting OIM server in Linux :
1.In order to start OIM server first, you need to start Admin server by going to domain folder
2.Run the srcipt startWebLogic.sh
3. Now you have to start the managed server, here the managed server name is soa_server1. To start first you need to go in bin folder of admin server domain and run the script startManagedWebLogic.sh 
SOA server is meant for handling request approval work flow so whenever you submit a request for any access OIM sends this request to SOA server.There will be a corresponding SOA composite available which is configured to send email alerts to the concerned persons. There are two types of approval work flows available one is request level approval workflow and the other is operational level work flow. Most often request level will be your manager who approves it and again it goes for the operational level that could be someone who is managing the system (someone from the client side who is going to validate your request and then approve ).After getting the operational level approval SOA server submits the result back to OIM saying that we have got all the necessary approvals and provisioning can be started.Then OIM starts the provisioning process. Now again there two flows process flow and provisioning flow. The process flow is completely handled by SOA server. SOA server is used as a common product for handling the process.
So once you start the SOA server you can start the OIM server.
4. To start the OIM server run the script startManagedWebLogic.sh oim_server1
Server status changes to running
There are two OIM Consoles for OIM one is Identity Self Service Console where complete user management will be done. All the users can login to this console and reset their password and manage their profiles. Even user administrators can login and create users, create roles, & create organizations etc.
The second console is System Admin Console which is used by the OIM System Administrators to integrate new Systems.
To access the Identity Self Service console enter the following in the browser URL :
localhost:14000/identity
You can also Bulk load the users for only once to create the users using OIM bulk load tool, once the users are loaded there is no need to repeat the task again. Also, users are loaded from trusted resources only such as HR systems. So there will be only one place where users will be added. HR application is one where employees will be added, for contractors and customers another place will be used. Whenever you add the user you require OIM. Whenever you request a URL, web check is the first to intercept the request, it checks whether requested URL is secured or not if secured then routes to OAM for authentication.
5. Login to Identity self-service control as admin which will take you to the self-service console wherein users can see their profile in the 'My Profile' tab, and a manager can know if any requests are pending in the Pending Requests window.
->Clicking on Administration>Organizations new page appears
->Click on Create to create new organization
-> Click on the Search button to search for Parent Organization
-> Click on 'Save' to finish creation of Organization
-->Now we will create Department for company apps2fusion
Then we will create a sub - organization name OIMQA, you will see that parent organization will be automatically populated to ITSecurity
Organizations most often represent your company or the departments of your company.
Now we will create user by going to Administartion>Users
Click Create User to create the user. User details can be entered as asked to create the user. Optional fields can be left empty. Once all the mandatory information entered Click on Submit.
-->Once the user is created try to logout and login with the user just created.
->At the first login itself, it will ask you to reset the password.
So we have seen admin and normal user login using OIM. In next article, we will study more about OIM like how to install OIM and all.
Apps2Fusion Articles 