Oracle Identity Manager 18.104.22.168 Integration With Oracle Identity Analytics 22.214.171.124
- At least Oracle Identity Manager version 126.96.36.199 BP17 or version 188.8.131.52.0 (11gR1 PS1) is required. (Oracle Identity Manager 11gR1 (version 184.108.40.206.0) is not supported.)
- At least Oracle Identity Analytics 220.127.116.11.0 is required.
Step 1: Copy the Required Files From the OIM Server
- Copy the following Oracle Identity Manager Java API JAR files located in the <OIMDesignConsole>/lib folder to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
- Copy the following JAR files located in the <IDM-HOME>/server/lib folder to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
- Copy the config folder located at <OIMDesignConsole>/config and paste it in the Oracle Identity Analytics $RBACX_HOME/xellerate folder.
- If using at least Oracle Identity Manager 18.104.22.168.0 ( 11gR1 PS1), copy the following OIM files to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
- Use the version located in the <OIMDesignConsole>/lib folder. (Important: Do not use a copy of this JAR file located in any other directory.)
- This file is located in the <OIMDesignConsole>/lib folder.
- If deploying to a WebLogic application server, and if Oracle Identity Analytics and Oracle Identity Manager are on different WebLogic domains, copy the <WLS-HOME>/server/lib/wlfullclient.jar file to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder.
Step 2: Edit the Oracle Identity Analytics Configuration Files
- Stop Oracle Identity Analytics.
- Enable Oracle Identity Manager as a supported provisioning server by editing iam-context.xml in the $RBACX_Home/WEB-INF folder as follows:
- Uncomment the following lines at the start of iam-context.xml:
- Enable the following:
- Save your changes.
- Start Oracle Identity Analytics.
- Edit $RBACX_HOME/conf/oimjdbc.properties. This should contain the Oracle Identity Manager database information.
- Run the OIA Property Encryption Utility to encrypt the database password located in the oimjdbc.properties file.
- For details, see the Administrator’s Guide for Oracle Identity Analytics, "Securing Oracle Identity Analytics" chapter, "Understanding the Property Encryption Utility" section.
- Open the oim-11g-context.xml file for editing and search for the word password.`
- Comment out the oim.jdbc.password line and uncomment the oim.jdbc.password.encrypted line. The XML should look like the following sample:
Step 3: Modify the Oracle Identity Manager Forms Using the Form DesignerIn this step you will open Form Designer and, for each OIM resource, add the properties that OIA needs to exchange data with OIM.
- Log in to the Oracle Identity Manager Design Console.
- Open the Form Designer.
- For each Resource, the following properties need to be added to some identified feed for accounts, policies, and entitlements imports:
- AccountName - Identifies the unique account in the target system
- ITResource - Identifies the unique IT Resource field for the target system
- Entitlement - Identifies the account attribute designated for privileges
- OIAParentAttribute - This property identifies the parent or mandatory entitlement attributes. Add this property only if you have installed at least OIM 22.214.171.124.0 or at least OIM 126.96.36.199 BP17.
Complete this step as follows:
- Locate the Process Form for the given resource.
- Open the child Process Form and create a new version.
- Click the Properties tab.
- Locate ONLY ONE entitlement field per form, click Add Property, and add the Entitlement = true property setting.
- If there are multiple Entitlement child forms, add one Entitlement = true property setting per Entitlement form.
- If you have installed at least OIM 188.8.131.52.0 or at least OIM 184.108.40.206 BP17, add the OIAParentAttribute property.
- Save the child form and make it active.
- Locate the parent process form and create a new version.
- Click the Properties tab.
- Locate the field that uniquely identifies the account in the target system, click Add Property, and add the AccountName = true
- Locate the ITResource field for the target system, click Add Property, and add the ITResource = true property setting.
- Save the parent form and make it active.
- Repeat for each Resource.
- Restart the Oracle Identity Analytics server.
Step 4: Configure the Oracle Identity Manager Data Collection Scheduler
- Before You Begin - Verify that the OIM installation/upgrade script created the DataCollection Schedule Job in OIM and that the job is enabled but not scheduled for execution. Your integration will not work without this important job.
- Follow these steps to register the task with OIM:
- Enable the DataCollection Schedule task if you are using Oracle Identity Manager 220.127.116.11. (If you are using at least Oracle Identity Manager 18.104.22.168.0, the DataCollection Schedule task is already enabled so you should skip this step.) To enable the DataCollection Schedule task, open the Design Console, search for the DataCollection Schedule task, and make it Active.
- Enable the following system property in Oracle Identity Manager by setting the value to TRUE:
Step 5: Configure Oracle Identity Analytics to Connect to Oracle Identity Manager
- Server Name - Type the Oracle Identity Manager server name.
- Xellerate Home - Type the path to the xellerate folder in OIM. (Example: C:\oracle\xellerate)
- Login Config - Type the path to the authentication configuration (auth<AS>.conf) file. (Example: C:\oracle\xellerate\config\authwl.conf)
- User Name - Enter the OIM user name. (For example, xelsysadm.) The specified OIM user needs to have system administrator privileges.
- Password - Enter the OIM password.