Wednesday, November 18, 2015

Customizing Okta Accounts Page, Organization Logo and Appearance

Customizing Okta

The Settings menu allows you to customize the look and feel of your organization. Admins can customize elements such as headings, labels, and the appearance of the Okta My Applications or "home" page, as well as the look and feel of the activation email. The Settings menu also includes a Downloads option to the latest browser plug-ins and admin downloads.
The Settings menu is an option on the Administrator Dashboard:
User-added image

Account Page

As an admin, you can supply contact information for your org, including organization, end-user support, billing, and technical contacts. You can also give Okta Support temporary access to your account for troubleshooting purposes, and can select the type of email notifications you want to receive. The Account page hosts all of this information.

  1. Select Settings > Account.
  2. Click the corresponding Edit link to specify the following:
    • Organization Contact: Used by Okta to communicate with your organization.
    • End User Support Contact: Enter a support phone number that will display on Okta help pages.
    • Technical Contact: Receives notices when users send a help request. The email address appears on all new user registration emails.
    • Billing Information: Used by Okta for billing purposes.
    • Give Access to Okta Support: By default this is Disabled. If you want to allow Okta Support to login to your account as an administrator for troubleshooting purposes, click Edit, then change this option toEnabled. Access is only enabled for 8 hours; after which you will need to re-enable access for Okta Support again.
    • Email Notifications: Configure which email notifications are sent to you by doing the following:
    1. From your Administrator Dashboard, select Settings > Account, and then click Edit in the Email Notifications section.
    2. For each email notification that you want to receive, select the corresponding check box.
  1. Once you have made any changes to your account settings, click Save.

Appearance Page

Admins can specify the look and feel of their end users'  My Applications or "home" page. The Appearancepage allows for customizing how much or how little of Okta is shown for an org.

Display Options

The elements under Display Options have a large impact on how your end users experience their My Applications home page, as well as the admin user experience.  
  1. Select Settings > Appearance.
  1. In the Display Options section, click Edit
  1. You can specify 2 display options here:
  • Logo URL: If you choose to upload your org's logo (as explained in the following section), you can have the logo link to your company's website. Specify the URL you want to link to in this field.
Note: A logo must be uploaded before the link can become active. See Organization Logo below for instructions on how to add a company logo. 
  • Enable Okta Home Footer: Specify whether you want to the Okta footer to appear on your end users' Home pages (True/False)
  1. Click Save.

Organization Logo

One way you can customize your end users' My Applications or "home" page is to add the company logo for your org.
  1. Prepare a logo file. The file must be in .jpg, .png, or .gif format. The maximum file size is 100kB, and the maximum dimensions are 3000 x 500px.
  1. ​Select Settings > Appearance.
  1. Under Organization Logo, click Upload Logo, and then browse to find the logo file you previously created.
  1. Click Upload Logo. The image appears as a thumbnail which displays when your users sign in.

Application Theme

Choose an application theme to customize the look and feel for your end users. Click on a thumbnail to choose a theme.
  1. Select Settings > Appearance.
  1. From under Application Theme, select a thumbnail. The Change Theme button appears. This is the color scheme that will appear on your end user's My Applications home page. 
The selected theme appears with these colors when your end users sign in.

Monday, October 26, 2015

Okta Universal directory. Customize user Profile

Okta Universal directory. Customize user Profile (Okta User and App User)

UD introduces profiles, representations of user accounts. In particular, UD supports two types of profiles: theOkta User profile, and the App user profile. The two profile types are used to 1. store rich attributes in Okta, and 2. move rich attributes from Okta to 3rd-party apps.

Use the Profile Editor to view or modify these profiles. To access it
  1. From the Administrative Dashboard, go to the People tab.
  2. Select Profile Editor.
  3. Select Profiles.
User-added image

The Okta User Profile

The Okta user profile represents a user in Okta (an Okta account) and is comprised of two parts: base attributes and custom attributes. To view to view the Okta user profile
  1. From the Administrative Dashboard, go to the People tab.
  2. Select Profile Editor.
  3. Select Profiles.
  4. Expand the OKTA section then select User.
Okta has defined 31 default base attributes for all users in an org. These base attributes are fixed and cannot be modified or removed. If you wish to add more attributes to the user profile, you can add them as custom attributes.
User-added imageUser-added imageUser-added image

Adding Custom Attributes

Extend an Okta User profile by adding an attribute to the custom portion of the profile. Base attributes cannot be altered.
To add an attribute
  1. Select User under the OKTA profile type.
  2. Click the Add Attribute button.
  3. The following window appears.
User-added image
  1. Complete the following fields:
  • Display name: A human readable label that will appear in the UI
  • Variable name: Name of attribute that can be referenced in mappings
  • Description: Description of the attribute
  • Data typeThere are 8 admissible data types:
    • string: a chain of zero or more unicode characters (letters, digits, and/or punctuation marks)
    • number: floating-point decimal in Java's 64-bit Double format. For details see the Java Platform Specification.
    • boolean: stores true, false, or null data values
    • integer: whole numbers in 64-bit Java's Long format
    • date: stores only the calendar date and requires four bytes in ISO 8601 format
    • array of string: sequential collection of strings
    • array of number: sequential collection of numbers
    • array of integer: sequential collection of integers
  1. When completed, click the Add Attribute button or, if you wish to add more than one, click the Save and Add Another button.
  2. After adding the attribute, configure the following:
  • Attribute required: Select this checkbox if the attribute must be populated.
  • User permission: Choose options to hide the attribute or make it read-only or read-write.
  1. Click Save Attribute.


Sunday, October 25, 2015

Okta-Create a Security Token

  • Navigate to Okta console.
  • Navigate to API, to create a token

  • On Clicking the Create Token button, enter the Token Name

  • Toke is created

  • click on "OK, got it"

Friday, July 31, 2015

Oracle® Identity and Access Manager / SOA Workflows OWSM default-keystore.jks

Oracle® Identity and Access Manager / SOA Workflows  OWSM default-keystore.jks

Regenerate the default-keystore.jks following the steps descrided in the document below :  

1.In an empty working folder execute the following in order to generate a new keystore file:
keytool -genkey -alias xell -keyalg RSA -keysize 1024 -dname "CN=Customer, OU=Customer, O=Customer, L=City, ST=NY, C=US" -validity 3650 -keypass <password> -keystore default-keystore.jks -storepass <password> -storetype jks -provider

Please ensure that JDK_HOME\jre\bin is in your PATH environment variable.

2.Generate a certifcate request:
keytool -certreq -alias xell -file xell.csr -keypass <password> -keystore default-keystore.jks -storepass <password> -storetype jks -provider

3.Export the certificate:
keytool -export -alias xell -file xlserver.cert -keypass <password> -keystore default-keystore.jks -storepass <password> -storetype jks -provider

4.Trust the certificate:
keytool -import -trustcacerts -alias xeltrusted -noprompt -keystore default-keystore.jks -file xlserver.cert -storepass <password>

5.Copy all the 3 generated files (default-keystore.jks, xell.csr, xlserver.cert) in MIDDLEWARE_HOME\user_projects\domains\<OIM Domain>\config\fmwconfig

You should repeat this step for each node in a clustered environment.

6.Change the values of the CSF keys for default-keystore.jks and xell:
- Login to Enterprise Manager
  - Right-click the domain
  - Navigate to Security, and then Credential
  - Expand oim
  - Edit default-keystore.jks and xell and change the password for both keys with the values used in steps 1-4.

Note: You should NOT change the passwords for other CSF keys!

7.Restart OIM server and check if everything is working fine.

One should do the following, saving in between :

1) Go to EM --> --> Security --> Credentials
2) Expand map
3) Change paswords of the following keys
  - keystore-csf-key (user=owsm, password=keystore password)
  - enc-csf-key (user=xell, password)
  - sign-csf-key (user=xell, password)
  - recipient-alias-key (user=xell, password)

Thursday, July 16, 2015

Oracle® Identity Manager and SOA Callback and ReqSvc Service Discovery

In a recent project we had to face the challenge of debugging the issues with Callback and Reqsvc Services from SOA to OIM. The  URL doe the services is set during the install and configuration time, however this can be changed by using the following JMX Bean

  • Using the EM console, Navigate to Identity And Access 
  • Right Click on oim(
  • Go to the System MBean Browser
  • Navigate to Application Defined MBeans
  • Navigate to oracle.iam
  • Navigate to server_xxxxx (server name)
  • Navigate to XML Config
  • Navigate to Discovery Config

  • On the RHS, for the OimFrontEndURL and OIMExternalFacingFrontEndURL, set the URL of the desired server https:://

Monday, June 1, 2015

Oracle® Identity and Access Manager:: Develop a Custom SOA Composite

Create a JDeveloper application for custom SOA composite by running the helper utility:

1. Set up the environment (for Linux machines)
cd <BEAHOME>/wlserver_10.3/server/bin
2. Run the utility by executing following commands:
cd <OIMHOME>/server/workflows/new-workflow
ant -f new_project.xml
3. Enter the JDeveloper application name (AssignRoleApprovalApp) when the following prompt is displayed:

Please enter application name

4. Enter the JDeveloper project name (AssignRoleApproval) when the following prompt is displayed:

Please enter project name
5. Enter the name of the ADF binding service (AssignRoleApprovalService) for the composite when the following prompt is displayed:

Please enter the service name for the composite. This needs to be unique across applications

The following screenshot (Figure 1) shows creation of AssignRoleApprovalApp.

Monday, May 4, 2015

Oracle® Identity & Access Manager / SOA Stack : Find the password for default-keystore.jks and .xldatabasekey keystores and stored keys.

The passwords for the keystores are saved in CSF - Credential Store Framework - filestore ($DOMAIN_ROOT/config/fmwconfig/cwallet.sso) and thus it's accessible via CSF API / Mbeans.

The easiest way to find the password in cleartext is to use the JpsCredentialStore MBean via Enterprise Manager:

1. Login to EM
2. Browse to

   WebLogic Domain -> <Domain> -> System MBean Browser

3. In MBean Browser browse to

   Application Defined MBeans -> -> Domain: <Domain>
     -> JpsCredentialStore

4. From Operations tab execute the getPortableCredentialMap operation with
   following parameter:

   Name     Type              Value
   -------- ----------------  ---------------------
   p1       java.lang.String  oim

5. Browse through the provided credential list to get the password
   in human readable form for the entry you are interested in.

Wednesday, April 8, 2015

SOA Garbage Collection

# WLST script which calls GC.

from java.util import *
from import *

print 'starting the script .... '

# please replace userid and password with your AdminServer userid and password
# plz change the IP adresss and port number accordingly


# For Force GC ....
print ' Performing Force GC...'

print 'End of script ...'

Thursday, February 12, 2015

Oracle® Fusion Middleware OES-11g Release 2 ( - Steps to Setup Auditing for OES

Oracle® Fusion Middleware OES-11g Release 2 ( - Steps to Setup Auditing for OES

1Create an Oracle database for Audit purposes

2Run ./rcu to load the OES Audit schema, in database created in step number 1 Make sure to Select "AS Common Schema -> Audit Services for OES" set prefix -> AUDIT (important for next step)

3-Start APM domain and open weblogic console -> http://host:7001/console Create a JDBC connection, setting values according to your database Under JDBC, click the Data Sources link Create new jdbc Data Source JNDI Name -> jdbc/AuditDB user is the prefix set in RCU process + _IAUOES -> AUDIT_IAUOES  

password set during RCU -> welcome1
Make sure "Test Connection" is successful

4-Stop APM domain

5-Edit Oracle/Middleware/user-projects/domains/APM/config/fmwconfig/jps-config.xml,
Set Audit properties as follows

<serviceInstance name="audit" provider="audit.provider"> 
<property name="audit.filterPreset" value="All"/> 
<property name="audit.maxDirSize" value ="500000"/> 
<property name="audit.maxFileSize" value ="50000"/> 
<property name="audit.loader.jndi" value="jdbc/AuditDB"/>
 <property name="audit.loader.interval" value="15" /> 
<property name="audit.loader.repositoryType" value="Db" /> 

6-Start APM Domain

7-Go to your Audit schema, and check the information stored Connect based your user info, for example -> ./sqlplus audit_iauoes/welcome1 run a sql to test, 


to check a couple of records where the information was stored

For more information on Audit schema refer to the  following documentation link in Oracle Fusion Middleware Application Security Guide (12.5 Advanced Management of Database Store):

8.) Ensure that your jps-config.xml is configured accurately as follows

<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jpsConfig xmlns="" 
 schema-major-version="11" schema-minor-version="1">

     <serviceProvider name="audit.provider" type="AUDIT" class="">

   <serviceInstance name="audit" provider="audit.provider">
      <property name="audit.filterPreset" value="Low"/>
      <property name="audit.specialUsers" value ="admin, fmwadmin" />
      <property name="audit.customEvents" value ="JPS:CheckAuthorization, CreateCredential; OIF:UserLogin"/>
      <property name="audit.loader.jndi" value="jdbc/AuditDB"/>
      <property name="audit.loader.interval" value="15" />
      <property name="audit.maxDirSize" value="102400" />
      <property name="audit.maxFileSize" value="10240" />      
      <property name=" audit.loader.repositoryType " value="Db" />      
    <jpsContexts default="default">
        <jpsContext name="default">
            <serviceInstanceRef ref="audit"/>

Oracle Customer Care and Billing 2.6 IWS Services to be accessed from SOA 11g running JDK 1.6

Oracle Customer Care and Billing 2.6 is deployed on WebLogic 12c. Web l ogic 12c uses JDK 1.8, which uses TLS1.2 for Transport Level Sec...