• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • IDM 11gR2 changes/new features : OIM Catalog to create Accounts (Application Instances, Roles, Entitlements)

    Posted by "" in "identity_manager, OIM" on 2012-09-10

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    This post is fourth in series “Oracle Identity Management 11gr2 changes/new features” and covers new feature Catalog used during a provisioning operation (creating account in application like AD or EBS integrated with OIM). Users request the Application Instances, Entitlement, and Roles through the Catalog (aka Access Request Catalog).

    For other new features in Oracle IdM 11gR2 like new console (System Administration) click here, Sandboxes here, and Applications Instances here.

    1. Access Request Catalog (or Catalog) is a web based interface that allows business users to request Roles, Application Instance, and Entitlements (within applications).


    2. Catalog Items – Roles , Application Instance and Entitlements that can be requested via catalog are called as catalog items

    3. Category – Each catalog item is associated with one and only one category. Catalog Administrators can provide a value for catalog item.


    4. Tags (very important in searching catalog) – are search keywords. When users search the Access Request Catalog, the search is performed against the tags. Tags are of three types
    a) Auto-generated Tags: The Catalog synchronization process auto-tags the Catalog Item using the Item Type, Item Name and Item Display Name
    b) User-defined Tags: User-defined Tags are additional keywords entered by the Catalog Administrator (check images below).
    c) Arbitrary Tags: While defining a metadata if user has marked that metadata as searchable, then that will also be part of tags.

    Note: Catalog uses “Oracle Text” option in Oracle database for text search capabilities.

    5. Catalog Administrator is a global role (not assigned to Organization) that grants privileges to manage and load catalog.
    Note: Users with System Administrators role (like xelsysadm) can also load & manage Catalog.

    To access role Catalog Administrator : /sysadmin -> Organizations -> Top -> Admin Roles

    6. Catalog Synchronization Job is a scheduled job that loads roles, application instances, and entitlements in catalog. Run the Catalog Synchronization Job scheduled job to populate catalog (Role are added into catalog immediately and does not need Job Catalaog Synchronization)


    7. Tagging capabilities for catalog item allow business users to specify alternate terms to be used to search for the specific access. To add tag to a catalog item (Application Instance, Roles, Entitlements), search catalog and select catalog item. select catalog item and add tag under user defined.




    20 Responses to “IDM 11gR2 changes/new features : OIM Catalog to create Accounts (Application Instances, Roles, Entitlements)”

    1. Anton says:

      Hi Atul,

      Thank you for updating about the IAM products.

      Currently I’m working witht he 11gR2 version and have one issue:

      Is it possible to give the Application Instances, Roles or Entitlements an end date?

      I think it can’t be done natively, but maybe you have an idea how to implement it.



      • Atul Kumar says:

        @ Anton,
        Do you mean put an end date for catalog items during provsioning ? Interesting use case, Not tried myself but need to check (explore cusotmizing catalog to include this as UDF) . Next task is to take this end date and map it with process form associated with Application Instance (you will have to something similar for role and entitlements).

    2. Anton says:

      Hi Atul,

      Thank you for the quick response! We have a use case, where for an entitlement (roles and entitlement) an end date is needed: a) in the UI and b) should be provisioned to Active Directory.

      I will check your advice tomorrow and let you know how it went!



    3. Anton says:

      Hi Atul,

      Thank for your advice. I could add an end date to an entitlement/role requested from the catalog with the UDF customization.

      I also need to implement, that once the end date is reached the entitlement must be revoked automatically. Have you any idea for this issue?

      Again thanks a lot :)



    4. brajeshr says:

      Hi Atul,
      I visited your page on onlineappsdba and came to know that you conduct online training on OIM. Please let us know if you are conducting any classrom training in INDIA. If no then please guide us who can provide us best training in OIM in INDIA (person or institute).


    5. Nash says:

      Hi Atul,

      I have OIM 11G R2 installed and configured. I have a role TestRole created and I want to assign it to say a user User1. I have run the Scheduled Job for catalog, yet when I want to assign role, the catalog opens up and I am unable to see anything on the catalog. Searches with *,% and *%* returns blank. Also tried adding the Catalog Role to xelsysadm (the id im logged in with) but the search is still empty.

      AM I missing something ?

    6. Atul Kumar says:

      @ Nash,
      You should use at least 2 characters of role in search. If you still can’t find that that role then create a tag like myrole and search using this tag i.e. myrole

    7. Nash says:

      Thanks Atul I am now able to view the entries in catalog.

    8. Atul Kumar says:

      @ Nash,
      Good, did you add tag or did you use more than 2 characters in search for resource ?

    9. Nash says:

      I just used more than 2 characters to search, wierd how that works but…

    10. NandhakumarVemban says:

      Could you please explain the 11gR2 ( provisioning process.

    11. Sahil says:

      I can’t see the Catalog Synchronization Job in the list. Any idea why that would be?

    12. windy says:

      Hi Atul,

      We have OIM 11gR1 and plaaning to upgrade to OIM 11g R2, after upgrading to R2(not fresh installation), can I simply use the same deployed OIM11gR1 workflows/SOA composites with approval policies or need to redeploy it without any change. In case of change what will it be?

    13. nand says:

      when trying to access pending approvals on OIM11gr2 identity self service console.
      SOA server is Up and running(EM,weblogic)

      Error showing tasklist. Possible reasons could be : 1. SOA server connection information is not available. 2. If it is run in federated mode, the default server may be down.


    14. Atul Kumar says:

      Chekc in SOA Server logs and see if there are any errors (It could be that SOA server is up but appplication deployed on SOA server i.e. soa-infra is down or there are errors. $DOMAIN_HOME/servers/[soa_server]/logs

      Other possibility is that SOA host or soa port defined in OIM server is wrong. Check this value from EM

      1. Navigate to Identity and Access, oim.
      2. Right-click oim, and navigate to System MBean Browser.
      3. Under Application Defined MBeans, navigate to oracle.iam, Application:oim, XMLConfig, Config, XMLConfig.SOAConfig, SOAConfig.

      4. Change the values of the Rmiurl and Soapurl attributes, and click Apply to save the changes.

      Check here


    15. Guest says:

      Hi..I also have a requirement like that of user Anton.

      I need to give temporary access for certain roles for some days and then remove those after reaching the end date.Can you please tell me the process.

      Also one more query that i am not able to submit my catalog item,Can you tell if I am missing anything.

    16. Arunkumar R says:

      Hi Atul,

      I have one requirement in R2. I want to restrict the user for requesting entitlements by disabling entitlement entry in catalog search.

      I have tried with deleting the entries from CATALOG table with having entity_type = ‘Entitlement’.
      After that its not showing the entitlement entry in the catalog search. But while going to a responsibility owner approval, after open the approval page it’s showing error like requested responsibility not found(while placing the request we are passing responsibility through child objects). Application we are requesting is EBS.

      can you please help out on this problem how to fix this.

      Arunkumar R

    17. Bobby says:

      Hi Atul,

      I want to implement one use that once the end date is reached the access to target system must be revoked automatically. Please see if you can suggest some solution to this.


    18. Anand says:

      Resources that require manual input such as (for eg: ‘X ‘Resource or ‘Y’ Resource etc) can’t be provisioned for multiple users. The manual input option disappear from the form.

      Functionality exists ? or Is there any possibility of the customization .
      Help is much appreciated.


    19. sunil says:

      Hi Atul,
      I have a scenario in which I want to provision user from on premise OIM to Oracle Fusion HCM OIM. Can you please help in finding my way out to solve this. I am using 11gr2. Any help will be very help full.


    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP