OIM-OIA Integration : Update Process Form (Parent & Child) in OIM : OIAParentAttribute, AccountName, Entitlement, ITResource

Oracle Identity Manager (OIM) is identity provisioning and reconciliation application and part of Oracle Identity Management Suite.
Oracle Identity Analytics (OIA) is  role management that automates identity based controls and is also part of Oracle Identity Management Suite.

OIA can be integrated with OIM so that OIA becomes source of role management and users in OIA’s identity warehouse can be provisioned from OIM. OIM-OIA integration is very well explained in OIA’s System Integration guide

One of the step in this integration guide that in my view is not clearly explained (or could have been explained in better way) is Modify OIM Forms using Form Designer.

I am going to explain changes required in OIM process forms.

  • First identify all Resources integrated with OIM like Active Directory (AD) or Sun Directory Server
  • For each resource (Active Directory or Sun Directory Server) identify parent process form . For Example for Active Directory resource parent process form is UD_ADUSER (Active Directory User Form)
  • Identify Child Process Form (for Parent Process Form) For Example for Active Directory User Form (UD_ADUSER) child forms are UD_ADUSRC (Assigned Groups Form) and UD_ADUSRCLS (Assigned Object Class Form)
  • If OIM version is 11.1.1.5+ then add property Code Key=OIAParentAttribute, Decode=OIAParentAttribute in lookup Lookup.FormFieldCustom.Properties
  • You would need access to OIM Design Console, More on Design Console in OIM 11g here and Design Console version 9/10 here

 

 

  • For child process form (Assigned Groups Form UD_ADUSRC for Active Directory user form), create new version and add two property Entitlement=true and OIAParentAttribute=true (ensure to make new version of child process form ACTIVE)

 

 

  • For child process form (Assigned Object Classes Form UD_ADUSRCLS for Active Directory user form), create new version and add property OIAParentAttribute=true (ensure to make new version of child process form ACTIVE)

 

  • For parent process form (Active Directory Users Form UD_ADUSER for Active Directory Resource), create new version and add property ITResource=true for AD Server (ITResourceLookupField) and AccountName=true for User ID (TextField) (ensure to make new version of parent process form ACTIVE)

 

  • Verify that Parent & Child Process Forms are latest updated version and are ACTIVE

 

 

More on OIA-OIM integration tasks in future posts

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

7 comments
Gautam says October 25, 2012

Hi Atul,

Thanks for this url. This tutorial looks detail explanation although I am so beginner in Oracle Apps arena to understand this advance tutorial.
Hope within couple of months, I would be.

Thanks once again.

Gautam

Reply
» Accounts, Account Type, and Orphan Accounts in OIA Online Apps DBA: One Stop Shop for Apps DBA’s says March 19, 2013

[…] If you have configured OIM to OIA integration (More here) and after running Job “Import Users, Accounts, User Role Memberships, and […]

Reply
» OIM to OIA sync : Import Job failed : OIA_STAGING_ACCOUNTS & OIM_PKG_OIA_INTEGRATION Online Apps DBA: One Stop Shop for Apps DBA’s says April 25, 2013

[…] 11gR1 is integrated to OIM using steps mentioned here and here […]

Reply
anand says July 15, 2013

Hi,
Is there a possible solution where from OIM 10g roles and policies migrate to 11gr2 OIM and push the same roles and policies to OIA11gR2.

Reply
Atul Kumar says July 15, 2013

@ Anand, There is no defined process of Migrating roles from OIM 10g to OIM 11gR2, Follow the upgrade path for OIM.

Is there an OIA 11gR2 available (AFAIK OIA 11gR2 is not out yet – July 2013)

Reply
» OIA-OIM Integration : User not synced from OIM to OIA : ORA-20003: Account ID property is not defined OIM_PKG_OIA_INTEGRATION Online Apps DBA: One Stop Shop for Apps DBA’s says September 10, 2013

[…] you have integrated Oracle Identity Manager (OIM) with Oracle Identity Analytics (OIA) as mentioned here and hitting problem with User Sync  from OIM to OIA then use my previous post here to […]

Reply
ajith says December 6, 2017

Can you tell how to view the roles assigned to a user via OIA in OIM?

I was not able to understand the mapping of attributes marked as AccountName=true in OIM to OIA . Also the entitlements displayed in OIA and OIM looks to be in different naming convension. How are they mapped exactly?

Reply
Add Your Reply

Not found