Login
Register

Home

Trainings

Fusion Blog

EBS Blog

Authors

CONTACT US

Oracle Identity and Access Management
  • Register

Oracle Gold Partners, our very popular training packages, training schedule is listed here
Designed by Five Star Rated Oracle Press Authors & Oracle ACE's.

webinar new

Search Courses

Organizational Security in OIM
1. Introduction :
Information Systems department (IT arm of General Financial) have a bunch of vendors supplying necesary IT infracstructure , like desktops by Dell , Servers by Oracle and Mobile devices by Apple . Colin Adams ( CADAMS) is the adminstrator for the Information System Vendors organization which is the central group managing all the vendors . In this capacity , he administaers the users , roles , entitlements and application instances for all vendors in the organization which are required when thos users access the Information Systems IT portal for managing/tracking orders for infrastructural components and any issues raised with thier functioning .Colin logs into Self Service and he can see users , roles and organizations across the Information Systems Vendors organizations.Colin is not able to scale since his organization is rapidly on-boarding more staff in vendor organizations . To perform his duties . he decides to let each vendor manage tehr own users , roles etc.

To do this , he would identify specific vendor organization and out of their members , select particular users and grants them the administrative access on the respective vendor organization .Thereafter , that administrator would log in to Self Service and would only see users who belong to Dell . Also , if he searches Roles & Organizations and see that he can only see and manage roles published to Dell .In this way , Colin can delegate the administration of other vendor organizations to users in those organizations . 

2. Delegation

Let us assign all Admin privileges to Colin Adams for Information System Vendor Org .
1. Login to Self Service console as ADMIN
2. Navigate to Administration ->Organizations .
3. Search for the Organization Information System Vendors .
4. Navigate to Admin Roles tab .
5. Key in *Administrator* in the Query By Example text box above the Admin Role Name column
a1

6. Select all filtered admin roles and click Assign.
7. Search for the user CADAMS.
8. Click Add Selected.
9. Check the include sub-orgs checkbox. This makes this user the admin for Information Systems Vendor organization and all sub organizations.


10. Click Apply
11. Logout.

2. 1 Advanced Delegation
Colin Adams can now view and manage Users, Roles, Entitlements and Application Instances for
Information Systems Vendor Org and its sub orgs, Dell, Apple and Oracle. He can pick a delegated
administrator for each of these vendors.
1. Hit the Identity self service console.
2. Login as CADAMS.
3. Navigate to Administration  Organizations.
4. Search for all organizations and observe Information System Vendors and sub orgs. You have
Oracle,Apple & Dell as the sub orgs of Information System Vendors
a5
Having assigned with these privileges, Colin moves on with managing vendor staff of Oracle, Dell and Apple but later starts facing scalability issues with population of these vendor organizations growing rapidly. So that is when he discussed with his management and arrived at the decision of delegating administration to respective people from those vendor organizations. Colin Adams decides to assign Dell user CMARNELL as the delegated administrator for Dell.
5. Click on the Dell Organization and open it.
6. Navigate to the Admin Roles sub tab.
7. Key in *Administrator* in the Query By Example text box above the Admin Role Name
column.
12. Select all filtered admin roles and click Assign.
13. Search for the user CMARNELL.
8. Click Add.
10. Click on the Apple Organization and open it.

11. Navigate to the Admin Roles sub tab.
12. Key in *Administrator* in the Query By Example text box above the Admin Role Name
column.
13. Select all filtered admin roles and click Assign.
14. Search for the user DADAMS.
15. Click Add.
16. Logout and close the browser.

Each delegated Administrator can now perform delegated administration functions within the scope of the organizations they are assigned admin roles.
9. Close the Dell Organization tab.

2.2 Validation
1. Christian Marnell (CMARNELL) logs in to Self Service.
2. Navigate to Administration  Users.
3. Search for all Users. He can only see users who belong to Dell.
a7

4. Similarly navigate to the following and search to validate the scope of view.
a. Administration --> Roles ( Only roles published to Dell Organization are visible)
b. Administration --> Organizations.
5. Navigate to Administration  Roles.
6. Click on New.
7. Create a new role with the following values.
Name Small Business Manager
Display Name Small Business Manager
Rule Description Role to Manage all Small Businesses of Dell
Role Category Default
Owned By Christian Marnell
8. Click on Save.
9. Navigate to Organizations tab. Observe that this role is automatically published only to Dell Org.
10. Logout.
11. Login as DADAMS, David Adams.
12. Navigate to Administration  Roles.
13. Search for a Role name as Small Business Manager, created by Christian. He will not be able to find it.

 

2.3 Modifying the Viewability
David Adams of Apple is also required to do some business with Dell and hence requires that he also
sees all the users and Roles of Dell but cannot manage any of them.
1. Login to Identity Self Service console as CADAMS.
2. Navigate to Administration  Organizations.
3. Search for Dell organization. Click on the name to open it.
4. Navigate to Admin Roles tab.
5. Select User Viewer and Role Viewer Admin Roles from the list.
a10
6. Click on Assign.
7. Search for DADAMS and Add.
8. Logout.
9. Login as DADAMS.
10. Navigate to Administration-> Users.
11. Hit search. David Adams now can see users of Apple and Dell. Of course David Adams does
not have all the privileges on the users of Dell which he has on users of Apple.
12. Navigate to Administration  Roles.
13. Hit search. David Adams can see roles published to Apple and Dell. David Adams does not
have all the privileges on any of the Desktop roles and Small Business roles (Dell Roles, Heonly has view privilege on these roles) though he has full privileges over roles of Apple.
14. Logout and close the browser.


Kashif Baksh

Add comment


Security code
Refresh

About the Author

Kashif Baksh

Search Trainings

Fully verifiable testimonials

Apps2Fusion - Event List

<<  Mar 2024  >>
 Mon  Tue  Wed  Thu  Fri  Sat  Sun 
      1  2  3
  4  5  6  7  8  910
11121314151617
18192021222324
25262728293031

Enquire For Training

Fusion Training Packages

Get Email Updates


Powered by Google FeedBurner