9.1 User Identity Stores
Default and System Store
The following table describes the elements in the Default and System Store section of the User Identity Stores page:
Element | Description |
---|---|
Default Store |
Select a default store from the drop-down menu. For LDAP authentication modules, you must manually select the registered identity store. |
System Store |
Select a system store from the drop-down menu. Only one User Identity Store can be designated as the System Store. This is used to authenticate Administrators signing in to use the Oracle Access Management Console, remote registration tools, and custom administrative commands in WLST. |
Apply |
Click Apply to submit the changes. |
Access System Administrators
This table appears only while changing System Store. All Administrator roles, users, and groups must be stored in the System Store. If the System Store changes, appropriate Administrator roles must be added to the new System Store.
The following table describes the elements in the Access System Administrators section of the User Identity Stores page:
Element | Description |
---|---|
Name |
Displays the name added using Add System Administrators Roles dialog box. |
Type |
Displays the type of the added name. |
|
Click to sort the items in the column in ascending order. |
|
Click to sort the items in the column in descending order. |
Add |
Click to open Add System Administrators Roles dialog box. |
Delete |
Select a row in the table and click Delete to remove the row. |
Add System Administrators Roles dialog box
Click Add button in Access System Administrators section to open this dialog box.
Search
In this section, user can search the System Store to find configured administrators.
The following table describes the elements in the Add System Administrator Roles dialog box of the Access System Administrators section:
Element | Description |
---|---|
Name |
Type a name that needs to be searched. |
Type |
Select a Type from the list. |
Search |
Click Search to initiate the search and populate results in the search results table. |
Reset |
Click Reset to reset the search criteria. |
Search Results
This section lists the records matching the search criteria.
The following table describes the elements in the Add System Administrator Roles dialog box of the Access System Administrators section:
Element | Description |
---|---|
View |
Choose commands from the View menu to control how the columns are displayed:
|
Detach |
Click to expand the table to a full page. |
Name |
Displays the searched names. |
Type |
Displays the Type of the searched names. |
Add selected |
Select the desired user from the table, then click Add Selected to add the selected rows to Access System Administrators table. |
Cancel |
Click Cancel to cancel your selections. |
|
Click to close the dialog box. |
OAM ID Stores
The following table describes the elements in the OAM ID Stores section of the User Identity Stores page:
Element | Description |
---|---|
View |
Choose commands from the View menu to control how the columns are displayed:
|
Create |
Click to create a new user identity store using the Create User Identity Store page. |
Duplicate |
Click to create a copy of the existing record. Select a row and click Duplicate to open the existing record in edit mode, user can make changes and save the record. |
Edit |
Select a row in the table and click Edit to open the record in edit mode. Modify values as needed and click Apply to update the registration or close the tab without applying changes. |
Delete |
Select a row in the table and click Delete, in the confirm pop-up click Delete to remove the row or click Cancel to retain the row. |
Name |
Lists all the created Store Names. |
Directory Type |
Lists the type of directory server software hosting the repository. If the type is not selected, this field will be empty. |
Host Information |
Lists the information about the host computer on which the Identity Directory Service Repository is located. |
Description |
Lists the description added while creating the Identity Store. |
Synched IDS Profiles |
Lists the IDS profiles that are synched. |
|
Click to sort the items in the column in ascending order. |
|
Click to sort the items in the column in descending order. |
Sync IDS Profiles |
Click to make common Identity Directory Service Profiles accessible to Oracle Access Management as local Identity Stores. |
Identity Directory Service
Identity Directory Service is a common service used by Oracle Identity Management products to access and manage Identity Directory. The IDS Profiles can be used within Oracle Access Management after they are synchronized.
IDS Profiles
The following table describes the elements in the IDS Profiles section of the User Identity Stores page:
Element | Description |
---|---|
View |
Choose commands from the View menu to control how the columns are displayed:
|
Create |
Click to create a new identity directory service profile using the Create Identity Store Profile page. |
Edit |
Select a row in the table and click Edit to open the record in edit mode. Modify values as needed and click Apply to update the registration or close the tab without applying changes. |
Delete |
Select a row in the table and click Delete, in the confirm pop-up click Delete to remove the row, or click Cancel to retain the row. |
Name |
Lists all the created User Profile Service Provider names. |
Description |
Lists all the descriptions added for the Service Provider names. |
Repository Name |
Lists all the Repository Names added for the Service Provider names. |
Created By |
Displays the name of the user who created the IDS profile. |
|
Click to sort the items in the column in ascending order. |
|
Click to sort the items in the column in descending order. |
Create Identity Store Profile
Use this page to create an Identity Service Profile. Click Create under IDS Profiles section to access this page.
The following table describes the elements in the Create Identity Store Profile page:
Element | Description |
---|---|
Name |
Type a unique name for this User Profile Service Provider. |
Description |
Type a short description that will help you or another Administrator identify this service in the future. |
Repository
The following table describes the elements in the Repository section of the Create Identity Store Profile page:
Element | Description |
---|---|
Repository Options |
Select any of the following options:
|
Name |
Enter a unique name to create, or choose an existing one from the menu. After entering a new name, configure properties for the Identity Directory Service connection. |
Directory Type |
Select the type of directory server software hosting the Repository. For Example: Microsoft Active Directory or Oracle Internet Directory. If your directory is not listed, leave this field empty. Note: If you are not defining a new Identity Directory Service connection or creating a new repository, this field is read-only. |
Hosts |
Contains information about the host computer on which the Identity Directory Service Repository is located. Add multiple hosts if the directory server is part of a cluster. |
View |
Choose commands from the View menu to control how the columns are displayed:
|
Add |
Click to add a new host to the table. |
Remove |
Select a row in the table and click Removeto delete the row. |
Host Name |
Type either the IP address or the name of the computer on which the Directory server is running. |
Port |
Type the port number that the directory server is configured to use. |
Load Distribution (%) |
Type the load amount as a percentage that should be directed to each host. For multiple hosts, the amount should add up to 100%. |
Availability |
Choose from the following:
Note: This field is read-only if you are using an existing repository. |
SSL |
Select Enabled if the connection is configured for SSL. |
Bind DN |
Type the distinguished name (DN) of the LDAP Administrator used to authenticate to the Directory server. |
Bind Password |
Type the Bind DN password used to authenticate to the Directory server. |
Base DN |
Type the base distinguished name (DN) where User and Group data is located. |
Password Management |
Select Enabled to enable password policy enforcement against attribute values. Refer Password Management for attribute values and to configure the corresponding options in the password policy. |
Use Native ID Store Settings |
This enables getting the authentication code for natively locked/disabled/pw_must_change code in the LDAP authentication module. |
Use Oblix User schema |
Click to check this box to Enable the use of OBLIX schema instead of standard Oracle schema. |
Create |
Click to create this identity profile, the profile is displayed in the IDS Profiles table. |
Cancel |
Click to cancel this identity profile. |
Test Connection |
Click to confirm connectivity, then close the confirmation window. |
Form-Fill Application IDS Profile
Use this page to create an Identity Directory Service Profile for a Form-fill Application, click the Create Form-Fill Application IDS Profile button on the left of the IDS Profile section to access this page.
This page is arranged in the following sections:
-
Repository
-
Entity Search Bases
The following table describes the elements in the Form-Fill Application IDS Profile page:
Element | Description |
---|---|
Name |
Type a unique name for this User Profile Service Provider. |
Description |
Type a short description that will help you or another Administrator identify this service in the future. |
Repository
The following table describes the elements in the Repository section of the Form-Fill Application IDS Profile page:
Element | Description |
---|---|
Repository Options |
Select any of the following options:
|
Name |
Enter a unique name to create, or choose an existing one from the menu. After entering a new name, configure properties for the Identity Directory Service connection. |
Directory Type |
Select the type of directory server software hosting the Repository. For Example: Microsoft Active Directory or Oracle Internet Directory. If your directory is not listed, leave this field empty. Note:If you are not defining a new Identity Directory Service connection or creating a new repository, this field is read-only. |
Hosts |
Contains information about the host computer on which the Identity Directory Service Repository is located. Add multiple hosts if the directory server is part of a cluster. |
View |
Choose commands from the View menu to control how the columns are displayed:
|
Add |
Click to add a new host to the table. |
Remove |
Select a row from the table and click Remove to delete the row. |
Host Name |
Type either the IP address or the name of the computer on which the Directory server is running. |
Port |
Type the port number that the directory server is configured to use. |
Load Distribution (%) |
Type the load amount as a percentage that should be directed to each host. For multiple hosts, the amount should add up to 100%. |
Availability |
Choose from the following:
Note: This field is read-only if you are using an existing repository. |
SSL |
Select Enabled if the connection is configured for SSL. |
Bind DN |
Type the distinguished name (DN) of the LDAP Administrator used to authenticate to the Directory server. |
Bind Password |
Type the Bind DN password used to authenticate to the Directory server. |
Base DN |
Type the base distinguished name (DN) where User and Group data is located. |
Password Management |
Select Enabled to enable password policy enforcement against attribute values. Refer Password Management for attribute values and to configure the corresponding options in the password policy. |
Use Native ID Store Settings |
This enables getting the authentication code for natively locked/disabled/pw_must_change code in the LDAP authentication module. |
Use Oblix User schema |
Click to check this box to Enable the use of OBLIX schema instead of standard Oracle schema. |
Entity Search Bases
The following table describes the elements in the Entity Search Bases section of the Form-Fill Application IDS Profile page:
Element | Description |
---|---|
User Base DN |
Full DN for the node at which enterprise users are stored in the directory. For Example: cn=Users,realm_DN. |
Group Base DN |
Full DN for the node at which enterprise groups are stored in the directory. For Example: ou=demo. |
Application Template Base DN |
Full DN for the node from which searches for the Application Templates will begin. |
Top Search Base DN |
Full DN for the node from which searches will begin. For Example: cn=realm_DN. |
Create |
Click to create this identity profile, the profile is displayed in the IDS Profiles table. |
Cancel |
Click to cancel this identity profile. |
Test Connection |
Click to confirm connectivity, then close the confirmation window. |
IDS Repositories Elements
The following table describes the elements in the IDS Repositories section of the User Identity Stores page:
Element | Description |
---|---|
View |
Choose commands from the View menu to control how the columns are displayed:
|
Create |
Click to create a new IDS Repository using the Create IDS Repositories page. |
Edit |
Select a row in the table and click Edit to open the record in edit mode. Modify values as needed and click Apply to update the repository, or close the tab without applying changes. |
Delete |
Select a row in the table and click Delete, in the confirm pop-up click Delete to remove the row, or click Cancel to retain the row. |
Name |
Lists the created IDS Repository names. |
Directory Type |
Lists the Directory Type added for the Repositories. |
Host Information |
Lists the Host Information added. |
|
Click to sort the items in the column in ascending order. |
|
Click to sort the items in the column in descending order. |
Create IDS Repositories/Create LDAP Repository
Use this page to create an Identity Directory Service Repository, click Create under IDS Repository to access this page.
The following table describes the elements in the Create IDS Repositories page:
Element | Description |
---|---|
Name |
Type a unique name to create, or choose an existing one from the menu. After entering a new name, configure properties for the Identity Directory Service connection. |
Directory Type |
Select the type of directory server software hosting the Repository. For example: Microsoft Active Directory or Oracle Internet Directory. If your directory is not listed, leave this field empty. Note: If you are not defining a new Identity Directory Service connection or creating a new repository, this field is read-only. |
Hosts |
Contains information about the host computer on which the Identity Directory Service Repository is located. Add multiple hosts if the directory server is part of a cluster. |
View |
Choose commands from the View menu to control how the columns are displayed:
|
Add |
Click to add a new host to the table. |
Remove |
Select a row from the table and click Remove to delete the row. |
Host Name |
Type either the IP address or the name of the computer on which the Directory server is running. |
Port |
Type the port number that the directory server is configured to use. |
Load Distribution (%) |
Type the load amount as a percentage that should be directed to each host. For multiple hosts, the amount should add up to 100%. |
Availability |
Choose from the following:
Note: This field is read-only if you are using an existing repository. |
SSL |
Select Enabled if the connection is configured for SSL. |
Bind DN |
Type the distinguished name (DN) of the LDAP Administrator used to authenticate to the Directory server. |
Bind Password |
Type the Bind DN password used to authenticate to the Directory server. |
Base DN |
Type the base distinguished name (DN) where User and Group data is located. |
Password Management |
Select Enabled to enable password policy enforcement against attribute values. Refer Password Management for attribute values and to configure the corresponding options in the password policy. |
Use Native ID Store Settings |
This enables getting the authentication code for natively locked/disabled/pw_must_change code in the LDAP authentication module. |
Use Oblix User Schema |
Click to check this box to Enable the use of OBLIX schema instead of standard Oracle schema. |
Test Connection |
Click to confirm if the values are correct. |
Create |
Click to create this IDS Repository, the repository is displayed in the IDS Repositories table. |
Cancel |
Click to cancel this IDS Repository. |
Related Topics
Managing Data Sources in Administrator's Guide for Oracle Access Management.