23.2.1 Default System Properties in Oracle Identity Governance
Default system properties are predefined in the PTY table. Each system property has a keyword and default value.
Table 23-1 describes default system properties in Oracle Identity Governance.
Table 23-1 Default System Properties in Oracle Identity Governance
Property Name | Keyword | Default Value | Description |
---|---|---|---|
Access Policy Revoke If No Longer Applies Enhancement |
XL.AccessPolicyRevokeIfNoLongerAppliesEnhancement |
FALSE |
Determines if the Revoke if no longer applies flag in access policy is applicable. If the value is true, then this flag is applicable to child table data (entitlements) along with parent data. The user can determine if child data must be removed or retained when access policy no longer applies to user based on this flag. If the value if false, then child table data (entitlements) are always removed after access policy is no longer applied. Note: This property is not used in Oracle Identity Manager Release 2 (11.1.2) or later. |
Administrator capability to manage proxies | ADMIN_CAPABILITY_TO_MANAGE_PROXIES |
True |
This property is used to control the administrator capabilities for proxy users. If the property is set to FALSE, the Proxy User tab will not be visible on the User Details screen.
Note:
|
Allows access policy based provisioning of multiple instances of a resource |
XL.AllowAPBasedMultipleAccountProvisioning |
FALSE |
Determines if multiple instances of a resource can be provisioned to multiple target resources. When the value is false, provisioning multiple instances of resource object via access policy is not allowed. When the value is true, provisioning multiple instances of resource object via access policy is allowed. |
Allows control over role hierarchical access policy evaluation |
XL.AllowRoleHierarchicalPolicyEval |
FALSE |
This property is used to control allowing role hierarchical access policy evaluation. When this system property is set to TRUE, access from inherited access policies is given to the user. If set to FALSE, access from access policies attached to inherited roles is not given to the user. |
Allows linking of access policies to reconciled and bulk loaded accounts |
XL.AllowAPHarvesting |
FALSE |
Determines if access policy engine can link access policies to reconciled accounts and to accounts created by the Bulk Load Utility. This property is used in the context of evaluating access policies for reconciled accounts and to accounts created by the Bulk Load Utility. Note: This property is used in Oracle Identity Manager 11g Release 2 (11.1.2.2.0) or later. |
Allows linking of access policies to Direct Provisioned accounts |
XL.APHarvestDirectProvisionAccount |
FALSE |
This property is used to link access policies to accounts that are provisioned through Direct Provisioning. When this system property is set to True, the account which is provisioned through Direct Provisioning is linked to the Access Policy based provisioned account. If set to FALSE, then the account which is provisioned through Direct Provisioning is not linked to the Access Policy based provisioned account. |
Allows linking of access policies to request based accounts |
XL.APHarvestRequestAccount |
FALSE |
This property is used to link access policies to accounts that are provisioned through Request Provisioning. When this system property is set to True, the account which is provisioned through Request Provisioning is linked to the Access Policy based provisioned account. If set to FALSE, then the account which is provisioned through Request Provisioning is not linked to the Access Policy based provisioned account. |
XL.APHarvesting.AllowAccountDataUpdate |
XL.APHarvesting.AllowAccountDataUpdate |
FALSE |
This property is used to update the account data with the policy defaults for the accounts linked to the access policies. When this system property is set to True, the account data is updated with the policy defaults for the accounts linked to access policy. If set to False or if the system property does not exist, the account data is not updated. Note: This system property is available only after you apply Oracle Identity Governance Bundle Patch 12.2.1.4.201011. |
Do not evaluate Access policy for disabled user |
XL.DoNotEvaluateAPForDisableUsers |
FALSE |
If the value is set to TRUE, then disabled users are not evaluated for Evaluate User Policies by Access Policy. If the value is set to FALSE, then disabled users are evaluated by Evaluate User Policies Scheduler Job. Note: This system property is available only after you apply Oracle Identity Governance Bundle Patch 12.2.1.4.211010. |
Are challenge questions disabled in OIM |
OIM.DisableChallengeQuestions |
FALSE |
Determines if challenge questions are enabled or disabled when a user logs in to Oracle Identity Manager for the first time. When value is False, challenge questions are enabled. When value is True, challenge questions are disabled. This property is primarily used in the context of Oracle Adaptive Access Manager (OAAM) configuration. When the value is TRUE, the challenge questions are handled by OAAM. When the value is FALSE, then PWR.PWR_CHA_POLICY_ENABLED is honored to determine if challenge policy is enabled or not. |
Catalog Additional Application Details Task Flow |
CatalogAdditionalApplicationDetailsTaskFlow |
/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tf |
A custom task flow is to be displayed when an application is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section. |
Catalog Additional Entitlement Details Task Flow |
CatalogAdditionalEntitlementDetailsTaskFlow |
/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tf |
A custom task flow is to be displayed when an entitlement is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section. |
Catalog Additional Role Details Task Flow |
CatalogAdditionalRoleDetailsTaskFlow |
/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tfs |
A custom task flow is to be displayed when a role item is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section. |
Catalog Advanced Search Maximum Applications |
CatalogAdvancedSearchMaxApps |
15 |
In the default form for catalog advanced search, you can search for entitlements by specifying the list of applications to search from. This system property controls the maximum number of applications that can be selected for entitlement search. |
Catalog Advanced Search Taskflow |
CatalogAdvancedSearchTaskflow |
/WEB-INF/oracle/iam/ui/catalog/tfs/catalog-advanced-search-tf.xml#catalog-advanced-search-tf |
Determines the taskflow used for catalog search. If you create custom taskflow for catalog search, then change the value of this property to the complete path of the custom taskflow. |
Catalog Attributes for Sorting Search Results |
CatalogSortAttributes |
ENTITY_DISPLAY_NAME; ENTITY_TYPE |
This property determines the attributes that will be displayed in the Sort By drop down in the catalog results tab. |
Catalog Audit Data Collection |
XL.CatalogAuditDataCollection |
none |
Determines if catalog auditing is enabled or disabled. The default value is |
Category count option can be 0, 1 or 2 |
CATALOG.CATEGORY_COUNT_OPTION |
2 |
Determines what is displayed in the Category count block. If the value is 0, then Category Count block is deactivated. If the value is 1, then distinct categories across the system are displayed without respective category count. If the value is 2, then Categories with count are displayed. Note: It is recommended that the values be modified in cases they are observing poor Catalog Search performance. |
Catalog Regex for special characters |
Catalog.SpecialCharacterRegex |
[^\w] |
Enables text parsing and escaping of special characters when performing a catalog search by using some special characters. If you do not want any text parsing and escaping of special characters, then change the value of this property to |
Catalog search MAX result size. Default value is -1 which means return all |
XL.CatalogSearchResultCap |
-1 |
When the data is huge in the request catalog and you encounter any issue with the performance of the catalog, you can change the value of this system property and provide some reasonable values, such as 500. As a result, catalog search will not return more than the specified value. If the value is -1, then no result size limit is applied on the catalog search result. |
Catalog Searchable UDF In Tags |
CATALOG.SearchableUdfInTags |
FALSE |
If want to use searchable UDF in TAGS, then you can set the value of this property to TRUE. Then, you can run the scheduled task in recalculate tags mode and searchable UDF values will be part of the TAGS column. The same value can be used in keyword search. |
Catalog Table Rows To Display Size |
CatalogTableRowsToDisplaySize |
10 |
This property is used to control the number of rows displayed in all tables found in all catalog-related pages. Note: The value of this system property must be less than or equal to 50. |
CommonName generation plugin |
XL.DefaultCommonNamePolicyImpl |
oracle.iam.ldapsync.impl.plugins.FirstNameLastNamePolicy |
Determines the common name generation plugin to generate common name. |
Compiler Path for Connectors |
XL.CompilerPath |
JAVA_HOME |
Specifies the Java home depending on the application server. Note: If the path of the JDK directory is not included in the System Path variable, then you must set the path of the JDK directory in the XL.CompilerPath system property. If this is not done, then an error is encountered during the adapter compilation stage of the process performed when you import an XML file by using the Deployment Manager. |
Compute and Persist Min Age On Password Change |
ComputePersistMinAgeOnPasswordChange |
proactive |
Password minimum age calculation has two modes, proactive and reactive mode. In proactive, where minimum age date is calculated at password change time, any subsequent change to the user's applicable password policy's minimum age property will not be honored until the next password change, where as with the reactive approach, policy changes will be applied immediately. To enable proactive or reactive approach, system property Compute Persist Min Age On Password Change is introduced. |
Control allowing Request Data to Prepopulate Adapters |
XL.AllowRequestDataToPrepopAdapter |
FALSE |
This property is used to control the order of preference for populating the process form data during provisioning. If this property is set to TRUE, pre-populate adapters data will take precedence over access policy or request data. That is access policy or request data will be overridden with pre-populate adapters data. If the property is set to FALSE, access policy or request data will have precedence over pre-populate adapters data. |
Copy manager of user also for create user email notification |
XL.NotifyUserCreateToOther |
TRUE |
Copies the user's manager in the email notification that is sent when a user is created. |
Data Collection Session ID |
XL.DataCollectionSessionID |
dummy |
Specifies the session ID of the current Oracle Identity Analytics (OIA) Data collection session. |
Data Collection Status |
XL.DataCollectionStatus |
FINALIZED |
Specifies the status of the current OIA data collection session. |
DB Diagnostic Level for Data Truncate |
OIM.DBDiagnosticLevelDataTrunc |
NONE |
This property controls the amount of diagnostic logging for Complete Nuke Cleanup operation. The values can be:
|
DB Diagnostic Level for Offline Data Purges |
OIM.DBDiagnosticLevelOffPurge |
NONE |
This property controls the amount of diagnostic logging for Offline Data Purge operation. The values can be:
|
DB Diagnostic Level for OIM GDPR support |
OIM.DBDiagnosticLevelGdprSupp |
NONE |
This property is used to enable or disable detailed logging in database. The values can be:
|
DB Diagnostic Level for OIM Mview Legacy Data Migration |
OIM.DBDiagnosticLevelMviewMig |
NONE |
This property defines the DB diagnostic level for OIG materialized view legacy data migration. The values can be:
|
DB Diagnostic Level for MView creation for BIP report | OIM.DBDiagnosticLevelMviewBIP | NONE |
This property defines the DB diagnostic level for Mview creation for BIP reports. The values can be:
|
DB Diagnostic Level for Online Data Purge | OIM.DBDiagnosticLevelDataPurge | NONE |
This property controls the amount of diagnostic logging and debugging required in PL/SQL layer during OIM Data Purge scheduled task operation. The values can be:
|
DB Diagnostic Level for Recon | OIM.DBDiagnosticLevelRecon | INFO |
This property controls the amount of diagnostic logging and debugging required in PL/SQL layer during reconciliation operations. The values can be:
|
DB Diagnostic Level for Online Recon Exceptions Purge |
OIM.DBDiagnosticLevelRecx |
NONE |
This property controls the amount of diagnostic logging and debugging required in PL/SQL layer during Recon Exceptions Purge operation. The values can be:
|
Default Date Format |
XL.DefaultDateFormat |
yyyy/mm/dd hh:mm:ss z |
When creating reconciliation events by calling the APIs and date format is not passed as one of the arguments to the API, Oracle Identity Manager assumes that all the date field values are specified in Default Date Format. |
Default policy for username generation |
XL.DefaultUserNamePolicyImpl |
oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy |
Determines the username policy to use when generating a username. |
Default user name domain |
XL.UserNameDomain |
oracle.com |
This property is used by the DefaultComboPolicy to generate a user name in e-mail format. |
Disable Catalog Blank Search |
CATALOG.DISABLE_BLANK_SEARCH |
True |
This property is used to enable or disable blank text search in Catalog. If the value is True, then blank text search is disabled. If the value is False, then blank text search is enabled. Note: Catalog search functionality can run slow depending upon the volume of data in the system. It is recommended to disable blank search functionality to improve search performance. |
Disabling Default Search of UI pages |
OIG.DisableDefaultTableSearches |
FALSE |
This property is used to enable or disable blank text search in the Users, Roles, Organizations, and Administration Roles page. If the value is TRUE, then blank text search is enabled. If the value is FALSE, then blank text search is disabled. |
Display Certification or Attestation |
OIM.ShowCertificationOrAttestation |
attestation |
This property has been superseded by the Note: In this release, this property is not used as Attestation is not supported. This property is superceded by the |
DM Global Search Result Size | DMGlobalSearchResultSize | 100 |
This system property controls the number of records displayed for deployment manager global search result. If incorrect or non-numeric value is set, then default value is considered. Note: It is recommended that the value of this system property is less than 1000. |
Does user have to provide challenge information during registration |
PCQ.PROVIDE_DURING_SELFREG |
TRUE |
If the value is TRUE, then users will have to provide challenge information during registration. |
Email Server |
XL.MailServer |
Email Server |
Name of the e-mail server. Note: After modifying the Email Server system property value, you must restart the server for the change to take effect. |
Email URL token expiration time (in days) |
OIM_EMAIL_URL_EXPIRE_TIME |
1 |
This system property determines the time until when the forgot password Email link is valid. |
Email Validation Pattern |
XL.EmailValidationPattern |
[A-Za-z0-9\.\_\#\!\$\&\'\*\/\=\?\^\`\{\}\~\|\%\+\-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4} |
This property contains the regular expression used to validate the email ID of a user. |
Enable disabled resource instances when a user is enabled |
XL.EnableDisabledResources |
TRUE |
If the value is TRUE, then the disabled resource instances are enabled when a user is enabled. |
Enable email notification based password reset |
OIM_ENABLE_EMAIL_SEC_FEAT |
True |
This property is used to enable Email notification for forgot password. If this property is set to False, then the feature is disabled. |
Enable Exception Reports |
XL.EnableExceptionReports |
TRUE |
This property is used to enable the exception reporting feature. Exception reporting is enabled only if the value is set to TRUE. |
Enable password suggestion on reset password for user | OIM.EnablePasswordSuggestion |
FALSE |
This property allows to generate a system suggested random password. The password generated is in accordance with the password policy and it can be generated every time you try to reset your password. By default, the value is set to FALSE. If the value is set to TRUE, the generate password suggestion is shown during the resetting password for a user. Note: This system property is available only after you apply Oracle Identity Governance BUNDLE PATCH 12.2.1.4.241007. |
Enable User Login Validation |
XL.ValidateWhiteSpace |
FALSE |
This property enforces the validation of the user login for special characters. |
Enable SQL Query Based Role Membership |
RoleUserMembershipRuleSQLSupported |
FALSE |
If the property value is TRUE, an admin can define SQL query as the user membership rule for Roles. Note: This system property is available only after you apply Oracle Identity Governance BUNDLE PATCH 12.2.1.4.231030. |
Evaluate All Role for SQL Membership Rule in Refresh Role Membership Job |
RefreshRoleMembershipJob.EvaluateAllRolesForSQLMembershipRule |
FALSE |
If the property is set to TRUE, then the Refresh Role Membership Job job evaluates all the SQL based membership rules.
Note: This system property is available only after you apply Oracle Identity Governance BUNDLE PATCH 12.2.1.4.231030. |
Evaluate LDAP Container Rules for Entity Modification |
LDAPEvaluateContainerRulesForModify |
FALSE |
If the property value is TRUE, then the LDAP container rules defined in LDAPContainerRules.xml are evaluated for entity modification. However, if none of the rules match, then the default container is not returned. The original parent container of the entity is returned, which means that there is no change in the entity DN. If the property value is FALSE, then the LDAP container rules defined in LDAPContainerRules.xml are not evaluated. The entity DN does not change. Note: This property only applies to a modification scenario and not to the entity creation scenario. |
ExecuteDymanicRoleMembershipOrchUsingAsync | XL.ExecuteDymanicRoleMembershipOrchUsingAsync | false | If the value of this property is set to true, then the role grant/revoke takes place asynchronously. |
Force to set questions at startup |
PCQ.FORCE_SET_QUES |
False |
When the user logs into the Oracle Identity Self Service or Oracle Identity System Administration for the first time, the user must set the default questions for resetting the password. Note: After modifying the value of this property, you must restart Oracle Identity Manager server for the changes to take effect. |
GTC Auto Import |
XL.GTCAutoImport |
true |
Based on the value of this property, the DM xml that is generated while Generic Technology Connector (GTC) creation can be saved to a directory. The default value of this property is true. When the value of this property is set to "False", then while creating GTC, the DM xml (the xml that GTC creates and imports using Deployment Manager internally while GTC creation) created by the GTC framework is stored in the following directory: OIM_HOME/GTC/XMLOutput The naming convention followed for the DM xml is: GTCNAME_CURRENTDATE_ TIMESTAMP created using date format "yyyy-MM-dd-HH-mm-ss".xml For example: TRUSTEDCSV_2009-02-05-22-41-11.xml |
IDMDF: Attachment FilePath |
IDM.Diagnostics.IDMDFClient.Notifier.Attachment.File |
/scratch/IDMDFAttachment |
This property determines the path to store the attachment files. |
IDMDF: Buffer size to hold context sensitive logs |
IDM.Diagnostics.EventProcessing.ContextSensitiveLogsBufferSize |
10000 |
This property determines the size of the buffer that holds detailed logs of the product. |
IDMDF: Buffer size to hold failed records |
IDM.Diagnostics.EventProcessing.FailedRecordBufferSize |
1000 |
This property determines the size of the buffer that holds failed (functional/SLA) events. |
IDMDF: Debug mode (true/false) |
IDM.Diagnostics.Debug |
False |
This property determines if logs of IDMDF framework in a log file is saved. When set to TRUE, debug mode is enabled. When set to False, debug mode is disabled. |
IDMDF: Default SLA |
IDM.Diagnostics.DefaultSLA |
300000 |
This property determines the size of the default SLA for events. |
IDMDF: E-mail notification to |
IDM.Diagnostics.Notification.Email.To |
dummy.dummy@dummy.com |
This property determines the email address to which notification is sent. |
IDMDF: E-mail notification from |
IDM.Diagnostics.Notification.Email.From |
dummy.dummy@dummy.com |
This property determines the email address from which notification is sent. |
IDMDF: Email Message Template Path |
IDM.Diagnostics.IDMDFClient.Notifier.Email.MessageTemplatePath |
This property determines the path of the email message template. |
|
IDMDF: Enabled/Disabled By Sysadmin |
IDM.Diagnostics.Enabled |
false |
This property is used by the system administrator to enable or disable IDMDF. |
IDMDF: Flood Control Duration(In Days) |
IDM.Diagnostics.EmailFloodControl.DurationInDays |
1 |
This property indicates the retention period in days for Flood Control Max email. After the defined number of days, the Flood Control Max email counter is reset. |
IDMDF: Flood Control Max Email |
IDM.Diagnostics.EmailFloodControl.MaxEmail |
2 |
This property determines the maximum number of notifications allowed per use case. |
IDMDF: In-Memory Logging |
IDM.Diagnostics.IDMDFClient.InMemoryLogging |
false |
This property determines if logs are stored in the memory. |
IDMDF: Max failed event to execute concurrently |
IDM.Diagnostics.EventProcessing.MaxConcurrent.FailedEvent |
2 |
This property determines the number of threads to execute events concurrently and put it in the database. |
IDMDF: Notification provider |
IDM.Diagnostics.NotificationProvider |
oracle.idm.diagnostics.notification.service.impl.IdmdfNotifier |
This property determines the service used for sending notifications. |
IDMDF : Notification template file name |
IDM.Diagnostics.IDMDFClient.Notifier.Email.MessageTemplateName |
This property determines the notification template file name. |
|
IDMDF: IDMDF Rest service end-point |
IDM.Diagnostics.IDMDFServiceEndPoint |
http://localhost:14000/idmeventrecording |
This property determines the URL where IDMDF services are deployed. Note: If the REST service is not working as expected, then check and if required update the local host name and port number configured inIDMDF: IDMDF Rest service end point. On a clustered environment, the IDMDF: IDMDF Rest service end point should be updated with host name and port number where OHS is running. In a single node configuration, this end point should be updated with host name and port number where OIG is running.
|
IDMDF: SMTP Server Name |
IDM.Diagnostics.Email.Server.Host |
localhost |
This property represents the server responsible for sending email notification. |
IDMDF: SLA template file |
IDM.Diagnostics.IDMDFClient.Notifier.Sla.File |
None |
This property determines the file that contains the list of SLAs for defined use cases. |
Identity Auditor Feature Set Availability |
OIG.IsIdentityAuditorEnabled |
FALSE |
When the value of this property is TRUE, role lifecycle management, Segregation of Duties (SoD), and identity certification are enabled. Note: After modifying the value of this system property, you must restart Oracle Identity Governance server for the changes to take effect. |
Inbox Task Tabs (none/all) |
UI.INBOX.VIEW.TaskTabs |
none |
This property determines whether or not to show additional links, such as Initiated tasks, Reportees and Administrative tasks, in the Inbox. When set to all, the following links are displaied in the Inbox: My tasks,Initiated tasks, Reportees, Administrative tasks. When set to none, only the My tasks link is displayed in the Inbox. |
Indicates if referential integrity is enabled in target LDAP directory |
XL.IsReferentialIntegrityEnabledInLDAP |
FALSE |
The value of this property is TRUE if referential integrity in target LDAP directory is turned on. The value of this property is FALSE if referential integrity in target LDAP directory is turned off. To be able to modify an entity stored in LDAP, this prop must be set to TRUE. |
Is DataProvider LDAP/DB |
OIM.DataProvider |
DB |
Specifies the data provider, which is Oracle Identity Manager database. The default value is DB, which indicates that the database is the data provider. |
Is disabled manager allowed |
AllowDisabledManagers |
FALSE |
Specifies whether a user in the disabled state can be set as a manager for another user. |
Is OIM Notifications disabled (true/false) |
XL.DisableAllNotifications |
false |
This property is used to enable or disable all notifications in Oracle Identity Manager. When the value of this property is set to false, notifications are enabled. When the value of this property is true, notifications are disabled. |
Is Self-Registration Allowed |
XL.SelfRegistrationAllowed |
TRUE |
If the value is TRUE, then the users are allowed to self-register. |
LDAP Reservation Plugin |
XL.LDAPReservationPluginImpl |
oracle.iam.identity.usermgmt.impl.plugins.reservation.ReservationInOID |
This property determines the LDAP reservation plugin implementation to be picked up for reservation of user attributes. |
Level of Role Auditing |
XL.RoleAuditLevel |
None |
This property controls the amount of audit data collected when an operation is performed on a role, such as creation or modification. The supported levels are:
|
Login Validation Pattern |
XL.LoginPattern |
(^[A-z0-9@._-]{2,256}$) |
This property contains the regular expression used to validate the login of a user when XL.ValidateWhiteSpace is set to true. If XL.LoginPattern is empty, then user login is validated against the default pattern. Note: It is recommended that the regular expression is developed and tested fully for specific validation requirements before using this system property. |
Locale for dependent request justification created by server of a bulk request. | OIM.RequestJustificationLocale | en_US |
The value of the property is a locale, the same locale will be used to translate request justification text for bulk requests. The format of locale is languageCode_CountryCode such as en_US, fr_FR. For details, refer Preparing to Install and Configure PRODUCT. |
Notify other recipients with the password reset email if email of user is null |
XL.NotifyPasswordGenerationToOther |
TRUE |
When the value of this property is TRUE, the email notification for reset password is sent to other recipients if the email ID of the user is not specified. |
Number of records to be executed in a batch during Catalog Enrichment |
XL.CatalogEnrichmentBatchSize |
500 |
This property determines how many records must be processed in a batch by the catalog job during catalog enrichment. |
Max retry count for fetching account details | PROVISIONING_CALLBACK_ACCOUNT_KEY_VALIDATON_MAX_RETRY_COUNT |
0 |
This property is used for specifying the retry count for the account details fetch API in case of manual fulfillment task creation failure due to oracle.iam.provisioning.exception.AccountNotFoundException exception.
The value “0” is configurable. "0" value for this property means no retry will be done to fetch the account details once failed. With each number in value a 5 second waiting period exists between each retry e.g. with "60" as a value to this property, 60 retirees will be done with an interval of 5 seconds each to fetch the account details after each failure. Note: This system property is available only after you apply Oracle Identity Governance BUNDLE PATCH 12.2.1.4.240705. |
Maximum number of records to be fetched from Catalog |
Catalog.SearchResultCap |
-1 |
This property determines how many records must be fetched from catalog when a search is performed. If the value is -1, then all records are fetched from catalog table. If the value is 10000, then only 10000 records are fetched from catalog. Note: It is recommended that you set the value to 10000 only if poor catalog search performance is experienced. |
Max Result size for lookups |
LOOKUP_MAX_RESULTSIZE |
1000 |
This property determines how many records must be fetched from the lookup table when a search is performed. For example, if the value is set to 500, then only 500 records are fetched from the lookup table. If the value is set to 0, then there is no restriction on the number of records fetched from the lookup table. |
Midtier compression for Audit(UPA) data |
OIM.AuditCompression | 0 |
This property is used to configure user profile audit data compression. It can have the following values:
|
Midtier compression for Audit(UPA) data algo |
OIM.AuditCompressionAlgo |
GZIP |
This property determines that GZIP is used as the compression algorithm. Only GZIP is supported in this release. |
OIA integration status |
OIM.IsOIAIntegrationEnabled |
FALSE |
Specifies whether OIA is integrated with Oracle Identity Manager. Set the value of this property to If you set the value of this property to Note: You must do a full import of role memberships at least once after this property is enabled. |
OIM Allow Upload Attachments | OIM.AllowUploadAttachments | TRUE |
This property determines whether or not to allow upload of attachments during approval request. Set the value of this property to Note: This system property is available only after you apply Oracle Identity Governance Bundle Patch 12.2.1.4.241007. |
OIM Complex Password Policy compatible with Active Directory |
OIM.ADPasswordPolicyCompatibilityEnabled |
FALSE |
On setting the value of this property to TRUE, the last rule (inclusion of user ID, first name, or last name in password) of the OIG complex password policy is replaced with the Active Directory (AD) password policy (inclusion of Display Name and User Login in password). This property is applicable to all complex password policies. Note: This system property is available only after you apply Oracle Identity Governance Bundle Patch 12.2.1.4.200624. |
OIM No Password Propagation Support |
NO_PASSWORD_PROPAGATION_SUPPORT |
FALSE |
This property determines if the No Password Propagation Support is enabled in Oracle Identity Governance. If this property is set to true, then the access policy based password provisioning is disabled. It is recommended not to change this property value directly as it changes the Oracle Identity Governance login behavior. |
Old Password Validator |
OIM.OldPasswordValidator |
oracle.iam.identity.usermgmt.impl.ContainerLoginPasswordVerifier |
The property specifies the name of the plugin class to be used for verifying old passwords. |
OMSS Enabled |
OMSS Enabled |
false |
When the value of this property is true, OMSS integration is enabled, and the OMSS links and tabs are displayed in Oracle Identity Self Service. Note: After modifying the value of this system property, you must restart Oracle Identity Manager server for the changes to take effect. |
Period to Delay User Delete |
XL.UserDeleteDelayPeriod |
0 |
This property is used to specify the time period before deleting a user. When this property is set and a user is deleted, the user's state is changed to disabled and "automatically delete on date" is set to current date plus the delay period. If this property is not set, then the user is automatically deleted at the expiration of the end date by the Disable/Delete User After End Date scheduled job. |
Proxy User Email Notification |
XL.ProxyNotificationTemplate |
Notify Proxy User |
The corresponding PTY_VALUE is the e-mail definition name that is sent when a proxy user is created. User gets a notification e-mail when the user is made the proxy for some other user. |
ProxyDelegateEnabled |
ProxyDelegateEnabled |
FALSE |
This property allows to manage proxy assignment type. When you set the value of this property to TRUE and the user is assigned with proxy, then the request is assigned to both the user and proxy. When you set the value of this property to FALSE and the user is assigned with proxy, then the request is assigned to only proxy and not to user.
Note: This system property is available only after you apply Oracle Identity Governance BUNDLE PATCH 12.2.1.4.231030. |
Recon Batch Size |
OIM.ReconBatchSize |
500 |
This property is used to specify the batch size for reconciliation. You can specify 0 as the value for this to indicate that the reconciliation will not be performed in batches. Note: You must restart Oracle Identity Manager server after setting this property. |
Request Notification Level |
RequestNotificationLevel |
0 |
This property indicates whether or not notification is sent to the requester and beneficiary when a request is created or the request status is changed. This property can have the following values:
For request notification level 2, notifications are sent for request creation and change of status to any of the Request End statuses. Request End statuses include Request Failed and other failure related statuses, Request Completed, Request Withdrawn, and Request Closed. |
Retry Count for recon event |
Recon.RetryCount |
5 |
This property determines the reconciliation retry count. The retry count value is picked up from the value of this property. If you specify a value that is greater than 0, then auto retry is configured. If you specify 0 as the value of this property, then auto retry is not configured. |
Reset Password |
SSO.RESETPASSWORDONTARGETBYPASSINGCONNECTOR |
False |
Set this value to true and import the Active Directory (AD) certificate into Oracle Identity Governance (OIG) to improve the performance of Reset Password in AD integration. This system property is available only after you apply Oracle Identity Governance Bundle Patch 12.2.1.4.210708.
Note: For details, see Improving Reset Password Performance on AD Integration in Integration Guide for Oracle Identity Management Suite. |
Search Stop Count |
XL.IDADMIN_STOP_COUNT |
300 |
This property determines the maximum number of records that are displayed in the advanced search result. If the search criteria specified returns more number of records than that value of this property, then the number of records displayed is limited to this value. In addition, a warning is displayed stating that the results exceed maximum counts and you must refine your search with additional attributes. |
Segregation of Duties (SOD) Check Required |
XL.SoDCheckRequired |
FALSE |
This property indicates whether or not Segregation of Duties (SoD) check is required. |
Send email notification based on user locale |
XL.SendEmailNotificationBasedOnUserLocale |
false |
This property determines whether an email notification is sent based on the receiver's (user/manager/assignee/requestor) locale when the value is set to true. If the value is set to false, then notification is sent in the server locale. Note: This system property has been deprecated in this release of Oracle Identity Manager. |
Should send notifications in recon or not |
Recon.SEND_NOTIFICATION |
true |
Determines if notification is sent to the user when the user login and password are generated in postprocess event handler for user creation via trusted source reconciliation. If the value is set to true, then notification is sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation. If the value is set to false, then notification is not sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation. |
Shows Revoked Accounts In the Accounts Tab |
ShowRevokedAccountsInAccountsTab | TRUE |
By default, the revoked accounts always appear in the Accounts tab. To hide the revoked accounts, this feature should be updated to "FALSE".
Note: This system property is available only after you apply Oracle Identity Governance BUNDLE PATCH 12.2.1.4.231030. |
Shows tasks assigned to group users with highest priority or least load only |
XL.ShowTaskAssignedToGroupUserOnly |
FALSE |
If the value is TRUE, then the tasks are assigned to group users with highest priority or least load only when the assignment type is Group User With Least Load. |
Specifies the LDAP container mapper plug-in to be used |
LDAPContainerMapperPlugin |
oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper |
When Oracle Identity Manager is installed with LDAP synchronization enabled, this plug-in determines in which container users and roles are to be created. Value of this system property indicates the default Oracle Identity Manager plug-in name used for computing the container values. If the default plug-in does not meet the requirement, then you can define your own plug-in to determine the container and specify the name of the plug-in in this system property. |
URL for challenge questions modification |
OIM.ChallengeQuestionsModificationURL |
NONE |
When a user is locked, an automatic unlock occurs after a prescribed time period. This property defines that time period in seconds. Therefore, for example, if a user account is locked and the value of this property is 86400 seconds (one day), then the account is automatically unlocked after one day. The value of this property is the URL within OAAM that handles the challenge questions. For example: http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=registerQuestions |
URL for change password |
OIM.ChangePasswordURL |
NONE |
This property is used in combination with the property OIM.DisableChallengeQuestions. The value of this property is the URL within OAAM that handles the change password functionality. For example: http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=changePassword |
User Attribute Reservation Enabled |
XL.IsUsrAttribReservEnabled |
TRUE |
This property is used to enable user attribute reservation. |
User Id reuse property.Requires dropping the index present on USR_LOGIN column |
XL.UserIDReuse |
FALSE |
Determines whether a deleted user account can be reused. To reuse a deleted user account, assign this property a value of TRUE and drop the unique index for the USR_LOGIN column in the USR table and create a nonunique index. To prevent a user account from being reused, assign this property a value of FALSE. Note: It is imperative to de-provision all accounts associated with a deleted user, because if you create a new user with the same user name as that of the deleted user by setting the |
User Language |
user.language |
en |
The user.language value is configured during installation for Locale handling at server side. |
User profile audit data collection level |
XL.UserProfileAuditDataCollection |
Resource Form |
This property controls the user profile data that is collected for audit purpose when an operation is performed on the user, such as creation, modification, or deletion of a user, role grants or revokes, and resource provisioning or deprovisioning. Depending upon the property value, such as Resource Form or None, the data is populated in the UPA table. The audit levels are specified as values of this property. The supported levels are:
|
User Region |
user.region |
US |
The user.region value is configured during installation for Locale handling at server side. |
Whether or not email should be validated for uniqueness |
OIM.EmailUniqueCheck |
TRUE |
This property is available in a deployment that has been upgraded from an earlier release of Oracle Identity Manager. If the value of this property is FALSE, then Email Uniqueness check is not performed by Oracle Identity Manager. If the value if TRUE, then Email Uniqueness check is performed by Oracle Identity Manager. Note: If this property is not present, then Email Uniqueness check is performed by Oracle Identity Manager. |
Width of JGRAPH CELL |
XL.GTCNexawebUIColumnWidth |
155 |
This property controls the field length of GTC mapping attributes. Default value is 155, Maximum value is upto 255. |
Workflows Enabled |
Workflows Enabled |
TRUE |
This property determines whether SOA server is turned on or turned off. If the value of this property is TRUE, then SOA sever is turned on. If the value of this property is FALSE, then SOA server is turned off. Note: After setting the value of this system property, you must restart Oracle Identity Manager. Note: Toggling between enabling and disabling workflows is not supported. |
Workflow Policies Enabled |
Workflow Policies Enabled |
TRUE |
This property determines whether approval workflows is enabled or disabled in Oracle Identity Manager. Approval workflows is used to determine if operation requires approval or not, and if approval is required, then which workflow is to be invoked. If the value of this property is TRUE, then approval workflow is enabled. If the value of this property is FALSE, then approval workflow is disabled. For detailed information about approval workflow, see Managing Workflows. |
XL.AlternativeReviewerIDForManager |
XL.AlternativeReviewerIDForManager |
xelsysadm |
This property provides an alternative certification reviewer for users who do not have a manager or whose manager is disabled. If this property is set to NULL, or if the specified alternative reviewer is disabled or does not exist, then a warning message is logged and these users are omitted from user certifications-by-manager. |
OIG.DefaultTaskReassignee |
OIG.DefaultTaskReassignee |
SYSTEM ADMINISTRATORS |
This property defines the default task reassignee to reassign tasks to other assignees when the current assignee is disabled or deleted. By default, the value of the OIG.DefaultTaskReassignee system property is the SYSTEM ADMINISTRATORS role so that pending tasks can be reassigned to the SYSTEM ADMINISTRATORS role when a user is disabled or deleted. When the value of the OIG.DefaultTaskReassignee system property is a manager, Oracle Identity Governance finds the closest active manager from the hierarchy if the current target assignee is disabled. When the value of the OIG.DefaultTaskReassignee system property is a user, Oracle Identity Governance reassigns the task to the user. When the value of the OIG.DefaultTaskReassignee system property is a role, Oracle Identity Governance reassigns the task to the role. Here, the role name as the value of the OIG.DefaultTaskReassignee system property is case-sensitive. If Oracle Identity Governance cannot find any valid assignee, then the tasks are reassigned to the System Administrator. It is important to set the value of this property with an active user or role. For example: OIG.DefaultTaskReassignee=Manager OIG.DefaultTaskReassignee=User:user1 OIG.DefaultTaskReassignee=Role:role1 |
OIG.BeneficiaryManagerApprovalWorkflows |
OIG.BeneficiaryManagerApprovalWorkflows |
default/BeneficiaryManagerApproval!4.0 |
When the initial target assignee is disabled, Oracle Identity Governance looks for the closest manager of the beneficiary of the request with the approval workflow specified in this system property. You can specify multiple composites with the comma separator. |
OIG.RequesterManagerApprovalWorkflows |
OIG.RequesterManagerApprovalWorkflows |
default/RequesterManagerApproval!4.0 |
When the initial target assignee is disabled, Oracle Identity Governance looks for the closest manager of the requester of the request with the approval workflow specified in this system property. You can specify multiple composites with the comma separator. |
XL.OUTSIDE_ROLE_WITH_APHARVEST_CERT | XL.OUTSIDE_ROLE_WITH_APHARVEST_CERT | FALSE |
This property controls whether the entitlements need to be dropped or included in the user certification when the Entitlements Outside Role option is selected during the certification definition. The property is set to Set the value of this property to Note: This system property is available only after you apply Oracle Identity Governance Bundle Patch 12.2.1.4.241007. |