Access Policy Revoke If No Longer Applies Enhancement

XL.AccessPolicyRevokeIfNoLongerAppliesEnhancement

FALSE

Determines if the Revoke if no longer applies flag in access policy is applicable.

If the value is true, then this flag is applicable to child table data (entitlements) along with parent data. The user can determine if child data must be removed or retained when access policy no longer applies to user based on this flag.

If the value if false, then child table data (entitlements) are always removed after access policy is no longer applied.

Note: This property is not used in Oracle Identity Manager Release 2 (11.1.2) or later.

True

Allows access policy based provisioning of multiple instances of a resource

XL.AllowAPBasedMultipleAccountProvisioning

FALSE

Determines if multiple instances of a resource can be provisioned to multiple target resources.

When the value is false, provisioning multiple instances of resource object via access policy is not allowed.

When the value is true, provisioning multiple instances of resource object via access policy is allowed.

Allows control over role hierarchical access policy evaluation

XL.AllowRoleHierarchicalPolicyEval

FALSE

This property is used to control allowing role hierarchical access policy evaluation. When this system property is set to TRUE, access from inherited access policies is given to the user. If set to FALSE, access from access policies attached to inherited roles is not given to the user.

Allows linking of access policies to reconciled and bulk loaded accounts

XL.AllowAPHarvesting

FALSE

Determines if access policy engine can link access policies to reconciled accounts and to accounts created by the Bulk Load Utility.

This property is used in the context of evaluating access policies for reconciled accounts and to accounts created by the Bulk Load Utility.

Note: This property is used in Oracle Identity Manager 11g Release 2 (11.1.2.2.0) or later.

Allows linking of access policies to Direct Provisioned accounts

XL.APHarvestDirectProvisionAccount

FALSE

This property is used to link access policies to accounts that are provisioned through Direct Provisioning.

When this system property is set to True, the account which is provisioned through Direct Provisioning is linked to the Access Policy based provisioned account. If set to FALSE, then the account which is provisioned through Direct Provisioning is not linked to the Access Policy based provisioned account.

Allows linking of access policies to request based accounts

XL.APHarvestRequestAccount

FALSE

This property is used to link access policies to accounts that are provisioned through Request Provisioning.

When this system property is set to True, the account which is provisioned through Request Provisioning is linked to the Access Policy based provisioned account. If set to FALSE, then the account which is provisioned through Request Provisioning is not linked to the Access Policy based provisioned account.

XL.APHarvesting.AllowAccountDataUpdate

XL.APHarvesting.AllowAccountDataUpdate

FALSE

This property is used to update the account data with the policy defaults for the accounts linked to the access policies.

When this system property is set to True, the account data is updated with the policy defaults for the accounts linked to access policy. If set to False or if the system property does not exist, the account data is not updated.

Do not evaluate Access policy for disabled user

XL.DoNotEvaluateAPForDisableUsers

FALSE

If the value is set to TRUE, then disabled users are not evaluated for Evaluate User Policies by Access Policy.

If the value is set to FALSE, then disabled users are evaluated by Evaluate User Policies Scheduler Job.

Are challenge questions disabled in OIM

OIM.DisableChallengeQuestions

FALSE

Determines if challenge questions are enabled or disabled when a user logs in to Oracle Identity Manager for the first time.

When value is False, challenge questions are enabled.

When value is True, challenge questions are disabled.

This property is primarily used in the context of Oracle Adaptive Access Manager (OAAM) configuration. When the value is TRUE, the challenge questions are handled by OAAM.

When the value is FALSE, then PWR.PWR_CHA_POLICY_ENABLED is honored to determine if challenge policy is enabled or not.

Catalog Additional Application Details Task Flow

CatalogAdditionalApplicationDetailsTaskFlow

/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tf

A custom task flow is to be displayed when an application is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.

Catalog Additional Entitlement Details Task Flow

CatalogAdditionalEntitlementDetailsTaskFlow

/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tf

A custom task flow is to be displayed when an entitlement is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.

Catalog Additional Role Details Task Flow

CatalogAdditionalRoleDetailsTaskFlow

/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tfs

A custom task flow is to be displayed when a role item is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.

Catalog Advanced Search Maximum Applications

CatalogAdvancedSearchMaxApps

15

In the default form for catalog advanced search, you can search for entitlements by specifying the list of applications to search from. This system property controls the maximum number of applications that can be selected for entitlement search.

Catalog Advanced Search Taskflow

CatalogAdvancedSearchTaskflow

/WEB-INF/oracle/iam/ui/catalog/tfs/catalog-advanced-search-tf.xml#catalog-advanced-search-tf

Determines the taskflow used for catalog search. If you create custom taskflow for catalog search, then change the value of this property to the complete path of the custom taskflow.

Catalog Attributes for Sorting Search Results

CatalogSortAttributes

ENTITY_DISPLAY_NAME; ENTITY_TYPE

This property determines the attributes that will be displayed in the Sort By drop down in the catalog results tab.

Catalog Audit Data Collection

XL.CatalogAuditDataCollection

none

Determines if catalog auditing is enabled or disabled. The default value is none, which specifies that catalog auditing in disabled. To enable catalog auditing, set the value of this property to catalog.

Category count option can be 0, 1 or 2

CATALOG.CATEGORY_COUNT_OPTION

2

Determines what is displayed in the Category count block. If the value is 0, then Category Count block is deactivated. If the value is 1, then distinct categories across the system are displayed without respective category count. If the value is 2, then Categories with count are displayed.

Note: It is recommended that the values be modified in cases they are observing poor Catalog Search performance.

Catalog Regex for special characters

Catalog.SpecialCharacterRegex

[^\w]

Enables text parsing and escaping of special characters when performing a catalog search by using some special characters. If you do not want any text parsing and escaping of special characters, then change the value of this property to [^\w^\W].

Catalog search MAX result size. Default value is -1 which means return all

XL.CatalogSearchResultCap

-1

When the data is huge in the request catalog and you encounter any issue with the performance of the catalog, you can change the value of this system property and provide some reasonable values, such as 500. As a result, catalog search will not return more than the specified value. If the value is -1, then no result size limit is applied on the catalog search result.

Catalog Searchable UDF In Tags

CATALOG.SearchableUdfInTags

FALSE

If want to use searchable UDF in TAGS, then you can set the value of this property to TRUE. Then, you can run the scheduled task in recalculate tags mode and searchable UDF values will be part of the TAGS column. The same value can be used in keyword search.

Catalog Table Rows To Display Size

CatalogTableRowsToDisplaySize

10

This property is used to control the number of rows displayed in all tables found in all catalog-related pages.

Note: The value of this system property must be less than or equal to 50.

CommonName generation plugin

XL.DefaultCommonNamePolicyImpl

oracle.iam.ldapsync.impl.plugins.FirstNameLastNamePolicy

Determines the common name generation plugin to generate common name.

Compiler Path for Connectors

XL.CompilerPath

JAVA_HOME

Specifies the Java home depending on the application server.

Note: If the path of the JDK directory is not included in the System Path variable, then you must set the path of the JDK directory in the XL.CompilerPath system property. If this is not done, then an error is encountered during the adapter compilation stage of the process performed when you import an XML file by using the Deployment Manager.

Compute and Persist Min Age On Password Change

ComputePersistMinAgeOnPasswordChange

proactive

Password minimum age calculation has two modes, proactive and reactive mode.

In proactive, where minimum age date is calculated at password change time, any subsequent change to the user's applicable password policy's minimum age property will not be honored until the next password change, where as with the reactive approach, policy changes will be applied immediately.

To enable proactive or reactive approach, system property Compute Persist Min Age On Password Change is introduced.

Control allowing Request Data to Prepopulate Adapters

XL.AllowRequestDataToPrepopAdapter

FALSE

This property is used to control the order of preference for populating the process form data during provisioning. If this property is set to TRUE, pre-populate adapters data will take precedence over access policy or request data. That is access policy or request data will be overridden with pre-populate adapters data. If the property is set to FALSE, access policy or request data will have precedence over pre-populate adapters data.

Copy manager of user also for create user email notification

XL.NotifyUserCreateToOther

TRUE

Copies the user's manager in the email notification that is sent when a user is created.

Data Collection Session ID

XL.DataCollectionSessionID

dummy

Specifies the session ID of the current Oracle Identity Analytics (OIA) Data collection session.

Data Collection Status

XL.DataCollectionStatus

FINALIZED

Specifies the status of the current OIA data collection session.

DB Diagnostic Level for Data Truncate

OIM.DBDiagnosticLevelDataTrunc

NONE

This property controls the amount of diagnostic logging for Complete Nuke Cleanup operation. The values can be:

• NONE: No information is collected to debug the complete nuke cleanup operation. This is the default value.

• FINEST: Fine-grained information is collected to debug the complete nuke cleanup operation.

DB Diagnostic Level for Offline Data Purges

OIM.DBDiagnosticLevelOffPurge

NONE

This property controls the amount of diagnostic logging for Offline Data Purge operation. The values can be:

• NONE: No information is collected to debug the offline data purge operation. This is the default value.

• FINEST: Fine-grained information is collected to debug the offline data purge operation.

DB Diagnostic Level for OIM GDPR support

OIM.DBDiagnosticLevelGdprSupp

NONE

This property is used to enable or disable detailed logging in database. The values can be:

• NONE: Logging is disabled. This is the default value.

• FINEST: Logging is enabled.

DB Diagnostic Level for OIM Mview Legacy Data Migration

OIM.DBDiagnosticLevelMviewMig

NONE

This property defines the DB diagnostic level for OIG materialized view legacy data migration. The values can be:

• NONE: Logging is disabled. This is the default value.
• FINEST: Logging is enabled.

This property defines the DB diagnostic level for Mview creation for BIP reports. The values can be:

• NONE: Logging is disabled. This is the default value.
• FINEST: Logging is enabled.

This property controls the amount of diagnostic logging and debugging required in PL/SQL layer during OIM Data Purge scheduled task operation. The values can be:

• NONE: No information is collected to debug the online data purge operation in PL/SQL layer. This is the default value.

• FINEST: Fine-grained information is collected to debug the online data purge operation in PL/SQL layer.

This property controls the amount of diagnostic logging and debugging required in PL/SQL layer during reconciliation operations. The values can be:

• INFO: Coarse-grained level information is collected to debug the reconciliation operation in PL/SQL layer. This is the default value.

• FINE: Fine-grained information is collected to debug the reconciliation operation in PL/SQL layer.

• FINEST: Fine-grained information along with data for collection variables used as input to Stored Program Units is collected to debug the reconciliation operation in PL/SQL layer.

• NONE: No information is collected to debug the reconciliation operation in PL/SQL layer.

DB Diagnostic Level for Online Recon Exceptions Purge

OIM.DBDiagnosticLevelRecx

NONE

This property controls the amount of diagnostic logging and debugging required in PL/SQL layer during Recon Exceptions Purge operation. The values can be:

• INFO: Coarse-grained level information is collected to debug the Recon Exceptions Purge operation in PL/SQL layer.

• FINE: Fine-grained information is collected to debug the Recon Exceptions Purge operation in PL/SQL layer.

• FINEST: Fine-grained information along with data for collection variables used as input to Stored Program Units is collected to debug the Recon Exceptions Purge operation in PL/SQL layer.

• NONE: No information is collected to debug the Recon Exceptions Purge operation in PL/SQL layer. This is the default value.

Default Date Format

XL.DefaultDateFormat

yyyy/mm/dd hh:mm:ss z

When creating reconciliation events by calling the APIs and date format is not passed as one of the arguments to the API, Oracle Identity Manager assumes that all the date field values are specified in Default Date Format.

Default policy for username generation

XL.DefaultUserNamePolicyImpl

oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy

Determines the username policy to use when generating a username.

Default user name domain

XL.UserNameDomain

oracle.com

This property is used by the DefaultComboPolicy to generate a user name in e-mail format.

Disable Catalog Blank Search

CATALOG.DISABLE_BLANK_SEARCH

True

This property is used to enable or disable blank text search in Catalog.

If the value is True, then blank text search is disabled. If the value is False, then blank text search is enabled.

Note: Catalog search functionality can run slow depending upon the volume of data in the system. It is recommended to disable blank search functionality to improve search performance.

Disabling Default Search of UI pages

OIG.DisableDefaultTableSearches

FALSE

This property is used to enable or disable blank text search in the Users, Roles, Organizations, and Administration Roles page. If the value is TRUE, then blank text search is enabled. If the value is FALSE, then blank text search is disabled.

Display Certification or Attestation

OIM.ShowCertificationOrAttestation

attestation

This property has been superseded by the Identity Auditor Features Enabled system property, and attestation is no longer supported.

Note: In this release, this property is not used as Attestation is not supported. This property is superceded by the Identity Auditor Features Enabled system property.

This system property controls the number of records displayed for deployment manager global search result. If  incorrect or non-numeric value is set, then default value is considered.

Note: It is recommended that the value of this system property is less than 1000.

Does user have to provide challenge information during registration

PCQ.PROVIDE_DURING_SELFREG

TRUE

If the value is TRUE, then users will have to provide challenge information during registration.

Email Server

XL.MailServer

Email Server

Name of the e-mail server.

Note: After modifying the Email Server system property value, you must restart the server for the change to take effect.

Email URL token expiration time (in days)

OIM_EMAIL_URL_EXPIRE_TIME

1

This system property determines the time until when the forgot password Email link is valid.

Email Validation Pattern

XL.EmailValidationPattern

[A-Za-z0-9\.\_\#\!\$\&\'\*\/\=\?\^\`\{\}\~\|\%\+\-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}

This property contains the regular expression used to validate the email ID of a user.

Enable disabled resource instances when a user is enabled

XL.EnableDisabledResources

TRUE

If the value is TRUE, then the disabled resource instances are enabled when a user is enabled.

Enable email notification based password reset

OIM_ENABLE_EMAIL_SEC_FEAT

True

This property is used to enable Email notification for forgot password. If this property is set to False, then the feature is disabled.

Enable Exception Reports

XL.EnableExceptionReports

TRUE

This property is used to enable the exception reporting feature. Exception reporting is enabled only if the value is set to TRUE.

FALSE

This property allows to generate a system suggested random password. The password generated is in accordance with the password policy and it can be generated every time you try to reset your password.

By default, the value is set to FALSE.

If the value is set to TRUE, the generate password suggestion is shown during the resetting password for a user.

Enable User Login Validation

XL.ValidateWhiteSpace

FALSE

This property enforces the validation of the user login for special characters.

RoleUserMembershipRuleSQLSupported

FALSE

If the property value is TRUE, an admin can define SQL query as the user membership rule for Roles.

RefreshRoleMembershipJob.EvaluateAllRolesForSQLMembershipRule

FALSE

Evaluate LDAP Container Rules for Entity Modification

LDAPEvaluateContainerRulesForModify

FALSE

If the property value is TRUE, then the LDAP container rules defined in LDAPContainerRules.xml are evaluated for entity modification. However, if none of the rules match, then the default container is not returned. The original parent container of the entity is returned, which means that there is no change in the entity DN.

If the property value is FALSE, then the LDAP container rules defined in LDAPContainerRules.xml are not evaluated. The entity DN does not change.

Note: This property only applies to a modification scenario and not to the entity creation scenario.

Force to set questions at startup

PCQ.FORCE_SET_QUES

False

When the user logs into the Oracle Identity Self Service or Oracle Identity System Administration for the first time, the user must set the default questions for resetting the password.

Note: After modifying the value of this property, you must restart Oracle Identity Manager server for the changes to take effect.

GTC Auto Import

XL.GTCAutoImport

true

Based on the value of this property, the DM xml that is generated while Generic Technology Connector (GTC) creation can be saved to a directory.

The default value of this property is true.

When the value of this property is set to "False", then while creating GTC, the DM xml (the xml that GTC creates and imports using Deployment Manager internally while GTC creation) created by the GTC framework is stored in the following directory:

OIM_HOME/GTC/XMLOutput

The naming convention followed for the DM xml is:

GTCNAME_CURRENTDATE_ TIMESTAMP created using date format "yyyy-MM-dd-HH-mm-ss".xml

For example:

TRUSTEDCSV_2009-02-05-22-41-11.xml

IDMDF: Attachment FilePath

IDM.Diagnostics.IDMDFClient.Notifier.Attachment.File

/scratch/IDMDFAttachment

This property determines the path to store the attachment files.

IDMDF: Buffer size to hold context sensitive logs

IDM.Diagnostics.EventProcessing.ContextSensitiveLogsBufferSize

10000

This property determines the size of the buffer that holds detailed logs of the product.

IDMDF: Buffer size to hold failed records

IDM.Diagnostics.EventProcessing.FailedRecordBufferSize

1000

This property determines the size of the buffer that holds failed (functional/SLA) events.

IDMDF: Debug mode (true/false)

IDM.Diagnostics.Debug

False

This property determines if logs of IDMDF framework in a log file is saved. When set to TRUE, debug mode is enabled. When set to False, debug mode is disabled.

IDMDF: Default SLA

IDM.Diagnostics.DefaultSLA

300000

This property determines the size of the default SLA for events.

IDMDF: E-mail notification to

IDM.Diagnostics.Notification.Email.To

dummy.dummy@dummy.com

This property determines the email address to which notification is sent.

IDMDF: E-mail notification from

IDM.Diagnostics.Notification.Email.From

dummy.dummy@dummy.com

This property determines the email address from which notification is sent.

IDMDF: Email Message Template Path

IDM.Diagnostics.IDMDFClient.Notifier.Email.MessageTemplatePath

This property determines the path of the email message template.

IDMDF: Enabled/Disabled By Sysadmin

IDM.Diagnostics.Enabled

false

This property is used by the system administrator to enable or disable IDMDF.

IDMDF: Flood Control Duration(In Days)

IDM.Diagnostics.EmailFloodControl.DurationInDays

1

This property indicates the retention period in days for Flood Control Max email. After the defined number of days, the Flood Control Max email counter is reset.

IDMDF: Flood Control Max Email

IDM.Diagnostics.EmailFloodControl.MaxEmail

2

This property determines the maximum number of notifications allowed per use case.

IDMDF: In-Memory Logging

IDM.Diagnostics.IDMDFClient.InMemoryLogging

false

This property determines if logs are stored in the memory.

IDMDF: Max failed event to execute concurrently

IDM.Diagnostics.EventProcessing.MaxConcurrent.FailedEvent

2

This property determines the number of threads to execute events concurrently and put it in the database.

IDMDF: Notification provider

IDM.Diagnostics.NotificationProvider

oracle.idm.diagnostics.notification.service.impl.IdmdfNotifier

This property determines the service used for sending notifications.

IDMDF : Notification template file name

IDM.Diagnostics.IDMDFClient.Notifier.Email.MessageTemplateName

This property determines the notification template file name.

IDMDF: IDMDF Rest service end-point

IDM.Diagnostics.IDMDFServiceEndPoint

http://localhost:14000/idmeventrecording

This property determines the URL where IDMDF services are deployed.

IDMDF: SMTP Server Name

IDM.Diagnostics.Email.Server.Host

localhost

This property represents the server responsible for sending email notification.

IDMDF: SLA template file

IDM.Diagnostics.IDMDFClient.Notifier.Sla.File

This property determines the file that contains the list of SLAs for defined use cases.

Identity Auditor Feature Set Availability

OIG.IsIdentityAuditorEnabled

FALSE

When the value of this property is TRUE, role lifecycle management, Segregation of Duties (SoD), and identity certification are enabled.

Note: After modifying the value of this system property, you must restart Oracle Identity Governance server for the changes to take effect.

Inbox Task Tabs (none/all)

UI.INBOX.VIEW.TaskTabs

none

This property determines whether or not to show additional links, such as Initiated tasks, Reportees and Administrative tasks, in the Inbox. When set to all, the following links are displaied in the Inbox:

My tasks,Initiated tasks, Reportees, Administrative tasks.

When set to none, only the My tasks link is displayed in the Inbox.

Indicates if referential integrity is enabled in target LDAP directory

XL.IsReferentialIntegrityEnabledInLDAP

FALSE

The value of this property is TRUE if referential integrity in target LDAP directory is turned on.

The value of this property is FALSE if referential integrity in target LDAP directory is turned off.

To be able to modify an entity stored in LDAP, this prop must be set to TRUE.

Is DataProvider LDAP/DB

OIM.DataProvider

DB

Specifies the data provider, which is Oracle Identity Manager database. The default value is DB, which indicates that the database is the data provider.

Is disabled manager allowed

AllowDisabledManagers

FALSE

Specifies whether a user in the disabled state can be set as a manager for another user.

Is OIM Notifications disabled (true/false)

XL.DisableAllNotifications

false

This property is used to enable or disable all notifications in Oracle Identity Manager. When the value of this property is set to false, notifications are enabled. When the value of this property is true, notifications are disabled.

Is Self-Registration Allowed

XL.SelfRegistrationAllowed

TRUE

If the value is TRUE, then the users are allowed to self-register.

LDAP Reservation Plugin

XL.LDAPReservationPluginImpl

oracle.iam.identity.usermgmt.impl.plugins.reservation.ReservationInOID

This property determines the LDAP reservation plugin implementation to be picked up for reservation of user attributes.

Level of Role Auditing

XL.RoleAuditLevel

None

This property controls the amount of audit data collected when an operation is performed on a role, such as creation or modification. The supported levels are:

• None: No audit data is collected.

• Role: Creation, modification, and deletion of role is audited.

• Role Hierarchy: Changes made to the role inheritance is audited.

Login Validation Pattern

XL.LoginPattern

(^[A-z0-9@._-]{2,256}$)

This property contains the regular expression used to validate the login of a user when XL.ValidateWhiteSpace is set to true. If XL.LoginPattern is empty, then user login is validated against the default pattern. Note: It is recommended that the regular expression is developed and tested fully for specific validation requirements before using this system property.

The value of the property is a locale, the same locale will be used to translate request justification text for bulk requests. The format of locale is languageCode_CountryCode such as en_US, fr_FR. For details, refer Preparing to Install and Configure PRODUCT.

Notify other recipients with the password reset email if email of user is null

XL.NotifyPasswordGenerationToOther

TRUE

When the value of this property is TRUE, the email notification for reset password is sent to other recipients if the email ID of the user is not specified.

Number of records to be executed in a batch during Catalog Enrichment

XL.CatalogEnrichmentBatchSize

500

This property determines how many records must be processed in a batch by the catalog job during catalog enrichment.

0

The value “0” is configurable. "0" value for this property means no retry will be done to fetch the account details once failed.

With each number in value a 5 second waiting period exists between each retry e.g. with "60" as a value to this property, 60 retirees will be done with an interval of 5 seconds each to fetch the account details after each failure.

Maximum number of records to be fetched from Catalog

Catalog.SearchResultCap

-1

This property determines how many records must be fetched from catalog when a search is performed.

If the value is -1, then all records are fetched from catalog table. If the value is 10000, then only 10000 records are fetched from catalog.

Note: It is recommended that you set the value to 10000 only if poor catalog search performance is experienced.

Max Result size for lookups

LOOKUP_MAX_RESULTSIZE

1000

This property determines how many records must be fetched from the lookup table when a search is performed.

For example, if the value is set to 500, then only 500 records are fetched from the lookup table.

If the value is set to 0, then there is no restriction on the number of records fetched from the lookup table.

Midtier compression for Audit(UPA) data

This property is used to configure user profile audit data compression. It can have the following values:

• 0: This is the default value. It determines that none of the columns in the UPA table are compressed.

• 1: This value determines that the SNAPSHOT column in the UPA table is compressed.

• 3: This value determines that the SNAPSHOT and DELTAS columns in the UPA table are compressed.

Midtier compression for Audit(UPA) data algo

OIM.AuditCompressionAlgo

GZIP

This property determines that GZIP is used as the compression algorithm. Only GZIP is supported in this release.

OIA integration status

OIM.IsOIAIntegrationEnabled

FALSE

Specifies whether OIA is integrated with Oracle Identity Manager.

Set the value of this property to TRUE before you add role memberships in Oracle Identity Manager.

If you set the value of this property to FALSE, incremental role memberships into OIA will not work.

Note: You must do a full import of role memberships at least once after this property is enabled.

This property determines whether or not to allow upload of attachments during approval request.

Set the value of this property to False to not upload attachments.

OIM Complex Password Policy compatible with Active Directory

OIM.ADPasswordPolicyCompatibilityEnabled

FALSE

On setting the value of this property to TRUE, the last rule (inclusion of user ID, first name, or last name in password) of the OIG complex password policy is replaced with the Active Directory (AD) password policy (inclusion of Display Name and User Login in password). This property is applicable to all complex password policies.

OIM No Password Propagation Support

NO_PASSWORD_PROPAGATION_SUPPORT

FALSE

This property determines if the No Password Propagation Support is enabled in Oracle Identity Governance. If this property is set to true, then the access policy based password provisioning is disabled. It is recommended not to change this property value directly as it changes the Oracle Identity Governance login behavior.

Old Password Validator

OIM.OldPasswordValidator

oracle.iam.identity.usermgmt.impl.ContainerLoginPasswordVerifier

The property specifies the name of the plugin class to be used for verifying old passwords.

OMSS Enabled

OMSS Enabled

false

When the value of this property is true, OMSS integration is enabled, and the OMSS links and tabs are displayed in Oracle Identity Self Service.

Note: After modifying the value of this system property, you must restart Oracle Identity Manager server for the changes to take effect.

Period to Delay User Delete

XL.UserDeleteDelayPeriod

0

This property is used to specify the time period before deleting a user. When this property is set and a user is deleted, the user's state is changed to disabled and "automatically delete on date" is set to current date plus the delay period.

If this property is not set, then the user is automatically deleted at the expiration of the end date by the Disable/Delete User After End Date scheduled job.

Proxy User Email Notification

XL.ProxyNotificationTemplate

Notify Proxy User

The corresponding PTY_VALUE is the e-mail definition name that is sent when a proxy user is created. User gets a notification e-mail when the user is made the proxy for some other user.

ProxyDelegateEnabled

ProxyDelegateEnabled

FALSE

This property allows to manage proxy assignment type.

When you set the value of this property to TRUE and the user is assigned with proxy, then the request is assigned to both the user and proxy.

Recon Batch Size

OIM.ReconBatchSize

500

This property is used to specify the batch size for reconciliation. You can specify 0 as the value for this to indicate that the reconciliation will not be performed in batches.

Note: You must restart Oracle Identity Manager server after setting this property.

Request Notification Level

RequestNotificationLevel

0

This property indicates whether or not notification is sent to the requester and beneficiary when a request is created or the request status is changed. This property can have the following values:

• 0: The notification feature is disabled.

• 1: Notifications are sent for every change in request status.

• 2: Notifications are sent for request creation and change of status to any of the Request End statuses. Request End statuses include Request Failed and other failure related statuses, Request Completed, Request Withdrawn, and Request Closed.

• 3: Email notifications are sent only on request completion.

For request notification level 2, notifications are sent for request creation and change of status to any of the Request End statuses. Request End statuses include Request Failed and other failure related statuses, Request Completed, Request Withdrawn, and Request Closed.

Retry Count for recon event

Recon.RetryCount

5

This property determines the reconciliation retry count. The retry count value is picked up from the value of this property.

If you specify a value that is greater than 0, then auto retry is configured. If you specify 0 as the value of this property, then auto retry is not configured.

Reset Password

SSO.RESETPASSWORDONTARGETBYPASSINGCONNECTOR

False

Set this value to true and import the Active Directory (AD) certificate into Oracle Identity Governance (OIG) to improve the performance of Reset Password in AD integration.

Search Stop Count

XL.IDADMIN_STOP_COUNT

300

This property determines the maximum number of records that are displayed in the advanced search result. If the search criteria specified returns more number of records than that value of this property, then the number of records displayed is limited to this value. In addition, a warning is displayed stating that the results exceed maximum counts and you must refine your search with additional attributes.

Segregation of Duties (SOD) Check Required

XL.SoDCheckRequired

FALSE

This property indicates whether or not Segregation of Duties (SoD) check is required.

Send email notification based on user locale

XL.SendEmailNotificationBasedOnUserLocale

false

This property determines whether an email notification is sent based on the receiver's (user/manager/assignee/requestor) locale when the value is set to true. If the value is set to false, then notification is sent in the server locale.

Note: This system property has been deprecated in this release of Oracle Identity Manager.

Should send notifications in recon or not

Recon.SEND_NOTIFICATION

true

Determines if notification is sent to the user when the user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.

If the value is set to true, then notification is sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.

If the value is set to false, then notification is not sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.

Shows Revoked Accounts In the Accounts Tab

Shows tasks assigned to group users with highest priority or least load only

XL.ShowTaskAssignedToGroupUserOnly

FALSE

If the value is TRUE, then the tasks are assigned to group users with highest priority or least load only when the assignment type is Group User With Least Load.

Specifies the LDAP container mapper plug-in to be used

LDAPContainerMapperPlugin

oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper

When Oracle Identity Manager is installed with LDAP synchronization enabled, this plug-in determines in which container users and roles are to be created. Value of this system property indicates the default Oracle Identity Manager plug-in name used for computing the container values. If the default plug-in does not meet the requirement, then you can define your own plug-in to determine the container and specify the name of the plug-in in this system property.

URL for challenge questions modification

OIM.ChallengeQuestionsModificationURL

NONE

When a user is locked, an automatic unlock occurs after a prescribed time period. This property defines that time period in seconds. Therefore, for example, if a user account is locked and the value of this property is 86400 seconds (one day), then the account is automatically unlocked after one day.

The value of this property is the URL within OAAM that handles the challenge questions. For example:

http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=registerQuestions

URL for change password

OIM.ChangePasswordURL

NONE

This property is used in combination with the property OIM.DisableChallengeQuestions. The value of this property is the URL within OAAM that handles the change password functionality. For example:

http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=changePassword

User Attribute Reservation Enabled

XL.IsUsrAttribReservEnabled

TRUE

This property is used to enable user attribute reservation.

User Id reuse property.Requires dropping the index present on USR_LOGIN column

XL.UserIDReuse

FALSE

Determines whether a deleted user account can be reused. To reuse a deleted user account, assign this property a value of TRUE and drop the unique index for the USR_LOGIN column in the USR table and create a nonunique index. To prevent a user account from being reused, assign this property a value of FALSE.

Note: It is imperative to de-provision all accounts associated with a deleted user, because if you create a new user with the same user name as that of the deleted user by setting the XL.UserIDReuse property to true, then the new user might get access to offline accounts of the deleted user that was not deleted as part of the de-provisioning process.

User Language

user.language

en

The user.language value is configured during installation for Locale handling at server side.

User profile audit data collection level

XL.UserProfileAuditDataCollection

Resource Form

This property controls the user profile data that is collected for audit purpose when an operation is performed on the user, such as creation, modification, or deletion of a user, role grants or revokes, and resource provisioning or deprovisioning. Depending upon the property value, such as Resource Form or None, the data is populated in the UPA table.

The audit levels are specified as values of this property. The supported levels are:

• Process Task: Audits the entire user profile snapshot together with the resource lifecycle process.

• Resource Form: Audits user record, role membership, resource provisioned, and any form data associated to the resource.

• Resource: Audits the user record, role membership, and resource provisioning.

• Membership: Only audits the user record and role membership.

• Core: Only audits the user record.

• None: No audit is stored.

User Region

user.region

US

The user.region value is configured during installation for Locale handling at server side.

Whether or not email should be validated for uniqueness

OIM.EmailUniqueCheck

TRUE

This property is available in a deployment that has been upgraded from an earlier release of Oracle Identity Manager.

If the value of this property is FALSE, then Email Uniqueness check is not performed by Oracle Identity Manager.

If the value if TRUE, then Email Uniqueness check is performed by Oracle Identity Manager.

Note: If this property is not present, then Email Uniqueness check is performed by Oracle Identity Manager.

Width of JGRAPH CELL

XL.GTCNexawebUIColumnWidth

155

This property controls the field length of GTC mapping attributes. Default value is 155, Maximum value is upto 255.

Workflows Enabled

Workflows Enabled

TRUE

This property determines whether SOA server is turned on or turned off.

If the value of this property is TRUE, then SOA sever is turned on.

If the value of this property is FALSE, then SOA server is turned off.

Note: After setting the value of this system property, you must restart Oracle Identity Manager.

Note: Toggling between enabling and disabling workflows is not supported.

Workflow Policies Enabled

Workflow Policies Enabled

TRUE

This property determines whether approval workflows is enabled or disabled in Oracle Identity Manager. Approval workflows is used to determine if operation requires approval or not, and if approval is required, then which workflow is to be invoked.

If the value of this property is TRUE, then approval workflow is enabled.

If the value of this property is FALSE, then approval workflow is disabled.

For detailed information about approval workflow, see Managing Workflows.

XL.AlternativeReviewerIDForManager

XL.AlternativeReviewerIDForManager

xelsysadm

This property provides an alternative certification reviewer for users who do not have a manager or whose manager is disabled.

If this property is set to NULL, or if the specified alternative reviewer is disabled or does not exist, then a warning message is logged and these users are omitted from user certifications-by-manager.

OIG.DefaultTaskReassignee

OIG.DefaultTaskReassignee

SYSTEM ADMINISTRATORS

This property defines the default task reassignee to reassign tasks to other assignees when the current assignee is disabled or deleted.

By default, the value of the OIG.DefaultTaskReassignee system property is the SYSTEM ADMINISTRATORS role so that pending tasks can be reassigned to the SYSTEM ADMINISTRATORS role when a user is disabled or deleted.

When the value of the OIG.DefaultTaskReassignee system property is a manager, Oracle Identity Governance finds the closest active manager from the hierarchy if the current target assignee is disabled.

When the value of the OIG.DefaultTaskReassignee system property is a user, Oracle Identity Governance reassigns the task to the user.

When the value of the OIG.DefaultTaskReassignee system property is a role, Oracle Identity Governance reassigns the task to the role. Here, the role name as the value of the OIG.DefaultTaskReassignee system property is case-sensitive.

If Oracle Identity Governance cannot find any valid assignee, then the tasks are reassigned to the System Administrator.

It is important to set the value of this property with an active user or role. For example:

OIG.DefaultTaskReassignee=Manager

OIG.DefaultTaskReassignee=User:user1

OIG.DefaultTaskReassignee=Role:role1

OIG.BeneficiaryManagerApprovalWorkflows

OIG.BeneficiaryManagerApprovalWorkflows

default/BeneficiaryManagerApproval!4.0

When the initial target assignee is disabled, Oracle Identity Governance looks for the closest manager of the beneficiary of the request with the approval workflow specified in this system property. You can specify multiple composites with the comma separator.

OIG.RequesterManagerApprovalWorkflows

OIG.RequesterManagerApprovalWorkflows

default/RequesterManagerApproval!4.0

When the initial target assignee is disabled, Oracle Identity Governance looks for the closest manager of the requester of the request with the approval workflow specified in this system property. You can specify multiple composites with the comma separator.

This property controls whether the entitlements need to be dropped or included in the user certification when the Entitlements Outside Role option is selected during the certification definition.

The property is set to FALSE, by default, which removes the entitlements during certification.

Set the value of this property to TRUE to include the entitlements.