Application Instance Post Delete Processing Job

This scheduled task is used to revoke, delete, or decommision applicaion instances that have been soft-deleted. It can be run in the following modes:

• Revoke: Deletes the provisioned accounts from the target system after the application instances has been deleted

• Delete: Hard-deletes the accounts from all provisioning tasks and targets, and subsequently from Oracle Identity Manager

• Decommission: Changes the account status to Revoke without keeping the accounts in Oracle Identity Manager in provisioned state

None

Yes

Application Bulk Create

This scheduled task is used to seed Application and Instance Application in bulk. There is no default job for this scheduled task however, you can create job using this task.You need to provide directory path of list of Application and Instance Application Template.

Template will be processed as per below convention:

• All template that does not contain Base Application Name are processed on priority and such templates are eligible for new Application. Such Applications will be created in sequence from job.

• All template that contains Base Application Name are eligible for Instance Application. All such template are processed asynchronously.

Template Directory and Archive Directory

Yes

Application Template Generation Job

This scheduled task is used to generate the template for applications that are created through connector installer or if there is a upgrade. The generated templates are stored in internal database table, which is used to manage the application from Application Tab in Identity Self Service.

Application Names: A list of comma separated application instance names for which templates have to be generated.

Generate in Bulk: If set to Yes, template is generated for all application instances which are not Deleted. If Generate in Bulk is set to Yes, then Application Names should not be set. Default value is No.

Yes

Attestation Grace Period Expiry Checker

This scheduled task delegates the attestation process after the grace period expires.

None

Yes

Automated Retry of Failed Async Task

This scheduled task retries Async Tasks (JMS Messages) that have failed. If the execution of the task succeeds, it is removed from the list of failed tasks. If it fails, the retry count is incremented. The maximum number of times a Failed Task is retried is determined by the 'maxRetries' defined for that task in async-messaging.xml.

None

Yes

Automatically Unlock User

This scheduled task automatically unlocks a user after the specified number of days. This job supports job frequency in days, minutes, and hours. As password policy in supports lockout duration in minutes, It is recommended to keep the frequency of this scheduled job in minutes.

None

Yes

Bulk Load Archival Job

This scheduled task cleans up the processed entries in the Oracle Identity Manager Database staging tables used during bulk load post processing.

• Archival Date: This attribute specifies the date up to which the records will be purged. It must have a value. The format is ddMMyyyy or MMM dd, yyyy.

• Batch Size: Database records are cleaned up in batches. This attribute specifies the size of the batch and must have a value. The default is 1000.

No

Bulk Load Post Process

This scheduled task starts post processing jobs for the Bulk Load Utility.

• Batch Size for Processing Records: User records are processed in batches. This attribute specifies the size of the batch and must have a value. The default is 500.

• Generate Password: This attribute specifies whether a password will be automatically generated when users are created with the Bulk Load Utility. It must have a value of Yes or No; the default is Yes.

• Ldap Sync: This attribute specifies whether users created in Oracle Identity Manager using the Bulk Load Utility will also be created in the LDAP repository in an LDAP enabled environment. This attribute must have a value of Yes or No; the default is No.

• Notification: This attribute specifies whether users created using the Bulk Load Utility will be notified with an email. It must have a value of Yes or No; the default is Yes.

• Process User Ids: This attribute specifies the range of user keys (in the Oracle Identity Manager Database) that need to be processed. The keys are associated with the users created using the Bulk Load Utility. It defines a range from start (From:) to finish (To:).

No

Catalog Synchronization Job

The scheduled task is used to harvest roles, application instances, and entitlements into the catalog. It is also used to load catalog metadata.

Yes

Certification Event Trigger Job

This scheduled task is responsible for running event listeners against the set of user modification events that have occurred in the system. All event listeners will be executed by default if none are listed in the Event Listener Name List parameter.

See Configuring Event Listeners and Certification Event Trigger Jobs in Performing Self Service Tasks with Oracle Identity Governance for more information.

Event Listener Name List: This is a comma-separated list of event listeners to be evaluated. If no value if specified for this attribute, then all event listeners will be evaluated.

No

See Accessing Pre-Upgrade Certifications in the Dashboard in Performing Self Service Tasks with Oracle Identity Governance for information about populating pre-upgrade certifications in the Dashboard by running this scheduled job.

• Batch Size: Number of certifications to process in a thread.

• Number of Concurrent Threads: Number of processing threads used by Certification Maintenance Job for parallel processing. This attribute should be updated depending on the OIM host capabilities and performance requirements.

Certification Comments Mining Job

This schedule job computes and store the latest comments for each entity line item from last completed certification if available or from the request justification.

No

DataCollection Scheduled Task

This scheduled task is used to populate data from Oracle Identity Manager operational tables to the staging tables in an offline manner. The scheduled task is set to run manually, and is triggered when Oracle Identity Analytics (OIA) invokes the DataCollectionOperationsIntf->startDataCollection API.

None

Yes

Delayed Delete User

This scheduled task automatically deletes the user whose delete date is before the start of today.

The XL.UserDeleteDelayPeriod system property indicates the number of days after which the user is to be deleted. When the administrator deletes a user, the user is marked in the Disabled state, and the user's 'Automatically Delete On' date is set for the future date after the number of days indicated in the XL.UserDeleteDelayPeriod system property.

This scheduled task finds all such users for whom the 'Automatically Delete On' date is less than the start of today. All those users are marked as Deleted.

For example, Jane Doe is a user with '2014-03-24 01:55:00' as the 'Automatically Delete On' date, and John Doe is a user with '2014-03-25 18:55:00' as the 'Automatically Delete On' date. When the scheduler is run on '2014-03-25', only Jane Doe is deleted. John Doe will be deleted when the scheduler runs on '2014-03-26'.

Note: See Default System Properties in Oracle Identity Governance for information about the XL.UserDeleteDelayPeriod system property.

Note: Oracle recommendation is to run this scheduled task once per day.

None

No

Deleted User Account Clean Up Job

This scheduled task removes sensitive data of deleted users, such as user attributes and account data.

User Login(s): This is a comma-separated list of deleted user login(s). If this list includes any active user, then an error message is displayed. Check the diag_log and diag_log_dtls tables for details.

For diagnostic logging and debugging information during or after the scheduled task execution, see 19c Using PL/SQL Unified Diagnostic Logging and Debugging Framework Framework.

No

• Application Name: Use this field to specify the name of the application.
• Nested Object Name: Use this field to identify the name of the nested group object.

  Example: Use groups for AD target.

• Number of Threads: Use this attribute to specify the total number of threads.

Disable/Delete User After End Date

An end date is defined when a user account is created. This scheduled task disables user accounts for which the end date had passed the current date at the time when the task is run.

Note: Oracle recommendation is to run this scheduled task every 30 minutes or 1 hour.

None

Yes

Enable User After Start Date

A start date is set when a user account is created. This scheduled task enables user accounts for which the start date has passed, and the user status is Disabled Until Start Date. These users are enabled thorough this scheduled task, thereby making the users ACTIVE.

None

Yes

Entitlement Assignments

This scheduled task populates Entitlement Assignment schema from child process form table whose field, Entitlement is marked as true.

RECORDS_TO_PROCESS_IN_BATCH: Number of records to process in a batch.

No

Entitlement List

This scheduled task populates Entitlement schema from the lookup table whose child process form field Entitlement is marked as true.

Auto Publish: When the value of this field is true, the entitlement is automatically published to the organization that is already part of the application instance. The default value of this field is true.

If the value is false, then the entitlement is not published to the organization that is already part of the application instance.

No

Entitlement Post Delete Processing Job

This scheduled task is used for post-processing of entitlement soft deletion in the provisioning component. It is used to revoke or delete entitlements that have been soft-deleted. It can be run in the following modes:

• Revoke: Revokes the entitlement-grant for all the accounts in Oracle Identity Manager, which have that specific entitlement granted.

• Delete: Hard-deletes the entitlements from the UD_CHILD table.

Irrespective of the mode, the entitlement grant entry is removed from the ENT_ASSIGN table.

None

Yes

Evaluate User Policies

This scheduled task evaluates the access policies.

Number of Threads: Use this attribute to specify the total number of threads that will process re-evaluation.

The default value is 20.

Batch Size: Use this attribute to fetch number of records from the database to be processed in one iteration.

The default value is 500.

Time Limit in mins: Use this attribute to specify time in minutes, after which the schedule task will stop.

By default, this attribute is not specified and disabled. You must enable and configure the time.

Yes

Form Upgrade Job

This scheduled task updates the form version to the latest active version and the form data to the value specified during the field's creation for all accounts.

Note: If this scheduled task is not run, then the form version and data will be incorrect in the audit snapshot and the reporting tables.

• Application Instance Name: Name of the application instance. The default value is "ALL."

• Batch Size: Use this attribute to fetch number of records from the database to be processed in one iteration. The default value is 500.

Yes

Get SOD Check Results Approval

This scheduled task gets back the result of SoD Evaluation from the SoD Server, for example, OAACG, SAP, and GRC for all requests waiting for SoD Check results. It reflects the SoDCheckResult and violation in appropriate dataset attributes. It will pick up all requests that are in 'SoD check result pending' state and mark them as 'SoD check completed'.

None

No

Get SOD Check Results Provisioning

This scheduled task gets back the result of SoD Evaluation from the SoD Server, for example, OAACG, SAP, and GRC for all pending SoDCheck provisioning tasks. It reflects the SoDCheckResult and violation in appropriate process form attributes.

None

No

• Application Name: Use this field to specify the name of the application.
• Object Type: Use this field to identify the type of the object.

  Example: Object Type = Group

• Parent Attribute Name: Use this field to specify the name of the parent groups.

  Example: Parent Attribute Name = memberOf for AD target

• Attribute Name: Use this field to specify the attribute name.

  Example: Attribute Name = __NAME__

• Form Name: Use this field to specify the name of the form.

  Example: Form Name = groups

• Application Name: Use this field to specify the name of the application.
• Nested Object Name: Use this field to specify the name of the nested group object name.

  The value for Nested Object Name is groups for AD target.

• Number of Threads: Use this field to specify the number of threads to be used while calculating and assigning or revoking the indirect entitlements.

Batch Size: Number of violations to process in a thread.

Number of Concurrent Threads: Number of processing threads used by Identity Audit Maintenance Job for parallel processing. This attribute should be updated depending on the OIM host capabilities and performance requirements.

Identity Audit Scan Cleanup

This scheduled task processes existing detective scan runs and purges old data from the tables used to store history of users and policies connected with the scan runs. Records are purged from the IDA_SCAN_RUN_POLICIES and IDA_SCAN_RUN_USERS tables.

To retain the history, enable the job and schedule it to run periodically based on the activity in the system.

Number of Threads: Use this field to specify the number of threads to be used while running a scan cleanup job. Default value is 4.

Scan Run Batch Size: Use this field to specify the number of scan run entities per batch for a single processing thread. Default value is 20.

No

Issue Audit Messages Task

This scheduled task fetches audit message details from the aud_jms table and sends a single JMS message for a particular identifier and auditor entry in the aud_jms table. An MDB processes the corresponding audit message.

Max Records: Use this attribute to specify the maximum number of audit messages to be processed for a specified scheduled task run. The default value of this attribute is 400.

Yes

Job History Archival

This scheduled task is designed to archive/purge entries for Job History.

Archival Date: Use this attribute to specify date till which the records need to be archived/purged. Supported archival date format is ddMMyyyy.

Batch Size: Use this attribute to specify the size of a batch in which the records must be processed.

Operation Type: Use this attribute to specify the operation type. This attribute can have two possible values, Archive and Purge.

The default value is Archive.

No

Non Scheduled Batch Recon

This scheduled task tries to process all the events created by non scheduled task based connectors such as PeopleSoft. Such connector created events are in either Event Received State or Data Received State, they only get processed if the batch size specified by the set of events is reached or via this scheduled task. This task executes as per settings to pick up all the unprocessed non scheduled task based events and submits them to the reconciliation engine for processing.

None

No

OIM Certification Purge Job

This scheduled task is used to purge data from the certification tables. It provides for some critical parameters to be specified or configured (although default values are available for these), such as retention period, run duration, and purge criteria, for online and continuous purge of data in the background.

For information about the user-configurable attributes, see Configuring Real-Time Certification Archival and Purge Job.

No

OIM Data Purge Job

This scheduled task is used as a single unified interface for archive/purge of data for the Requests, Reconciliation,Provisioning Tasks, and Orchestration entities. It provides for some critical parameters to be specified/configured (although default values are available for these), such as retention period, run duration, and purge criteria, for online and continuous purge of data in the background.

Note: By default, the OIM Data Purge Job scheduled job is seeded in the enabled state with a retention period of 90 days. You must revisit the job parameters to disable or to change the purge interval as required.

For information about the user-configurable attributes, see Configuring Real-Time Purge and Archival.

Yes

No

Password Expiration Task

This scheduled task sends e-mail to users whose password expiration date had passed at the time when the task was run and then updates the USR_PWD_EXPIRED flag on the user profile.

Email Definition Name: Name of the email definition created in the Design Console for sending password expired notification to the user. The default value is "Password Expired".

Yes

Password Warning Task

This scheduled task sends e-mail to users whose password warning date had passed at the time when the task was run and then updates the USR_PWD_WARNED flag on the user profile.

Email Definition Name: Name of the email definition created in the Design Console for sending password expiration warning notification to the user. The default value is "Password Expiration Warning".

No

Process Pending Role Grants

This scheduled task is responsible for processing of future role grants. It grants the role for which start date has reached and revokes the role if role grant end date has reached. This task is scheduled to run daily.

None

Yes

Reconciliation Retry Scheduled Task

This scheduled task processes the failed reconciliation event for the users whose status is set as Failed.

None

Yes

Refresh Materialized View

The materialized view is used to generate reports related to reconciliation. This view needs to be updated periodically (at a specified interval, for instance, once a day).

None

No

Refresh Organization Memberships

This evaluates the organization memberships and assigns users to organizations based on rules. This job evaluates all the organizations whose membership rules have changed since the last job run and their immediate evaluation have not been opted by the administrator.

None

Yes

Refresh Role Memberships

This evaluates the role memberships and assigns users to roles based on rules. This job evaluates all the roles whose membership rules have changed since the last job run and their immediate evaluation have not been opted by the administrator.

None

Yes

Remove Audit Log Entries

This scheduled task is used to permanently remove audit log events which are older than a specified number of days. On job completion, the scheduled task will add a single audit log event in AUDIT_EVENT table recording the number of records removed from the database, the job return code, and an error message if the job fails.

For more information on how to control audit data growth in Lightweight audit framework, see About Audit Data Growth Control Measures in Lightweight Audit Framework.

• Batch Size: The number of records to be removed as a batch. Default value is 500.

• Maximum Job Duration (in Mins): Default value is 30 minutes.

• Remove Audit Log Events older Than (in days): Audit events whose date is older than this value will be permanently deleted from the audit event table. Default value is 180 days.

Yes

Remove Open Tasks

This scheduled task removes information about open tasks from the table that serves as the source for the list displayed in Oracle Identity System Administration.

Day Limit

Number of days for which information about an open task should be retained in the table before the information is deleted

By default, this attribute is not specified and disabled. You must enable and configure the time.

No

Request Execution Scheduled Task

This is a periodic scheduled task searches for requests with status "Request Awaiting Completion" and moves requests forward to the next stage "Operation Initiated" if the effective date set during the request submission is prior or equal to the current date.

Job Periodic Settings: Use this attribute to specify the time interval for the scheduled task to be run.

The default value is 6 hours.

Yes

Resubmit Uninitiated Approval SODChecks

This scheduled task tries to initiate SoD Check for pending requests, which have SoDCheckStatus as "SoD check not initiated" or "SoD check completed with error". The pending requests are the ones for which SoD initiation failed in first try and are pending for some level of approval.

None

No

Resubmit Uninitiated Provisioning SODChecks

This scheduled task tries to initiate SoD Check by submitting a JMS message for all pending SoDCheck provisioning tasks. The SoD Check initiation may have failed because of SoD server being down at the time of entitlement add/update via direct provisioning.

None

No

Retry Failed Orchestrations

This scheduled task retries all failed orchestrations based on the attribute values provided. If there is no parameter value defined, no orchestration will be retried.

• Orchestration ID: This attribute takes a comma separated list of Orchestration Ids to be retried.

• Entity Type: Orchestrations submitted for the given Entity will be retried.

• Operation: Orchestrations submitted for given Operation will be retried.

• Stage: Orchestrations on the given stage will be retried.

• From Date: Orchestrations submitted after the given date will be retried. The format is ddMMyyyy or MMM dd, yyyy.

• To Date: Orchestrations submitted before given date will be retried. The format is ddMMyyyy or MMM dd, yyyy.

No

Retry Reconciliation Batch Job

This scheduled task is used to re-process batches with the 'Ready for Processing' status.

Batch ID: This is the comma-separated ID of the batches to be retried.

No

Risk Aggregation Job

This scheduled task is used for calculating the risk summary value for users, roles, and accounts based on their item-risk and risk-factor levels as defined in the system

Note: See About Risk Aggregation and Risk Summaries in the Performing Self Service Tasks with Oracle Identity Governance for more information.

• Number of Concurrent Threads: Use this attribute to specify the number of threads that process risk aggregation.

• User Batch Size: Use this attribute to specify the number of users that must be processed in each thread.

No

Run Future Dated Reconciliation Events

This scheduled task processes the current dated reconciliation event for the users whose status is set as Deferred.

None

No

Set User Deprovisioned Date

A deprovisioning date is defined when a user account is created. For users whose deprovisioning date had passed at the time when this scheduled task was run, the task sets the deprovisioned date as the current date.

None

Yes

Set User Provisioned Date

This scheduled task sets the provisioned date to the current date for users for whom all of the following conditions are true:

• The provisioning date is in the past.

• The deprovisioned date has not been set.

• The deprovisioning date has not been reached or is NULL.

None

Yes

Seed Home Organization

This scheduled task evaluates and updates organization data for existing users based on configured Home Organization Policy. For more information, see Managing the Home Organization Policy.

Ensure that Home Organization Policy rule for organization evaluation is configured correctly, and the organization should already exist in Oracle Identity Manager.

This job can be run for environments that are based on LDAP synchronization. For information about LDAP synchronization, see Enabling LDAP Synchronization in Oracle Identity Manager in Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite.

Example scenario for LDAP synchronization: During first time identity data sync from the directory server to Oracle Identity Manager, you want to sync organizations based on a rule, which is based on, say department number. To do so:

1. Run the User Create/Update Full Reconciliation scheduled job. This creates users with default organizations provided within the job parameter.

2. Create a home organization rule, and run the Seed Home Organization scheduled job with Reset Home Organization option as Yes. This overwrites organizations based on the configured rule.

Note: Run the Seed Home Organization scheduled job with Reset Home Organization option as Yes with caution because organizations will be overwritten.

Batch Size: Use this attribute to fetch number of entries from the persistent store in each query.

Reset Home Organization: Use this attribute to determine if the organization value of default users will be re-evaluated and overwritten. Select one of the following options:

• No: If the requirement is to set the organization value for users that do not have any value.

• Yes: If the requirement is to reset the organization value for all users. This re-evaluates and overrides the organization value for all nondefault users. This option re-evaluates the rule for all existing user data and resets the organization value. If you run the scheduled job with this option selected, then data will be overwritten. The No option is the default for this scheduled job.

No

Sunrise of Accounts and entitlements

This scheduled task sets the status of an account to ENABLE when the start date of the account is reached.

In the case of entitlements, this scheduled task grants an entitlement to an account when the start date of the entitlement is reached.

Note: This task impacts only the accounts and entitlements provisioned directly or through a request.

• Application Instance Name: Name of the application instance. The default value is "ALL."

• Max Execution Time: Use this attribute to specify time in minutes, after which the schedule task will stop. The default value is empty.

• Process Entity Types: Use this attribute to specify whether the task should process accounts or entitlements. The default value is "ALL."

Yes

Sunset of Accounts and entitlements

This scheduled task sets the status of an account to REVOKE or DISABLE when the end date of the account is reached.

In the case of entitlements, this scheduled task revokes an entitlement from an account when the end date of the entitlement is reached.

Note: This task impacts only the accounts and entitlements provisioned directly or through a request.

• Account Sunset Action: Use this attribute to specify whether the status of the accounts should be set to REVOKE or DISABLE. The default value is REVOKE.

• Application Instance Name: Name of the application instance. The default value is "ALL."

• Max Execution Time: Use this attribute to specify time in minutes, after which the schedule task will stop. The default value is empty.

• Process Entity Types: Use this attribute to specify whether the task should process accounts or entitlements. The default value is "ALL."

Yes

Task Escalation

This scheduled task escalates pending tasks whose escalation time had elapsed at the time when the scheduled task was run.

None

Yes

Task Timed Retry

This scheduled task creates a retry task for rejected tasks whose retry time has elapsed and whose retry count was greater than zero.

None

Yes

Update Accounts with App Instance Job

This scheduled task is used to ensure that application instance keys are populated for all entries in the OIU table.

In some instances, the application instance might not be available when the account is provisioned. This is possible when:

• Oracle Identity Manager is upgraded, when app_instance_key is to be populated for all the existing entries in the OIU table.

• Accounts are brought in via reconciliation, but the application instances are not available when the accounts are reconciled. The application instances are created after the reconciliation.

• Accounts are provisioned via access policies, but the application instances are not available when the accounts are provisioned. The application instances are created after the provisioning.

The Update Accounts with App Instance Job scheduled task checks all the entries in the OIU table corresponding to the resource objects that have a null app_instance_key. It attempts to determine the application instance key based on the obj_key and the IT Resource instance value in the process form. If the scheduled task finds an application instance corresponding to the obj_key and IT resource instance value, then it updates the app_instance_key in the OIU table.

None

Yes

User Operations

This scheduled task performs the operation specified by the UserOperation attribute on the user account specified by the UserLogin attribute.

• UserLogin: User ID of the user account.

• UserOperation: Operation that you want to perform on the user account. The value of this attribute can be ENABLE, DISABLE, or DELETE.

No

User Password Upgrade Task

This scheduled task is used to enable the No Password Propagation Support feature in OIG by setting the value of the No Password Propagation Support system property to True.

• Batch Size for Processing Records: User records are processed in batches. This attribute specifies the size of the batch and must have a value. The default is 500.

• Status for initiating the task: This task is executed if the value of the status is INITIATE. After the job is run successfully, this is changed to STOPPED. It is recommended not to change this status or run this job again. This job changes the login behavior of OIG, hence it should be executed with prior consultation.

No

User Profile Audit Compression

This job compresses the uncompressed user profile audit data and reduces the size of UPA table.

• Number of Threads: The number of threads to be executed during the job run. This is a required parameter and the default value is 2.

• Batch Size: The size of the batch for the job run. This is a required parameter and the default value 1000.

• Time Limit in mins: Time for which you want to run the job. This is an optional parameter and the default value is 90.

See Legacy Audit Data Compression for information about user profile audit data compression.

No