OIG 11G R2 PS2 Field Enablement Training · Microsoft Excel Internet Connectivity VM URLs should be...

OIG 11G R2 PS2 Training

Certification Additional Features Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class

1 | P a g e

OIG 11G R2 PS2 Field Enablement Training

Lab25-Certification Additional Features

Disclaimer: The Virtual Machine Image and other software are provided for use only

during the workshop. Please note that you are responsible for deleting them from your

computers before you leave. If you would like to try out any of the Oracle products, you

may download them from the Oracle Technology Network

(http://www.oracle.com/technology/index.html) or the Oracle E-Delivery WebSite

(http://edelivery.oracle.com)

http://www.oracle.com/technology/index.html

http://edelivery.oracle.com/



2 | P a g e

Table of Contents

OIG 11G R2 PS2 Field Enablement Training .................................................................................................. 1

1. Introduction ............................................................................................................................................... 3

2. Enabling Excel based certifications in OIM 11G R2 PS2 ............................................................................ 3

3. Configuring the client systems for Offline Certifications ........................................................................... 4

4. Creating a Simple Certification ................................................................................................................. 5

5. Completing a Certification in offline mode ............................................................................................... 9

6. Creating Event Listeners .......................................................................................................................... 13

7. Testing Event Listeners ............................................................................................................................ 21

8. Basic UI Customization ............................................................................................................................ 24

9. Point and Click Certification Reporting ................................................................................................... 33

9.1 Preparing the BI Server for OIM Reports ........................................................................................ 33

9.2 Copying the BI Publisher templates from OIM to BI Server ............................................................. 36

9.3 Generate the Reports ....................................................................................................................... 37



3 | P a g e

1. Introduction

ACME Corporation has solved its certification problems with the OIM’s solution. However, they wish to

provide the certifiers an advantage which helps them complete the certifications from anywhere, i.e.

off-network mode.

Note: For this lab OIM and SOA servers needs to be running.

Note: Make sure you have Microsoft .NET 4 framework installed on your laptop. This is used in the

offline certification using Microsoft Excel.

2. Enabling Excel based certifications in OIM 11G R2 PS2

1. Open the SYSADMIN console in a new browser window.

2. Login as ADMIN or XELSYSADM.

3. Click on Certification Configuration.

4. Check the below property.

a. Enable Interactive Excel

5. Click Save.

6. Logout and close the browser.



4 | P a g e

3. Configuring the client systems for Offline Certifications

An Excel based plug-in needs to be installed on your client machine. This plug-in works only for Windows

based machines. The following are the prerequisites for this lab.

Windows based host on which your VM is running

Microsoft Excel

Internet Connectivity

VM URLs should be accessible from host system.

Follow the below instructions.

1. A plug-in zip file in provide in the VM.

/app/software/ adfdi-excel-runtime-client-installer.zip

2. Copy this to the local machine/physical machine.

3. Unzip and install the plug-in.

a. Run the setup.exe. Follow all the instructions provided on screen to complete the instal-

lation.



5 | P a g e

4. Creating a Simple Certification

Create a sample certification to test the Excel based certification.


2. Login as ADMIN.

3. Click on Certification Definition under Certifications.

4. Click on Create.

5. Provide the following details in the first page.

a. Name: Manager Cert for IS Org

b. Type: User

c. Description: Manager Certification job for Information Systems organization.

6. Click Next.

7. For Base Selection option, choose Only Users from Selected Organizations. A new frame appears

below for organization selection.



6 | P a g e

8. Click on Add.

9. Search for Information Systems Organization.

10. From the search results, select only the parent organization.

Uncheck the Hierarcy check box

11. Click OK.

12. For Selection Constraints, leave the default options.



7 | P a g e

13. Click Next.

14. Leave the screen with default options.

15. Click on Next.

16. Update the Certification Configuration to resemble the settings shown below.

17. Click on Next.

18. For Primary Reviewer review, choose User Manager.

19. Click on Next.

20. Click on Next.

21. Verify the summary and click on Create. This creates the certification definition/schedule only.



8 | P a g e

22. Click Yes. A certification definition is created.

23. Click on Scheduler under System Management.

24. Search for the following job.

Cert_Manager Cert for IS Org

Make sure that the schedule job has run successfully.

25. Logout and close the browser.

26. Open the Thunderbird client in the VM.

27. You should see new emails to DCRANE reminding him of the certifications.



9 | P a g e

5. Completing a Certification in offline mode

Follow the below steps to complete an offline certification.

1. Login as DCRANE into IDENTITY console by using IP address (http://192.168.56.101:14000/identity) in-

stead of hostname (http://identity.oracleads.com:14000/identity).

2. Click on Inbox.

3. Open the Certification with the following name.

Manager Cert for IS Org [Danny Crane]

4. From the Actions Menu, click on Download to Editable Excel.

5. A certification is downloaded to your system. Save the File.



10 | P a g e

6. Open the Certification.

7. The certification now tries to download all the data from the server. Accept the connection re-

quest so that the data can be downloaded.

Note: If you receive error in connecting to OIM. Download the spreadsheet again. Instead of Sav-

ing the sheet, Directly choose to open. You should see the prompt mentioned above. You can

then save the Sheet.

8. Login as DCRANE when prompted.

9. Now you can see that the data is downloaded to the Excel.



11 | P a g e

10. Navigate to the Certification menu in the Excel menu. This is what has been installed from the

plug-in.

11. Observe the Decision column.

12. Make appropriate decisions on all the users.

13. Click on Save to Server from the menu.

14. Click on Continue.

15. Click OK.



12 | P a g e

16. Click on Logout from the menu.

17. Save the spreadsheet and close the Excel.

18. Navigate back to the browser window where DCRANE has logged in.

19. Click on the Manager Cert for IS Org [Danny Crane] certification.

20. You should now see that all the actions taken are reflected.

21. From the actions menu, click on Sign Off.

22. Provide the password and click OK to complete the certification.

Note: rather than signing off the certification, you may revisit the Excel and make some changes

and upload the new one to see the modifications. This is how offline certifications are achieved.



13 | P a g e

6. Creating Event Listeners


2. Login as ADMIN.

3. Click on Certification Definition under Certifications.

4. Click on Create.

5. Provide the following details in the first page.

a. Name: Event Trigger Cert

b. Type: User

c. Description: Event Trigger Cert

6. Click Next.

7. For Base Selection option, choose Only Users from Selected Organizations. A new frame appears

below for organization selection.

8. Click on Add.

9. Search for Information Systems Organization.

10. From the search results, select only the parent organization. i.e uncheck the Hierarchy check

box.



14 | P a g e

11. Click OK.

12. For Selection Constraints, leave the default options.

13. Click Next.

14. Leave Content Selection with default options.

15. Click on Next.

16. Update the Certification Configuration to resemble the settings shown below.

17. Click on Next.

18. For Primary Reviewer review, choose User Manager.



15 | P a g e

19. Click on Next. Uncheck the Generate Incremental Data checkbox.

20. Click on Next.

21. Verify the summary and click on Create. This creates the certification definition/schedule only.

22. Click Yes. A certification definition is created.

23. Click on Event Listeners under Certifications.

24. Click on Create.

25. Provide the following values.

Name Change of Status

Description When an employee moves from one organization to Infor-

mation Systems, a certification is triggered.

Certification Definition Event Trigger Cert

Event Count 1

State Active



16 | P a g e

26. Expand the Event Trigger frame.

27. Click on the sign to add a new rule.

28. Name the rule as …

CheckOrg

29. Expand the rule, to add logic.

30. Select the check box for the first row.



17 | P a g e

31. Now click on the Arrow to open the rule

32. Click on the search icon .

33. Expand the tree in the following way

a. Modified User

b. previousValue

34. Select organization.



18 | P a g e

35. Click OK.

36. Select the condition to be …

a. Isn’t

37. In the right check box, click on the search icon.

38. Expand the tree in the following way

a. Modified User

b. currentValue

39. Select organization.

40. The final condition should be as shown below.



19 | P a g e

41. Click on Add Action in the THEN block and select Call.

42. Make sure the check box is selected.

43. Click on the downward arrow next to the checkbox.

44. Select certifyThisUser from the dropdown menu.



20 | P a g e

The final rule should look like this

45. Click on Create button at the top to create the event listener.

Ensure that the checkboxes next to the IF condition and THEN sections are checked.



21 | P a g e

7. Testing Event Listeners

1. Login as ADMIN to the IDENTITY console.

2. Click on Users under Administration.

3. Click on the user Scott Anderson (SA15346) from Corporate Executive organization.

4. Navigate to the Attributes tab.

5. Click on Modify User.

6. Click on the search button next to Organization.

7. Search and Select ….

a. Information Systems

8. Click on Submit.

9. Close the tab.

10. In the User details tab, click on refresh to see that the organization is now changed.

11. Login as ADMIN into the SYSADMIN console.

12. Click on Scheduler under System Administration.

13. Search for the following job.

Certification Event Trigger Job



22 | P a g e

14. Click on Enable.

15. Modify the following values in the job.

a. Event Listener Name List: Change of Status

16. Ensure that the job is scheduled to run every day.

17. Click on Apply.

18. Click on Run Now.

19. Upon success, close the popup.



23 | P a g e

20. Open Thunderbird in the VM to see a new email sent to Scott Anderson’s Manager, System Ad-

ministrator (xelsysadm) notifying her of the newly created certification. You may login as

xelsysadm and check out the certification. This certification generated by event listner kick star-

ing the certification due to organization change of the user Scott Anderson.



24 | P a g e

8. Basic UI Customization

Add the Title attribute to the User Table on Page 1 of the certification screen. Adding this attribute to the user table will aid the reviewers in identifying and prioritizing high risk profiles. Hide the complete action. The organization has decided that they want to remove the Complete Action as it is leading to rubber stamping of access. 1. Login as DCRANE to the IDENTITY console.

Note: Ideally the administrator (admin) would do the UI customization but we would like to highlight

here that UI customization is so simple that even a business user can customize the user interface.

2. Click on the Sandbox link at the top right hand corner of the screen.

3. Click on Create Sandbox button.



25 | P a g e

4. Sandbox Name: CustomizeCertUI

Sandbox Description: Customize Cert UI

Select Activate Sandbox checkbox.

5. Click OK on the Create Sandbox Confirmation popup dialog.

6. Click on Inbox My Tasks Quarterly Cert for IS Org (or any other certification task available) to

open it.

7. Click on Customize link at the top right corner of the screen.



26 | P a g e

8. Click on View menu and select Source.

9. Click on User Login table column.



27 | P a g e

10. You will observe that column: User Login is highlighted in the Edit page.



28 | P a g e

11. Scroll down the page to search for column: Title.

12.

13. Click Edit on the Confirm Task Flow Edit popup dialog box.

14. In Component Properties: Title popup, scroll down to the bottom.



29 | P a g e

15. Check the Visible property.

Click Apply and then OK button.

16. Click on the Complete button and Edit page will bring you to commandToolbarButton: Complete.



30 | P a g e

17. Click on Edit button

18. In the Component Properties: Complete popup, scroll down to the bottom.

19. Uncheck the Visible property.



31 | P a g e

Click Apply and OK button.

20. Click on the Close button at the top right hand corner of the screen.

21. Review the changes made to the Certification UI.

The Title attribute has been added to the User Table.

The Complete action has been removed.



32 | P a g e



33 | P a g e

9. Point and Click Certification Reporting

Note: Stop the SOA Server for this section of the lab

9.1 Preparing the BI Server for OIM Reports

In order for OIM to use the BI report. The BI link needs to be configured from OIM. This is documented

in the OIM guide.

Note : This is documented in the documentation. Link below

http://docs.oracle.com/cd/E37115_01/admin.1112/e27149/managecert.htm#BABJBDAJ

1. Start the Admin Server by using startAdmin.sh

2. Login to EM using weblogic/Oracle123

3. Expand Identity & Access -> OIM -> oim(11.1.1.3.0)

4. Right click on oim(11.1.1.3.0) node and select System MBean Browser

5. Now click on the search icon and type DiscoveryConfig and search



34 | P a g e

6. Enter the BIPublisher URL is http://identity.oracleads.com:9704

http://identity.oracleads.com:9704/



35 | P a g e

7. Click on Apply at the top of the page to save the changes.

8. Now we also need to check the Credential Store Framework (CSF) has the key which contains

the admin used needed to connect to BI WebService.

9. Right click on iam_domain -> Security-> Credentials



36 | P a g e

10. Open the entry oim and you should see an entry BIPWSKey.

This has been created in the VM. Click on Edit and view the key.

The key contains the credentials of user weblogic.

Just view the entry and don’t make any changes.

9.2 Copying the BI Publisher templates from OIM to BI Server

The new 11.1.2.2.0 OIM templates needs to be copied into BI so that we can generate certification re-

ports which is new in this version.

The OIM templates are located at:

/app/Middleware/Oracle_IDM1/server/reports/oim_product_BIP11gReports_11_1_2_2_0.zip

The destination BI templates are located at:

/app/MiddlewareBI/user_projects/domains/bifoundation_domain/config/bipublisher/reposit

ory/Reports/



37 | P a g e

1. Go to destination BI directory:

2. Issue copy command as shown below

3. Now unzip the zip file by issuing the command

When you unzip the file, when asked for replacing existing file enter ‘A’ which replaces all the existing

files

9.3 Generate the Reports

1. Start the BI Server using startBIP.sh command. Wait for the BI server to start.

Navigate to /app/home/oracle/Desktop/Startup_Scripts

./startBIP.sh

Open a terminal and check its status by issuing command:

$ tail –f /app/logs/bip.log

Wait for the server to start Running



38 | P a g e

2. To configure the display of the Reports tab in the Detailed Information section of the Dashboard:

a. Log into System Console as ADMIN.

b. Under Certifications, click Certification Configuration. The Certification Configuration

page is displayed.

c. Select the Enable Certification Reports option.

d. Click Test Connection button to make sure you receive the below message:

e. Click Save.

3. Log into IDENTITY console as DCRANE.

4. Navigate to Dashboard under Certifications.

5. In the Show dropdown menu select Completed.

6. Select the row which says, Manager Cert for IS Org [Danny Crane].

7. You should be able to see in the frame below, a sub-tab named Reports.



39 | P a g e

8. Try and generate reports with different Report Type and Report Format Output Options. You can

save the reports to your laptop and view them.

Note: this feature is possible as the BI publisher is integrated into OIM. For further information

refer to documentation.


This configuration is done for you in the VM.


Date post:	06-Aug-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

OIG 11G R2 PS2 Field Enablement Training · Microsoft Excel Internet Connectivity VM URLs should be...

Documents