Identity and Access Management, Identity Governance

Difference between Project Schedule and Schedule Baseline Project Schedule and Schedule Baseline are documents which are produced during the Planning Phase of a Project. At first the Project schedule is baselined as per the information available during the Planning Phase, and this gives the Schedule Baseline. After Planning Phase the Schedule Baseline is now a published document for the Project and will be referred during the execution of the Project. Read here about Baseline Start/Finish . (This reference explains how Baseline is set in a Project. One can capture this baseline state in Microsoft Project Tool.) As the Project moves to execution phase, the Project Manager takes the Schedule Baseline as the starting point of the Project Schedule. From here on as the project proceeds, changes will be made to the Project Schedule. In other words, Project Schedule is a living document, whereas Schedule Baseline is fixed or published document. Any changes to the Schedule Baseline will requir

Oracle Access Management (OAM) 12c (12.2.1.4.0) includes the following new features: The most important feature now available in OAM 12c P S4 is the OAP protocol is over REST communication by default. This  enables the use of HTTP(S) infrastructure to route and load balance requests.  Also the Health Checks can use the  REST API to run the preconfigured tests on the servers. (see details for the new features in OAM listed below) (1) Passwordless Login Passwordless authentication allows you to bypass the standard web form based authentication when using a mobile device. For details, see Using Passwordless Authentication in Administering Oracle Access Management. (2) Dynamic Client Registration Dynamic client Registration (DCR) provides a way for the native mobile apps (Android) to dynamically register as clients with the OAuth Server (OAM). For details, see Dynamic Client Registration in Administering Oracle Access Management (3) OAP over REST Oracle Access Protocol (OAP) over REST enab

Centrally Managed Users (CMU) Centrally Managed Users or CMU is a new feature introduced since Oracle DB 18c which allows simplified database user management through integration with Microsoft Active Directory (AD). Beginning with Oracle Database release 18c, version 18.1 and later supports direct integration with Microsoft Active Directory (AD) using the new centrally managed users capability. CMU allows the Oracle database to perform user authentication and authorization directly against AD. Benefits of CMU With centrally managed users, users accessing the database can be centrally managed to improve an organization's security posture. An enterprise user (a user in Microsoft Active Directory) can be exclusively mapped to a database account, or many enterprise users (in an Microsoft Active Directory group) can be mapped to a shared account in the database. Microsoft Active Directory groups can also be mapped to a database global role, which provides users with additional privilege

10 Processes in the Executing Process Group There are 5 Process Groups as per the PMI PMBOK Guide for PMP – Initiating, Planning, Executing, Monitoring & Controlling & Closing. This post is about processes in the Executing Process Group. PMBOK 6 Executing Process Group There are now ten (10) processes in the Executing Process Group from PMBOK 6 Guide. Following is the break up of the processes among their respective knowledge areas. Integration Management Knowledge Area has 2 processes, Resource Management Knowledge Area has 3 processes, and Knowledge Areas of Quality, Communication, Risk, Procurement and Stakeholder Management have one process each for a total of 10 Processes. What is Executing Process Group? The Executing Process Group consists of the processes used to complete the work defined in the Project Management Plan to accomplish project requirements. The processes in this Group are the ones that need to be performed to complete the work defined in the project manage

How to create a user in Oracle Identity Manager (OIM)/Oracle Identity Governance (OIG) with a future "Start Date" and ensure user account is only enabled on the "Start Date" User accounts are created in Oracle Identity Manager (OIM) as users are on-boarded or join the organization. There are typical use cases when users are given a joining date or the day when a user reports to duty. The user should be able to login to the systems when he starts his duties. Hence, the user account and login should be enabled for the user so that they can successfully login to the systems. The user account should only be in the enabled or in Active state on the day user is officially supposed to start. In other words the account which has been created for the user should be in a Disabled state until the day of start. The security rule is n ever to have an active account or Entitlements for Users who are not active in the system. The user account is Active on the day user joins the or

Understanding WebLogic Server Clustering and WebLogic Domain This post gives an overview of WebLogic Server Clustering and Domains. A WebLogic architecture is composed of an Admin Server and a Managed Server. When you install WebLogic server you create a domain which has resources and the Admin server acts the admin instance which will manage, monitor, configure the resources in this domain. Each Domain can have one or more Managed servers. Managed servers are the instances where you deploy your applications. For example Oracle Identity Manager (OIM) is a J2EE application deployed on a WebLogic Managed server. So at a minimum the architecture will be composed of a WebLogic Admin server and a WebLogic Managed server on which the OIM is deployed. However for practical implementations, you would have at least two Managed servers hosting the deployed Application for high availability. The 2 Managed servers will provide continuity of operations in case one of the Managed servers is unavaila

What is Identity Assurance Level (IAL) The NIST 800-63-3 publication defines Identity Assurance Level (IAL) as the robustness of the identity proofing process to confidently determine the identity of an individual. There are 3 different levels of IAL, viz. IAL1, IAL2, and IAL3. The 800-63-3 publication sets the requirements to achieve a given IAL. The three IALs reflect the options agencies or organizations may select in their respective environments to suit their risks. The risk being the potential harm that could be caused by an adversary making a successful false claim of an identity. The three IALs are as follows IAL1 : There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the authentication process are self-asserted or should be treated as such (including attributes a Credential Service Provider, or CSP, asserts to an RP). IAL2 : Evidence supports the real-world existence of the claimed identity and verifies tha

WebGate A WebGate is a web-server plug-in for Oracle Access Manager (OAM) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization. Specifically an OHS WebGate, i.e. Oracle HTTP Server WebGate is a Web server plug-in that intercepts HTTP requests and forwards them to an existing Oracle Access Manager (OAM) instance for authentication and authorization. Installing WebGate There are two important steps for installing OHS WebGate, first is configuring the OHS WebGate and then Registering the OHS WebGate with OAM. See below  Configuring Oracle HTTP Server WebGate Registering the Oracle HTTP Server 12c WebGate with Oracle Access Manager Since 12c version, there is no need for installing WebGate separately. If you have installed OHS 12c server then WebGate comes pre-bundled with it. (In prior versions, 11g and 10g one had to first install WebGate binaries.) For overview of register/manage webgate in 12c, read   For 12c version  - Registe

Oracle EBS integration with Oracle IDCS Oracle E-Business Suite (EBS) can now be easily integrated with Oracle Identity Cloud Service (IDCS). You can read the earlier blog which provided EBS integration with OAM and OID here . However, when using Oracle Identity Cloud Service (IDCS) there is no requirement of using OAM or OID. You can integrate your on-premise EBS deployment with Oracle Cloud Identity Service. Here is a side by side comparison of the two deployment architectures - Oracle EBS integration with IDCS on left and with OAM/OID on right You don't need to configure Oracle E-Business Suite with Oracle Access Manager (OAM) Access Gate or OAM for integration with the Oracle Identity Cloud Service. Identity Cloud Service E-Business Suite Asserter replaces OAM Access Gate as the authentication mechanism for your Oracle E-Business Suite. Note: Your Oracle E-Business Suite must not be integrated with Oracle Access Manager, Oracle Internet Directory, or using any other SSO profil

Services or Applications need to be available to end users. Any interruption of services or outages needs to be minimized or if possible provide maximum availability.  Any outage of services to end users is disruptive to Business.  Outages may be Planned outages or Unplanned.  Unplanned outages can occur due to Network issues, Data corruption, Application issues etc, whereas Planned outages are typically for Application updates or patching, Data migration etc. Highly available (HA) architectures are key in providing uninterrupted or maximum available services to end user and business. Below are some references and guides that provide detailed information as to how to implement Highly available architectures or across Multiple Data Centers for Oracle Identity Governance, Oracle Identity and Access Management. Also at the end their is a guide for Disaster Recovery (DR) for Oracle Fusion Middleware 12c. Configure High Availability for Oracle Identity Governance   (OIG) Prerequisites for C

What is UPN User Principal Name (UPN) attribute in Microsoft Active Directory is userPrincipalName, and its value may be set as user's email address, though not necessarily. You can view UPN via the AttributeEditor property of a user's account in Active Directory, see below screenshot that shows Attribute name as userPrincipalName and its Value set as testuser1@DC1.example.com You can also derive the UPN from the user's Account - User logon name, in Active Directory. See below concatenation of user logon name and domain suffix - testuser1 and DC1.example.com. Concatenating these two (as shown in the screenshot below) yields testuser1@DC1.example.com which is the email address of the user. (Note in Pre-Windows 2000 the User logon name is DC\testuser1) How to view Attribute Editor in Active Directory You have to select Advanced Features (right click on the Domain Controller DC1.example.com on the left pane, click on View and then click Advanced Features) in o