Posts

Showing posts from August, 2020

How to create a user for a future Start Date in OIM

Image
How to create a user in Oracle Identity Manager (OIM)/Oracle Identity Governance (OIG) with a future "Start Date" and ensure user account is only enabled on the "Start Date" User accounts are created in Oracle Identity Manager (OIM) as users are on-boarded or join the organization. There are typical use cases when users are given a joining date or the day when a user reports to duty. The user should be able to login to the systems when he starts his duties. Hence, the user account and login should be enabled for the user so that they can successfully login to the systems. The user account should only be in the enabled or in Active state on the day user is officially supposed to start. In other words the account which has been created for the user should be in a Disabled state until the day of start. The security rule is n ever to have an active account or Entitlements for Users who are not active in the system. The user account is Active on the day user joins the or...

WebLogic Server Clustering and Domain

Image
Understanding WebLogic Server Clustering and WebLogic Domain This post gives an overview of WebLogic Server Clustering and Domains. A WebLogic architecture is composed of an Admin Server and a Managed Server. When you install WebLogic server you create a domain which has resources and the Admin server acts the admin instance which will manage, monitor, configure the resources in this domain. Each Domain can have one or more Managed servers. Managed servers are the instances where you deploy your applications. For example Oracle Identity Manager (OIM) is a J2EE application deployed on a WebLogic Managed server. So at a minimum the architecture will be composed of a WebLogic Admin server and a WebLogic Managed server on which the OIM is deployed. However for practical implementations, you would have at least two Managed servers hosting the deployed Application for high availability. The 2 Managed servers will provide continuity of operations in case one of the Managed servers is unavaila...

Identity Assurance Level IAL and

What is Identity Assurance Level (IAL) The NIST 800-63-3 publication defines Identity Assurance Level (IAL) as the robustness of the identity proofing process to confidently determine the identity of an individual. There are 3 different levels of IAL, viz. IAL1, IAL2, and IAL3. The 800-63-3 publication sets the requirements to achieve a given IAL. The three IALs reflect the options agencies or organizations may select in their respective environments to suit their risks. The risk being the potential harm that could be caused by an adversary making a successful false claim of an identity. The three IALs are as follows IAL1 : There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the authentication process are self-asserted or should be treated as such (including attributes a Credential Service Provider, or CSP, asserts to an RP). IAL2 : Evidence supports the real-world existence of the claimed identity and verifies tha...