Oracle Identity Manager Interview Questions and Answers
Q1. What is an Identity?
An identity is the virtual representation of an enterprise resource user including employees, customers, partners and vendors. Identity Management shows the rights and relationships the user has when interacting with a company’s network
Q2.What is Oracle Identity Manager?
In computing, Oracle Identity Manager (OIM) enables enterprises to manage the entire user life-cycle across all enterprise resources both within and beyond a firewall. Within Oracle Identity Management it provides a mechanism for implementing the user-management aspects of a corporate policy.
Q3. What is Oracle identity and access management?
Oracle Identity Management, a software suite marketed by Oracle Corporation, provides identity and access management (IAM) technologies. The name of the software suite closely resembles the name of one of its components, Oracle Identity Manager.
Q4. What is an IAM tool?
Identity and access management (IAM) is a framework for business processes that facilitates the management of electronic or digital identities. The framework includes the organizational policies for managing digital identity as well as the technologies needed to support identity management.
Q5. What are the types of Reconciliation in OIM ?
- Target Resource Reconciliation
- Trusted Source Reconciliation
Q6. List the components of OIM ?
- Reconciliation APIs
- Reconciliation Engine
- Reconciliation Manager
- Remote Manager
Q7. Different Types of Event Handlers
Event Handlers are among the most common customization in OIM 11g implementations. They have been available in OIM for a long time, but with 11g and its new frameworks, they certainly are becoming even more popular.
The main types of Event Handlers are:
- Pre-Process: triggered BEFORE the actual transaction is executed
- Post-Process: triggered AFTER the actual transaction is executed, but within the transaction
- Validation: triggered BEFORE the actual transaction starts and can prevent the transaction from happening if the validation fails
Q8. What is the purpose of rule designer?
Use this form to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters
Q9. What is purpose of Reconciliation Manager?
You can look here for recon data once reconciliation is complete. You can determine whether event received and linked for not.
Q10. Mention the Connector components in OIM ?
The following components are created when you deploy a connector:
- Reconciliation Field Definitions
- Reconciliation Field Mappings
- Reconciliation Rules
- Reconciliation Action Rules
- Reconciliation Provisioning Tasks
- IT Resource
- IT Resource Type
- Lookup Definitions
- Scheduled Tasks
- Resource Object
- Process Form
- Provisioning Process, Process Tasks, and Adapters
Q11. Difference between OIM 10g and OIM 11g
- 10g Request Management has been replaced by SOA composite which has a customized schema accommodating BPEL and Human Task.
- Reconciliation engine has been re-written in 11g to enhance the performance by introducing the cache mechanism.
- OES libraries are used as an authorization engine unlike 10g had its own object vs view based authorization.
- Plugin services platform is introduced in 11g to have easy customization in place which can be some what mapped to entity adapter functionality in 10g.
- Groups in 10g are now called as Roles in 11g with some modifications which makes it like ldap roles.
|OIM 10g||OIM 11g|
|Reconciliation Manager in Design Console||Event Management in Admin Console.|
|Object Form||Request Dataset|
|Creation of new IT Resource from Design/Admin Console.||Creation of new IT Resource from Admin Console.|
|Struts based UI.||ADF based UI.|
|Approvalworkflow creation from Design/Admin Console||Approval workflow creation from IDE using SOA Plugin.|
|Custom workflow engine||Using BPEL as workflow engine.|
|No Notification Tasks||Notification tasks which are separate from Schedule Task’s jobs.|
|No Approval Policies.||Approval Policies|
|No Need of BI Publishers.||Need BI Publisher for OOTB reporting.|
|No need of RCU (Repository Creation Utility)||Need of RCU (Repository Creation Utility)|
|No concept of Request Template.||Request Template for controlling the Attributes of the request.|
|Entity Adapters on User Form.||Event Handlers on user form.|
|Support only old APIs.||Support old and new APIs.|
Q12. What are the benefits of Identity Management?
Centralized auditing and reporting – Know who did what and report on system usage.
- Reduce IT operating costs – Immediate return on investment is realized by eliminating the use of paper forms, phone calls and wait time for new account generation and enabling user self service and password management.
- Minimize Security Risk – Control access to the network and instantaneously update accounts in a complex enterprise environment including: layoffs, acquisitions, partner changes, temporary and contract workers.
- Improved quality of IT services
- Legal compliance – Many government mandates require secure control of access.
Q13. Explain the Architecture of Oracle identity Manager?
The Oracle Identity Manager architecture consists of three tiers
Tier 1: Client: The Oracle Identity Manager application GUI component reside in this tier. Users log in by using the Oracle Identity Manager client.The Oracle Identity Manager client interacts with the Oracle Identity Manager server, providing it with the user’s login credentials.
Tier 2: Application Server: The second tier implements the business logic, which resides in the Java Data Objects that are managed by the supported J2EE application server (JBoss application server, BEA WebLogic, and IBM WebSphere). The Java Data Objects implement the business logic of the Oracle Identity Manager application, however, they are not exposed to any methods from the outside world. Therefore, to access the business functionality of Oracle Identity Manager, you can use the API layer within the J2EE infrastructure, which provides the lookup and communication mechanism.
Tier 3: Database: The third tier consists of the database. This is the layer that is responsible for managing the storage of data within Oracle Identity Manager.
Q14. What is Adapter? What Adapters available in OIM?
An adapter is a Java class that is created by an Oracle Identity Manager user through the Adapter Factory.
Process Tasks adapters – automate completion of a process task and are attached to a Process Definition Form ( AD user, OID User, etc)
Entity Adapter – automatically populates a field on the OIM User form or custom User Form on pre-update, pre-delete, pre-insert, post-insert, post-update, or post-delete
Pre-Populate Adapter – specific type of rule generator attached to a user-created form field that can automatically generate data to the form but does not save that data to the OIM database but does send that information to appropriate directory user object. The data can come from manual entry on a form or from automated entry from the OIM defined forms.
Rule Generator – can populate fields automatically on an OIM form or a user-created form and save to the OIM database based on business rules
Task Assignment Adapter – automates the assignment of a process task to a user or group
Q15. What is Form Version Control Utility (FVC) and why it is used?
Process forms and child forms are used to hold account data of OIM Users. You can upgrade a form by adding, modifying, or removing fields on the form. For example, as part of an upgrade operation, you might add the Hire Date field and remove the Country of Origin field from a form. In addition, fields might be moved from the parent form to the child form. The Oracle Identity Manager Form Version Control (FVC) Utility facilitates the management of form data changes after a form upgrade operation.
The FVC Utility is a command-line utility that works directly on the Oracle Identity Manager database. When you install the Oracle Identity Manager Design Console, the utility is present in the OIM_DC_HOME directory. You use a properties file to specify the form data updates that the utility must perform. The utility supports field mapping and data updates on a provisioning process form and its associated child forms
Q16. What is Oracle Identity Manager Roles?
An Oracle Identity Manager role is used to define the access rights that an entity may have. These defined roles use unique role names to differentiate them within the Oracle Identity Manager environment. A role may be associated with one or more access rights to Oracle Identity Manager Function. For example, a single role enables a user to create other Oracle Identity Manager user accounts and manage a specific organization. Roles determine the links and menus that are available to users when they log in to the console.
Roles assigned to organizations determine the access rights that members of that organization inherit. Users may also be directly assigned to a role instead of inheriting the role through the organizational structure. As with organizations, roles can be organized into a hierarchical structure.
This hierarchical structure enables roles to inherit access rights from other roles, creating parent and children roles.
Roles are closely related to Access Rights of users to use the Resources
Q17. Explain Role Category?
Roles can be grouped into a category, organizing the roles for the purpose of navigation and authorization. Two categories exist by default in an out-of-the-box installation of Oracle Identity Manager:
• OIM Roles: The OIM Roles category contains the list of predefined roles that exist in Oracle Identity Manager by default. These roles are primarily used for managing permissions and access rights to menu items, links, and buttons within the Oracle Identity Manager environment.
• Default: Any roles created within Oracle Identity Manager that are not assigned to a category at the time of creation are assigned to the Default category by default. Create role categories to organize the custom roles to be created for managing organizations.
Q18. What is Adapter? What Adapters available in OIM?
An adapter is a Java class which helps in automation of process within OIM and is created by an Oracle Identity Manager user through the Adapter Factory.
• Process Tasks adapters – automate completion of a process task and are attached to a Process Definition Form (AD user, OID User, etc)
• Entity Adapter – automatically populates a field on the OIM User form or custom User Form on pre-update, pre-delete, pre-insert, post-insert, post-update, or post-delete
• Pre-Populate Adapter – specific type of rule generator attached to a user-created form field that can automatically generate data to the Process form but does not save that data to the OIM database but does send that information to appropriate directory user object. The data can come from manual entry on a form or from automated entry from the OIM defined forms. OIM INTERVIEW QUESTIONS September 29, 2014 Created By: Ritesh Maddala Page 14
• Rule Generator – can populate fields automatically on an OIM form or a user-created form and save to the OIM database based on business rules
• Task Assignment Adapter – automates the assignment of a process task to a user or group.
September 20, 2019
January 29, 2019
May 26, 2018