Prepare Your Fusion Applications for Security Audits

Introduction

In an enterprise environment it is very common that regulations require regular security audits of the computer systems. The company’s security officer is responsible for facilitating these and may request many reports from the administrators of the respective systems. Very often these reports include user activities for log in, log out, entering wrong passwords, resetting passwords, etc.

Fusion Applications provides a number of reports for many industries out of the box, but these are not targeted to the needs of a security officer and do not provide the required information for regular security audits. However, the underlying identity management components, Oracle Identity Manager (OIM) and Oracle Access Manager (OAM), come with predefined reports that provide a good starting point for your security audits.

This is the first of three articles that cover how to extend your Fusion Applications environment with these pre-packaged reports.

Types of Reports for Oracle Identity Manager

Oracle Identity Manager already takes care of logging information related to user creation, user retirement, password management events, etc. The main categories of these reports are

  • Access Policy Reports
  • Attestation Request and Approval Reports
  • Exception Reports
  • Password Reports
  • Resource and Entitlement Reports
  • Role and Organization Reports
  • User Reports

Configure Fusion Applications to Use OIM Reports

To be able to used these important and valuable reports you have to configure the BI Publisher that comes with Fusion Applications to provide them to the user. Is is quite easy and requires just a number of manual steps.

Configuration Steps

  • Log in to the Fusion Application host at the operating system level.
  • Go to FA_HOME/config/BIShared/BIPublisher/repository/Reports
  • Unzip IDM_HOME/products/app/iam/server/reports/OIM_11gR1_BIP11gReports.zip in Reports. The Reports directory should have a new directory called Oracle Identity Manager.
  • In your browser open the BI Analytics page
  • Log in as the fusion superuser.OIM_Reports_01_Login
  • Select Administration.OIM_Reports_02_Analytics_Home
  • If you see the message Maintenance Mode is currently off, click on Toogle Maintenance Mode to turn it ON.OIM_Reports_03_Analytics_Admin
  • Click on Manage BIPublisherOIM_Reports_04_Analytics_Admin_ON
  • In the list System Maintenance select Server Configuration. This will show the System Maintenance page with the System Maintenance tab selected.OIM_Reports_05_Analytics_Admin_BIP
  • Find the Catalog section and the BI Publisher repository text field. Normally, this shows a reasonable, but possibly incorrect repository path.OIM_Reports_09_Analytics_Admin_BIP_Catalog
  • Update the BI Publisher repository text field to FA_HOME/config/BIShared/BIPublisher/repositoryOIM_Reports_10_Analytics_Admin_BIP_Catalog_upload
  • To update the BI Publisher Catalog, click on the Upload to BI Presentation Catalog buttonOIM_Reports_11_Analytics_Admin_BIP_Catalog_upload_success
  • Click on Return button
  • On the Administration page select the JDBC Connection link in the Data Source section
    This brings up the Data Sources configuration screen with JDBC seleted.
  • Click on Add Data SourceOIM_Reports_06_Analytics_Admin_BIP_DataSources
  • Set Data Source Name to OIM JDBC
  • Set the Connection String with the connection details for your database
  • Set Username to Fusion OIM database schema user
  • Set Password to the password of the Fusion OIM database schema userOIM_Reports_07_Analytics_Admin_BIP_DataSources_Connection_Details
  • Click on Test Connection to validate values you just entered. On success you will find a Confirmation Connection established successfully message above the Add Data Source title.
  • Scroll down and find the Security section.
  • From the Available Roles list select BI Consumer Role and click on the Move button to move it to the Allowed Roles list.OIM_Reports_12_Analytics_Admin_BIP_DataSources_Roles
  • Now scroll up and click on the Apply button to add this new data source.
  • Click on the Catalog link.
  • In the Folders portlet expand the Shared Folders and find and expand Oracle Identity Manager
  • Click on User ReportsOIM_Reports_13_Analytics_Admin_BIP_Report_OIM_User_Reports
  • Find the Users Created report and click on Open.
  • Enter a Creation Date From of some months in the past.
  • Enter a Create Date To as of today.
  • Click on Apply
  • You should get an output now.OIM_Reports_14_Analytics_Admin_BIP_Report_OIM_User_Creation

What’s Next?

OIM reports are just the start. OAM reports for authentication and authorizaton will be the next.

Due to the increasing cloud adoption and new reporting solutions, this has been canceled. Sorry.

Comments

  1. No, not a the moment. This is a report for Administrators and administration is done by the Cloud Operations staff. You should check your contract how and when such information will be provided.

  2. Are these reports available for SaaS customers?

Add Your Comment