OIM Connector for Identity Cloud Service

The IDCS Connector is an OIM REST based connector for Oracle’s Identity Cloud Service (IDCS). In this blog post we will look at use case scenarios for hybrid cloud solutions, that span both the Oracle Public Cloud and an on-premise Oracle identity management deployment.This blog post aims to cover the most common scenarios from an […]

Secure Access to Oracle Identity Manager 11g R2 PS3 REST APIs

REST APIs for Oracle Identity Manager (OIM) 11g R2 PS3 were released recently. The availability of REST APIs enables a variety of newer integrations with the product in addition to already available mechanisms using Java APIs. In this article, we discuss various ways of accessing these REST APIs in a secure manner. Please note that […]

Authenticating to the OIG REST API from an OAM-protected web app

The objective of this post is to describe how a web app protected by an OAM WebGate can authenticate to the OIG REST APIs. In a previous blog post, I provided detailed steps to do the same thing for the SCIM REST APIs; now in this blog post I will explain how the same approach […]

Identity and Cloud Security A-Team at Oracle Open World

I just wanted to let everyone know that Kiran and I will be presenting with our good friend John Griffith from Regions Bank at Oracle Open World next week. Our session is Oracle Identity Management Production Readiness: Handling the Last Mile in Your Deployment [CON6972] It will take place on Wednesday, Sep 21, 1:30 p.m. […]

Authenticating to OIM SCIM server using an OAM-generated SAML identity assertion

In a previous post previous post I provided a brief introduction to SCIM. In this post I’m going to dive right in and give an example of using the OIM SCIM services and securing them with OAM. Why would you want to use OIM SCIM services? There are many reasons, however I will focus on […]

Upgrading to OIM an overview

In this post I’m going to give an overview of the steps involved in upgrading to Oracle Identity Manager This is just a high-level overview, with pointers to the documentation you need to read to get the detailed steps. Classification of OIM environments For the purpose of OIM upgrade, environments can be classified as […]

Mass Reset Password -part2 – using OIM Apis

Introduction Back in November, I wrote a blog about Mass Rest Password using OID. As mentioned there, and expected for this month, Oracle is now providing the same password change feature, but now using Java OIM API. Main Article In this case, for develoment and test environments customers usually want something that they can control […]

Mass Reset Password-part1 OID

Introduction One of the great features that customers need to be aware of and it could be used, as post-process, on many different situations such as: P2T, T2P and clone is the ability to reset multiple passwords simultaneously. Imagine the customer is scaling out their environment because they need an additional UAT environment. This customer […]

OIM Access Policy Harvesting

OIM R2 PS2 delivers a long time expected functionality: access policy harvesting. This new feature adds more flexibility to OIM access policies usage. This is another post in the Oracle Identity Manager Academy from the Fusion Security Blog. for the entire post list click here. In order to understand what this new feature brings, let […]

Exposing User System Attributes in OIM 11gR2PS2 GUI Customization

Introduction Recently while working with a customer to help with an upgrade from OIM 11gR1 to 11gR2PS2, one interesting request came up regarding OIM GUI customization. The requirement was to expose some User System Attributes that in R1 were directly available in the GUI customization data but in R2 are not exposed in the GUI […]

Monitoring OIM R2 PS2 Orchestration

The OIM R2 PS2 ( release provides a great new feature: monitoring of OIM orchestration processes through Enterprise Manager console. Such feature provides the capability of querying orchestration data to check orchestration processes details. For example, you can check what happened during a user modification operation, or you can get details of failed orchestration processes, such details can […]

Logging in OIM custom code

Proper logging is one of the main considerations during custom development. This is no different in OIM projects in which custom code is being developed and deployed to OIM. Proper logging is fundamental part of development, helping in finding issues, fixing them and also in reporting relevant runtime conditions. This post shows how to leverage […]

IDM FA Integration flows

Introduction One of the key aspects of Fusion Applications operations is the Users and Roles management. Fusion Applications uses the Oracle Identity management for its Identity store and policy store by default.This article explains how user and roles flows work from different poin of views, using ‘key’ IDM products for each flow in detail. With […]

OIM monitoring check-list

Introduction Systematic monitoring of OIM deployments helps to reduce risk of both technical and security related issues. It also can help to avoid performance degradation that can happen because of data growth over time. This post presents a set of topics about OIM and WebLogic monitoring, and it presents tools that can be used for […]

OIM Reset Password Customization Example

Out-of-the-box, the OIM reset password functionality is available to system administrators, and to delegated administrators who have administrative privileges on users’ accounts and have the ‘reset password’ privilege assigned to them. The data of the user who is having his/her password reset plays no role on how this functionality is presented to delegated administrators. This […]

OIM 11g R2 Delegated Administration Model – Sample implementation (Part I)

Introduction It is a very common requirement from customers to have a delegated administration model that is not tied to the organizations where the administrators are placed. Historically, OIM only supports a one-to-one relationship between Users and Organizations. However, starting with OIM 11g R2 and the introduction of the Catalog, it is possible to publish resources […]

A checklist for OIM go live

This post presents a list of configuration points in OIM. Such list definitely must be taken into account whenever a customer is planning an OIM go-live. This list is not intended to replace the OIM documentation, instead, the idea is to complement it. It provides tips on a few topics that are not part of […]

Loading unique passwords with OIM bulk load

Introduction Using Oracle Identity Manager’s bulk load tool is a great way to load large numbers of user records into OIM in an efficient and performant way. The standard and documented usage of the tool does not make provision for the loading of unique user passwords, though. This article describes an approach that can be […]

OIM 11g R2 Performance Patch

Oracle has released a set of patches to address some performance issues in OIM 11g R2 self-service interface. Information about these patches is available in the following Oracle support note: Document 1557879.1 OIM 11gR2: Patches for Performance Issues Related to Self-service UI The note contains the details for each specific R2 release. Any customer who […]

OIM 11g R2 Self Registration with CAPTCHA

This post walks you through the fun of customizing OIM and adding a CAPTCHA solution to the self-registration page. Captcha solutions are largely used in web sites to try to prevent automated robots from registering, filling forms, sending messages and many other things. The captcha solution used is Simple Captcha and it is available here. […]