OIM – password history of the users in OIM


How can we retrieve user password change history from OIM database directly, like ?

1. when user password got changed?
2. Who changed the password to whom ?
3. How many attempt was made to change the password ?

Ans :

For 1 and 2, you can find this info in PWH table.
For 3 is more complicated, but you can start from ORCHPROCESS table and look for change password orchestrations for that user.

OIM/IdM Interview Questions

# Port numbers of db, oim, admin server, soa and oud server
# oim implementation steps. please elaborate. 
# what is boot.properties file
# How do we start weblogic admin, oim and soa server.
# What is the path of domain home, where we can check the logs.
# How do we run the bulk report.
# What are all the urls ( oim, and soa )
# Where is the config file of weblogic admin server is located.
# How do we create a user, role and organization in oim.
# What is provisioning process, give example .
# What is a target system.?
# What is entitlement.
# How do we start OUD Server?
# Why do we need and OUD Server? 
# What is the backend of OIM Server? 
# If we create a user in OIM, where it will get stored? 
# Please explain the use of SOA, why do we need them? 
# What is the an application Instance?
# What is a resource object? 
# How do we install a connector? 
# What is the purpose of creating a sandbox? 
# Is it possible to search an OUD user via command line? 
# What are different types of logs within oim? 
# How do we deploy a soa composite? Please explain the steps involved? 
# Why do we use RCU? 
# Can please walk me through with System admin consoles? What are the different components? 
# What is catalog? 
# Please let me know a couple of out of the box schedulers in OIM?
# Why do we request an account in target system? 
# What is an access policy? 
# If we have choice to implement validation on particular field what approach we need to follow. (UI Validation, update dev starter pack or Validator Plugin)
# Step to write preprocess plugin and post process plugin
# What is USR_PROCESS_TRIGGERS lookup and when do we need this?
# How to create custom attribute in OIM?  And to populate those attribute in OIM Create User form and Modify User form, which bean we need to select?
# How to create a schedule task? Explain step by step.
# How to create custom UserLoginGenerationPlugin and how to configure it?
# How to create groovy based connector for database?
# What is child table and when child table needs to be configured?
# How to delete the user defined attribute from oim ?
# Suppose we have created one custom attribute in oim of type Text and later we want to make same attribute a Drop Down, how to achieve that?
# How to move user from one organization to other using OIM API?
# Suppose oim is integrated with any target system and customer wants that in target system user_login should be prefixed with some value, how to achieve that?
# And user_login supposed prefixed with some value in target system and customer wants that reconciliation user matching workflow should work based on user_login attribute only then how to achieve reconciliation? Because user_login in oim is different than user_login in target system.
# Customer wants to reset password for 1000 users in bulk, how to achieve using bulk utility?
# What are the default validators provided by ADF framework? And how to use that?
# We want to create separate “Create Contractor” link, what are the steps we require to create the link and how a user creation process should be linked with it?
# As we know that "Access Policy" is available only on sysadmin page, but customer wants that link to be available on “Identity” page, how to achieve that?
# In create user page,  in first name text field we want user to put any character(small and capital) but before submitting we want value to be set as Capital letter, how to achieve that without bean change on client side?
# What are the basic functionalities of a connector? 
# What is ICF Framework? 
# What is OIM Object Model?
# What is the difference between Agent-based vs. Agent-less Connectors?
# What is meant by “Generic Technology Connectors” ?
# What is/are differences between Single or Parallel Workflow in SOA?
# What are the ways where you can deploy a SOA Composite?
# What is the use of ANT Tool in OIM?
# We've a use case, where we need to add a new custom attribute in ODSEE Target System. Please explain the steps for the same? 
# Which class/Interface do we use in OIM APIs? 
# What is orcharstration In oim?
# What are the stage of oim event handler?
# Application Instance and child table in oim?
# How to handle entitlement in oim?
# How to write custom connector?
# Stage of scheduler in oim?
# Writing custom soa composit for oim? Two level workflow.
# How to make conditional drop down using value changelistener?
# How to customize ui  and writing validation logic in backing bean?
# What are the scope of bean in adf?
# How to write client api ? what are supporting jar file needed.
# How to disable to approval process in case of selfservice registration?
# What are the place from we can invoke soa composit?
# What are the place from email template is invoked? and how to invoke the email template using api?
# How to exclude contractor employee type users not to sync to OUD?
# How to make a catalog item non-requestable?

Other Links : 

# OIM Interview Questions :


OIM Use Cases

Oracle Identity Manager Academy

# Extend ODSEE Schema :


Oracle Identity Governance Suite 11gPS3 Essentials Exam (1Z1-339)

Oracle Identity Governance Suite 11gPS3 Essentials Exam (1Z1-339) is now available in beta testing. This exam will replace the existing Oracle Identity Governance Suite 11g Essentials (1Z0-459) exam, which will no longer be available for registrations after the new exam goes into production. It’s free if you request a discounted beta voucher via the OPN Beta Certified Specialist Exam Voucher Request Form. Without voucher the beta exam fee is 50 USD.


Oracle products and technologies in the 11g R2 IdM Platform

Identity Governance products:
o Oracle Identity Manager (OIM) is an identity provisioning product. OIM includes
features for self-service password management, access request forms, delegated
administration, approval routing workflows, and entitlement management across any
number of connected systems.
o Oracle Identity Analytics (OIA) collects logs from IdM products and other
systems to report on usage, build effective IT roles, and detect account-related audit
issues such as orphaned accounts.
o Oracle Privileged Account Manager (OPAM) secures accounts with elevated
access, such as root accounts on Unix systems and databases, by implementing a
password checkout system.
Access Management products:
o Oracle Access Manager (OAM) is a Web Access Management (WAM) product
that enables SSO across an organization’s web presence.
o Oracle Adaptive Access Manager (OAAM) enables organizations to apply
stronger, risk-based, and multi-factor access control to an organization’s web
o Oracle Enterprise Gateway (OEG) is a soft-appliance XML gateway for securing
and managing application and web access to an organizations web presence.

o Oracle Identity Federation (OIF) provides standards-based identity federation capabilities for enabling SSO across websites.

o Oracle Security Token Service (OSTS) is a WS-Trust compliant STS implementation. An STS converts security tokens of various types, enabling compatibility and trust across federation boundaries.

o Oracle Entitlements Server (OES) is a fine-grained entitlements service that supports a variety of externalized authorization mechanisms including XACML 3.

0. o Oracle Enterprise Single Sign-On (OeSSO) is a client-based SSO product that enables users to access web, client-server, and legacy applications though a single, strong authentication “wallet” for authentication.

Directory Services products

o Oracle Unified Directory (OUD) includes both a highly scalable LDAP directory service based on Java and the Oracle Virtual Directory (OVD) product. See the section below for more information on OVD.

o Oracle Internet Directory (OID) is a scalable LDAP directory service based on Oracle database technology.

In the 11g R2 release, these technologies are as follows:

Oracle Virtual Directory (OVD) enables efficient and elegant integration to data sources.  Oracle Entitlements Server (OES) provides a scalable approach to fine-grained entitlement controls, contextual role enforcement, and run-time policy evaluation.

Oracle Platform Security Services (OPSS) provide developer access to essential security functions.

Oracle Enterprise Gateway (OEG) enables SOA applications to establish an identity-based control at the edge of enterprise networks. OEG also provides REST-ful interfaces to the identity platform for mobile applications. And when combined with Oracle Web Services Manager (OWSM) also adds encryption, PKI, and related policy control to web services.

OWSM secures and applies identity to SOA interactions.