Oracle Identity Manager 11.1.2 provided Identity Attestation to periodically review users access. For advanced access review capabilities such as role or data owner certification, OIM 11.1.2 had to be integrated with Oracle Identity Analytics (OIA) to leverage the advanced access review capabilities that OIA provided.
|
In Oracle Identity Manager 11.1.2.1.0 and 11.1.2.2.0, the advanced access review capabilities of OIA are converged into OIM to provide a complete identity governance platform that enables an enterprise to do enterprise grade access request, provisioning, and access review from a single product.
After upgrading to Oracle Identity Manager 11.1.2.2.0, you can use the new access review capabilities. This feature is disabled by default. Therefore, you must ensure that you have relevant licenses before enabling this new feature.
|
In Oracle Identity Manager 11.1.2.1.0, certification was introduced and the workflow supported one level of access review in each phase.
|
Certification workflow in 11.1.2.2.0 enables business to define more robust processes for compliance, enabling more granular oversight of "who has access to what". Certification reviews can mirror access request workflow, where they can be reviewed or approved by multiple sets of business and IT owners before they are deemed complete in each phase. This ensures improved visibility of user access privileges, and all review decisions are captured in a comprehensive audit trail that is recorded live during the certification as well as in reports.
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, users are assigned to organizations by specifying an organization name in the Organization attribute of the user details. This is a static organization membership.
|
In Oracle Identity Manager 11.1.2.2.0, in addition to the existing feature, you can dynamically assign users to organizations based on user-membership rules, which you can define in the Members tab of the organization details page.
All users who satisfy the user-membership rule are dynamically associated with the organization, irrespective of the organization hierarchy the users statically belong to. With this new capability, a user can gain membership of one home organization via static membership and multiple secondary organizations via user-membership rules that are dynamically evaluated.
|
Oracle Identity Manager 11.1.2 and 11.1.2.1.0 uses the Fusion Fx skin which provides a rich look and feel.
|
Oracle Identity Manager 11.1.2.2.0 uses Skyros skin. This is a light-weight skin that uses fewer background images and does not need gradients. This ensures that the UI renders allot faster and UI skinning becomes easier.
After you upgrade to OIM 11.1.2.2.0, the Skyros skin will be enabled by default. There is also an option to revert back to the Fusion Fx skin post upgrade.
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, you had to explicitly request for an account and ensure it was provisioned before you could request for an entitlement in that account.
If you requested for an entitlement and did not have the corresponding account, the request fails.
|
In Oracle Identity Manager 11.1.2.2.0, entitlement and account dependency are introduced in the OIM catalog. After you upgrade to Oracle Identity Manager 11.1.2.2.0, this new feature allows you to request for the following:
Entitlements even if you do not have the corresponding account.
Entitlements for a specific account in addition to the primary account, if you have multiple account instances in the same application.
|
In Oracle Identity Manager 11.1.2, catalog was introduced to provide meaningful and contextual information to end users during the request and access review. The catalog allows you to associate meaningful metadata against any request able entity.
|
In Oracle Identity Manager 11.1.2.2.0, in addition to the catalog metadata, you can enable the display of hierarchical attributes of entitlements to requesters, approvers, and certifiers to view additional details of entitlements (hierarchical attributes) in the catalog detail screen.
The additional details of entitlements is called technical glossary. The technical glossary is displayed in a tree structure.
|
The catalog in Oracle Identity Manager 11.1.2 and 11.1.2.1.0 supports simple entitlements when you request for an entitlement. A simple entitlement has a single attribute.
|
The catalog in Oracle Identity Manager 11.1.2.2.0 supports request for complex entitlements. A complex entitlement is an entitlement with more than one attribute. These attributes will be presented in an Entitlement Form on the request check out page.
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, you cannot save a request in draft mode. If you cannot complete the access request, you must start the entire request process from the beginning when you resume.
|
In Oracle Identity Manager 11.1.2.2.0, you can use the draft request feature and save any request as a draft at any point of time. Once a request is saved as a draft, you can return to the self service console whenever required and continue with the data that you provided earlier.
|
The data rich and stateful nature of the Oracle Identity Manager causes state-related data to accumulate which in turn slows down the deployment. OIM customers are encouraged to run the archive and purge scripts frequently.
The archive and purge utilities in Oracle Identity Manager 11.1.2 and 11.1.2.1.0 are command line based, and requires you to navigate through an interactive wizard. This requires manual intervention each time archive and purge is run.
|
In Oracle Identity Manager 11.1.2.2.0, real time continuous archive and purge utilities are available. You can define the archive and purge thresholds and parameters, and schedule the utilities to run automatically in periodic intervals.
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, Diagnostic Dashboard is used to validate pre installation and post installation requirements. Diagnostic Dashboard is a standalone web application that runs on the application server.
It also provides very rudimentary mechanisms to trace and diagnose orchestration errors.
|
In Oracle Identity Manager 11.1.2.2.0, you can use the Fusion Middleware Enterprise Manager console to view the configuration and state of operations in Oracle Identity Manager.
|