Oracle IDM 11g R2 PS3: What’s new ??

Self Service and End User empowerment

Simplified Self Service UI

Better look and feel. More intuitive. Modern skin/widgets






Guided Access Catalog

Easier for end users. Displays steps to be performed much like e-commerce web sites




Front end

New skin
Changes to how UI customizations are to be made
Few Design console operations have been deprecated






Concept of a Home Organization

A user will be automatically added to an organization based on Home Organization Policy, which is nothing but a set of rules based on user attributes. OIM has default rules (OOTB) and one can build custom rules as well






Introduction of custom Admin Roles (in a simplified avatar)

More dynamic in nature as opposed to static Admin Roles in previous versions. Admin Roles are still there for backward compatibility but NOT recommended






No dependency on APM and OES

Need not deploy OES component for tweaking fine grained authorization

Temporal Grants for New and Existing Access

Users can specify start and end date while requesting access. This can be overridden by authoritative users and helps manage access more seamlessly

Self Service Capability Policy

Rules within this policy would help determine what operations can a user perform on his own profile. This is also driven by user attributes





Role Life cycle Management

When working with roles (adding members etc), a user will be able to see related statistics in a graphical fashion which can help him/her make a more informed decision w.r.t the action being executed on the Role




OIM Role categories are NOT recommended going forwards and usage of Catalog category attribute is advised.
Enhanced Password Policy Management

Enables common password policies for OIM and OAM. More flexibility in terms of defining Challenge Qs (system/user defined)



SoD replaced by Identity Audit capability

Needs to be explicitly enabled




Process forms are not required and hence not supported
Form Upgrade and FVC Utility have been dropped
Attestation is no more supported

Reporting and Auditing

Lightweight Audit Engine

A brand new audit engine has been introduced in PS3. This is synchronous in nature (unlike current engine which depends on JMS), pushes data into a single AUDIT_EVENT table. The new auditing engine also supports new entities

BI Publisher exposed via OIM

You can run Identity Audit (some of the reports) from OIM console itself


Approval layer

Introduction of Workflow Policies

Workflow Policies have replaced Approval Policies in PS3. However, in upgraded scenarios, Approval policies will continue to work








Running OIM without workflows (disabled state)

A system property can be toggled to disable SOA all together. Although the capability can be re-enabled, but the caveat is that it is NOT recommended/supported




Request Catalog

  • The out of the box search form in Catalog can be replaced by a custom form (taskflow) and configured with the help of a system property called Catalog Advanced Search Taskflow

Catalog Advanced Search Taskflow

  • Its possible to add more attributes to the catalog search form (via UI customization of course)

Displaying additional information for catalog entities

Displaying additional information for App Instance, Role and Entitlement (post checkout) can be driven with help of customized taskflows which can be configured by using system properties Catalog Additional Application Details Task Flow, Catalog Additional Role Details Task Flow and Catalog Additional Entitlement Details Task Flow respectively.



Integration layer

REST services based in SCIM (Simple Cross Domain Identity Management) protocol

Finally! A standards based REST interface on top of OIM. Supports limited operations as of now, but its a good start






Remote Manager usage is NOT recommended any more and has been removed from a documentation standpoint (might be deprecated from future releases)

SPML support dropped
Callback Service support dropped
Simplified SSO Integration (without OAM)

Use basic HTTP (web) servers and integrate SSO with OIM on basis of HTTP headers


Orchestration Engine MBean

This is a nice addition which helps probe the Orchestration kernel (engine) related information (its actually is a standard JMX bean implementation). Its accessible via Enterprise Manager and exposes operations like pushing orchestration info to a file, finding event handlers, finding events per process etc. Also aids in debugging orchestration process failures



Enjoy !!!


About Abhishek

Loves Go, NoSQL DBs and messaging systems
This entry was posted in Oracle Identity Governance, Oracle Identity Manager and tagged , , , , . Bookmark the permalink.

7 Responses to Oracle IDM 11g R2 PS3: What’s new ??

  1. nice information provided. however, while logging into the em console i am getting an error called User is not authorized to login to WebLogic Domain. User should be part of one or more Administrative roles to be able to login.if you could help me, it would be great.


  2. Pradeep says:

    Hi Abhisek,
    Could you please let me know what features have been deprecated in design console in R2 PS3?
    Process Form has been removed in this release or what.


  3. CB says:

    Force Password Change at First login not working in PS3 after setting the system property and restarting the server in PS3. If you have any idea about this please confirm.


  4. kuldeep says:

    This is awesome, even oracle has not explained so much about new features of PS3.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s