Self Service and End User empowerment
Simplified Self Service UI
Better look and feel. More intuitive. Modern skin/widgets
Guided Access Catalog
Easier for end users. Displays steps to be performed much like e-commerce web sites
Front end
New skin
Changes to how UI customizations are to be made
Few Design console operations have been deprecated
Core
Concept of a Home Organization
A user will be automatically added to an organization based on Home Organization Policy, which is nothing but a set of rules based on user attributes. OIM has default rules (OOTB) and one can build custom rules as well
Introduction of custom Admin Roles (in a simplified avatar)
More dynamic in nature as opposed to static Admin Roles in previous versions. Admin Roles are still there for backward compatibility but NOT recommended
No dependency on APM and OES
Need not deploy OES component for tweaking fine grained authorization
Temporal Grants for New and Existing Access
Users can specify start and end date while requesting access. This can be overridden by authoritative users and helps manage access more seamlessly
Self Service Capability Policy
Rules within this policy would help determine what operations can a user perform on his own profile. This is also driven by user attributes
Role Life cycle Management
When working with roles (adding members etc), a user will be able to see related statistics in a graphical fashion which can help him/her make a more informed decision w.r.t the action being executed on the Role
OIM Role categories are NOT recommended going forwards and usage of Catalog category attribute is advised.
Enhanced Password Policy Management
Enables common password policies for OIM and OAM. More flexibility in terms of defining Challenge Qs (system/user defined)
SoD replaced by Identity Audit capability
Needs to be explicitly enabled
Process forms are not required and hence not supported
Form Upgrade and FVC Utility have been dropped
Attestation is no more supported
Reporting and Auditing
Lightweight Audit Engine
A brand new audit engine has been introduced in PS3. This is synchronous in nature (unlike current engine which depends on JMS), pushes data into a single AUDIT_EVENT table. The new auditing engine also supports new entities
BI Publisher exposed via OIM
You can run Identity Audit (some of the reports) from OIM console itself
Approval layer
Introduction of Workflow Policies
Workflow Policies have replaced Approval Policies in PS3. However, in upgraded scenarios, Approval policies will continue to work
Running OIM without workflows (disabled state)
A system property can be toggled to disable SOA all together. Although the capability can be re-enabled, but the caveat is that it is NOT recommended/supported
Request Catalog
- The out of the box search form in Catalog can be replaced by a custom form (taskflow) and configured with the help of a system property called Catalog Advanced Search Taskflow
- Its possible to add more attributes to the catalog search form (via UI customization of course)
Displaying additional information for catalog entities
Displaying additional information for App Instance, Role and Entitlement (post checkout) can be driven with help of customized taskflows which can be configured by using system properties Catalog Additional Application Details Task Flow, Catalog Additional Role Details Task Flow and Catalog Additional Entitlement Details Task Flow respectively.
Integration layer
REST services based in SCIM (Simple Cross Domain Identity Management) protocol
Finally! A standards based REST interface on top of OIM. Supports limited operations as of now, but its a good start
Remote Manager usage is NOT recommended any more and has been removed from a documentation standpoint (might be deprecated from future releases)
SPML support dropped
Callback Service support dropped
Simplified SSO Integration (without OAM)
Use basic HTTP (web) servers and integrate SSO with OIM on basis of HTTP headers
Diagnostics
Orchestration Engine MBean
This is a nice addition which helps probe the Orchestration kernel (engine) related information (its actually is a standard JMX bean implementation). Its accessible via Enterprise Manager and exposes operations like pushing orchestration info to a file, finding event handlers, finding events per process etc. Also aids in debugging orchestration process failures
Enjoy !!!
Head in the clouds 
nice information provided. however, while logging into the em console i am getting an error called User is not authorized to login to WebLogic Domain. User should be part of one or more Administrative roles to be able to login.if you could help me, it would be great.
LikeLike
Which user are you talking about ? Is it a part of the security realm for OIM in Weblogic ?
LikeLike
Hi Abhisek,
Could you please let me know what features have been deprecated in design console in R2 PS3?
Process Form has been removed in this release or what.
LikeLike
Force Password Change at First login not working in PS3 after setting the system property and restarting the server in PS3. If you have any idea about this please confirm.
LikeLike
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwih1oqyh7jKAhVNHY4KHVy6B30QFggcMAA&url=https%3A%2F%2Fsimeiosolutions.emktg.info%2Fhtml%2Fwebsite%2Fwhitepapers%2Fsimeio_whitepaper_restfuloim.pdf&usg=AFQjCNGOlfccz1yej2oKtpqohl4ULtg8Jg&sig2=LpTSlyZqIinWHv7KJ83RiQ&cad=rja try this
LikeLike
Thanks for reading and pointing out the resource
FYI – I am the author of that white paper you mentioned 🙂
Cheers!
LikeLiked by 1 person
This is awesome, even oracle has not explained so much about new features of PS3.
LikeLike