Access Policy Revoke If No Longer Applies Enhancement
Determines if the Revoke if no longer applies flag in access policy is applicable.
If the value is true, then this flag is applicable to child table data (entitlements) along with parent data. The user can determine if child data must be removed or retained when access policy no longer applies to user based on this flag.
If the value if false, then child table data (entitlements) are always removed after access policy is no longer applied.
Note: This property is not used in Oracle Identity Manager Release 2 (11.1.2) or later.
Allows access policy based provisioning of multiple instances of a resource
Determines if multiple instances of a resource can be provisioned to multiple target resources.
When the value is false, provisioning multiple instances of resource object via access policy is not allowed.
When the value is true, provisioning multiple instances of resource object via access policy is allowed.
Allows linking of access policies to reconciled and bulk loaded accounts
Determines if access policy engine can link access policies to reconciled accounts and to accounts created by the Bulk Load Utility.
A custom task flow is to be displayed when a role item is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.
Catalog Advanced Search Maximum Applications
In the default form for catalog advanced search, you can search for entitlements by specifying the list of applications to search from. This system property controls the maximum number of applications that can be selected for entitlement search.
Determines the taskflow used for catalog search. If you create custom taskflow for catalog search, then change the value of this property to the complete path of the custom taskflow.
Catalog Attributes for Sorting Search Results
This property determines the attributes that are displayed in the Sort By drop down in the catalog results tab.
Catalog Audit Data Collection
Determines if catalog auditing is enabled or disabled. The default value is none, which specifies that catalog auditing in disabled. To enable catalog auditing, set the value of this property to catalog.
Catalog Regex for special characters
Enables text parsing and escaping of special characters when performing a catalog search by using some special characters. If you do not want any text parsing and escaping of special characters, then change the value of this property to [^\w^\W].
Catalog search MAX result size. Default value is -1 which means return all
When the data is huge in the request catalog and you encounter any issue with the performance of the catalog, you can change the value of this system property and provide some reasonable values, such as 500. As a result, catalog search will not return more than the specified value. If the value is -1, then no result size limit is applied on the catalog search result.
Catalog Searchable UDF In Tags
If want to use searchable UDF in TAGS, then you can set the value of this property to TRUE. Then, you can run the scheduled task in recalculate tags mode and searchable UDF values are part of the TAGS column. The same value can be used in keyword search.
Catalog Table Rows To Display Size
This property is used to control the number of rows displayed in all tables found in all catalog-related pages.
Determines the common name generation plugin to generate common name.
Compiler Path for Connectors
Specifies the Java home depending on the application server.
Note: If the path of the JDK directory is not included in the System Path variable, then you must set the path of the JDK directory in the XL.CompilerPath system property. If this is not done, then an error is encountered during the adapter compilation stage of the process performed when you import an XML file by using the Deployment Manager.
Compute and Persist Min Age On Password Change
Password minimum age calculation has two modes, proactive and reactive mode.
In proactive, where minimum age date is calculated at password change time, any subsequent change to the user's applicable password policy's minimum age property will not be honored until the next password change, where as with the reactive approach, policy changes are applied immediately.
To enable proactive or reactive approach, system property Compute Persist Min Age On Password Change is introduced.
Copy both user and manager of user in the create user email notification
Copies the user and user's manager in the email notification that is sent when a user is created.
Data Collection Session ID
Specifies the session ID of the current Oracle Identity Analytics (OIA) Data collection session.
Data Collection Status
Specifies the status of the current OIA data collection session.
Default Date Format
yyyy/mm/dd hh:mm:ss z
When creating reconciliation events by calling the APIs and date format is not passed as one of the arguments to the API, Oracle Identity Manager assumes that all the date field values are specified in Default Date Format.
This property contains the regular expression used to validate the email ID of a user.
Enable Exception Reports
This property is used to enable the exception reporting feature. Exception reporting is enabled only if the value is set to TRUE.
Evaluate LDAP Container Rules for Entity Modification
If the property value is TRUE, then the LDAP container rules defined in LDAPContainerRules.xml are evaluated for entity modification. However, if none of the rules match, then the default container is not returned. The original parent container of the entity is returned, which means that there is no change in the entity DN.
If the property value is FALSE, then the LDAP container rules defined in LDAPContainerRules.xml are not evaluated. The entity DN does not change.
Note: This property only applies to a modification scenario and not to the entity creation scenario.
Force to set questions at startup
When the user logs into the Oracle Identity Self Service or Oracle Identity System Administration for the first time, the user must set the default questions for resetting the password.
Note: After modifying the value of this property, you must restart Oracle Identity Manager server for the changes to take effect.
GTC Auto Import
Based on the value of this property, the DM xml that is generated while Generic Technology Connector (GTC) creation can be saved to a directory.
The default value of this property is true.
When the value of this property is set to "False", then while creating GTC, the DM xml (the xml that GTC creates and imports using Deployment Manager internally while GTC creation) created by the GTC framework is stored in the following directory:
The naming convention followed for the DM xml is:
GTCNAME_CURRENTDATE_ TIMESTAMPcreated using date format "yyyy-MM-dd-HH-mm-ss".xml
Homepage for Self Service console
This property is used to set the page to be displayed after a user logs in to Oracle Identity Manager Self Service.
You can set one of the following as the value of this property:
my_access: Displays the My Access page
my_info: Displays the My Information page
home: Displays the Home page
catalog_home:Displays the Catalog page
none: Displays no page
After modifying the value of this property, you must restart Oracle Identity Manager server for the changes to take effect.
Note: This property is not used in Oracle Identity Manager 11g Release 2 (220.127.116.11.0).
Identity Auditor Feature Set Availability
When the value of this property is TRUE, role lifecycle management, Segregation of Duties (SoD), and identity certification are enabled.
Note: After modifying the value of this system property, you must restart Oracle Identity Manager server for the changes to take effect.
Inbox Task Tabs (none/all)
This property determines whether or not to show additional links, such as Initiated tasks, Reportees and Administrative tasks, in the Inbox. When set to all, the following links are displaied in the Inbox:
My tasks,Initiated tasks, Reportees, Administrative tasks.
When set to none, only the My tasks link is displayed in the Inbox.
Indicates if referential integrity is enabled in target LDAP directory
The value of this property is TRUE if referential integrity in target LDAP directory is turned on.
The value of this property is FALSE if referential integrity in target LDAP directory is turned off.
To be able to modify an entity stored in LDAP, this prop must be set to TRUE.
Is DataProvider LDAP/DB
Specifies the data provider, which is Oracle Identity Manager database. The default value is DB, which indicates that the database is the data provider.
Is disabled manager allowed
Specifies whether a user in the disabled state can be set as a manager for another user.
Is OIM Notifications disabled (true/false)
This property is used to enable or disable all notifications in Oracle Identity Manager. When the value of this property is set to false, notifications are enabled. When the value of this property is true, notifications are disabled.
Is Self-Registration Allowed
If the value is TRUE, then the users are allowed to self-register.
The property specifies the name of the plugin class to be used for verifying old passwords.
When the value of this property is true, OMSS integration is enabled, and the OMSS links and tabs are displayed in Oracle Identity Self Service.
Note: After modifying the value of this system property, you must restart Oracle Identity Manager server for the changes to take effect.
Period to Delay User Delete
This property is used to specify the time period before deleting a user. When this property is set and a user is deleted, the user's state is changed to disabled and "automatically delete on date" is set to current date plus the delay period.
If this property is not set, then the user is automatically deleted at the expiration of the end date by the Disable/Delete User After End Date scheduled job.
Proxy User Email Notification
Notify Proxy User
The corresponding PTY_VALUE is the e-mail definition name that is sent when a proxy user is created. User gets a notification e-mail when the user is made the proxy for some other user.
Recon Batch Size
This property is used to specify the batch size for reconciliation. You can specify 0 as the value for this to indicate that the reconciliation will not be performed in batches.
Note: When using trusted source reconciliation from Oracle Directory Server Enterprise Edition (ODSEE), the value of this property must not be 0. When the value is 0, users are not created in Oracle Identity Manager.
Note: You must restart Oracle Identity Manager server after setting this property.
Request Notification Level
This property indicates whether or not notification is sent to the requester and beneficiary when a request is created or the request status is changed. This property can have the following values:
0: The notification feature is disabled.
1: Notifications are sent for every change in request status.
2: Notifications are sent for request creation and change of status to any of the Request End statuses. Request End statuses include Request Failed and other failure related statuses, Request Completed, Request Withdrawn, and Request Closed.
3: Email notifications are sent only on request completion.
For request notification level 2, notifications are sent for request creation and change of status to any of the Request End statuses. Request End statuses include Request Failed and other failure related statuses, Request Completed, Request Withdrawn, and Request Closed.
Retry Count for recon event
This property determines the reconciliation retry count. The retry count value is picked up from the value of this property.
If you specify a value that is greater than 0, then auto retry is configured. If you specify 0 as the value of this property, then auto retry is not configured.
Search Stop Count
This property determines the maximum number of records that are displayed in the advanced search result. If the search criteria specified returns more number of records than that value of this property, then the number of records displayed is limited to this value. In addition, a warning is displayed stating that the results exceed maximum counts and you must refine your search with additional attributes.
Segregation of Duties (SOD) Check Required
This property indicates whether or not Segregation of Duties (SoD) check is required.
Send email notification based on user locale
This property determines whether an email notification is sent based on the receiver's (user/manager/assignee/requestor) locale when the value is set to true. If the value is set to false, then notification is sent in the server locale.
Note: This system property has been deprecated in this release of Oracle Identity Manager.
Should send notifications in recon or not
Determines if notification is sent to the user when the user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.
If the value is set to true, then notification is sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.
If the value is set to false, then notification is not sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.
Shows tasks assigned to group users with highest priority or least load only
If the value is TRUE, then the tasks are assigned to group users with highest priority or least load only when the assignment type is Group User With Least Load.
Specifies the LDAP container mapper plug-in to be used
When Oracle Identity Manager is installed with LDAP synchronization enabled, this plug-in determines in which container users and roles are to be created. Value of this system property indicates the default Oracle Identity Manager plug-in name used for computing the container values. If the default plug-in does not meet the requirement, then you can define your own plug-in to determine the container and specify the name of the plug-in in this system property.
URL for challenge questions modification
When a user is locked, an automatic unlock occurs after a prescribed time period. This property defines that time period in seconds. Therefore, for example, if a user account is locked and the value of this property is 86400 seconds (one day), then the account is automatically unlocked after one day.
The value of this property is the URL within OAAM that handles the challenge questions. For example:
This property is used to enable user attribute reservation.
User Id reuse property.Requires dropping the index present on USR_LOGIN column
Determines whether a deleted user account can be reused. To reuse a deleted user account, assign this property a value of TRUE and drop the unique index for the USR_LOGIN column in the USR table and create a nonunique index. To prevent a user account from being reused, assign this property a value of FALSE.
Note: It is imperative to de-provision all accounts associated with a deleted user, because if you create a new user with the same user name as that of the deleted user by setting the XL.UserIDReuse property totrue, then the new user might get access to offline accounts of the deleted user that was not deleted as part of the de-provisioning process.
The user.language value is configured during installation for Locale handling at server side.
User profile audit data collection level
This property controls the user profile data that is collected for audit purpose when an operation is performed on the user, such as creation, modification, or deletion of a user, role grants or revokes, and resource provisioning or deprovisioning. Depending upon the property value, such as Resource Form or None, the data is populated in the UPA table.
The audit levels are specified as values of this property. The supported levels are:
Process Task: Audits the entire user profile snapshot together with the resource lifecycle process.
Resource Form: Audits user record, role membership, resource provisioned, and any form data associated to the resource.
Resource: Audits the user record, role membership, and resource provisioning.
Membership: Only audits the user record and role membership.
Core: Only audits the user record.
None: No audit is stored.
The user.region value is configured during installation for Locale handling at server side.
Whether or not email should be validated for uniqueness
This property is available in an Oracle Identity Manager 11g Release 2 (18.104.22.168.0) deployment that has been upgraded from an earlier release of Oracle Identity Manager.
If the value of this property is FALSE, then Email Uniqueness check is not performed by Oracle Identity Manager.
If the value if TRUE, then Email Uniqueness check is performed by Oracle Identity Manager.
Note: If this property is not present, then Email Uniqueness check is performed by Oracle Identity Manager.
This property determines whether SOA server is turned on or turned off.
If the value of this property is TRUE, then SOA sever is turned on.
If the value of this property is FALSE, then SOA server is turned off.
Note: After setting the value of this system property, you must restart Oracle Identity Manager.
Note: Toggling between enabling and disabling workflows is not supported.
Workflow Policies Enabled
Workflow Policies Enabled
This property determines whether approval workflows is enabled or disabled in Oracle Identity Manager. Approval workflows is used to determine if operation requires approval or not, and if approval is required, then which workflow is to be invoked.
If the value of this property is TRUE, then approval workflow is enabled.
If the value of this property is FALSE, then approval workflow is disabled.