Tuesday, March 13, 2018

Oracle Identity Manager(OIM) 12c New Features

                          Oracle Identity Manager(OIM) 12c New Features

In this blog we are going to see some new features introduced in Oracle Identity manager 12C.

From my search, I found there is not much major changes from UI level.

End user experience will be same for access request catalog and approval/ certification.

1. Oracle Identity Governance 12c infrastructure requires below components.
    Oracle database (, any 12c)
2. RCU (Repository Creation Utility) is in-built and can be run from /u03/oracle_common/bin.

3. OIM 12c finally support encryption of database. During creation of OIM users in database,
    RCU can encrypt database table-space.
    TDE (Transparent Data Encryption) option must be enabled in Oracle 12c database.
    TDE allow application to encrypt the table-space using secret key.
    Data is transparently decrypted for database users and applications that access this data.
    Database users and applications do not need to be aware that the data they are accessing
     is stored  in encrypted form.
    If the TDE is enabled in Oracle 12c database, RCU will automatically provide you an 
    option to make OIM table-space encrypted.

4. If you do not have DBA privilege, then you can create a script for DBA to run.
    Once DBA completed running the RCU generated scripts, you can run the
    post process configuration.
    This is very helpful where Database is managed by different administrative team.
5. OIM 12c is now having Application Onboarding capability through GUI.
    It will allow you to create and manage applications, templates, and instances of applications
    , and clone applications.
   This will faster the on-boarding process of applications into OIM.
6.Access Policy can be created and managed from the Manage tab in Identity Self Service
  In OIM12C By enabling and by setting XL.AllowRoleHierarchicalPolicyEval system property to TRUE
  You can achieve Inheriting the access granted via access policies from the parent role to child role 
7.In OIM 11gR2 PS3, single certifier was supported in the certification workflow
   From OIM 12c supports group of certifiers for Application Instance, Entitlement,
   Role and User certification.
8. In above screenshot as we can able to see OIM 12c introduces custom reviewer
    option in certification.

    It is applicable for Identity certification. Custom reviewer for certifications can 
    be specified by  defining certification rules in the 

    The advantage of above feature is, we can now assign certification request based on a rule
    defined for custom reviewer.

9. OIM 12c can Limit the entitlement-assignments, Role-assignment and Application-assignment
     to certify for each user option for creating a user certification definition.
     For example, while identity certification assigned to reviewer, only the selected roles,
     selected entitlements and selected Application instances will be visible for certification.
     In this way we can remove the birth rights for being certified.

9.We can publish multiple sandboxes in bulk and in a specified sequence using CSV file.

10.In OIM 12c, From Mange Connector you can define your new connectors from 
      all the available components.
      Below images shows, which allow you to choose components and create your 
      new connector inside OIM.
11. Below is new interface for deployment manager for import and export any new
     Development,Testing or Migration.

Feel free to drop your comments.


  1. can you tell me, How to open Connector Management Defining page . and what its use.

  2. Your blog was very relevant. It covered all the areas of interest of the same topic and also provided all the necessary information that i could use further in my study. Here is a referred link same as yours oracle fusion soa training. Thanks for this helpful blog as my knowledge is truly enhanced.