Oracle Identity Manager (Thor Xellerate) Architecture

Oracle Identity Manager (OIM)  is a product from Oracle Identity Management Stack (acquired from Thor Xellerate) that handles user provisioning, Creating/Removing/Managing Access Privileges from Users, Reconciliation and request processing(using workflow). 

  • OIM is J2EE (for provisioning, request processing and job scheduling) and Web-based (profile management and delegated administration) application.
  • OIM is j2ee based application deployed on J2EE compliant application server (WebLogic, Tomcat, IBM WebSphere) and repository in relational database (Oracle, MySQL)
  • For OIM certification matrix (certified O.S., WebServer, Database)  Click Here
  • is latest available version for OIM (as of June 2010). . 

OIM Architecture


Various logical layers in OIM’s N-Tier architecture are

1. Presentation Layer (Client Side)
a) Administrative Console
– Web Browser-based application running on client PC
b) Design Console – Stand-alone Java application running at client PC and interacting directly with Identity Manager

2. Dynamic Presentation Logic Layer (Logical Component)
c) WebServer
(serving JSP, Servlets, XML, XSL …). This layer holds logic to generate dynamic pages for Administrative Console. Design Console includes Dynamic Presentation Layer.

3. Business Logic Layer/ Server Tier (Logical Component)
This layer is interface between presentation/dynamic presentation layer and data layer(OIM repository) or integration layer (Connecting to external sources like ERP/CRM/mainframes)
d) J2EE application server(EJB and other J2EE technology): Supported J2EE application servers are WebLogic, JBoss, OC4J, WebSphere,
e) Web-based application deployed on J2EE application server (for profile/password management, provisioning and delegated administration)
f) J2EE-based application (uses EJB, JMS, JDBC and JNDI) deployed on J2EE application server (for Provisioning, Reconciliation, Request Processing and Scheduled Jobs)
g) Remote Manager (aka Agent , Optional component to be deployed on target machine) – used only by Advanced Mainframe connectors (IBM RACF, CA, ACF2…) and Active Directory Password Synchronization
h) Quartz – is a J2EE scheduling product which comes as part of Oracle Identity Manager

4. Backend System/Integration Layer (Logical Component)
i) Database to hold OIM schema and repository – Certified databases are Oracle and MS-SQL
j) Backend systems (aka resources in OIM terminology) like ERP, CRM, mainframes, LDAP Servers which integrates with OIM for user provisioning or reconciliation (These systems are external and not part of OIM component)


For overview of Oracle Identity Manager installation click here



Resource, Reconciliation, Provisioning and Connectors in Oracle Identity Manager coming soon !!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

» Step by Step Installation of OIM Design Console 9.1.0 Online Apps DBA: One Stop Shop for Apps DBA’s says August 12, 2010

[…] Step by Step Installation of OIM Design Console 9.1.0 Posted in August 12th, 2010 byAtul Kumar in OIM, identity_manager  Print This Post OIM Design Console is standalone java application running at client PC and interacting with OIM Server. OIM Design Console & OIM Administration console are part of presentation layer in OIM Architecture. More on OIM 9.X Architecture here […]

Arun Rajendran says November 28, 2010


I am very new to oracle identity manager. We have implement OIM (only installation) recently in our environment. We want to integrate OIM with active directory and peoplesoft. Please let me know how we can do it

Also want to check if there are any online training available for OIM?

Atul Kumar says November 29, 2010

@ Arun,
For integrating OIM with AD/Peoplesoft you must use connectors

For OIM / AD connectors

For OIM/Peoplsoft Connectors

For OIM Training , There is training from FocusThread

Are you interested in development or administration training for OIM ?

Arun Rajendran says November 30, 2010

Thanks Anil

I am looking for administration training for OIM

Arun Rajendran says November 30, 2010


Is it possible to get only the training material for OIM from FocusThread?

poori says March 16, 2011

Hi Atul kumar,
we need comparision of sun/tivoli/oracle IDM space .

please help me ,its very urgent

poori says March 24, 2011

please help me ,its very urgent

Gopal says June 3, 2011

Hi Atul,

Is there any certifications recommended for a career on Identity and Access Management? I want to focus primarily on administration side than the programming.


Atul Kumar says June 3, 2011

@ Gopal,
Currently there is one certification for OIA (Identity Analytics, earlier sun role manager) –

As of today there is no certification for other idam products like OAM, OIM, OID, OVD, OIF or OES

sinraj72 says April 10, 2012

For a very low user base around 800, where client is ready to maintain User ID Lifecycle in thier A/D, do we need OIM with OAM or can we use OIP to synchronise/provision IDs inot Siebel local Id Sotres. Please provide your view on the prefreable solution with pros and cons.

Atul Kumar says April 10, 2012

@ sinraj72,
I am not familiar with requirement of Siebel but from OAM point of view you don’t even need OIP. For OAM all you need to do is add another Identity Store as AD and make this identity provider as default and system identity store. OAM will then authenticate against AD

sinraj72 says April 10, 2012

In continuation to thread, just wanted to add there are two groups of users. One group is more than 20000 of external user for whic OAM is being mainly implemented and another group is around 800 from client which I have discussed in earlier thread, who support the first group for their businees. Now I would like you to have a fresh look at earlier thread and would like to have your expert advice on those 800 IDs maintained by client in thier AD.

» OIM Connector for Microsoft : AD, Exchange, Windows, Password Management Online Apps DBA: One Stop Shop for Apps DBA’s says July 15, 2012

[…] Oracle Identity Manager (OIM) (more here) is user provisioning and reconciliation software. To install & configure OIM 11g ( click here  (latest OIM version as of July 2012 is Installation & Configuration steps for OIM are same as , simply use software version WebLogic-10.3.5, RCU-, and IDAM […]

Kumar says July 30, 2012


1. How can i connect OIM to Weblogic Default LDAP user store?
2. When i create a user using OIM Delegated administration, Can this user be used to access only OIM or it can be configured for access other tools also.


    Atul Kumar says July 31, 2012

    @ Kumar,

    1. How can i connect OIM to Weblogic Default LDAP user store?
    AK — You can’t , OIM has its own user store and if you want to authenticate against user in embedded store then user should be in both embedded ldap server and also in OIM. You can use SSO (configured with user store as embedded ldap store) and also configure identity asserter.

    2. When i create a user using OIM Delegated administration, Can this user be used to access only OIM or it can be configured for access other tools also.
    AK — What do you mean by other tools , please be more specific .

bhumesh says December 20, 2012


Not able to login on OIM UI with any user ids (including xelsysadm). However I am able to reset password through “forgot password” link at login page. But with new password again not able to login.

Pls suggest….thanks in advance.


Madan says May 14, 2013

We want to integrate OAM 11gR2 and OIM 11gR2 for Password management Functionalities such change password capability. I am reviewing Enterprise Deployment Blueprint

It talks about split domain where OAM and OIM are on different domain with separate Admin Server. In Past we had to keep OAM and OIM on the same domain for integration.

Can you please confirm that OAM and OIM can be on separate domain for this requirement and can be integrated as well. Do you see any issues


carmel says June 25, 2014

hello gents,

can you please send me your thoughts how can I safely backup OIM 9.1 app and Oracle DB 10G instance ? I have to deploy custom .jar files and to import .xml using standard interface which writes in the DB tier. These are all custom not from Oracle Support patches.

My understanding is I have to address it on 2 levels:

1. OIM App deployed in Linux Red Hat(I think I need to make a full archive with time tar command, not sure)

2. Oracle DB level, version is 10.X. Shall I use RMAN ?

Thanks and Regards,

Add Your Reply