Application Instances (new entity introduced in OIM 11gR2) is the entity that can be provisioned to a user. Application Instance are published to the catalog and user can access application instances via catalog.
In Pre-OIM 11gR2, to provision account you select name of the resource where as from OIM 11gR2 onwards resources and entitlements are bundles in Application Instances which user can select via catalog (catalog is another feature introduced in OIM 11gr2 more on catalog in OIM 11gR2 later)
This post covers everything you (as an OIM administrator) need to know about Application Instances in OIM 11gR2
1. Use link “Application Instances” under configuration in System Administration Console (/sysadmin) to create and manage Application Instances.
2. Application instance is combination of an IT Resource instance and resource object that means you can’t have two application instances with same IT Resource instance and Resource object (either IT Resource instance or resource objects must be different between two Application Instances)
Note: you will not see any thing in resource Object unless OIM connector is installed and configured with OIM.
Note: You can create application instances without connector installation for disconnected application instance (More on disconnect applications later)
3. Disconnected application instance can only be created when a sandbox is active. (More on disconnect applications later)
4. Application instances are published to Organizations in OIM and these application instances can be requested (via request catalog) by users belonging to Organization to which this application instance is published.
Note: Useful feature in multi-tenant environment where same OIM is used by multiple organisations to provision accounts.
5. An application instance can be associated with multiple organisations.
6. An application instance can have entitlements associated with it (Entitlement can be role, group or responsibility). For example with Application Instance “Active Directory” you can also attach entitlement (group in AD)
To allow users to request entitlement, you must add child object and add an attribute that is tagged as an Entitlement. More on entitlements in application instance later
7. An Application Instance will be published to the catalog by running a scheduled job “Catalog Synchronization Job” (This job is configured to run every 15 minute)
8. Application Instance can have parent application instance and in such case new application instance inherits all properties of parent application instance.
9. When you delete an application instance it does a soft delete . For hard delete run schedule job “Application Instance Post Delete Processing Job” (with mode Delete). More here
10. Pre-defined Roles associated with Application instance in OIM 11gR2 are a) Application Instance Viewer b) Application Instance Administrator c) Application Authorizer
Related Posts for IDM 11gR2
- IDM 11gR2 changes/new features : OIM Sysadmin & Identity console
- IDM 11gR2 changes/new features : OIM Sandboxes
- Application Instance in OIM – IDM 11gR2 changes/new features
- IDM 11gR2 changes/new features : OIM Catalog to create Accounts (Application Instances, Roles, Entitlements)
- Oracle IAM installation changes in 11gR2 PS2 (22.214.171.124)