One can specify which users/groups can be authorized to access an application using Oracle Access Manager.
In general there are 3 types of group memberships allowed in the directory server:
The way you can authorize groups in Authorization Rule (of Policy Domain) is shown in the below screenshot.
Hardly you will notice the Groups tab here.
However, from the performance perspective one has to be very careful while specifying authorization to groups.Dynamic Groups will provide better performance than Static and Nested groups.
Try to avoid Nested group membership if possible.
If your environment does not have nested groups at all, then you can turn off a parameter to improve the performance.
The parameter that we are talking about is this
You can see this parameter in the globalparams.xml file of Access Server installed location $OAM_Access_Server/access/oblix/apps/common/bin. If you have multiple access servers, modifying this parameter in all the access servers.
I have got you a screenshot of this param default value in this file globalparams.xml.
To turn off this parameter, change the value to true as shown below.
Restart the access servers for this parameter to take effect.
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com