14-6 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager Minimum Unique Characters The minimum number of nonrepeating characters that a password must contain. For example, if you enter 1 in the Minimum Unique Characters field, a password is accepted if at least one character in the password is not repeated. For example, 1a23321 would be a valid password because the character a in the password is not repeated although the remaining characters are repeated. This field accepts values from 0 to 999. Minimum Alphabet Characters The minimum number of letters that a password must contain. For example, if you enter 2 in the Minimum Alphabet Characters field, the password is not accepted if it has less than two letters. This field accepts values from 0 to 999. Special Characters: Minimum The minimum number of non-alphanumeric characters for example, , , or that a password must contain. For example, if you enter 1 in the Special Characters: Minimum field, a password must have at least one non-alphanumeric character. This field accepts values from 0 to 999. Special Characters: Maximum The maximum number of non-alphanumeric characters that a password can contain. For example, if you enter 3 in the Special Characters: Maximum field, a password is not accepted if it contains more than three non-alphanumeric characters. This field accepts values from 1 to 999. Minimum Uppercase Characters The minimum number of uppercase letters that a password must contain. For example, if you enter 8 in the Uppercase Characters: Minimum field, a password is not accepted if it contains less than eight uppercase letters. This field accepts values from 0 to 999. Minimum Lowercase Characters The minimum number of lowercase letters that a password must contain. For example, if you enter 8 in the Minimum Lowercase Characters field, a password is not accepted if it has less than eight lowercase letters. This field accepts values from 0 to 999. Unicode Characters: Minimum The minimum number of Unicode characters that a password must contain. For example, if you enter 3 in the Unicode Characters: Minimum field, the password is not accepted if it has less than three Unicode characters. This field accepts values from 0 to 999. Unicode Characters: Maximum The maximum number of Unicode characters that a password can contain. For example, if you enter 8 in the Unicode Characters: Maximum field, a password is not accepted if it has more than eight Unicode characters. This field accepts values from 1 to 999. Table 14–2 Cont. Fields of the Policy Rules Tab for Setting Custom Password Policy Field Name Description Managing Password Policies 14-7 Characters Required The characters that a password must contain. For example, if you enter x in the Characters Required field, a password is accepted only if it contains the character x. The character you specify in the Characters Required field, must be mentioned in the Characters Allowed field. If you enter a character in the Characters Required field that is not mentioned in the Characters Allowed field, then an error is displayed stating that the required characters must be in the list of allowed characters, and required characters must not be in the list of not allowed characters. In addition, if you specify more than one character, then do not provide delimiters. Commas and white spaces are also considered as characters in this field. For example, if you specify characters such as a,x,c, then the password is not accepted unless it contains comma. Characters Not Allowed The characters that a password must not contain. For example, if you enter an exclamation point in the Characters Not Allowed field, a password is not accepted if it contains an exclamation point. Characters Allowed The characters that a password can contain. For example, if you enter the percent sign in the Characters Allowed field, a password is accepted if it contains a percent sign, given that all other criteria are met. Note: If any character is used in the password and that character is not in the Characters Allowed field, then the password will be rejected. For example, if the Characters Allowed field has abc and the password is dad, then the password is rejected because d is not in the Characters Allowed field. If you specify the same character in the Characters Allowed and Characters Not Allowed fields, an error message is returned when you create the password policy. Substrings Not Allowed A series of consecutive alphanumeric characters that a password must not contain. For example, if you enter IBM in the Substrings Not Allowed field, a password is not accepted if it contains the letters I, B, and M, in successive order. Start With Alphabet Whether or not the password must begin with a letter. For example, if you select this option, then the password 123welcome is not accepted because the password does not begin with a letter. However, if you do not select this option, then the password can begin with a letter, numeric digit, or special character. Disallow User ID This check box specifies if the user ID will be accepted as the whole password or as part of the password. When this check box is selected, a password will not be valid if the user ID is entered in the Password field. In addition, the password is not valid if the user ID occurs as a part of the password specified in the Password field. If you deselect this check box, the password will be accepted, even if it contains the user ID. Table 14–2 Cont. Fields of the Policy Rules Tab for Setting Custom Password Policy Field Name Description 14-8 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager You can attach a process form with one of the Password fields to a resource. A password entered for a resource is validated against the password policy associated with that resource.

14.1.2 The Usage Tab

You use this tab to view the rules and resource objects that are associated with the current password policy. Figure 14–2 shows the Usage tab of the Password Policies form. In this example rules are being defined for the Solaris password policy. Disallow First Name This check box specifies if the users first name will be accepted as the whole password or as part of the password. When this check box is selected, a password will not be valid if the users first name is entered in the Password field. In addition, the password is not valid is the first name is entered as a part of the password. If you deselect this check box, the password will be accepted, even if it contains the users first name. Disallow Last Name This check box specifies if the users last name will be accepted as the whole password or as part of the password. When this check box is selected, a password will not be valid if the users last name is entered in the Password field. In addition, the password is not valid is the last name is entered as a part of the password. If you deselect this check box, the password is accepted, even if it contains the users last name. Password File The path and name of a file that contains predefined terms, which are not allowed as passwords. The file must be stored on the same host on which Oracle Identity Manager is deployed. Note: The settings on the Policy Rules tab get precedence over the specifications in the password file. For example, a disallowed term of the password file is used in the policy when no disallowed term is specified in the Policy Rules tab. Password File Delimiter The delimiter character used to separate terms in the password file. For example, if a comma , is entered in the Password File Delimiter field, the terms in the password file will be separated by commas. Note: There are no escape characters defined to be used in password policies. Table 14–2 Cont. Fields of the Policy Rules Tab for Setting Custom Password Policy Field Name Description Managing Password Policies 14-9 Figure 14–2 Usage Tab of the Password Policies Form

14.2 Setting the Criteria for a Password Policy

You can attach a process form with one of the Password fields to a resource. A password entered for a resource is validated against the password policy associated with that resource. To set the criteria for a password policy: 1. Open the required password policy definition.

2. Click the Policy Rules tab.

3. Either enter information into the appropriate fields, or select the required check boxes.

4. Click Save.

See Also: Password Policies Rule Tab in the Oracle Fusion Middleware Developers Guide for Oracle Identity Manager for more information about the relationship between password policies and resource objects 14-10 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager 15 Managing Identity and Resource Information 15-1 15 Managing Identity and Resource Information This chapter describes managing users in Oracle Identity Manager Design Console. It contains the following sections: ■ Overview of User Management ■ Managing Organization Information ■ Viewing Resources Allowed or Disallowed for Users ■ Assigning Role Entitlements

15.1 Overview of User Management

The User Management folder provides tools to create and manage information about a companys organizations, users, roles, and resources. This folder contains the following forms: ■ Organizational Defaults : Use this form to view records that reflect the internal structure of your organization and to designate information related to these entities. ■ Policy History : Use this form to view user records that your employees require. ■ Roles : Use this form to view records for roles, called user groups in earlier releases of Oracle Identity Manager, to whom you can assign some common functionality.

15.2 Managing Organization Information

The Organizational Defaults form is in the User Management folder. You use this form to view records that reflect the structure of your organization and to enter and modify information related to organizational entities. An organization record contains information about an organizational unit, for example, a company, department, or branch. A suborganization is an organization that is a member of another organization, for example, a department in a company. The organization that the suborganization belongs to is referred to as a parent organization. You use the Organizational Defaults tab to specify default values for parameters on the custom process form for resources that can be provisioned for the current organization. Each process form is associated with a resource object that is allowed for the organization, or with a resource that has the Allow All option on the associated Resource Objects form selected.