Top 18 Oracle Idm Interview Questions You Must Prepare 08.Dec.2023

In an Identity Management system, any action performed by a user or system is called an operation or Event. Examples of Events are creating users, updating users, creating password policy, and so on.


  1. Pre-process Event Handler
  2. Post-Process Event Handler

Pre-process Event Handler: Mostly Pre-process Event Handlers are used for Validation Purpose.

Post-process Event Handler: Post-process Event Handlers are written mainly when there is a need of making changes internally after any event is triggered in OIM. 

For E.g.: Assign Role according to Organization, Auto Assign an email ID using Firstname and Lastname of user and so on.

You can look here for recon data once reconciliation is complete. You can determine whether event received and linked for not.

Use this form to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters

A Web server exclusively handles HTTP requests, whereas an application server serves business logic to application programs through any number of protocols.

Webserver mainly handles the Http requests but app server can be used to handle the http, rmi, TCP/IP and many more protocols. Webserver just handles the requests of the webpage - me suppose, a html page(presentation layer) requests a data - here script is written containing the business logic , then it just give the response with the required data from the database. Then the html page with script is used to show the retrieved information. In case of application server, it does the same thing, of getting and gives the response but it can process the requests. i.e. in this case, instead of script know how to fetch the data, the script is simply used to call the applications server's lookup service to retrieve and process the data. i.e here, application server is used for processing/applying logic. The web server can be considered as the subset of app server

The basic difference between a web server and an application server is WebServer can execute only web applications i.e. servlets and JSPs and has only a single container known as Web container which is used to interpret/execute web applications Application server can execute Enterprise application, i,e (servlets, jsps, and EJBs) it is having two containers 

@WebContainer (for interpreting/executing servlets and jsps)

@EJB container (for executing EJBs). 

It can perform operations like load balancing , traction demarcation etc

Connectors are the plugins that helps in integrating OIM with External Sources or Target Systems. In any OIM implementation, Reconciliation and Provisioning is dependent on configuration provided by these Connectors. Connectors are the containers that consist of several components like IT Resources, Process Forms, Adapters, and Event Handlers which are needed to integrate the External Sources, Applications and Target Systems. Scalable and flexible integration architecture is critical for the successful deployment of a company’s provisioning solutions. Oracle Identity Manager offers proven integration architecture and predefined connectors for fast and low-cost deployments.

An identity is the virtual representation of an enterprise resource user including employees, customers, partners and vendors. Identity Management shows the rights and relationships the user has when interacting with a company’s network.

Centralized auditing and reporting – Know who did what and report on system usage.

Reduce IT operating costs – Immediate return on investment is realized by eliminating the use of paper forms, phone calls and wait time for new account generation and enabling user self service and password management.

Minimize Security Risk – Control access to the network and instantaneously update accounts in a complex enterprise environment including: layoffs, acquisitions, partner changes, temporary and contract workers.

Improved quality of IT services:

Legal compliance – Many government mandates require secure control of access.

To update your IDM WAR file:

  1. Run the ConfigUpdate utility in the User Application install directory by executing or configupdate.bat. This allows you to update the WAR file in the install directory.
  2. Deploy the new WAR file to your application server.

An object class specifies set of attributes that are used to define an object.

  • Structural: Indicates the attributes that the entry may have and where each entry may occur in the DIT.
  • Auxiliary: Indicates the attributes that the entry may have.
  • Abstract: Indicates a “partial” specification in the object class hierarchy; only structural and auxiliary subclasses may appear as entries in the directory.

OIM User: OIM user is an account which helps in managing the compliance of any organization and helps in providing the access rights according to its identity in the related organization.

Types of Users: Two types of Oracle Identity Manager users determine access rights to specific aspects of Oracle Identity Manager. 

These types include:

  • End-User Administrator
  • End-User

The Oracle Identity Manager architecture consists of three tiers:

Tier 1: Client:

The Oracle Identity Manager Application GUI component reside in this tier. Users log in by using the Oracle Identity Manager client. The Oracle Identity Manager client interacts with the Oracle Identity Manager server, providing it with the user's login credentials.

Tier 2: Application Server:

The second tier implements the business logic, which resides in the Java Data Objects that are managed by the supported J2EE application server (JBoss application server, BEA WebLogic, and IBM WebSphere). The Java Data Objects implement the business logic of the Oracle Identity Manager application; however, they are not exposed to any methods from the outside world. Therefore, to access the business functionality of Oracle Identity Manager, you can use the API layer within the J2EE infrastructure, which provides the lookup and communication mechanism.

Tier 3: Database: 

The third tier consists of the database. This is the layer that is responsible for managing the storage of data within Oracle Identity Manager.

The process of identifying an individual usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.

After Authentication the process of granting or denying access to a network resource is called Authorization..Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user's identity.

Step One: Inventory and assess current investments and processes. Clean and consolidate identity data stores. Create virtual identities for enterprise users.

Step Two: Design and deploy identity infrastructure components. Create identity provisioning and deploy password management, user self-service and regulatory compliance.

Step Three: Deliver applications and services. Access management deployed to a clean environment. Leverage federated identity for improving supply chain and employee efficiencies.

  • Identity Management
  • Access Management, 
  • Directory Management. 

Oracle Products that fall under Identity Management are Oracle Identity Manager and Oracle Role Manager. Oracle products that fall under Access Management are Oracle Access Manager, Oracle Entitlement Server, Oracle Adaptive Access Manager, Oracle Identity federation and Enterprise Single Sign-On. Oracle products that fall under Directory Management are OID and OVD.

An Oracle WebGate is a Web server plug-in that is shipped out-of-the-box with Oracle Access Manager. The WebGate intercepts HTTP requests from users for Web resources and forwards them to the Access Server for authentication and authorization.

An adapter is a Java class that is created by an Oracle Identity Manager user through the Adapter Factory.

Process Tasks adapters - automate completion of a process task and are attached to a Process Definition Form ( AD user, OID User, etc)

 Entity Adapter - automatically populates a field on the OIM User form or custom User Form on pre-update, pre-delete, pre-insert, post-insert, post-update, or post-delete

Pre-Populate Adapter - specific type of rule generator attached to a user-created form field that can automatically generate data to the form but does not save that data to the OIM database but does send that information to appropriate directory user object. The data can come from manual entry on a form or from automated entry from the OIM defined forms.

Rule Generator - can populate fields automatically on an OIM form or a user-created form and save to the OIM database based on business rules

Task Assignment Adapter - automates the assignment of a process task to a user or group

A RO is in its most basic form basically a virtual representation of an account on a target system. If anomie user has an account on the target system the user has an RO instance associated with it.The most basic process that you do with ROs is to provision the account to a target system. The provisioning is handled by a provisioning process. The provisioning processes usually consists of a number of provisioning tasks that fires adapters that in turn calls code, often Java code, that actually does the provisioning work.

The process involves creating user accounts that are able to be modified, disabled or deleted. Delegated workflows, rules and policies are applied to the users account.

A user profile will tell the company: who they are, what they are entitled to do, when they are allowed to perform specific functions, where they are allowed to perform functions from and why they have been granted permissions.