OIM and Delegated Administration question
756828Mar 9 2010 — edited Mar 9 2010Hello - I am hoping some one can help me out here in achieving the following goal.
We would like to enable delegated administration in OIM. We have around 10 offices and each office has some departments. The idea is to allow each department admin to create user accounts in OIM and perform all provisioning related tasks (e.g. account creation, role modification etc) to our target LDAP server. The target server is OID server. The department admin should only be allowed to search, create and manage accounts in the units they belong ie. admin of department1 should only be able to add a user in OIM in an organization that he belongs.
Can some one please let me know what is the easiest way to achieve this without modifying much code inside OIM. High level steps to achieve this task would be really helpful like we need to create organizations in OIM? or do we need to create groups for each departments? or both?
If there is any documentation that shows example of delegated administration with steps please do let me know.
Thank you