1. Oracle Identity Analytics Overview
2. Using the Oracle Identity Analytics User Interface
Identity Certification Overview
What Is Identity Certification?
Who Is Involved in Completing Identity Certifications?
Understanding the Identity Certification User Interface
Finding and Reassigning Certifications
To Delegate a Certification to Another User
To Complete a User Entitlement Certification
To Complete a Role Entitlement Certification
To Complete a Resource Entitlement Certification
To Complete a Data Owner Certification
Getting More Information About User Accounts, Roles, Attributes, and Policies
Role Meta Information Page Help
Accounts Meta Information Page Help
Attribute Meta Information Page Help
To View a Certification Report
Certification Reports Available in Oracle Identity Analytics
During the certification process you can view additional details about roles, accounts, attributes, and policies by clicking a More Info link. When you click a More Info link, one of four Meta Information pages opens. The following sections provide details about the Meta Information pages.
The Role Meta Information Page consists of four sections:
General - This section includes information about the role.
General tab - Displays basic information about the role.
Business Structures tab - Displays business structures associated with the role.
Users tab - Displays users assigned to the role.
Exclusion Roles tab - Displays conflicting roles. This helps define Segregation of Duties at the role level.
Ownership tab - Displays the role owner.
Custom Properties tab - Displays the custom properties associated with the role.
Rules - This section displays rules associated with the role.
Certification History - This section shows the certification history of the role. Information includes last date of action, the nature of the action, and comments, if any.
Policy Entitlements - This section displays all the policies that are part of the role. All policy-related information, such as business structures, roles, resources, exclusion policies, ownership information, and entitlements, are displayed.
The Accounts Meta Information Page consists of four sections:
General - This provides information about the account and its entitlements.
Account - This lists account information such as name, resource, and domain.
Entitlement - This lists information about the account's entitlements.
Open Audit Exception - This section shows if the account is part of an open-audit exception. An open-audit exception is a violation that has not been fixed.
Certification History - This section shows the certification history of the account. The information provided here includes a description of the action taken, the date that the action was taken, and comments, if any.
User Activity - This section displays the user's recent account activity. The section is divided into two subtabs:
Alerts - Displays the alerts raised by the Intellitactics Security Information and Event Monitoring (SIEM) solution when it detects event violations based on the SIEM solution's internally defined rule set. The tab displays the alert title, description, time range, score, and status. These fields display the value captured by the SIEM solution.
All Events - Displays user activity events, which are collected by monitored endpoints by the Intellitactics SIEM system and reported in Oracle Identity Analytics as daily summarized data. The tab displays the event ID, event type, time range, count, and user ID. These fields display the value captured by the SIEM solution.
Note - The User Activity section will be displayed if Oracle Identity Analytics is integrated with Intellitactics Security Manager, a security information and event monitoring solution. To learn more about Intellitactics Security Manager, see Integrating with Intellitactics Security Manager in the Oracle Identity Analytics 11gR1 System Integrator's Guide.
The Attribute Meta Information Page consists of two sections:
General - This section lists the attribute name, value, and glossary information. It also lists the attribute hierarchy, if any.
Certification History - This section shows the certification history of the attribute. The information provided includes a description of the action taken, the date the action was taken, and comments, if any.
The Policy Meta Information Page consists of three sections:
General - This section includes information about the policy.
General tab - Displays basic information about the policy.
Business Structures tab - Displays the business structures associated with the policy.
Ownership tab - Displays the policy owner.
Resources tab - Displays all the resources associated with the policy.
Exclusion Policies tab - Displays conflicting policies. This helps define Segregation of Duties at the policy level.
Roles tab - Displays the roles associated with the policy.
Entitlements tab - Displays the attribute and the corresponding attributes values.
Open Audit Exception - This section shows if the account is part of an open audit exception. An open audit exception is a violation, which is not fixed.
Certification History - This section shows the certification history of the account. Information includes a description of the action taken, the date the action was taken, and comments, if any.
As a certifier, you can directly de-provision the accounts or roles you revoke during the certification process. Please check with your Oracle Identity Analytics administrator if this feature is configured.
To check and de-provision accounts, do the following:
Go to Step 2 in the certification process.
Here, you will review and certify or revoke access to accounts, attributes, roles, policies and entitlements.
Select 'revoke' from the drop-down menu against an account, attribute, role or policy.
Click the hyperlinked resource name under the resource column.
Follow the steps.
Note - If Oracle Identity Analytics is integrated with Oracle Waveset (Sun Identity Manager), then revoked accounts will be de-provisioned automatically.