10 Managing Tasks

In Oracle Identity Self Service, you can view task instances of specific types. These types are associated with specific Oracle Identity Manager components. The task types are approval, certification, provisioning, and attestation tasks.

The approval tasks can be viewed and managed from the Inbox section of Identity Self Service. These tasks are instantiated by request service and correspond to associated requests that are in the user or administrator's queue to be approved.

The certification review tasks can be viewed and managed from the Inbox section of Identity Self Service. These tasks correspond to the certification process in the reviewer's queue.

The provisioning tasks can be viewed and managed from the Open Tasks section of Identity Self Service. These tasks correspond to tasks instantiated by requests, or pending manual provisioning tasks, or failed automatic provisioning tasks in the user or administrator's queue.

The attestation tasks can be viewed and managed from the Pending Attestations section of Identity Self Service. These tasks correspond to outstanding attestation process in the user or administrator's queue.

Note:

The attestation feature has been deprecated in Oracle Identity Manager 11g Release 2 (11.1.2.1.0). However, this feature is available if you upgrade from Oracle Identity Manager Release 9.x or 11g Release 1 (11.1.1) or 11g Release 2 (11.1.2).

The approval, provisioning, and attestation tasks can be used by both administrators and end-users. For example, an IT department personnel responsible for delivering a laptop to an employee may not be an Oracle Identity Manager administrator, but needs to view and change provisioning tasks.

This chapter contains the following topics:

Using the Unified Inbox
Managing Approval Tasks
Managing Certification Review Tasks
Managing Provisioning Tasks
Managing Attestation Tasks

10.1 Using the Unified Inbox

The Inbox lists all the approval and certification-review tasks assigned to the logged-in user in a single screen. It enables the logged-in user to filter task views into user preferences, such as assigned tasks, completed tasks, and tasks for which information has been requested. The user can select a task to open it in a new tab and then perform necessary actions on the task. This allows you to work on multiple tasks at a time by opening them in different tabs. To access the Inbox, login to Oracle Identity Self Service, and click Inbox on the left navigation pane.

The Inbox also allows the user to search tasks, organize them in views, and create shared views. The Worklist Views section of the Inbox lists the available views. You can click a view to display its contents, which are filtered representations of tasks that match the view definition.

Managing views is described in the following sections:

Creating a View Definition
Editing User Preferences
Deleting a View
Editing the Task Chart

10.1.1 Creating a View Definition

To create a view definition in the Inbox:

In the Worklist Views section of the Inbox, click the Add View icon (plus icon). The Create User View dialog box is displayed.
Select any one of the following options:
- Create View: Select to create a new view. Enter a name of the view in the Name field.
- Use Public View: Select to create a view based on an already existing view that is publicly available to users. On selecting this option, a lookup icon is displayed adjacent to the Name field. Click the lookup icon to open the Select Public View dialog box, select a view based on which you want to create the new view, and click OK.
Note:

If you log in as a domain admin user, then you can create the view as public so that all users can see the view. When you create a public view, it is displayed under the Standard Views section. For more information, refer to SOA documentation.
In the Assignee, Task Type, and Add Condition fields, specify a search condition based on which certifications will be displayed in the view. See "Searching Certifications in the Inbox" for information about specifying a search condition.
In the Share View section, select any one of the following:
- Definition only: Select this option to share the view definition with other users and groups.
- Data: Select this option to share the data or search result in your view.
Click the lookup icon adjacent to the Users and Groups fields to select users and groups respectively with whom you want to share the view.
Click OK. The view is added in the My Views list of the Worklist Views section.

10.1.2 Editing User Preferences

You can modify the columns in the Inbox that lists the certification tasks assigned to you or for which you are the reviewer. To edit the way columns are displayed or hidden in the Inbox:

In the Worklist Views section of the Inbox, click the Edit User Preferences icon. The Edit User Preferences dialog box is displayed.

Tip:

If the Worklist Views section is not displayed by default, then click the arrow next to Worklist Views to expand the Worklist View. To collapse the Worklist Views, you can click the arrow again.
In the Available Columns list, select the columns that you want to display. You can hold the Ctrl key and select multiple columns.
Click the Move selected items to other list button to move the selected columns to the Selected Columns list. To move all the columns in the Available Columns list to the Selected Columns list, you can click the Move all items to other list button.
To remove columns from the Selected Columns list, select the columns by holding the Ctrl key, and click the Remove selected items from list button.

Note:

You cannot remove the Title column from the Selected Columns list. The title column is always displayed as the first column in the Inbox.
Click the up and down arrow key to the right of the Selected Columns list to move the columns up or down the order.
From the Sort By Column list, select a column name based on which you want the certification data to be sorted. For example, if you select Priority from this list, then the certification tasks in the Inbox will be sorted based on the priority.
Select the Sort Order as Ascending or Descending.
From the Number of tasks per fetch list, select the number of certification tasks that you want to display in the Inbox at a time.
For User language setting of, select Browser or Identity Provider to select the language settings of the web browser or Identity provider respectively.
Click OK. The certification tasks are listed according to the options you selected in the Edit User Preferences dialog box.

10.1.3 Deleting a View

To delete a view in the Inbox:

In the Worklist Views section of the Inbox, select a view that you want to delete.
Click the Delete View icon (cross icon). A message is displayed asking for confirmation.
Click Yes to confirm.

10.1.4 Editing the Task Chart

To show or hide the task status information in the Inbox:

In the Task Status section of the Inbox, click the Edit Task Chart icon. The Chart Display States dialog box is displayed.

Tip:

If the Task Status section is not displayed by default, then click the arrow next to Task Status to expand the Task Status. To collapse the Task Status, you can click the arrow again.
Select the task status options that you want to display in the Task Status section of the Inbox. To hide the task status, deselect the task status options.
Click OK.

10.2 Managing Approval Tasks

Oracle Identity Manager request service interacts with SOA Server to handle various aspects of human interaction in Oracle Identity Manager workflows. This request service is used to assign tasks to roles and users. You can perform various operations upon tasks assigned to you. For example, you can approve, reject, or claim a task, or request for more information. The process flow in corresponding Oracle Identity Manager workflow is dependent on the outcome of given tasks.

10.2.1 Viewing Approval Tasks

To view for approval details:

In the left pane, click Inbox.

The Worklist Views page is displayed. By default, all types of tasks are displayed in an unified inbox view.

The Worklist Views page displays the details of your tasks in columns described in Table 10-1:

Table 10-1 Columns in the Approval Details Page

Column	Description
Title	The title of the task.
Number	The number of the task.
Priority	The priority of the task.
Assignees	The user to whom the task is assigned.
State	The state in which the task is in, such as Assigned or Completed.
Created	The time stamp of the task when it was created.
Expires	The time stamp of the task when it expires.

From the Worklist Views menu, expand My Work Queues, if not already expanded.
From the My Work Queues menu, you can select any one of the following views:
- Due Soon: Displays all tasks that are due in a few days.
- High Priority: Display all tasks with high priority.
- Past Day: Displays all tasks assigned in the previous day.
- Past Week: Displays all tasks assigned in the previous week.
- Past Month: Displays all tasks assigned in the previous month.
- Past Quarter: Displays all tasks assigned in the previous quarter.
- Manual Provisioning: Displays all tasks created for manual provisioning.
- New Tasks: Displays all new tasks that have been created.
- Pending Approvals: Displays all tasks that are pending approvals.
- Pending Certifications: Displays all tasks that are pending certifications.
From the Assignee list, select any of the following:
- Me: Displays all tasks assigned to you.
- My Group: Displays all tasks assigned to the role you have.
- Me & My Group: Displays all tasks assigned to you and the role you have.
- Me & My Group All: Displays all tasks assigned to you and all the roles you have.
- Me (Previously): Displays all tasks that were previously assigned to you, but are not assigned to you now.
- Me (Review Only): Displays all tasks that are assigned to you for review.
From the State list, select any one of the following:
- Any: Displays all tasks in your queue irrespective of the state.
- Assigned: Displays all tasks that are currently assigned to you.
- Completed: Displays all tasks in your queue that have been completed.
- Suspended: Displays all tasks in your queue that have been suspended.
- Withdrawn: Displays all tasks in your queue that have been withdrawn.
- Expired: Displays all tasks in your queue that have expired.
- Errored: Displays all tasks in your queue that generated an error.
- Alerted: Displays all tasks in your queue for which the assignees have been alerted.
- Information Requested: Displays all tasks in your queue for which information has been requested.
You can select appropriate options from the My Work Queues menu, the Assignee list, and the State list to display a list of task shown as a combination of your selection.

10.2.2 Searching Tasks

In the Approval Details page, you can perform the following search operations:

Performing Simple Search for Tasks
Performing Advanced Search for Tasks

10.2.2.1 Performing Simple Search for Tasks

To perform simple search for tasks:

In the left pane, click Inbox.
In the Search field of any tab, enter a search criterion. For example, if you enter request in the Search field, all tasks with the word 'request' in the task title are displayed.

Note:

The simple search does not support wildcard characters.
Click the icon next to the Search field. The tasks that match the search criterion you specified are displayed.

10.2.2.2 Performing Advanced Search for Tasks

To perform advanced search for tasks:

Open the Inbox section.
In any tab, click Advanced. The Advanced Search dialog box is displayed.
To specify a task type to search, click the lookup icon next to the Task Type field. The Task Type Browser dialog box is displayed.
Click Search. The available task types along with process names are displayed.
Select a task type. The details of the process type are displayed in the right panel, as shown in Figure 10-1:

Figure 10-1 The Task Type Browser Dialog Box

Description of "Figure 10-1 The Task Type Browser Dialog Box"
Click OK. The task type is added in the Task Type field.
From the Add Condition list, select a condition. For the purpose of this example, select Assignees.
To add more conditions, click the plus icon next to the Add Condition list. The Assignees field is added.
For the Assignees field, select a search operator, such as contains or does not contain.
To search and select an assignee, click the lookup icon next to the Assignees field. The Identity Browser dialog box is displayed.
From the list, select Users to display the users as assignees.
Specify a search condition, such as first name, last name, or user ID, in the field, and click Search. A list of users that match the search condition is displayed.
Select the user that you want to specify as assignee. The details of the user is displayed, as shown in Figure 10-2:

Figure 10-2 The Identity Browser

Description of "Figure 10-2 The Identity Browser"
Click OK. The selected user is added to the Assignee field in the Advanced Search dialog box.
If you want to save the search condition you specified as a view for future use, then perform the following:
1. Select the Save Search as View option. Some fields related to saved search are displayed, as shown in Figure 10-3:
  
  Figure 10-3 The Advanced Search Dialog Box
  
  Description of "Figure 10-3 The Advanced Search Dialog Box"
2. Select any one of the following to share the view:
  - Definition only: Shares the definition of the view without the data that is searched.
  - Data: Shares the data as well as the definition of the saved search.
3. In the Users and Group fields, search and select users and groups with whom you want to share the saved search as a view.
4. Click Save as View. The search is saved as a view.
Click Search. The tasks that match the search condition you specified are displayed.

10.2.3 Viewing Task Details

When you click the request title link of any of the approval tasks in any of the tabs in the Inbox section, task details are shown for that approval task in a new tab.

The task details page displays a detailed view of the request in the Summary Information section, the Request Details tab, the Approvals tab, and the Cart Details section. It allows complete management of the listed task.

In the Cart Details section, the approver can provide data, without which (if the field is marked as mandatory) the approver will not be allowed to approve a request. For example, when an approver opens a task related to self-registration request, the organization field is marked as mandatory, but no value is specified for this field by the requester. Therefore, the approver must specify a value for this mandatory field.

In the next level of approval, the approver can modify the data, if required. Similarly, if the approver sends the task to another user for more information (using the Request Information operation), then the user to whom it is assigned can see an additional section called "Additional Request Information" in Task details and the user can send a response to the information requested.

In addition, the following tabs display details associated to the request:

Request Details: This tab displays the target users or beneficiary information, and related requests, if any.
Approvals: The complete approval flow with all approvers. You can select the Future participants option to display the next level approvers. You can select the Full task actions option to display all the approvals for the task.

The various operation that you can perform in the task details page are described in the subsequent sections.

10.2.4 Adding Comments and Attachments

After you view the task details, you can add comments and attachments prior to performing any operation on the task such as approving, rejecting, or reassigning the request. An attachment can either be a hyperlink or an actual file. It is recommended that the size of the file attachment that you upload be less than 2 MB. If you want to upload file attachments of size greater than 2 MB, then you must change the ADF configuration and increase the size limit. For more details, see Oracle Fusion Middleware Fusion Developer's Guide for Oracle Application Development Framework.

To add comments and attachments:

Open the Inbox section.
On any tab, search for and select the task for which you want to add comments or attachments. The details of the task are displayed in a new tab.
To add a comment:
1. Click the Approvals tab.
2. Click the Create Comment icon. The Create Comment dialog box is displayed.
3. In the Comment field, enter the comments related to the task, and then click OK.
4. Click Save to save the comment.
To add an attachment:
1. Expand the Attachments section if it not already expanded.
2. Click the Add Attachment icon. The Add Attachment dialog box is displayed.
3. Select one of the following options as the attachment type:
  - URL: Specify the URL to an attachment.
  - Desktop File: Allows you to select and upload a file from the desktop.
4. Click OK.

10.2.5 Approving a Task

To approve a task that is assigned to you:

Open the Inbox section.
Search for and select the task that you want to approve.
Click the task to view its details in a new tab, and then click Approve.

The task is approved and is no longer displayed in the tasks table.

Note:

A self-registration request is assigned to the System Administrator role by default. Before you can approve a self-registration request, as a member of the System Administrator role, you must claim a self-registration task, provide the organization name, and update the request before approval.

10.2.6 Rejecting a Task

To reject a request that is assigned to you:

Open the Inbox section.
Search for and select the task that you want to reject.
Click the task to view its details in a new tab and provide any comments. Then, click Reject. The task is rejected and is no longer displayed in the tasks table of the Approval Details page.

10.2.7 Reassigning a Task

To reassign a request that is assigned to you:

Open the Inbox section.
Search for and select the task that you want to reassign.
Click the task to view its details in a new tab. Then, from the Task Actions menu, select Reassign.

The Reassign Task dialog box is displayed.
Select any one of the following options:
- Reassign (transfer task to another user or group): To reassign the task to another user, group, or application role. On selecting this option, you can search and select users, groups, or application roles for reassigning.
- Delegate (allow specified user to act on my behalf): To delegate the task to a user that you can search and select. The delegated user will take actions on the task on your behalf. The privileges of the delegatee are based on the delegator's privileges.
Search for user or groups to which you want to assign the task, and click the Move selected items to other list icon to include the selection in the Selected list.
Click OK. The task is assigned.

10.2.8 Suspending a Task

To suspend a task:

In the Approval Details page, search and select the request that you want to suspend.
Click the task to view its details in a new tab. Then, from the Task Actions menu, select Suspend.

A message is displayed stating that the task is successfully suspended.

10.2.9 Withdrawing a Task

To withdraw a task:

In the Approval Details page, search and select the request that you want to withdraw.
Click the task to view its details in a new tab. Then, from the Task Actions menu, select Withdraw.

A message is displayed stating that the task is successfully withdrawn.

10.3 Managing Certification Review Tasks

You can view and make decisions on certifications by using the Inbox. This section describes working with certifications in the Inbox in the following topics:

Searching and Viewing Certifications
Completing Certifications

Note:

This section describes the actions you can perform in the Inbox. For an overview of identity certification and information about operations you can perform by using the Dashboard, see "Chapter 15, "Using Identity Certification".

10.3.1 Searching and Viewing Certifications

This section describes how to search and filter certifications in the Inbox and Dashboard, and how to view the details of certifications in the following sections:

Searching Certifications in the Inbox
Accessing Certification Tasks From the Inbox

10.3.1.1 Searching Certifications in the Inbox

The Inbox enables you to perform simple search and advanced search based on search criteria that you specify.

To perform simple search for certifications:

Login to Oracle Identity Self Service.
On the left pane, click Inbox. The Inbox is displayed with a list of certification review tasks (and other approval tasks) assigned to you.
From the State list, select the certification status that you want to search for, for example, Assigned or Completed. Select Any to search for any certification irrespective of the status.
In the Search box, specify a search criterion, for example, the certification name.
Click the Search icon. The certifications that match your search criteria are listed in the search results table.

To perform advanced search for certifications:

Login to Oracle Identity Self Service.
On the left pane, click Inbox. The Inbox is displayed with a list of certification review tasks (and other approval tasks) assigned to you.
Click Advanced adjacent to the Search icon. The Advanced Search dialog box is displayed.
Click the lookup icon next to the Task Type field. The Task Type Browser is displayed.
Click Search. A list of available task types are displayed.
Select the task type that you want to specify as a search criteria. The details of the task type is displayed in the Details pane.
Click OK. The selected task type is populated in the Task Type field.
From the Add Condition list, select a field name, for example, Start Date.
Click the plus (+) icon. The fields to specify the search condition are displayed.
In the Start Date list, select a condition, such as on, equals, or greater than.
In the adjacent date field, specify a date based on which the search condition is formed.
(Optional) Select the Save Search as View option if you want to save the search criteria as a view in the Inbox. To save the search as a view:
1. In the Name field, enter a name for the view.
2. In the Share View section, select any one of the following:
  - Definition only: Select this option to share the view definition with other users and groups.
  - Data: Select this option to share the data or search result in your view.
3. Click the lookup icon adjacent to the Users and Groups fields to select users and groups respectively with whom you want to share the view.
4. Click Save as View. The view is added in the My Views section in the list of worklist views.
After specifying the complete search criteria, click Search. The certifications that match your search criteria are listed in the search results table.

Tip:

To sort the data in the search results table, place the mouse pointer on a column name. Up and down arrows are displayed on the column names. Click the up arrow to sort in ascending order. Click the down arrow to sort in descending order.

10.3.1.2 Accessing Certification Tasks From the Inbox

This section describes how to access certification tasks for each type of certification:

Viewing User Certification Details
Viewing Role Certification Details
Viewing Application Instance Certification Details
Viewing Entitlement Certification Details

Note:

The pages that display certification details and the details for user access rights, role content and membership, account details for application instances and entitlements enable you to personalize the contents of the pages. For example, you can use saved search, show/hide columns, and sort the data in columns. These personalization features are similar in all pages in Oracle Identity Self Service. See Chapter 5, "Personalizing Self Service" for information about personalizing pages in Oracle Identity Self Service.

10.3.1.2.1 Viewing User Certification Details

To view user certification details:

On the left pane of the Oracle Identity Self Service, click Inbox. The Inbox is displayed with a list of certification tasks assigned to you, and for which you are the primary reviewer or delegated reviewer.
Click a certification task name to open it in a new page. Page 1 or the user certification summary page of the certification task opens in a new page.
Review the following sections of the user details:
- The user certification name and certification creation date appears at the top of the page. Clicking the information icon adjacent to the certification name displays a pop-up with detailed statistics of the current certification being reviewed.
- In the table that lists the users, the user name is a hyperlink. Clicking this hyperlink opens the access details of the user.
- The Detailed Information section consists of the following tabs:
  - User Information: This tab displays user attributes that are included in the certification snapshot during certification generation. The user name is a hyperlink. Click the user name to display the user details in a new tab.
  - Risk Summary: This tab identifies why a user's Risk Summary is High/Medium/Low based on various factors. The pie chart in this tab displays the overall breakdown of a user's risk. Click any area of the chart to open the detail screen of the user certification. To view the risk items in a tooltip, place your mouse pointer over the charts.
    
    This tab also displays a graph that breaks down the risk levels based on the roles, accounts, and entitlements the user has, as well as their associated risk levels. Click any area of the graph to open the detail screen of the user certification. To view the risk items in a tooltip, place your mouse pointer over the graph.
  - Action History: This tab displays the various delegation paths available on the user details page, and a trail of the actions taken by the reviewers as well as by Oracle Identity Manager. Possible details displayed include all the actions that are available in the Actions menu, as well as proxy, escalate, and expire.
Review the following sections of the role details:
- The User Detail section displays the user attributes that are included in the certification snapshot during certification generation.
- The table lists the roles with Display Name, Action, and Risk Summary.
- The Detailed Information section consists of the following tabs:
  - Catalog Information: This tab displays the default catalog attributes that are included as part of the default snapshot creation. The Name and Owner fields are hyper-linked. Clicking these hyperlinks opens the role detail and user details pages in new tabs.
  - Risk Summary: This tab identifies why a role Risk Summary is High, Medium, or Low based on various factors, such as Item Risk, Last Certification Decision, and Provisioning Method. The Provisioning Method field is hyper-linked. Clicking this hyperlink opens the appropriate access policy or access request details in a new tab.
  - Certification History: This tab displays the various certification decisions made by reviewers in the past on the given line-item.
  - Action History: This tab displays the phase in which the reviewer made a given decision. Possible values include all the actions that are available in the Actions menu, as well as proxy, escalate, and expire..
Review the following sections of the account details:
- The account name and the application instance name are displayed in the table, along with the underlying entitlements associated to the account. Accounts and entitlements are indicated by different icons.
- The Detailed Information section consists of the following tabs:
  - Catalog Information: This tab displays the account details that are the default catalog attributes. These attributes must be included as part of the default snapshot creation. The Name and Certifier fields are hyper-linked. Clicking these hyperlinks opens the account detail and user details pages in new tabs.
  - Risk Summary: This tab identifies why an account Risk Summary is High, Medium, or Low based on various factors, such as Item Risk, Last Certification Decision, and Provisioning Method. The Provisioning Method field is hyper-linked for an access request. Clicking this hyperlink opens the appropriate access policy or access request details in a new tab.
  - Certification History: This tab displays the various certification decisions made by reviewers in the past on the given line-item.
  - Action History: This tab displays the phase in which the reviewer made a given decision. Possible values include all the actions that are available in the Actions menu, as well as proxy, escalate, and expire..
Review the following sections of the entitlement details:
- The account name and the application instance name are displayed in the table, along with the underlying entitlements associated to the account. Accounts and entitlements are indicated by different icons.
- The Detailed Information section consists of the following tabs:
  - Catalog Information: This tab displays the entitlement details that are the default catalog attributes. These attributes must be included as part of the default snapshot creation. The Display Name and Certifier fields are hyper-linked. When you click the Display Name of the entitlement, the granular entitlement hierarchy, if it is being captured in the catalog for a given entitlement, is displayed in a new tab. Clicking the Certifier name opens the user details page in a new tabs.
  - Risk Summary: This tab identifies why an entilement Risk Summary is High, Medium, or Low based on various factors, such as Item Risk, Last Certification Decision, and Provisioning Method. The Provisioning Method field is hyper-linked. Clicking this hyperlink opens the appropriate access policy or access request details in a new tab.
  - Certification History: This tab displays the various certification decisions made by reviewers in the past on the given line-item.
  - Action History: This tab displays the phase in which the reviewer made a given decision. Possible values include all the actions that are available in the Actions menu, as well as proxy, escalate, and expire..
To display the details of the access rights for the next user in the certification task, click Next at the top of the page. You can click First, Previous, Next, and Last buttons to navigate between the pages for the access rights of each user. You can click Back to Summary to go back to the user certification detail page.

10.3.1.2.2 Viewing Role Certification Details

To view role certification details:

On the left pane of the Oracle Identity Self Service, click Inbox. The Inbox is displayed with a list of certification tasks assigned to you, and for which you are the primary reviewer or delegated reviewer.
Click a certification task name to open it in a new page. Page 1 or the role certification summary page of the certification task opens.
Review the following sections of the role certification details page:
- The role certification name and certification creation date appears at the top of the page. Clicking the information icon adjacent to the certification name displays a pop-up with detailed statistics of the current certification being reviewed.
- In the table that lists the roles, the user name is a hyperlink. Clicking this hyperlink opens the role details. The table also displays the Members and Policies columns.
- Select a role in the certification table. The Detailed Information section displays the following tabs:
  - Catalog Information: This tab displays all catalog attributes of the selected role. The Role Name and Certifier fields are hyperlinked. Clicking these hyperlinks opens the role details and user details in new tabs.
  - Action History: This tab displays the various delegation paths available on the role details page, and a trail of the actions taken by the reviewers as well as by Oracle Identity Manager. Possible actions include delegate, re-assign, escalate, or proxy.
In the certification table, click a role name to open the role detail. The role detail page consists of the following tabs:
- Members: This tab lists the role membership of the open role. Select a row in the members table to display the Detailed Information section, which consists of the User Information, Risk Summary, Certification History, and Action History tabs.
- Policies: This tab lists the policies associated with the open role. Select a row in the policies table to display the Detailed Information section, which consists of the Policy Information, Certification History, and Action History tabs.
In the Policies tab, expand a policy by clicking the icon adjacent to the policy. The entitlements associated with the policy are listed in the table. Select the entitlement to display the entitlement details in the Detailed Information section. The entitlement details are displayed in the Catalog Information, Certification History, and Action History tabs.
To display the role contents and role members for the next role in the certification task, click Next at the top of the page. You can click First, Previous, Next, and Last buttons to navigate between the pages for the role contents and role member details of each role. You can click Back to Summary to go back to the role certification detail page.

10.3.1.2.3 Viewing Application Instance Certification Details

To view application instance certification details:

On the left pane of the Oracle Identity Self Service, click Inbox. The Inbox is displayed with a list of certification tasks assigned to you, and for which you are the primary reviewer or delegated reviewer.
Click a certification task name to open it in a new page. Page 1 or the application instance certification summary page of the certification task opens.
Review the following sections of the application instance certification details page:
- The application instance certification name and certification creation date appears at the top of the page. Clicking the information icon adjacent to the certification name displays a pop-up with detailed statistics of the current certification being reviewed.
- In the table that lists the application instances, the application instance name is a hyperlink. Clicking this hyperlink lists the accounts belonging to the selected application instance.
- Select an application instance in the certification table. The Detailed Information section displays the following tabs:
  - Catalog Information: This tab displays all catalog attributes of the selected application instance. The Certifier field is hyperlinked. Clicking this hyperlink opens the user details in a new tab.
  - Action History: This tab displays the various delegation paths available on the application instance details page, and a trail of the actions taken by the reviewers as well as by Oracle Identity Manager. Possible values include all the actions that are available in the Actions menu, and delegate, re-assign, escalate, or proxy.
In the certification table, click an application instance name to open the application instance detail. This page lists the application instance names and account names along with the underlying entitlements associated to the account.
Click an account to display the account details in the Detailed Information section. This section displays the account details in the Catalog Information, Risk Summary, Certification History, and Action History tabs.
Click an entitlement to display the entitlement details in the Detailed Information section. This section displays the entitlement details in the Catalog Information, Risk Summary, Certification History, and Action History tabs.
To display the set of users who have accounts for the next the application instance in the certification task, click Next at the top of the page. You can click First, Previous, Next, and Last buttons to navigate between the pages for the account details of each application instance. You can click Back to Summary to go back to the application instance certification detail page.

10.3.1.2.4 Viewing Entitlement Certification Details

To view entitlement certification details:

On the left pane of the Oracle Identity Self Service, click Inbox. The Inbox is displayed with a list of certification tasks assigned to you, and for which you are the primary reviewer or delegated reviewer.
Click a certification task name to open it in a new page. Page 1 or the entitlement certification detail page of the certification task opens.
Review the following sections of the entitlement certification details page:
- The entitlement certification name and certification creation date appears at the top of the page. Clicking the information icon adjacent to the certification name displays a pop-up with detailed statistics of the current certification being reviewed.
- In the table that lists the entitlements, the entitlement name is a hyperlink. Clicking this hyperlink displays the entitlement assignment details of the selected entitlement.
- Select an entitlement in the certification table. The Detailed Information section displays the following tabs:
  - Catalog Information: This tab displays all catalog attributes of the selected application instance. The Display Name and Certifier fields are hyperlinked. Clicking these hyperlinks opens the entitlement details and user details in new tabs.
  - Action History: This tab displays the various delegation paths available on the entitlement details page, and a trail of the actions taken by the reviewers as well as by Oracle Identity Manager. Possible values include all the actions in the Actions menu, and delegate, re-assign, escalate, or proxy.
In the certification table, click an entitlement name to open the entitlement assignment detail. This page lists the account names of the selected entitlement.
Click an account to display the account details in the Detailed Information section. This section displays the account details in the Account-Owner Information, Risk Summary, Certification History, and Action History tabs.
Click an entitlement to display the entitlement details in the Detailed Information section. This section displays the entitlement details in the Catalog Information, Risk Summary, Certification History, and Action History tabs.
To display the set of users who have accounts for the next entitlement in the certification task, click Next at the top of the page. You can click First, Previous, Next, and Last buttons to navigate between the pages for the account details of each entitlement. You can click Back to Summary to go back to the entitlement certification detail page.

10.3.2 Completing Certifications

Completing certifications is described in the following sections:

Completing User Certifications
Completing Role Certifications
Completing Application Instance Certifications
Completing Entitlement Certifications

10.3.2.1 Completing User Certifications

User certification enables managers to verify their employees and the role assignments, accounts and entitlement assignments for each. Completing a user certification involves the following steps:

Making Certification Decision on the Users
Reviewing Roles and Entitlements
Finishing the User Certification

10.3.2.1.1 Making Certification Decision on the Users

When a certification task is opened, you may be required to verify the access of each user. This verification step is optional based on the configuration settings set in the certification definition. If verification is not required, then the initial summary view of users are skipped and you are presented with the user detail view.

If verification is required, then a decision must be made on each of the users that you have been asked to review. To do so:

In the Inbox, open the new or in progress certification review task. Page 1 of the certification task is displayed with a list of users.
Review the list of users and verify that each employee works for you, and that you are responsible for verifying their access.
From the Actions menu, select any one of the following for each user:
- Claim: Select to restore a user to your verification queue for certification. This might happen automatically, depending on the values in certification configuration. See "Configuring Certification Options in Identity System Administration" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about the certification configuration options. However, even if each user is claimed automatically, you are free to choose another action.
- Revoke: Select if the user is no longer part of the organization. This action removes the user from the certification process, and you will not approve or revoke roles and entitlements for this user. To return a user to your verification queue, select the user name, and select Claim from the Actions menu.
- Re-assign: Select if the user works for someone else who should now be responsible for verifying the user's assigned roles and entitlements. This action removes the selected user(s) from the current certification, creates a new certification with the selected user(s), and assigns the person you specify as the primary reviewer for that new certification.
- Abstain: Select if the employee does not work for you and you do not know who should be responsible for verifying the user's assigned roles and entitlements. This action on the user records on each role and entitlement assigns to the user your decision to abstain, that is, to leave each assignment as it is. If you know who should be responsible, then you can reassign the user instead.
After you have taken a verification action on each user, you must make certification decisions on each role and entitlement assigned to the users you have claimed. You do not need to make any further certification decisions on a user that you have revoked or reassigned or abstained. Normally, this means that you will open each user and then review its roles and entitlements, as described in "Reviewing Roles and Entitlements". However, you may also choose to delegate one or more users to another person, which allows that person to make certification decisions on the roles and entitlements assigned to that user. The following actions are available from the Actions menu:
- Open: Select this action to review the details of each user and to make certification decisions on the roles and entitlements assigned to the user. See "Reviewing Roles and Entitlements".
- Delegate: Select this action to allow another person to make decisions on the access privileges of each selected user. This action will create a new delegated-review task that contains the selected user(s) and will assign the task to the person you specify as delegate. Responsibility still remains with you, the primary reviewer.
- Un-delegate: This action applies only to delegated users. This action removes each selected user from the delegated-review task and returns decision-making rights to you, the primary reviewer.
The Actions menu offers two additional convenience actions that are useful after you have made some certification decisions on the details of a user. These actions affect the decisions on multiple details, that is, accesses of each selected user:
- Complete: Sets any missing decisions on role-assignments, accounts, or entitlement-assignments to Certify.
- Reset: Clears all decisions made on the user including decisions on the user's access.

10.3.2.1.2 Reviewing Roles and Entitlements

Use the details view of the certification to review a user's role assignments, accounts, and entitlement assignments. The details view can be accessed by selecting a user in the summary view, and clicking Open from the Actions menu, or by clicking the user name.

After your selections are made, you can use the Actions menu to select the appropriate action. The Actions menu contains the following options:

Certify: You approve each selected assignment.
Revoke: You disapprove each selected assignment. This decision indicates that the user no longer needs the privilege and the assignment should be removed. When you select this option, a dialog box might be displayed that asks for comments. Type a note in the Comments pop-up, and click OK.
Certify Conditionally: You approve each selected assignment, but only temporarily. This action also requires you to specify an end date on which your approval expires.
Abstain: You take no position on each selected assignment. This records your decision to leave the assignment as it is.
Reset: Use this to clear any decision you have made on the selected assignment.

For each action, optional comments can be added. By default, every decision other than to certify, such as Revoke, Certify Conditionally, and Abstain, allow optional comments.

10.3.2.1.3 Finishing the User Certification

The final step in the certification cycle is the sign-off action. Signing off can only be done when every access privilege has a decision assigned to it. When this state is reached, Oracle Identity Manager automatically prompts you to sign-off on all the decisions taken. If you choose not to sign-off at that time, then you can manually invoke the sign-off dialog box later assuming that all access privileges are still completed. The process for signing off is the same whether automatically prompted by the system or manually activated.

To manually sign-off:

From the Actions menu, select Sign-off. The Sign-off dialog box is displayed asking to complete the certification.
To complete the certification, select Yes, and enter a password in the Password Required field. The password option is configurable and set in the certification definition. If disabled, the password field is not displayed in the Sign-off dialog box.

Alternatively, to complete the certification later, select No.
Click OK.

Upon successful sign-off, the tab displaying the certification is closed automatically and a confirmation message is displayed.

10.3.2.2 Completing Role Certifications

Role certification enables role owners to certify roles and role content. Completing a role certification involves the following steps:

Making Certification Decisions on the Roles
Reviewing the Contents of the Roles
Finishing the Role Certification

10.3.2.2.1 Making Certification Decisions on the Roles

When a certification task is opened, you may be required to verify the access of each role. This verification step is optional based on the configuration settings set in the certification definition. If verification is not required, then the initial summary view of role will be skipped, and you will be presented with the role detail view.

If verification is required, then a decision must be made on each of the roles for which you are the role owner. To do so:

In the Inbox, open the new or in progress certification review task. Page 1 of the certification task is displayed with a list of roles.
From the Actions menu, select any one of the following for each role:
- Claim: Select to restore a role to your verification queue for certification. This might happen automatically, depending on the values in certification configuration. See "Configuring Certification Options in Identity System Administration" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about the certification configuration options. However, even if each role is claimed automatically, you are free to choose another action.
- Revoke: Select if the role is no longer appropriate. This action removes the role from the certification process, and you will not approve or revoke assignments for this role. To return a role to your verification queue, select the role name, and select Claim from the Actions menu.
- Re-assign: Select to remove the role from the current certification and create a new one with the selected role. This action removes the selected role(s) from the current certification, creates a new certification with the selected role(s), and assigns the person you specify as the primary reviewer for that new certification.
- Abstain: Select if the role is not appropriate and you do not know who should be responsible for verifying the role's assigned accounts, memberships, and entitlements. This action on the role records on each account and entitlement assigns to the role your decision to abstain, that is, to leave each assignment as it is. If you know who should be responsible, then you can reassign the role instead.
After you have taken a verification action on each role, you must make certification decisions on each policy and entitlement assigned to the roles you have claimed. You do not need to make any further certification decisions on a role that you have revoked or reassigned or abstained. Normally, this means that you will open each role and then review its policies and entitlements, as described in "Reviewing the Contents of the Roles". However, you may also choose to delegate one or more roles to another person, which allows that person to make certification decisions on the policies and entitlements assigned to that role. The following actions are available from the Actions menu:
- Open: Select this action to review the details of each role and to make certification decisions on the policies and entitlements assigned to the role. See "Reviewing the Contents of the Roles".
- Delegate: Select this action to allow another person to make decisions on the access privileges of each selected role. This action will create a new delegated-review task that contains the selected role(s) and will assign the task to the person you specify as delegate. Responsibility still remains with you, the primary reviewer.
- Un-delegate: This action applies only to delegated roles. This action removes each selected role from the delegated-review task and returns decision-making rights to you, the primary reviewer.
The Actions menu offers two additional convenience actions that are useful after you have made some certification decisions on the details of a role. These actions affect the decisions on multiple details, that is, accesses of each selected role:
- Complete: Sets any missing decisions on account or entitlement assignments to Certify.
- Reset: Clears all decisions made on the role including decisions on the role's access.

10.3.2.2.2 Reviewing the Contents of the Roles

Use the details view of the certification to review a role's policies, memberships, and entitlements. The details view can be accessed by selecting a role in the summary view and clicking the Open button from the Actions menu, or by clicking the role name.

After your selections are made, you can use the Actions menu to select the appropriate action. The Actions menu contains the following options:

Certify: You approve each selected assignment.
Revoke: You disapprove each selected assignment. This decision indicates that the role no longer needs the privilege and the assignment should be removed. When you select this option, a dialog box might be displayed that asks for comments. Type a note in the Comments pop-up, and click OK.
Certify Conditionally: You approve each selected assignment, but only temporarily. This action also requires you to specify an end date on which your approval expires.
Abstain: You take no position on each selected assignment. This records your decision to leave the assignment as it is.
Reset: Use this to clear any decision you have made on the selected assignment.

For each action, optional comments can be added. By default, every decision other than to certify, such as Revoke, Certify Conditionally, and Abstain, allow optional comments.

Click the Members tab to review the users who have this role assigned. Revoke, Certify Conditionally, Certify, and/or Abstain the role's members as required. In this tab, an additional Approve option is available for two-phased user certification. Selecting this option copies the decision from Phase 1 to Phase 2. See "Understanding Multi-Phased Review in User Certification" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about two-phased review.

10.3.2.2.3 Finishing the Role Certification

To manually sign-off:

From the Actions menu, select Sign-off. The Sign-off dialog box is displayed asking to complete the certification.
To complete the certification, Select Yes, and enter a password in the Password Required field. The password option is configurable and set in the certification definition. If disabled, the password field is not displayed in the Sign-off dialog box.

Alternatively, to complete the certification later, select No.
Click OK.

Upon successful sign-off, the tab displaying the certification is closed automatically and a confirmation message is displayed.

10.3.2.3 Completing Application Instance Certifications

Application instance certification involves certifying or revoking employee entitlements on one or more application instances. These entitlements are assigned directly to an employee and are not assigned as part of a role. Completing an application instance certification involves the following steps:

Making Certification Decisions on the Application Instances
Reviewing Account and Entitlement Assignments
Finishing the Application Instance Certification

10.3.2.3.1 Making Certification Decisions on the Application Instances

When a certification task is opened, you may be required to verify the access of each application instance. This verification step is optional based on the configuration settings set in the certification definition. If verification is not required, then the initial summary view of application instances is skipped, and you are presented with the application instance detail view.If verification is required, then a decision must be made on each of the application instances. To do so:

In the Inbox, open the new or in-progress certification review task.
From the Actions menu, select any one of the following for each application instance:
- Claim: Select to restore an application instance to your verification queue for certification. This might happen automatically, depending on the values in certification configuration. See "Configuring Certification Options in Identity System Administration" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about the certification configuration options. However, even if each application instance is claimed automatically, you are free to choose another action.
- Revoke: Select if the application instance is no longer appropriate. This action removes the application instance from the certification process, and you will not approve or revoke assignments for this application instance. To return an application instance to your verification queue, select the application instance name, and select Claim from the Actions menu.
- Re-assign: Select to remove the application instance from the current certification and create a new one with the selected application instance. This action removes the selected application instance(s) from the current certification, creates a new certification with the selected application instance(s), and assigns the person you specify as the primary reviewer for that new certification.
- Abstain: Select if the application instance is not appropriate and you do not know who should be responsible for verifying the application instance's assigned accounts and entitlements. This action on the application instance records on each account and entitlement assigns to the application instance your decision to abstain, that is, to leave each assignment as it is. If you know who should be responsible, then you can reassign the application instance instead.
After you have taken a verification action on each application instance, you must make certification decisions on each account and entitlement assigned to the application instances you have claimed. You do not need to make any further certification decisions on an application instance that you have revoked or reassigned or abstained. Normally, this means that you will open each application instance and then review its accounts and entitlements, as described in "Reviewing Account and Entitlement Assignments". However, you may also choose to delegate one or more application instances to another person, which allows that person to make certification decisions on the accounts and entitlements assigned to that application instance. The following actions are available from the Actions menu:
- Open: Select this action to review the details of each application instance and to make certification decisions on the accounts and entitlements assigned to the application instance. See "Reviewing Account and Entitlement Assignments".
- Delegate: Select this action to allow another person to make decisions on the access privileges of each selected application instance. This action will create a new delegated-review task that contains the selected application instance(s) and will assign the task to the person you specify as delegate. Responsibility still remains with you, the primary reviewer.
- Un-delegate: This action applies only to delegated application instances. This action removes each selected application instance from the delegated-review task and returns decision-making rights to you, the primary reviewer.
The Actions menu offers two additional convenience actions that are useful after you have made some certification decisions on the details of an application instance. These actions affect the decisions on multiple details, that is, accesses of each selected application instance:
- Complete: Sets any missing decisions on account or entitlement assignments to Certify.
- Reset: Clears all decisions made on the role including decisions on the application instance's access.

10.3.2.3.2 Reviewing Account and Entitlement Assignments

Use the details view of the certification to review an application instance's accounts and entitlements. The details view can be accessed by selecting an application instance in the summary view and clicking the Open button from the Actions menu, or by clicking the application instance name.

After your selections are made, you can use the Actions menu to select the appropriate action. The Actions menu contains the following options:

Certify: You approve each selected assignment.
Revoke: You disapprove each selected assignment. This decision indicates that the application instance no longer needs the privilege and the assignment should be removed. When you select this option, a dialog box might be displayed that asks for comments. Type a note in the Comments pop-up, and click OK.
Certify Conditionally: You approve each selected assignment, but only temporarily. This action also requires you to specify an end date on which your approval expires.
Abstain: You take no position on each selected assignment. This records your decision to leave the assignment as it is.
Reset: Use this to clear any decision you have made on the selected assignment.

For each action, optional comments can be added. By default, every decision other than to certify, such as Revoke, Certify Conditionally, and Abstain, allow optional comments.

An additional Approve option is available for two-phased user certification. Selecting this option copies the decision from Phase 1 to Phase 2. See "Understanding Multi-Phased Review in User Certification" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about two-phased review.

10.3.2.3.3 Finishing the Application Instance Certification

To manually sign-off:

From the Actions menu, select Sign-off. The Sign-off dialog box is displayed asking to complete the certification.
To complete the certification, Select Yes, and enter a password in the Password Required field. The password option is configurable and set in the certification definition. If disabled, the password field is not displayed in the Sign-off dialog box.

Alternatively, to complete the certification later, select No.
Click OK.

Upon successful sign-off, the tab displaying the certification is closed automatically and a confirmation message is displayed.

10.3.2.4 Completing Entitlement Certifications

Entitlement certifications enable you to certify whether employees should be able to access entitlements. Completing an entitlement certification involves the following steps:

Making Certification Decisions on the Entitlements
Reviewing the Entitlement Assignments
Finishing the Entitlement Certification

10.3.2.4.1 Making Certification Decisions on the Entitlements

When a certification task is opened, you may be required to verify the access of each entitlement. This verification step is optional based on the configuration settings set in the certification definition. If verification is not required, then the initial summary view of the entitlements is skipped, and you are presented with the entitlement detail view.If verification is required, then a decision must be made on each of the entitlements. To do so:

In the Inbox, open the new or in-progress certification review task.
From the Actions menu, select any one of the following for each entitlement:
- Claim: Select to restore an entitlement to your verification queue for certification. This might happen automatically, depending on the values in certification configuration. See "Configuring Certification Options in Identity System Administration" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for information about the certification configuration options. However, even if each entitlement is claimed automatically, you are free to choose another action.
- Revoke: Select if the entitlement is no longer appropriate. This action removes the entitlement from the certification process, and you will not approve or revoke assignments for this entitlement. To return an entitlement to your verification queue, select the entitlement name, and select Claim from the Actions menu.
- Re-assign: Select to remove the entitlement from the current certification and create a new one with the selected entitlement. This action removes the selected entitlement(s) from the current certification, creates a new certification with the selected entitlement(s), and assigns the person you specify as the primary reviewer for that new certification.
- Abstain: Select if the entitlement is not appropriate and you do not know who should be responsible for verifying the entitlement's assigned accounts. This action on the entitlement records on each account assigns to the entitlement your decision to abstain, that is, to leave each assignment as it is. If you know who should be responsible, then you can reassign the entitlement instead.
After you have taken a verification action on each entitlement, you must make certification decisions on each user account assigned to the entitlements you have claimed. You do not need to make any further certification decisions on an entitlement that you have revoked or reassigned or abstained. Normally, this means that you will open each entitlement and then review its user accounts, as described in "Reviewing the Entitlement Assignments". However, you may also choose to delegate one or more entitlements to another person, which allows that person to make certification decisions on the user accounts assigned to that entitlement. The following actions are available from the Actions menu:
- Open: Select this action to review the details of each entitlement and to make certification decisions on the user accounts assigned to the entitlement. See "Reviewing the Entitlement Assignments".
- Delegate: Select this action to allow another person to make decisions on the access privileges of each selected entitlement. This action will create a new delegated-review task that contains the selected entitlement(s) and will assign the task to the person you specify as delegate. Responsibility still remains with you, the primary reviewer.
- Un-delegate: This action applies only to delegated entitlements. This action removes each selected entitlement from the delegated-review task and returns decision-making rights to you, the primary reviewer.
The Actions menu offers two additional convenience actions that are useful after you have made some certification decisions on the details of an entitlement. These actions affect the decisions on multiple details, that is, accesses of each selected entitlement:
- Complete: Sets any missing decisions on account assignments to Certify.
- Reset: Clears all decisions made on the entitlement including decisions on the entitlement's access.

10.3.2.4.2 Reviewing the Entitlement Assignments

Use the details view of the certification to review an entitlement's user accounts. The details view can be accessed by selecting an entitlement in the summary view and clicking Open from the Actions menu, or by clicking the entitlement name.

After your selections are made, you can use the Actions menu to select the appropriate action. The Actions menu contains the following options:

Certify: You approve each selected assignment.
Revoke: You disapprove each selected assignment. This decision indicates that the entitlement no longer needs the privilege and the assignment should be removed. When you select this option, a dialog box might be displayed that asks for comments. Type a note in the Comments pop-up, and click OK.
Certify Conditionally: You approve each selected assignment, but only temporarily. This action also requires you to specify an end date on which your approval expires.
Abstain: You take no position on each selected assignment. This records your decision to leave the assignment as it is.
Reset: Use this to clear any decision you have made on the selected assignment.

For each action, optional comments can be added. By default, every decision other than to certify, such as Revoke, Certify Conditionally, and Abstain, allow optional comments.

10.3.2.4.3 Finishing the Entitlement Certification

To manually sign-off:

From the Actions menu, select Sign-off. The Sign-off dialog box is displayed asking to complete the certification.
To complete the certification, Select Yes, and enter a password in the Password Required field. The password option is configurable and set in the certification definition. If disabled, the password field is not displayed in the Sign-off dialog box.

Alternatively, to complete the certification later, select No.
Click OK.

Upon successful sign-off, the tab displaying the certification is closed automatically and a confirmation message is displayed.

10.4 Managing Provisioning Tasks

This Open Tasks section of the Identity Self Service displays all provisioning tasks assigned to you or pending actions in your inbox. In addition, failed automatic provisioning tasks that you must review to take corrective action are displayed in your inbox. You must take corrective action, such as retry and manually complete, on those tasks.

The provisioning tasks feature is used by administrators as well as users. For example, the person in IT administration who is responsible for delivering a laptop computer to an employee may not be an administrator in Oracle Identity Manager, but must view and change provisioning tasks.

A provisioning operation such as creating or updating an account, or granting or revoking an entitlement can fail due to one of the following reasons:

Mandatory information in the process form associated with the provisioning task is missing.
Password specified for the account does not comply with the password policies configured on the target application.
Target system is unavailable.

When a provisioning operation fails, you can configure the provisioning workflow to assign the failed task to an administrator or resource owner for taking an action. These tasks are visible in the Open Tasks page under the Administration region. When you click Open Tasks, all tasks assigned to you for remediation are displayed. In this page, you can perform actions such as viewing the details of a rejected task and retrying it. If the task is no longer valid, you can manually complete it.

You can perform the following tasks in the Provisioning tab:

Searching Provisioning Tasks
Viewing Provisioning Task Details
Adding Notes to a Task
Reassigning a Task
Viewing Task Assignment History
Viewing Form Details
Modifying Form Details
Retrying a Task
Manually Fulfilling Tasks

10.4.1 Searching Provisioning Tasks

The first section in the Provisioning tab page allows you to search for the provisioning tasks assigned to you or on which your action is pending. Specify values in the following fields to search for the provisioning tasks:

Match: The All and Any options are read-only.
Task Name: Specify a task name that you want to search. To do so, select any one of the Starts with, Ends with, Equals, Does not equal, Contains, or Does not contain search operations.
Task Status: Select Pending or Rejected to search for tasks for which your action is pending or for rejected tasks respectively.

After specifying the search criteria, when you click Search, the search results table is displayed. Table 10-2 lists the fields in the search results table:

Table 10-2 Fields in the Provisioning Tasks Search Results Table

Field	Description
Task Name	The name of the task
Task Status	The status of the task, which is Pending or Rejected
Application Instance	The name of the application instance, which is affected by this task
Beneficiary	The user whose provisioned application instance will get affected because of this task
Date Assigned	The date and time when the Provisioning task has been assigned to the Assignee
Assignee	The user to whom the task is assigned
Request ID	The ID of the provisioning request task
Account Name	The name of the account being provisioned

10.4.2 Viewing Provisioning Task Details

To view provisioning task details:

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select the task whose detail you want to view.
From the Actions menu, select Open. Alternatively, you can click Open on the toolbar. The Task Details page in displayed in a new window.

Table 10-3 lists the fields in the Task Details window:

Table 10-3 Fields in the Task Details Window

Field	Description
Task Name	The name of the task
Resource Name	The name of the resource, which is affected by this task
Description	A description of the task
User	The beneficiary user name
Status	The status of the task, Pending or Rejected
Response	The response set by the user on the Set Response page Note: For information about setting response, see "Setting Response for a Task".
Response Description	The description of the response that is defined in the Response tab of the Task Definition section in Oracle Identity Manager Design Console
Notes	The additional comments entered by the approver
Assigned to	The user to whom or role to which the task is assigned Note: If the task is assigned to a role, this property will come as "Assigned to Role" with the role details.
Error Details	The error, if any, while setting the response
Projected Start	The date when the task is scheduled to start
Projected End	The date when the task is suppose to end
Actual Start	The date when the task was started
Actual End	The date when the task was ended
Last Update	The date when the task was last updated

10.4.3 Setting Response for a Task

As an approver, you can set a response for the task while taking an action on the task. To set a response for a task:

Note:

Response cannot be set if there are no response codes defined for the corresponding tasks. Response codes are defined by using Oracle Identity Manager Design Console. For more information about defining response codes, see Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select a task for which you want to set a response.
From the Actions menu, select Open. Alternatively, you can click Open on the toolbar. The Task Details window is displayed.
In the Task Details window, click Set Response.
In the Specify Task Responses page, select one of the multiple responses defined, and click OK. The response is set.

10.4.4 Adding Notes to a Task

Notes are additional comments provided by the approver. These comments are optional.

To add notes to a task:

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select a task for which you want to add notes.
From the Actions menu, select Open. Alternatively, you can click Open on the toolbar. The Task Details window is displayed.
In the Task Details window, click Add Notes. The Add Notes for Task window is displayed, as shown in Figure 10-4:

Figure 10-4 The Add Notes for Task Window

Description of "Figure 10-4 The Add Notes for Task Window"
In the Enter Additional Notes field, enter the note that you want to add to the task.
Click Add Notes.

10.4.5 Reassigning a Task

As the approver, you can reassign a task to another user or role for taking appropriate action on the task. When the task is reassigned to another user, the assignee becomes the approver. When the task is reassigned to a role, any one member of that role can approve or reject the task.

To reassign a task to another user or role:

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select the task that you want to reassign.
From the Actions menu, select Open. Alternatively, you can click Open on the toolbar. The Task Details window is displayed.
In the Task Details window, click Reassign. The Select User Assignee for Task window is displayed, as shown in Figure 10-5:

Figure 10-5 The Select User Assignee for Task Window

Description of "Figure 10-5 The Select User Assignee for Task Window"
Select User or Role depending on what you want to search for. A list of users or roles is displayed, depending on your selection. You can also filter the search by specifying a criteria for filtering and entering a value in the Filter By field.
In the Reassign column, select a user or role to whom you want to assign the task.
Click Reassign.
In the Confirm Tasks to Reassign page, read the details of the action that you are performing and select Confirm Re-assign Task to reassign the task or select Cancel Re-assign Task to cancel the task reassignment.
Check whether the value in the Assigned to section is properly updated according to the above reassignment action.

10.4.6 Viewing Task Assignment History

To view the assignment history of a task:

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select a task for which you want to view the task assignment history.
From the Actions menu, select Open. Alternatively, you can click Open on the toolbar. The Task Details window is displayed.
In the Task Details window, click Task Assignment History. The Task History window is displayed, as shown in Figure 10-6:

Figure 10-6 The Task History Window

Description of "Figure 10-6 The Task History Window"

The task assignment history is displayed in the fields, as shown in Table 10-4:

Table 10-4 Fields in the Task History Window

Field	Description
Task Status	The status of the task, Pending or Rejected
Task Action	The source details of the task, for example, when the task is first created it will be "Engine". If the user reassigns the task, it will be "User".
Assign Type	The type of the assignee of the task, for example, when the task is assigned for the first time, it is "Default Task Assignment". If the task is reassigned, then its value is either user or role.
Assigned to User	The user to whom the task is assigned
Assigned to Role	The role to which the task is assigned
Assigned By	The user who assigned the task
Assigned Date	The date when the task was assigned

10.4.7 Viewing Form Details

You can view the process form attached with a task. These are process forms associated with the underlying process definition. A task is embedded in the process definition.

To view the process form attached with a task:

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select a task whose process form you want to view.
From the Actions menu, select View Form. Alternatively, you can click View Form on the toolbar. The View Form window is displayed.

10.4.8 Modifying Form Details

You can edit the process form associated with a provisioning workflow to provide missing information, if any.

To modify the process form details:

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select a task whose process form you want to modify.
From the Actions menu, select Edit Form. Alternatively, you can click Edit Form on the toolbar.
In the Edit Form window, modify the required details and click Save.

10.4.9 Retrying a Task

As the approver, you can retry a task when an error was generated while setting the response in the first attempt. To retry a task:

Note:

Only automated tasks can be retried, and an adapter must be attached to the task. Manual tasks cannot be retried.

Under Administration, open the Open Tasks section.
In the Provisioning Tasks page, search for and select a task that you want to retry.
From the Actions menu, select Retry. Alternatively, you can click Retry on the toolbar.
A warning message is displayed prompting you to confirm whether you want to retry the task.
Click Retry.

10.4.10 Manually Fulfilling Tasks

There are two types of provisioning operations:

Automated: These are provisioning operations that take place in an automated manner by using an Oracle Identity Manager connector for a particular target application.
Manual: These are provisioning operations that are manually performed with human intervention.

A manual fulfillment task is created during manual provisioning operations. In addition, a manual fulfillment task is created during automated provisioning operation if you want to introduce manual steps to mandate an administrator to take some action either before or after the provisioning operation.

To complete a manual fulfillment task:

Log in to Identity Self Service.
In the left pane, click Inbox. The Worklist Views page is displayed.
In the My Work Queues menu, click Manual Provisioning to view the manual fulfillment tasks. Select a task to view the details. The manual task details are displayed in a new window with sections such as Details, Contents, Cart Details, History, Comments, and Attachments.
In the Details section, change any value as desired, and then click Fulfill. A message confirming that the account data has been successfully updated is displayed.
If required, in the Comments and Attachments sections, add comments and attachments, respectively. See "Adding Comments and Attachments" for more information.
Click Complete.

10.5 Managing Attestation Tasks

Note:

Attestation enables users designated as reviewers to be notified of reports they must review. These reports describe provisioned resources of other users. A reviewer can attest to the accuracy of the entitlements by providing a response. The attestation action, along with the response the reviewer provides, any associated comments, and an audit view of the data that the reviewer views and attests to, is tracked and audited to provide a complete trail of accountability. In Oracle Identity Manager, this process is known as an attestation task.

An attestation process is the mechanism by which an attestation task is set up. Input that an attestation process requires includes information about how to define the components that constitute the attestation task and how to associate the attestation task with a schedule at which the task must be run. This definition is also the basis on which the attestation task can be initiated when required.

The Pending Attestations section in Identity Self Service displays all attestation processes assigned to you or pending your actions in your inbox.

Note:

Using Oracle Identity Manager integrated with Oracle Identity Analytics (OIA) replaces the attestation functionality.

You can perform the following tasks in the Pending Attestations section:

Searching Attestation Tasks
Viewing Attestation Request Detail

10.5.1 Searching Attestation Tasks

To search for attestation tasks:

Log in to Identity Self Service.
In the left pane, under Requests, click Pending Attestations. The Pending Attestations page is displayed.
Select any one of the following options:
- All: To search all the tasks that match the criteria you specify.
- Any: To search any task that matches your criteria.
In the Task Name field, enter the name of the task that you want to search. To do so, select the Starts with, Ends with, Equals, or Contains search operators.
In the Start Date field, specify a start date of the task by using the Start Date icon next to the field. To do so, select the Equals, Before, or After search operators.

Click Search. The attestation tasks that match the search criteria are displayed in a search results table. Table 10-5 shows the fields in the search results table:

Table 10-5 Fields in the Attestation Task Search Results Table

Field	Description
Task Name	The name of the task.
Process Code	An unique identifier for the task that is entered by the user.
Start Date	The start date of the attestation task.
Type	The type of task. This is hard coded as 'Access Right'.
No of records	The number of records displayed as the search result.

10.5.2 Viewing Attestation Request Detail

To view attestation request detail:

In Identity Self Service, under Request, click Pending Attestations. The Pending Attestations page is displayed.
Search for and select the task that you want to view.

From the Actions menu, select Open Task Details. Alternatively, you can click Open Task Details on the toolbar. The Attestation Request Detail window is displayed, as shown in Figure 10-7:

Note:

Multiple users, designated as reviewers can view the attestation request details. However, only one user, whoever does it first, can submit the attestation.

Figure 10-7 The Attestation Request Detail Window

Description of "Figure 10-7 The Attestation Request Detail Window"

Table 10-6 lists the fields in the Attestation Request Detail window:

Table 10-6 Fields in the Attestation Request Detail Window

Field	Description
Process	Name of your attestation process created.
Request Time	The time when the request is created.
Hide records where action has already been specified	Whether or not the records for which action has been specified must be hidden from the list of attestation requests.
User	User whose entitlement is being attested. The data is displayed as a link. When you click the link, the user profile page is displayed with the user details for the attestation date.
Resource	Resource that is the basis for the entitlement being attested. The data is displayed as a link. When you click the link, a page is displayed with the process form data of the entitlement for the attestation date.
Descriptive Data	Description of the provisioned resource instance.
Last Attested	Last response that was provided for the attestation.
Comments	Reviewer comments. The comments will be updated in this field, when you click Update Existing Comments and Delegation Information. Long comments are truncated, and tooltips are used to show the full text of the comments.
Actions	Action to be performed on the request. The value can be one of the following: Certify Reject Decline Delegate
Submit Attestation	Click this button to submit the attestation request.
Save	Click this button to save the attestation request for future submission.