Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Identity Analytics Business Administrator's Guide 11g Release 1 |
1. Oracle Identity Analytics Identity Warehouse
2. Oracle Identity Analytics Importing
3. Oracle Identity Analytics ETL Process
4. Oracle Identity Analytics Data Correlation
5. Oracle Identity Analytics Role Engineering and Management
6. Oracle Identity Analytics Workflows
7. Oracle Identity Analytics Identity Certifications
To Create a User Entitlement Certification
To Create a Role Entitlement Certification
To Create a Resource Entitlement Certification
To Create a Data Owner Certification
Understanding the Incremental Certification Option
Understanding Closed-Loop Remediation and Remediation Tracking
Configuring Closed-Loop Remediation
8. Oracle Identity Analytics Identity Audit
9. Oracle Identity Analytics Reports
10. Oracle Identity Analytics Scheduling
11. Oracle Identity Analytics Configuration
Closed-loop remediation is a feature that allows you to directly revoke roles and entitlements from the provisioning solution as a result of roles and entitlements revoked during the certification process. This feature is applicable only if the provisioning solution is Sun Identity Manager (Oracle Waveset).
However, for non-managed applications, you can manually revoke roles and entitlements by using the information stored in the remediation configuration module.
The remediation status can be tracked in the remediation tracking module for auditing purposes.
Configuring closed-loop remediation is a two-step process:
1. Selecting the provisioning mode used for the resource
2. Selecting the remediation kick-off date
To define the remediation process, first select the provisioning mode used for the resource. If auto mode is selected, choose the appropriate provisioning connection. If manual mode is selected, you must describe the steps required to de-provision an account belonging to the resource.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Resources.
Select the desired resource, and click the Remediation subtab.
Check the box adjacent to Select Provisioning Mode.
Auto - This mode sends an SPML call to Sun Identity Manager (Oracle Waveset) to revoke the account. The account is subsequently revoked in Oracle Identity Analytics after the next updated feed is imported. Select the Connection.
- Closed-loop remediation functions only with Sun Identity Manager (Oracle Waveset).
Manual - This mode prompts you to write the steps to manually de-provision the account. Example: Self-service URL, de-provisioning instructions, and so on.
Click Save.
Log in to Oracle Identity Analytics.
Choose Administration > Configuration.
Click Identity Certification.
Click to expand the Revoke and Remediation section.
Scroll down to the Remediation section.
Display Remediation Instructions - Select to display remediation instructions to the user manager during the certification process.
Perform Closed-loop remediation on - Select to be able to enable one of the following two options:
Certification End Date - This will start the remediation on the date the certification ends. Even if the certifier has completed the certification before the end (expiration date), remediation will not take place until the end date is reached.
Include Expired Certifications - If Certification End Date is enabled, select this option to start remediation for revoked accounts of incomplete certifications.
Certification Completion Date - This will start remediation on the date that the certifier completes the certification.
Click Save.
Oracle Identity Analytics enables tracking of remediation activities for audit purposes. In the Remediation Tracking view, a revoked account can exist in two states:
Required: Means that the remediation is not complete.
Complete: Means that the revoked account, access within an account, or role has been successfully removed.
Log in to Oracle Identity Analytics.
Choose Identity Certification > Remediation Tracking.
The Status column displays the remediation tracking information.
Click the certification name to see details.
The remediation tracking details page is divided into two sections:
Remediation Details
Overview - Information about the certification, number of roles, and accounts revoked and remediated.
History - Information about the creation and end of the certification, name of the creator, and so on.
Export Options - Option to export the report to a PDF or XLS file.
Section for each user whose account or role has been remediated.
Employee Information - Displays the employee's name, job title, phone number, employee ID, and e-mail details.
Roles or Entitlements - Displays the details of the revoked accounts, roles, and the remediation status against each revocation.