JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics Business Administrator's Guide 11g Release 1
search filter icon
search icon

Document Information


1.  Oracle Identity Analytics Identity Warehouse

2.  Oracle Identity Analytics Importing

3.  Oracle Identity Analytics ETL Process

4.  Oracle Identity Analytics Data Correlation

5.  Oracle Identity Analytics Role Engineering and Management

6.  Oracle Identity Analytics Workflows

7.  Oracle Identity Analytics Identity Certifications

Creating New Certifications

To Create a User Entitlement Certification

To Create a Role Entitlement Certification

To Create a Resource Entitlement Certification

To Create a Data Owner Certification

Understanding the Incremental Certification Option

Scheduling Certifications

To Schedule a Certification

To Delete a Certification Job

Understanding Closed-Loop Remediation and Remediation Tracking

Configuring Closed-Loop Remediation

To Select Provisioning Mode

To Select Remediation Start Date

To Track Remediation

8.  Oracle Identity Analytics Identity Audit

9.  Oracle Identity Analytics Reports

10.  Oracle Identity Analytics Scheduling

11.  Oracle Identity Analytics Configuration

12.  Oracle Identity Analytics Access Control

13.  Audit Event Log and Import-Export Log

Understanding Closed-Loop Remediation and Remediation Tracking

Closed-loop remediation is a feature that allows you to directly revoke roles and entitlements from the provisioning solution as a result of roles and entitlements revoked during the certification process. This feature is applicable only if the provisioning solution is Sun Identity Manager (Oracle Waveset).

However, for non-managed applications, you can manually revoke roles and entitlements by using the information stored in the remediation configuration module.

The remediation status can be tracked in the remediation tracking module for auditing purposes.

Configuring Closed-Loop Remediation

Configuring closed-loop remediation is a two-step process:

1. Selecting the provisioning mode used for the resource

2. Selecting the remediation kick-off date

To Select Provisioning Mode

To define the remediation process, first select the provisioning mode used for the resource. If auto mode is selected, choose the appropriate provisioning connection. If manual mode is selected, you must describe the steps required to de-provision an account belonging to the resource.

  1. Log in to Oracle Identity Analytics.

  2. Choose Identity Warehouse > Resources.

  3. Select the desired resource, and click the Remediation subtab.

  4. Check the box adjacent to Select Provisioning Mode.

    • Auto - This mode sends an SPML call to Sun Identity Manager (Oracle Waveset) to revoke the account. The account is subsequently revoked in Oracle Identity Analytics after the next updated feed is imported. Select the Connection.

      - Closed-loop remediation functions only with Sun Identity Manager (Oracle Waveset).

    • Manual - This mode prompts you to write the steps to manually de-provision the account. Example: Self-service URL, de-provisioning instructions, and so on.

  5. Click Save.

To Select Remediation Start Date
  1. Log in to Oracle Identity Analytics.

  2. Choose Administration > Configuration.

  3. Click Identity Certification.

  4. Click to expand the Revoke and Remediation section.

  5. Scroll down to the Remediation section.

    • Display Remediation Instructions - Select to display remediation instructions to the user manager during the certification process.

  6. Perform Closed-loop remediation on - Select to be able to enable one of the following two options:

    • Certification End Date - This will start the remediation on the date the certification ends. Even if the certifier has completed the certification before the end (expiration date), remediation will not take place until the end date is reached.

      • Include Expired Certifications - If Certification End Date is enabled, select this option to start remediation for revoked accounts of incomplete certifications.

    • Certification Completion Date - This will start remediation on the date that the certifier completes the certification.

  7. Click Save.

To Track Remediation

Oracle Identity Analytics enables tracking of remediation activities for audit purposes. In the Remediation Tracking view, a revoked account can exist in two states:

  1. Log in to Oracle Identity Analytics.

  2. Choose Identity Certification > Remediation Tracking.

    The Status column displays the remediation tracking information.

  3. Click the certification name to see details.

    The remediation tracking details page is divided into two sections:

    1. Remediation Details

      • Overview - Information about the certification, number of roles, and accounts revoked and remediated.

      • History - Information about the creation and end of the certification, name of the creator, and so on.

      • Export Options - Option to export the report to a PDF or XLS file.

    2. Section for each user whose account or role has been remediated.

      • Employee Information - Displays the employee's name, job title, phone number, employee ID, and e-mail details.

      • Roles or Entitlements - Displays the details of the revoked accounts, roles, and the remediation status against each revocation.