JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics Business Administrator's Guide 11g Release 1
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Oracle Identity Analytics Identity Warehouse

2.  Oracle Identity Analytics Importing

3.  Oracle Identity Analytics ETL Process

4.  Oracle Identity Analytics Data Correlation

5.  Oracle Identity Analytics Role Engineering and Management

6.  Oracle Identity Analytics Workflows

7.  Oracle Identity Analytics Identity Certifications

8.  Oracle Identity Analytics Identity Audit

9.  Oracle Identity Analytics Reports

10.  Oracle Identity Analytics Scheduling

11.  Oracle Identity Analytics Configuration

System Configuration

Proxy Assignment Notification

Mail Server Settings

OIA Server Settings

Resource Types Configuration

To Create, Rename, and Delete a Resource Type

Understanding Resource Type Attributes and Attribute Categories

To Create, Rename, and Delete an Attribute Category

Configuring Resource Type Attributes

To Create, Rename, Edit, and Delete an Attribute

Provisioning Servers Configuration

To Create a New Provisioning Server Connection

Identity Certification Configuration

To Configure Identity Certification

Completing the Certification Configuration Form "General" Section

To Complete the Certification Configuration Form "Status Options" Section

To Complete the Certification Configuration Form "Reminders" Section

To Complete the Certification Configuration Form "Revoke and Remediation" Section

Role Management Configuration

To Configure Mining

To Configure Roles

Identity Audit Configuration

To Configure Identity Audit

To Configure E-Mails for Violation Reminder and Escalation

To Configure E-mails For Violation Lifecycle Event Notifications

Reports Configuration

To Configure Report Reminder E-mails

E-mail Templates Configuration (Configuring E-mail Notification)

To Create and Configure E-mail Notifications

E-mail Parameters Definitions

Import/Export

Workflows Configuration

Event Listeners Configuration

To Create a New Event Listener

12.  Oracle Identity Analytics Access Control

13.  Audit Event Log and Import-Export Log

Identity Certification Configuration

This section describes how to configure the Oracle Identity Analytics identity certification feature. In addition, the following identity certification configuration topic is covered in the Oracle Identity Analytics 11gR1 System Integrator's Guide:

To Configure Identity Certification

  1. Log in to Oracle Identity Analytics.

  2. Choose Administration > Configuration.

  3. Click Identity Certification.

    The Certification Configuration page opens.

  4. Click a section to expand it.

  5. Complete the form and click Save.

    For help completing the form, see the following sections.

Completing the Certification Configuration Form "General" Section

Before You Begin - See Identity Certification Configuration for help opening the Certification Configuration page.

Table 11-6 - "General" Panel

Field
Description
Business Structure Hierarchy / Hierarchy Depth
Select the Business Structure Hierarchy option to include all the users in the business structure and the users in business structures under it in a certification, depending on the hierarchy depth chosen by the administrator.
Comment required on all non-certify selections
Select to allow the user to type a comment if a revoke action is selected. (Note: The system does not require the user to type a comment.) This option also activates the comment field on the certification of entitlements screen.
Allow multiple open certifications per business structure
Select to allow the system to open more than one certification with an open status per business structure.
Password required to complete certifications
Select to require users to sign off in order to complete a certification.
Send e-mail copy to admin for new certifications
Select to send a copy to the admin when a new certification is created.

Table 11-7 - "User Entitlement Options" Panel

Field
Description
Certify Entitlements
For user entitlement certifications, select this option to enable entitlements certifications. Then select which entitlements should be certified.

  • All Entitlements: Select to display all entitlements

  • Entitlements Outside Roles: Select to display entitlements that are not part of the role

  • Accounts with High Privileged Entitlements: Select to display only accounts that have one or more entitlements marked as high-privileged.

  • Only High Privileged Entitlements - Select to display only those entitlements classified as high-privileged.
Certify Roles
Allows managers to certify roles of users under them.
Certify user with no accounts
Allow managers to certify users under them, who do not have an account.
Certify account with no certifiable attributes
Allow managers to certify users under them, who do not have any certifiable attributes.
View user activity information
Allows the certifier to see the user's recent account activity.

Note - This feature is functional if Role Manger is integrated with Intellitactics Security Manager. To learn about this feature, see Integrating with Intellitactics Security Manager.

Employee verification required
Select this to include the first step (employee verification) during the certification completion process, then select the "Create new certification per reporting manager" option.
Create new certification per reporting manager
Select this to create a new certification if the certifier selects "Reports To" and names the new manager for the user.

To Complete the Certification Configuration Form "Status Options" Section

Before You Begin - See Identity Certification Configuration for help opening the Certification Configuration page.

  1. In the User Access Tab, select the options that the manager will see when certifying users under him.

    For example, 'Works for me,' 'Does not work for me,' 'Terminated,' and 'Reports To' in the Employee Verification section, and 'Certify,' 'Revoke,' 'Unknown,' and 'Exception Allowed' in the Certification Sign off section. Oracle Identity Analytics also includes the option of renaming these labels according to an organization's preference.

  2. In the Data Owner Tab, select the options that the data owner will see when certifying the users' Access under him.

    For example, 'Belongs To Me,' and 'Does Not Belong To Me' in the Data Owner Verification section, and 'Certify,' 'Revoke,' 'Unknown,' and 'Exception Allowed' in the Approve or Revoke Data Access section. Oracle Identity Analytics also includes the option to renaming these labels according to an organization's preference.

  3. In the Resource Entitlement Tab, select the options that the manager will see when he is certifying the users' Access under him.

    For example, 'Certify,' 'Revoke,' 'Unknown,' and 'Exception Allowed' in the Verify employee access section. Oracle Identity Analytics also includes the option of renaming these labels according to an organization's preference.

  4. In the Role Entitlement Tab, select the options that the manager will see when he is certifying the roles of users under him.

    For example 'Belongs To Me' and 'Does Not Belong To Me' in Role Entitlement section, and 'Certify,' 'Revoke,' 'Unknown,' and 'Exception Allowed' in the Certify Policy and Entitlement Access section. Oracle Identity Analytics also includes the option of renaming these labels according to an organization's preference.

  5. Click Save.

To Complete the Certification Configuration Form "Reminders" Section

Before You Begin - See Identity Certification Configuration for help opening the Certification Configuration page.

  1. In New Certification Notification tab, choose one or both of the following:

    • If an e-mail goes out every time a new certification is created, and, if so, the format of the e-mail. 

    • If an e-mail goes out when the certifier is updated, and, if so, the format of the e-mail.

  2. In the Upcoming Certification Notification tab, choose if a notification e-mail should be sent to the manager of any upcoming certifications. You also have an option to choose the reminder interval and the format of the e-mail.

  3. In the Pending Certification Notification tab, choose when to start sending pending certification notification e-mails to the manager, and when to escalate the notification e-mails to the manager's manager in case certification is not completed.

  4. In the Certification Completion Notification tab, choose if an e-mail goes out every time a certification is completed, and, if so, the format of the e-mail.

  5. In the Certification Expiry Notification tab, choose if a notification e-mail should be sent to the manager of certifications that have expired and certifications that are about to expire. Administrator also has an option to choose the notification interval and the format of the e-mail.

  6. Click Save

To Complete the Certification Configuration Form "Revoke and Remediation" Section

Before You Begin - See Identity Certification Configuration for help opening the Certification Configuration page.

  1. In the Access Revoke section, configure the certification to send appropriate e-mails along with manager's comments when user access is revoked by a manager.

    E-mails can be sent when a manager selects 'Does Not Work For Me' or 'Revoke Access' from the roles and entitlements certification screen.

  2. Use the Reporting Changes option when considering the action to be taken when employee verification options "Does Not Work for Me", "Terminated," and "Works for Some One Else" are selected.

    When reporting changes is enabled, the details of employees verified by selecting the options mentioned is recorded separately. The Create New Certification Per Reporting Manager option creates a new certification for each user selected as the actual "certifier" by using the "Works for Some One Else" option.

  3. Use the Remediation section when considering the display information during the remediation process. Select Display Remediation Instructions to allow the certifier access to remediation instructions by clicking the hyperlinked resource button during the certification process.

    Select Perform Closed-Loop Remediation, to start the remediation process on one of the following dates:

    • Certification End Date - The remediation process takes place on the day the certification ends or expires.

    • Include Expired Certification - The remediation process takes place on the completed portion of the incomplete certification when it expires.

    • Certification Completion Date - The remediation process takes place on the day the certifier completes the certification.

  4. Click Save.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next