1. Oracle Identity Analytics Overview
2. Using the Oracle Identity Analytics User Interface
What Is the Identity Warehouse?
Understanding the Identity Warehouse User Interface
To Search for a User (Quick Search)
To Search for a User (Advanced Search)
To View User Accounts (Entitlements)
Working With Business Structures
To Delete a Business Structure
To Create a Business Structure Hierarchy
Associating Users With Roles and Business Structures
To Associate a User With a Role
To Associate a User With a Business Structure
To Associate Policies With Resources
To Associate Policy Owners With Policies
To Create Roles From Existing Roles
To Create Roles Based On an Existing User
To Rename, Modify, or Decommission (Delete) a Role
To Associate Roles With Business Units
To Associate Role Owners With Roles
To Approve Role Change Requests
To Manage the Lifecycle of Roles
Setting the Segregation of Duties at the Role and Policy Levels
To Define Segregation of Duties at the Role Level
Policies are templates that define the various access levels that a user has on the target systems. Policies are individually defined for each resource. Roles are made up of policies.
The polices component displays all available policies that exist for the organization categorized according to resource type. Resources are depicted as . The available policies are shown under each resource type.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Policies.
Click New Policy.
The Policy Wizard window opens.
Select the resource type for which you are creating the policy and click Next.
Select the resource for which access needs to be defined and click Next.
Click Select Owners to search for the owners for this policy and click Next.
For help using Search, see Searching For a User.
When the Policy Property window opens up, complete the form:
Name - Type the name of the policy.
Comments - Type any additional comments about the policy.
Service Desk Ticket # - Add the helpdesk system reference number, if relevant to your organization.
Click the Entitlements tab and complete the form:
Value - Enter the value of the attribute defined for the resource.
Required - Selecting this means the value is mandatory and needs to be assigned to the role. This value cannot be excluded.
Risk Level - Signifies whether a given policy is low, medium, high, critical, or none. These risk levels are flagged during Identity Audit Exceptions or while performing Certifications.
+ / - - Use these to add or delete an attribute value.
Click Finish.
The new policy is displayed under the resource type on the Policies page.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Policies.
To rename a policy, do the following:
Select the policy by clicking on the policy name.
Change the name of the policy and click Save.
To delete a policy, do the following:
Select the policy by clicking on the policy name.
Click the Delete Policy button.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Policies.
Policies are listed by resource type on the left side of the page.
Click to select the desired policy.
Click the Resources tab in the panel on the right.
Click the Add Resources button.
Select one or more resources from the list and click OK.
Hold down the Control key while clicking to select multiple items. Click an item again while holding down Control to clear that item.
Click Save.
The resource will not be associated with the policy until it has been approved by the policy owner.
Click Send For Approval.
Once the policy owner approves it, the resource is associated with the policy.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Roles.
Select a role and click the Policies tab on the right side of the page to add policies to (or remove policies from) the role.
Choose one of the following tasks:
Click Add Policies to assign the selected policies to the role.
Click Remove Policies to remove the selected policies from the role.
Click Save.
The policies associated with a role will display on the Policies tab for the role.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Policies.
Policies are listed by resource type on the left side of the page.
Click a policy and click the Ownership tab on the right side of the page.
Click Add Owner.
Select one or more user(s) and click OK.
For help using Search, see Searching For a User.
Click Save.
Modifications to a policy are activated only after the approval of the policy owner.
To approve a policy change request, see My Requests Tab in the My Requests chapter.
The lifecycle of a policy is managed by out-of-the-box workflows. Workflows are step-by-step explanations (flowcharts) that Oracle Identity Analytics follows to complete a selected set of tasks. The workflows can be modified to suit the requirements of your organization.
Oracle Identity Analytics has the following policy workflows:
Policy creation workflow
Policy modification workflow
The default policy creation and policy modification workflows each have three steps:
Start workflow: This steps kicks-off once a policy is created or modified.
Policy Owner Approval: If a policy owner approves the request, the workflow proceeds to the next step. Otherwise, the policy is discarded.
Finish: The policy is created.
To understand or change policy workflows, refer to the Oracle Identity Analytics Workflows chapter in the Business Administrator's Guide.