Identity Certification Overview

This section describes what, why, and how identity certifications are conducted. It also discusses who is typically involved in the identity certification process.

What Is Identity Certification?

Identity certification is the process of reviewing user entitlements to ensure that users have not acquired entitlements that they are not authorized to have. Certifications can be scheduled to run on a regular basis to meet compliance requirements. Managers use the Oracle Identity Analytics Identity Certification module to review their employees' entitlements to access applications and data. Based on changes reported by Oracle Identity Analytics, managers can authorize or revoke employee access, as needed.

The following table lists the four types of identity certification that are possible in Oracle Identity Analytics.

Identity Certification Type	Description
User Entitlement Certification	Allows managers to certify employee access to roles and other related entitlements.
Role Entitlement Certification	Allows role owners to certify roles and role content.
Resource Entitlement Certification	Allows resource owners to certify user access to resources.
Data Owner Certification	Allows data owners to certify users.

Business administrators are tasked with creating certifications for their organizations. For information about creating certifications, see the Oracle Identity Analytics 11gR1 Business Administrator's Guide.

Who Is Involved in Completing Identity Certifications?

The identity certification module in Oracle Identity Analytics allows personnel in an organization to review and certify user entitlement data, role content data, and application access data. Following are descriptions of the types of users that are typically involved in the identity certification process, as well as the certifications that each user type can authorize or revoke. In Oracle Identity Analytics, personnel who participate in the identity certification process are called actors.

Actor Name	Description	Certification Types That Can Be Accessed
Certifier	A generic term that signifies a person who is responsible for reviewing and completing any kind of certification.	User entitlement certification Role entitlement certification Resource entitlement certification Data owner certification
User manager	A manager with direct reports. Users report to a user manager.	User entitlement
Access reviewer	Designated personnel responsible for reviewing user access.	User entitlement Resource entitlement
Application owner	Designated personnel responsible for reviewing user access on a particular target system.	User entitlement Resource entitlement
Role owner	Designated personnel responsible for reviewing role and its content.	Role entitlement
Data owner	Designated personnel responsible for reviewing access to an attribute value.	Data owner
Oracle Identity Analytics administrator	An administrator with full access to the Oracle Identity Analytics application and who can create and view the progress of all certifications.	User entitlement Role entitlement Resource entitlement Data owner
Auditor or Audit Analyst	Designated personnel who can view the Identity Certification Dashboard to view the progress of each certification. Can view reports from completed certifications.	Identity certification dashboard Certification reports
Certification administrator	Administrator with limited access to the Oracle Identity Analytics application and who can only create and view the progress of certifications.	User entitlement Role entitlement Resource entitlement Data owner

Skip Navigation Links
Exit Print View
	Oracle Identity Analytics User's Guide 11g Release 1