|Skip Navigation Links|
|Exit Print View|
|Oracle Identity Analytics System Integrator's Guide 11g Release 1|
Oracle Identity Analytics software and Oracle Identity Manager (OIM) software work together seamlessly when integrated using the Thor-API connection mechanism. When integrated, Oracle Identity Manager serves as the automated provisioning and identity synchronization solution, while Oracle Identity Analytics defines the Role-based Access Control (RBAC) framework, the attestation process, and the approach to Segregation of Duties (SoD) policy enforcement. Rather than assigning individual access entitlements, the RBAC framework allows organizations to assign and unassign roles as a means of controlling user access on various applications.
In a fully-integrated scenario, provisioning and role management works in the following manner:
OIM is the authoritative source for users, accounts, and entitlements. Any update made to the users or their corresponding accounts is done in OIM.
Oracle Identity Analytics is the authoritative source for role management and role membership. Oracle Identity Analytics is also the authoritative source for policy entitlement definitions. (Roles in Oracle Identity Analytics correspond to roles in OIM 11.x, and groups in OIM 9.x. Further, policies in Oracle Identity Analytics correspond to access policies in OIM.)
All roles are defined and created in Oracle Identity Analytics. All entitlements for policies and role-to-user relationships are managed from Oracle Identity Analytics.
Role, Policy, and Role-Membership updates should no longer be made in Oracle Identity Manager.