|Skip Navigation Links|
|Exit Print View|
|Oracle Identity Analytics System Integrator's Guide 11g Release 1|
Oracle Identity Analytics software and Oracle Identity Manager (OIM) software work together seamlessly when integrated using the Thor-API connection mechanism. When integrated, Oracle Identity Manager serves as the automated provisioning and identity synchronization solution, while Oracle Identity Analytics defines the Role-based Access Control (RBAC) framework, the attestation process, and the approach to Segregation of Duties (SoD) policy enforcement. Rather than assigning individual access entitlements, the RBAC framework allows organizations to assign and unassign roles as a means of controlling user access on various applications.
In a fully-integrated scenario, provisioning and role management works in the following manner:
OIM is the authoritative source for users, accounts, and entitlements. Any update made to the users or their corresponding accounts is done in OIM.
Oracle Identity Analytics is the authoritative source for role management and role membership. Oracle Identity Analytics is also the authoritative source for policy entitlement definitions. (Roles in Oracle Identity Analytics correspond to "groups" in OIM, and policies in Oracle Identity Analytics correspond to "access policies" in OIM.)
All roles are defined and created in Oracle Identity Analytics. All entitlements for policies and role-to-user relationships are managed from Oracle Identity Analytics.
Roles managed by Oracle Identity Analytics become read-only in OIM.
Note - Provisioning attribute definitions for Access Policies, which are required to create accounts, is managed in much the same way as the previous Oracle Role Manager(ORM) - OIM integration (by OIM or external process).