1. Access Governance Cloud Service
  2. Administer
  3. Access Control Administration
  4. Create Identity Collections

Create Identity Collections

Identity Collections are identities grouped based on shared attributes or specific identities. These identities are on boarded from connected systems in Oracle Access Governance Console.

Identity Collections simplify tasks by allowing you to configure features for a collection of identities, rather than for each individual identity. In Oracle Access Governance, you can use Identity Collections to:

  • Delegate Access Review tasks to an Identity Collection.

Navigate to Identity Collections

Here's how you can access the Identity Collections page:

  1. Sign in to the Oracle Access Governance Console .
  2. Click the Navigation menu icon, and select Access Controls and then Identity Collections. You will see the Identity Collections page where you can view and manage the existing identity collections.
  3. To create a new identity collection, click the Create an identity collection button.

The Create a new identity collection page is displayed.

Add Details

In the Add Details task, you can enter specifics about your identity collection. Here, you can give a meaningful name to your identity collection and add its supporting description.

Note:

By default, for all identities enabled in the Manage Identities service, all identity data attributes including custom attributes ingested from the connected systems are available to create identity collections.
  1. Enter name for your identity collection in the What do you want to call this identity collection? field.
  2. Add a description for your identity collection in the How would you describe this collection? field.
  3. Add or select one or more identities name in the Who can manage this identity collection list. The owner along with the listed identities can manage this identity collection.
  4. Add one or more tags to identify or search your identity collection.
  5. Once you have set your preferences, select Next to go to the Select Identities step.
  6. Optional: You may click Cancel to cancel the current process.

Select Identities

In the Select Identities task, you have to select identities for your identity collection.

You can select identities based on:
  • Membership rule: Set criteria based on certain conditional statements. Either one (Any) or all (All) the set conditions must be satisfied. The list of available attributes is determined by the ingested data from the connected systems.
  • Named identities: Search and select one or more users by their full name that you want to include in your identity collection. The list of available users is determined by the ingested data from the connected systems.
  • Both Membership rule and Named identities: You can have a combination of both membership rule and named identities to set criteria for your identity collection.

Note:

You can also exclude specific members from your identity collection.

Add Identities based on Membership Rule

To add identities based on conditional statements, select the Membership rule tab.

The identities satisfying the set criteria will automatically be included in that identity collection. For example, for an identity collection, if you set the conditional rule to Department Equals Finance, then all the human identities belonging to the Finance department will be included in that identity collection.

To set the conditional rule for identities, do the following:

  1. Select Any if any one of the set conditions should be satisfied, or select All if all the set conditions must be satisfied for that identity.
  2. Select the attribute name from the list

    Note:

    Based on the connected systems, you can select both core and/or custom attributes. To enable custom attributes, see View and Configure Custom Identity Attributes
  3. Select the conditional operator. Based on the data type of the attribute selected, the usage of these operators will vary.
  4. Type the attribute value.
  5. Continue to add the conditional statements or rules for more attributes.

    By default all the identities matching the criteria will be included.

  6. However, you can exclude certain identities from your conditional statements.

    Click the Manage Exclusions button next to Excluding # identity from the attribute conditions and then select the identities that you want to exclude from the identity collection.

    As you set the conditions or add identities, you can see the effect on the right-side of the screen of which identities are excluded and the applied membership rule.

  7. Once you have set your preferences, select Next to go to the Review and submit step. You may select one of the additional actions:
    • Save as draft: To save your changes and later come back and edit the identities.
    • Cancel: To cancel the current process.
    • Back: To go back to the previous step.

Add Identities based on Named Identities

To directly add identities based on their full name, select the Included named identities tab.

All the available active identities (configured from the Manage Identities page) will be displayed. In the user tile, you can view user details, such as full name, email address, organization name. Search or select one or more user tile that you want to include in your identity collection. As you select the identities, you can see the effect on the right-side of the screen of which identities are included. Once you have set your preferences, select Next to go to the Review and submit step.

Review and Submit

The Review and Submit step displays the information you have added in the previous steps.

You can see the preview of your identity collection. For this, click the preview the identity collection link available on the right-side of the page. If you are satisfied with your identity collection preview, click Create. You may select addition actions:
  • Save as draft: to save your changes and edit the identity collection later.
  • Cancel: To cancel the process.
  • Back: To go back to the previous step.