Oracle Access Governance automatically fetches custom attributes defined in a connected system. Details of custom attributes are automatically loaded into Oracle Access Governance when data is loaded from a connected system into Oracle Access Governance and you can run a refresh load to fetch the latest custom attributes, anytime post the connection.
Note:To view the Identity Attributes option, you must activate at least one identity from the Manage Identities page. See Select Included Identities for details on how to enable identities in Oracle Access Governance.
- While creating a campaign, a Campaign Administrator selects custom attributes - Cost Center and Department ID to further refine the campaign selection criteria to run access review campaigns.
- While creating an identity collection, an Administrator can apply membership rules using the core and custom attributes. For instance, to create a senior management list of employees for the Accounting organization, create an identity collection to include employees where the Job Level is Director and above, and the Organization is Accounting.
- Organization, Identity Location and Job Code are the core attributes in the identity data. You can extend the schema definition, and use additional attributes in Oracle Access Governance features by defining custom attributes in your schema.
- A custom attribute that is encrypted in your schema will not be available in Oracle Access Governance and won't show up on the Identity Attributes page.
View Custom Attributes
As an Administrator, you can view, search, and configure the available custom attributes to use them across various Oracle Access Governance features.
- In the Oracle Access Governance Console, from the navigation menu, select Administration , and then select Custom Identity Attributes.
The Custom Identity Attributes page is displayed. You can view the available custom attributes, and when the settings for these attributes were last updated for your organization.
Search and Filter Custom Attributes
- Campaign selections: On or Off
- Event-based: On or Off
- Manage identities: On or Off
- Identity details: On or Off
View Attribute Details
- Attribute name: Original attribute name as available in the data system that is connected with Oracle Access Governance.
- Connected system: Connected system name in Oracle Access Governance Console.
- Display name: Unique attribute name that will be used within Oracle Access Governance Console for easy identification and usage.
- Type: Data type of the attribute.
- Flags indicating where these custom attributes have been used:
- Identity details: This selection will show custom attributes in the:
- Campaign selection: This selection will show custom attributes to define user access review campaigns.
- Event-based Setup: This selection will show custom attributes to configure event-based triggers for identity access reviews.
- Manage Identities: This selection will show custom attributes to configure activation rules to manage identities from Oracle Access Governance, and to enable custom attributes in creating an identity collection.
- Last updated by: Name of the administrator who last modified the settings for that identity attribute.
Fetch Latest Custom Attributes
If you don't see the latest custom attributes in the list, click the Fetch attributes button.
This action will run the schema discovery on the connected system, and fetch the latest schema objects to get the updated list of custom attributes, if available. If new custom attributes are available, then the schema discovery process may take a couple of minutes to complete, and show the updated list of custom attributes.
Note:If you have an encrypted attribute in your schema, then this process won't fetch and show up that encrypted attribute on this page.
Whenever a new custom attribute is added, you first need to enable that attribute for the features where you want to use it.
Note:This action won't ingest the attribute data from the connected system but will just load the schema objects. To fetch and use the attributes' data, you either have to wait for the next upcoming scheduled data sync operation or manually run the data load operation. See the Manage the Connected System topic.
Modify Attribute Settings
You can modify the custom attribute settings to include or exclude the use of these attributes for the Oracle Access Governance features.
- Click the icon corresponding to the custom attribute that you want to modify.You will see the Change custom identity attribute settings pop-up window displaying the custom attribute name. You can also see the Administrator name who last updated the settings for this custom attribute.
- As deemed necessary, update the following:
- Update the Display name. This unique name will be used across Oracle Access Governance for this custom attribute.
- Select the check box corresponding to the Oracle Access Governance features where you want to use this custom attribute. The available options are:
- Include in identity details
Note:You can select up to 250 attributes for this feature.
- Include in event based access reviews
- Include in campaign selections
- Include in manage identities
- Include in identity details
- Once you have selected your preferences, click Apply. Click Cancel to discard your changes.