1. Access Governance Cloud Service
  2. Administer
  3. Service Administration
  4. View and Configure Custom Identity Attributes

View and Configure Custom Identity Attributes

Overview

Oracle Access Governance automatically fetches custom attributes defined in a connected system. Details of custom attributes are automatically loaded into Oracle Access Governance when data is loaded from a connected system into Oracle Access Governance and you can run a refresh load to fetch the latest custom attributes, anytime post the connection.

Note:

To view the Identity Attributes option, you must activate at least one identity from the Manage Identities page. See Select Included Identities for details on how to enable identities in Oracle Access Governance.
You can use these custom attributes in Oracle Access Governance to perform various functions, such as running access reviews campaigns, choosing identities for identity collections, or applying attribute conditions to enable/disable the available identity data set.
To understand this better, let's look at a couple of examples:
  • While creating a campaign, a Campaign Administrator selects custom attributes - Cost Center and Department ID to further refine the campaign selection criteria to run access review campaigns.
  • While creating an identity collection, an Administrator can apply membership rules using the core and custom attributes. For instance, to create a senior management list of employees for the Accounting organization, create an identity collection to include employees where the Job Level is Director and above, and the Organization is Accounting.
Custom attributes are governed by certain assumptions and rules. Let's see a few of them:
  • Organization, Identity Location and Job Code are the core attributes in the identity data. You can extend the schema definition, and use additional attributes in Oracle Access Governance features by defining custom attributes in your schema.
  • A custom attribute that is encrypted in your schema will not be available in Oracle Access Governance and won't show up on the Identity Attributes page.

View Custom Attributes

As an Administrator, you can view, search, and configure the available custom attributes to use them across various Oracle Access Governance features.

Here's how you can view the available custom attributes:
  1. In the Oracle Access Governance Console, from the Navigation menu navigation menu, select Administration , and then select Custom Identity Attributes.

    The Custom Identity Attributes page is displayed. You can view the available custom attributes, and when the settings for these attributes were last updated for your organization.

Search and Filter Custom Attributes

Use the Search field to locate the required attribute by the attribute name. You can manage a large set of attributes by applying filters based on the following Oracle Access Governance features:
  • Campaign selections: On or Off
  • Event-based: On or Off
  • Manage identities: On or Off
  • Identity details: On or Off

View Attribute Details

You can view the following attribute details:
  • Attribute name: Original attribute name as available in the data system that is connected with Oracle Access Governance.
  • Connected system: Connected system name in Oracle Access Governance Console.
  • Display name: Unique attribute name that will be used within Oracle Access Governance Console for easy identification and usage.
  • Type: Data type of the attribute.
  • Flags indicating where these custom attributes have been used:
  • Last updated by: Name of the administrator who last modified the settings for that identity attribute.
Use the Edit icon Edit icon to edit the settings for that custom attribute.

Fetch Latest Custom Attributes

If you don't see the latest custom attributes in the list, click the Fetch attributes button.

This action will run the schema discovery on the connected system, and fetch the latest schema objects to get the updated list of custom attributes, if available. If new custom attributes are available, then the schema discovery process may take a couple of minutes to complete, and show the updated list of custom attributes.

Note:

If you have an encrypted attribute in your schema, then this process won't fetch and show up that encrypted attribute on this page.

Whenever a new custom attribute is added, you first need to enable that attribute for the features where you want to use it.

Note:

This action won't ingest the attribute data from the connected system but will just load the schema objects. To fetch and use the attributes' data, you either have to wait for the next upcoming scheduled data sync operation or manually run the data load operation. See the Manage the Connected System topic.

Modify Attribute Settings

You can modify the custom attribute settings to include or exclude the use of these attributes for the Oracle Access Governance features.

Perform the following steps on the Custom Identity Attributes page:
  1. Click the Edit Icon icon corresponding to the custom attribute that you want to modify.
    You will see the Change custom identity attribute settings pop-up window displaying the custom attribute name. You can also see the Administrator name who last updated the settings for this custom attribute.
  2. As deemed necessary, update the following:
    1. Update the Display name. This unique name will be used across Oracle Access Governance for this custom attribute.
    2. Select the check box corresponding to the Oracle Access Governance features where you want to use this custom attribute. The available options are:
      • Include in identity details

        Note:

        You can select up to 250 attributes for this feature.
      • Include in event based access reviews
      • Include in campaign selections
      • Include in manage identities
  3. Once you have selected your preferences, click Apply. Click Cancel to discard your changes.