View and Configure Identity Attributes
Identity attributes refer to properties of an identity, such as name, location, or organization name.
- Core attributes: Fixed standardized identity attributes which are included in campaigns and access reviews by default.
- Custom attributes: Non-standard identity attributes that are on-boarded from specific connected systems, once connected, but are not included in campaigns and access reviews unless required. For example, you may have a core attribute Location which is included in campaigns and access reviews by default, while additional custom attributes, such as Area, City, or Zip Code must be configured, to support your business needs.
Oracle Access Governance automatically fetches core and custom attributes defined in a connected system. Details of attributes are automatically loaded into Oracle Access Governance when data is loaded from a connected system. If you create further custom attributes in the target system, following initial data load, you can refresh the custom attributes in the Oracle Access Governance schema so that the latest custom attributes are included in the next data load.
You can use these attributes in Oracle Access Governance to perform various functions, such as running access reviews campaigns, choosing identities for identity collections, or applying attribute conditions to enable/disable the available identity data set.
- While creating a campaign, a Campaign Administrator selects custom attributes - Cost Center and Department ID to further refine the campaign selection criteria to run access review campaigns.
- While creating an identity collection, an Administrator can apply membership rules using the core and custom attributes. For instance, to create a senior management list of employees for the Accounting organization, create an identity collection to include employees where the Job Level is Director and above, and the Organization is Accounting.
- A custom attribute that is encrypted in your schema will not be available in Oracle Access Governance and won't show up on the Identity Attributes page.
As an Administrator, you can view, and search for available core and custom attributes, and determine which Oracle Access Governance features they are enabled for.
- In the Oracle Access Governance Console, from the navigation menu, select Service Administration , and then select Identity Attributes.
The Identity Attributes page is displayed. You can view the available core and custom attributes, which are displayed on the Core and Custom tabs respectively.
View Attribute Details
- Attribute name: Original attribute name as available in the target system that is connected with Oracle Access Governance.
- Connected system: Connected system name from which the attribute is populated.
- Display name: Unique attribute name that will be used within Oracle Access Governance Console for easy identification and usage.
- Type: Data type of the attribute.
Note:Custom attributes only.
- Flags indicating where these attributes can been used:
- Identity details: If selected, attributes are displayed in:
- Campaign selection: If selected, the attribute is available for use in user access review campaigns.
- Event-based Setup: If selected, the attribute is available for use in configure event-based triggers for identity access reviews.
- Manage Identities: If selected, the attribute is available for use in configure activation rules to manage identities from Oracle Access Governance, and to enable custom attributes in creating an identity collection.
- Last updated by: Name of the administrator who last modified the settings for that identity attribute.
Search and Filter Custom Attributes
- Campaign selections: On or Off
- Event-based: On or Off
- Manage identities: On or Off
- Identity details: On or Off
Modify Custom Attribute Settings
You can modify attribute settings to update the connected system from which the attribute is populated, change the display name (custom attributes only), or include/exclude the use of an attribute for certain Oracle Access Governance features.
- Click the icon corresponding to the attribute that you want to modify.The dialog you see depends on whether you are editing a core or custom attribute.
If you have the Core attributes tab selected, you will see the Change core identity attribute settings pop-up window. You can edit the connected system from which the attribute is populated, by selecting the connected system from the drop-down list. If the attribute change proposed has an impact on other attributes, then the list of additional attributes affected will be displayed. An example would be if you update the connected system for the attribute name.firstName. To ensure data integrity, the surname of the identity should come from the same connected system, so a message will be displayed This will also change the connected system for attributes: name.lastName. When you save the change, both attributes will be updated.
If you have the Custom attributes tab selected, you will see the Change custom identity attribute settingspop-up window. You can edit the following for custom attributes:
- Connected system: The connected system from which the attribute is populated
- Display name: This unique name will be used across Oracle Access Governance for this custom attribute.
- Feature: Select the check box corresponding to the Oracle Access Governance features where you want to use this custom attribute. The
available options are:
- Include in identity details
Note:You can select up to 250 attributes for this feature.
- Include in event based access reviews
- Include in campaign selections
- Include in manage identities
- Include in identity details
- Once you have selected your preferences, click Apply. Click Cancel to discard your changes.
Fetch Latest Custom Attributes
If you don't see the latest custom attributes in the list, click the Fetch attributes button.
This action will run the schema discovery on the connected system, and fetch the latest schema objects to get the updated list of custom attributes. If new custom attributes are available, then the schema discovery process may take a couple of minutes to complete, and show the updated list of custom attributes.
Note:If you have an encrypted attribute in your schema, then this process won't fetch and show up that encrypted attribute on this page.
Whenever a new custom attribute is added, you first need to enable that attribute for the features where you want to use it.
Note:This action won't ingest the attribute data from the connected system but will just load the schema objects. To fetch and use the attributes' data, you either have to wait for the next upcoming scheduled data sync operation or manually run the data load operation. See the Manage the Connected System topic.
View and Configure Identity Attributes
Copyright © 2023, Oracle and/or its affiliates.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.