JavaScript must be enabled to correctly display this content
Create Identity Access Review Campaigns
As an Administrator or Campaign Administrator, certify identity accesses by creating on-demand Identity Access Review campaigns from the Oracle Access Governance Console. These can be one-time or periodic access review campaigns.
Before you create identity access review campaigns, consider the
following:
To create campaigns for access reviews, you must have Oracle Access
Governance Administrator or Campaign Administrator role assigned to
you.
Enable the identity attributes (core and custom), and affiliations, from the Identity Attributes page. For example, you may need to define your campaigns based on Project Code or Cost Center. See View and Configure Custom Identity Attributes.
You must select at least one selection criteria to run Campaigns to avoid significant resource consumption.
Choose the Oracle Access Governance system to run identity access reviews based on the permissions ingested directly
from the Orchestrated systems.
For the Oracle Access Governance system, you can choose permissions assigned directly (DIRECT) or
Access Bundles granted through request from the Which Permissions? tile.
Permissions or accounts provisioned through policy are not eligible in this
review.
You cannot review specific permissions and roles in a same campaign as
Which permissions? and Which roles? are mutually exclusive. This
means that you can select either of the two while creating a campaign. However, you
can review all the available permissions and roles when you select Who has
access? and What are they accessing?.
On the Create a new access review campaign workflow page, define the selection criteria for your campaign.
Select Criteria for your
Access Reviews
In the Selection criteria dimension, you select
appropriate criteria for your Identity Access Review Campaigns. The attributes
configured in the Identity Attributes page are available as the selection criteria.
All criteria can be searched by name.
The selection tiles are based on the system selected in the previous
step. For example, for Oracle Cloud Infrastructure (OCI), you may see additional tiles,
like Which tenancies? so that you can select your cloud account
for which you want to run review.
Select one or more criteria tiles that you wish to include in any order. You
don't need to update each criteria. The selection values are derived from the
integrated orchestrated system. Available tiles are:
Option
Description
Who has access?
To filter identities based on core or custom identity
attributes.
Select up to five attributes in the Which
attributes do you want to add for selection?
field.
From each tab, select one or more available
selection values.
What are they accessing?
Select identities based on their access to applications
or resources.
Which permissions?
To select identities based on their access to
permissions.
For Oracle Identity Governance (OIG), you can select
entitlements.
For Oracle Access Governance, you can select permissions assigned directly in the Managed
System or permissions provisioned through Access Bundle via Request within Oracle Access Governance . The permissions vary based on the orchestrated system.
For OCI, you can review OCI IAM Groups and
Application Roles assigned through Access Bundle via Request within Oracle Access Governance.
Which roles?
To filter identities based on their roles.
For Oracle Identity Governance (OIG), you can select
directly assigned roles.
For Oracle Access Governance, you can select roles assigned directly in the Managed System
or created within Oracle Access Governance.
For Oracle Cloud Infrastructure (OCI), you can
review OCI Cloud services application roles assigned directly in
OCI.
Which tenancies?
To filter cloud account. Select the Refine
further link to select compartment and domain for your
cloud account. Available only for Oracle Cloud Infrastructure review
system.
Use filter to select the relevant values. For example, for Oracle Access Governance scope, in the Which permissions? tile, select Access Bundle as the Granted Permission type, and set Limited as the Access Time Limit to review access bundles with a time-bound access. For Oracle Cloud Infrastructure (OCI), in the Access Time Limit list , select Limited.
After selection, select Apply my selections.
To update your selection criteria, select the Modify
button on the relevant tile.
The panel on the right-side of the page shows you the
effect of your selection and provides you with an estimate of included
identities considered for review.
Once you've made your selection, select I'm good, go to
workflows button to proceed to the Assign workflow
dimension.
At any point of time, select Save
draft to save your campaign and pick up later to work on the
details.
Add Access Reviewers by Selecting Approval Workflow
In the Assign Workflow dimension, you select the approval workflow for your access review.
Select which approval workflow you want to assign to this access review campaign.
After you have selected your workflow, click the View approval workflow link to see a graphical representation of the selected workflow.
Select the scope of justification required for review decisions. You can select for reviewers to add comments for all the review decisions, for revoke decisions only, or keep the justification field as optional.
Select Next to proceed to the Add details dimension.
At any point of time, select Save draft to save your campaign and pick up later to work on the details.
Add Campaign Details
In the Add details dimension, select campaign schedule cycle,
give a meaningful name to your campaign, add a supporting description, and assign values to
additional attributes, such as campaign owner, and when the campaign should start or
end.
To add details :
Select an appropriate schedule cycle in the How often do you want
this to run? field.
In What do you want to call this campaign?, enter a
unique campaign name.
In How do you want to describe this campaign, enter
campaign description.
In the Who owns this campaign? field, select campaign
owner.
Select one of the following for the Oracle Access Governance and Oracle Identity Governance (OIG) systems:
Option
Description
Review accounts and permissions
Select this option if you want to create identity access reviews for permissions and accounts.
Review permissions but not accounts
Select this option if you want to create identity access reviews for permissions, without creating account review tasks.
Based on the schedule cycle selected in Step 1, select the time at which you
want to launch the campaign.
For One-Time, select either Run now
or Schedule Later. By default, the campaign is set to
begin at the top of the next hour, the following day of campaign
creation.
For campaign series, select the calendar icon and select
the start and end date and time for the campaign.
Once you have set your preferences, select Next to go to
the Review and submit dimension.
Optional: You may select one of the additional actions:
Save Draft: To save your changes and
later come back and edit the workflow or details.
Cancel: To cancel the current
process.
Back: To go back to the previous
step.
Review and Submit the Campaign
In the Review and submit dimension, review the campaign details and create the campaign.
To review and submit your campaign :
Review the campaign information. For any changes, select the Back button.
Select Create. The campaign is successfully scheduled.