Create Identity Access Review Campaigns

As an Administrator or Campaign Administrator, certify identity accesses by creating on-demand Identity Access Review campaigns from the Oracle Access Governance Console. These can be one-time or periodic access review campaigns.

Prerequisites

Before you create identity access review campaigns, consider the following:

• To create campaigns for access reviews, you must have Oracle Access Governance Administrator or Campaign Administrator role assigned to you.
• Enable the identity attributes (core and custom), and affiliations, from the Identity Attributes page. For example, you may need to define your campaigns based on Project Code or Cost Center. See View and Configure Custom Identity Attributes.
• You must select at least one selection criteria to run Campaigns to avoid significant resource consumption.
• Choose the Oracle Access Governance system to run identity access reviews based on the permissions ingested directly from the Orchestrated systems.
• For the Oracle Access Governance system, you can choose permissions assigned directly (DIRECT) or Access Bundles granted through request from the Which Permissions? tile. Permissions or accounts provisioned through policy are not eligible in this review.
• You cannot review specific permissions and roles in a same campaign as Which permissions? and Which roles? are mutually exclusive. This means that you can select either of the two while creating a campaign. However, you can review all the available permissions and roles when you select Who has access? and What are they accessing?.

For more information on Campaigns, see Best Practices to work with Campaigns.

Navigate to Campaigns

Campaigns are created from the Oracle Access Governance Console. Go to Campaigns page to launch the on-demand access review process.

1. Log in to the Oracle Access Governance Console.
2. Select one of the following options to navigate to the screen:
   • On the Oracle Access Governance Console home page, select the Access Reviews tab. Select the Define a new campaign tile.
   • From the Navigation Menu, select Access Reviews, and then Campaigns. From the Campaigns page, select Create a campaign.
3. Select one of the system types for which you want to run Campaigns. For more information, see Eligible System Types to Launch Access Review Campaigns.
   On the Create a new access review campaign workflow page, define the selection criteria for your campaign.

Select Criteria for your Access Reviews

In the Selection criteria dimension, you select appropriate criteria for your Identity Access Review Campaigns. The attributes configured in the Identity Attributes page are available as the selection criteria. All criteria can be searched by name.

The selection tiles are based on the system selected in the previous step. For example, for Oracle Cloud Infrastructure (OCI), you may see additional tiles, like Which tenancies? so that you can select your cloud account for which you want to run review.

1. Select one or more criteria tiles that you wish to include in any order. You don't need to update each criteria. The selection values are derived from the integrated orchestrated system. Available tiles are:

   Option	Description
   Who has access?	To filter identities based on core or custom identity attributes. Select up to five attributes in the Which attributes do you want to add for selection? field. From each tab, select one or more available selection values.
   What are they accessing?	Select identities based on their access to applications or resources.
   Which permissions?	To select identities based on their access to permissions. For Oracle Identity Governance (OIG), you can select entitlements. For Oracle Access Governance, you can select permissions assigned directly in the Managed System or permissions provisioned through Access Bundle via Request within Oracle Access Governance . The permissions vary based on the orchestrated system. For OCI, you can review OCI IAM Groups and Application Roles assigned through Access Bundle via Request within Oracle Access Governance.
   Which roles?	To filter identities based on their roles. For Oracle Identity Governance (OIG), you can select directly assigned roles. For Oracle Access Governance, you can select roles assigned directly in the Managed System or created within Oracle Access Governance. For Oracle Cloud Infrastructure (OCI), you can review OCI Cloud services application roles assigned directly in OCI.
   Which tenancies?	To filter cloud account. Select the Refine further link to select compartment and domain for your cloud account. Available only for Oracle Cloud Infrastructure review system.

   Use filter to select the relevant values. For example, for Oracle Access Governance scope, in the Which permissions? tile, select Access Bundle as the Granted Permission type, and set Limited as the Access Time Limit to review access bundles with a time-bound access. For Oracle Cloud Infrastructure (OCI), in the Access Time Limit list , select Limited.
2. After selection, select Apply my selections.
3. To update your selection criteria, select the Modify button on the relevant tile.
   The panel on the right-side of the page shows you the effect of your selection and provides you with an estimate of included identities considered for review.
4. Once you've made your selection, select I'm good, go to workflows button to proceed to the Assign workflow dimension.
   At any point of time, select Save draft to save your campaign and pick up later to work on the details.

Add Access Reviewers by Selecting Approval Workflow

In the Assign Workflow dimension, you select the approval workflow for your access review.

1. Select which approval workflow you want to assign to this access review campaign.
   A list of the available workflows shows all approval workflows defined in your system. Consider Self Certification Guardrails and Fallback Mechanism in Access Review before selecting the workflow. For details on how to create and manage approval workflows see Create Approval Workflow and Manage Approval Workflow.
2. After you have selected your workflow, click the View approval workflow link to see a graphical representation of the selected workflow.
3. Select the scope of justification required for review decisions. You can select for reviewers to add comments for all the review decisions, for revoke decisions only, or keep the justification field as optional.
4. Select Next to proceed to the Add details dimension.
   At any point of time, select Save draft to save your campaign and pick up later to work on the details.

Add Campaign Details

In the Add details dimension, select campaign schedule cycle, give a meaningful name to your campaign, add a supporting description, and assign values to additional attributes, such as campaign owner, and when the campaign should start or end.

To add details :

1. Select an appropriate schedule cycle in the How often do you want this to run? field.
2. In What do you want to call this campaign?, enter a unique campaign name.
3. In How do you want to describe this campaign, enter campaign description.
4. In the Who owns this campaign? field, select campaign owner.
   Consider Self Certification Guardrails and Fallback Mechanism before assigning the campaign owner.
5. Select one of the following for the Oracle Access Governance and Oracle Identity Governance (OIG) systems:

   Option	Description
   Review accounts and permissions	Select this option if you want to create identity access reviews for permissions and accounts.
   Review permissions but not accounts	Select this option if you want to create identity access reviews for permissions, without creating account review tasks.

6. Based on the schedule cycle selected in Step 1, select the time at which you want to launch the campaign.
   • For One-Time, select either Run now or Schedule Later. By default, the campaign is set to begin at the top of the next hour, the following day of campaign creation.
   • For campaign series, select the calendar icon and select the start and end date and time for the campaign.
7. Once you have set your preferences, select Next to go to the Review and submit dimension.
8. Optional: You may select one of the additional actions:
   • Save Draft: To save your changes and later come back and edit the workflow or details.
   • Cancel: To cancel the current process.
   • Back: To go back to the previous step.

Review and Submit the Campaign

In the Review and submit dimension, review the campaign details and create the campaign.

To review and submit your campaign :

1. Review the campaign information. For any changes, select the Back button.
2. Select Create. The campaign is successfully scheduled.

---

Title and Copyright Information

Copyright ©2023,

Oracle and/or its affiliates.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.