This post covers first topic of certification Oracle Identity Governance Suite 11g Essentials i.e. Oracle Identity Governance Fundamentals”
1. Oracle Identity Governance fundamentals
1.1 Describe challenges faced by organizations in the area of Identity Governance
1.2 Describe Oracle Identity Governance suite’s integrated approach and highlight key benefits
1.3 Describe key features of the Oracle Identity Governance product suite
Here is excerpt from various Oracle documentation (mentioned at end of this post) around Oracle Identity Governance fundamentals
1) Organization today faces challenge to provide users with quick and easy access to the systems they need to perform their jobs with the organization’s risk and compliance obligation to ensure such access is as restrictive as possible.
2) Challenges faced by companies are access certification, revoking unnecessary access rights, compliance (Sarbnes Oxley – SOX…), auditing etc
3) Oracle Identity Governance simplifies access grants by enabling users to request access in simple, web based catalog, and by routing these requests to appropriate approvers. Some of the key benefits of Oracle Identity Governance are
a) Simplified Access Request
b) Advanced Role Lifecycle Management
c) Streamlined Access Grant
d) Privileged Account Management
e) Simplified Identity Certification
f) IT Audit Monitoring & Reporting
4) Identity Governance also provides privileged account management (introduced in IDM 11gR2) that controls access to shared, root-level or admin accounts.
5) Identity governance provides – provisioning, managing accounts and access privileges, role lifecycle management, access certification, closed loop remediation, privileged account management, customizable user interface, enhanced regulatory compliance, Segregation of Duties (SoD), Increased security and improved business responsiveness, Auditing, and Reporting
6) Identity Governance Suite consists of following components
i) Access Catalog : Catalog of access rights, including Enterprise/Application Roles, Application Accounts, Entitlements
ii) Access Request : Browser based tool to request access (similar to shopping cart)
iii) Privileged Account Management : Server-based password repository to generate, provision, and manage passwords for privileges shared accounts (like root user or application super user) . Tool supports check-out and check-in of password and system can be configured to automatically change the password on check-in.
iv) Role Lifecycle Management : defining and assigning roles to individuals. Role Lifecycle Management component also includes role discovery and Role Mining
v) Identity Certifications : provides certification (or attestation), closed loop remediation, and 360-degree view provides audit information such as previous certification decisions, rules or access policies used for assignment, role usages analysis and so on
vi) IT Audit Monitoring
vii) Account Reconciliation & Rogue Detection : Account reconciliation allows administrators to detect change in access privileges originating outside the identity management system. Orphan accounts are accounts that are not linked to any identities . The process of automatic and manual linking, identifying accounts, and remediating orphaned accounts is typically part of data cleansing that is performed as the first phase of on-boarding a new application using the Oracle Identity Governance Suite. Periodic reconciliation can also help with detecting any orphaned accounts created
viii) Audit & Reporting : Identity Governance suite provides actionable dashboards and advanced analytics capabilities based on user identity, access and audit data residing in the Identity Warehouse. All completed certification data is archived for audit purposes
I strongly recommend to read following additional documentation that covers topic Oracle Identity Governance Fundamentals of certification Oracle Identity Governance Suite 11g Essentials
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.