#Identity api scope approval ui. manual#
A request can either be fulfilled immediately (also known as direct operation) or can require manual intervention in the form of approvals (also known as request-based operation). Examples of these operations include creating a user, provisioning an account, and granting a role to a user. In Oracle Identity Manager, a request refers to the business process that is invoked when an operation on an identity or an account has to be performed. The key concept of workflows in Oracle Identity Manager involves the following terminologies: Oracle Identity Manager provides flexible and powerful access request capabilities that allow organizations to meet these requirements. The business process must be able to interact with external systems, such as ticketing systems, when automated access grants are not possible, or the organization's rules require that access is granted manually.Īll decisions and actions must be audited and available in a reportable manner to allow the organization to measure performance of the process and also for auditors to fulfill compliance requirements If manual intervention is required, then the business process must have the ability to assign to users or groups of users and escalate, reassign, or expire if no response is received in a timely manner.įor manual intervention, the business process must have the ability to gather information from the approvers, including comments and attachments. The business process must be able to perform validations, including Segregation of Duties (SoD) checks on what is being requested, by who, for whom, and in what context.
The business process must be able to decide between granting access immediately versus introducing manual intervention steps and seeking approval prior to granting access. The business process that is initiated must be flexible, and must be able to meet changing business rules of the organization. Irrespective of how the change in access is initiated, organizations require the following:
The process of changing users' access can be initiated by the users through events in HR that trigger policies, or by administrators. Managing user access and orchestrating the business process so that users get the correct access is a key identity governance function.
0 kommentar(er)
