Tuesday, November 8, 2016

OIM Certification : Key Features

This post just cover the key features for OIM Certification module for quick review.

Certification Features

  1. Reviewing user entitlements within enterprise to ensure users have not acquired entitlements that they are not authorized to have.
  2. Four Types – 
    • User
    •  Entitlement 
    • Application Instance
    • Roles
  3. User Centric (Manager attestation)/Role Centric (Role owner, App Instance/System Owners)
  4. Two Phased Review. First by Org Certifier/Manager/ Any User and then respective roles/entitlement owner
  5. Configurable risk definition and scheduled task based periodic risk aggregation (Risk Aggregation Job)
  6. Certifications can be scheduled, monitored, delegated, audited.
  7. Incremental certification also possible
  8. Two Global Admin Roles
    • Certification Administrator
    • Certification Viewer
  9. Supports both online and offline user certifications. Excel DI based support for offline user certification.
  10. Closed-loop remediation can be initiated. It can be challenged, tracked till closure.
  11. Generate user certifications or application instance certifications based on event.
  12. Generate certification reports.

 Certification Configuration

  1. Set system properties –
    • Identity Auditor Feature Set Availability – True
    • Display Certification or Attestation – Certification
  2. Mark catalog item certifiable and set Certifier user for each catalog items (Application Instance, Roles, Entitlements)
  3. Setting User Attributes for Certification Snapshot
  4. Setting Risk Level for individual entities
  5. Allow Multi Phase Review option  - Only for User Certification
  6. Allow Reassignment - A new certification object is created containing the reassigned line items. The new assignee is the primary reviewer for the new certification object.
  7. Allow Delegation - When delegation is enabled, there is a verification stage, in which the certification is routed to the primary reviewer with all the decisions of the delegates as well as the primary reviewer's own decisions for final sign off.
  8. Prevent Self Certification - Prevent reviewers from being able to certify their own access. When this option is enabled, the User Manager option is selected by default.
  9. Perform Closed Loop Remediation – Automatically revoke the account or disable user based on decision.
  10. Alternate Reviewer – Only in case of Prevent Self Certification
  11. Set Risk levels in roles, entitlements and app instances. Calculate risk level for certifications.


Posted by at

3 comments:

Subscribe to: Post Comments (Atom)