Oracle Identity Analytics (formerly Sun Role Manager) provides enterprises with the ability to engineer and manage roles and automate critical identity-based controls. The key features are the following:
Identity Warehouse is the central repository that contains identity, access and audit data, optimized for complex analytical queries and simulations. This data is imported from one or more databases within your organization on a scheduled basis. The Oracle Identity Analytics import engine supports complex entitlement feeds saved as either text files or XML. A glossary entry, defined as a business friendly term for typically cryptic IT entitlements, can also be captured during the import process enabling business users to view and analyze user’s access rights in a business-friendly way. Oracle Identity Analytics provides strong and robust integration capabilities with the provisioning products including Oracle Identity Manager and Oracle Waveset (formerly Sun Identity Manager). The integration focuses on synchronization of common identity data with well-defined authoritative ownership of each entity.
Attestation of Access Rights
Oracle Identity Analytics reduces operational risk exposure by providing a 360-degree view of users' access – not just who has access to what, but whether access was appropriately assigned and how it is being used. Oracle Identity Analytics securely automates existing manual re-certification or attestation processes for certifying the user access rights by business managers and application owners. This significantly reduces costs associated with existing manual controls and enhances audit effectiveness, resulting in enforcement of "least privilege" across the enterprise.
Segregation of Duties
Segregation of duties (SoD) enforcement prevents users from intentionally or inadvertently breaching security policy by having a conflicting combination of roles or entitlements. SoD enforcement directly impacts an organization¹s ability to comply with explicit requirements of the Sarbanes-Oxley Act and multiple other regulatory mandates aimed at ensuring the integrity of enterprise financial operations.
Analytical Dashboards & Reports
Oracle Identity Analytics provides comprehensive dashboards and reporting capabilities based on user identity, access and audit data residing in the Identity Warehouse. Oracle Identity Analytics provides various compliance and operational dashboards for a quick review of compliance and operational status in context of roles, segregation of duty policies, audit policies and other controls. While compliance dashboards are typically used for executive level compliance monitoring, detailed out of box reports enables IT staff, business users and auditors to structurally analyze the warehouse data.. The dashboards can further be customized for business users, compliance and audit officers and other end users on need basis. While Oracle Identity Analytics provides close to 50 out of box reports, its data dictionary is published to allow customers to extend these reports and build custom reports.
Role Lifecycle Management
Roles defined across an enterprise are subject to evolve over time, and require a robust administration and audit process. Oracle Identity Analytics provides role approvals upon detection of associated entitlement updates and performs real time impact analysis for role consolidation before changes are applied in a live environment. The role change approval process combined with role versioning, role change “what if” simulations, and rollback features, provides a complete role change and lifecycle management solution. As part of its role lifecycle management features, Oracle Identity Analytics fully audits all the changes made to role definitions including role assignment rules and entitlement mapping policies.
360-degree view of assigned access
Goes beyond “who has access to what” to reveal what was done with the access, including policy violations and potential violations
Provides information to make intelligent decisions concerning user access
Provides an automated, end-to-end solution for reviewing and revoking access
Automatically verifies remediation and sends alerts if remediation does not take place
Helps control cost of compliance by automating processes
Reduces risk of policy violations and compliance failures
Rule lifecycle management
Applies role lifecycle management technology to audit and role assignment rules
Proactively determines impact of rule changes on access assignment processes
Provides API for remotely executing rule assignment and SoD rules
Improves audit effectiveness by capturing rules history
Provides information for decision making
Simplifies integration with systems that utilize Role Manager as authoritative source for roles
Provides role approvals upon detection of entitlement updates
Performs impact analysis before changes
Allows for the definition of temporary roles
Enables simple changes in access based on changes in job responsibilities
Improves organizational flexibility by making it fast and easy to change access based on business needs
Allows for ongoing role certification by business unit managers or role owners
Improves alignment between IT and business organizations
Automates existing processes for certifying the access assigned to users by business managers and application owners
Reduces costs by automating existing manual controls
Enhances audit effectiveness by enforcing concept of least privilege
Enables enterprise-level monitoring of access for conflicts in SoD and security policy
Supports inter- and intra- application policy enforcement
Provides complete lifecycle management of a policy violation
Reduces business risk associated with failed access controls
Enhances audit effectiveness by enforcing security policies related to SoD and least privilege
Reduces costs by automating existing manual processes for enforcing security policies
Delivers an enterprise view of certification status
Provides an enterprise view of policy exceptions
tracks policy exceptions by type and business unit
Provides historical trending analysis
Improves compliance by providing an easily accessible view of activities
Data collection based on extract, transform, and load (ETL)
Enables integration with any resourceful
Eliminates the need to write connectors to applications
Ensures ability to access entitlement data
Increases efficiency and cuts costs by reducing time to load data by 70%
This document is provided for informational purposes only,
and the information herein is subject to change
without notice. Please report any errors herein to
Oracle Corporation. Oracle Corporation does not provide
any warranties covering and specifically disclaims any
liability in connection with this document.
Oracle is a registered trademark of Oracle Corporation.
All other company and product names mentioned are used
for identification purposes only and may be trademarks of
their respective owners.