Introduction
Oracle Identity Analytics (formerly Sun Role Manager) provides enterprises with the ability to engineer and manage roles and automate critical identity-based controls. The key features are the following:
Identity Warehouse
Identity Warehouse is the central repository that contains identity, access and audit data, optimized for complex analytical queries and simulations. This data is imported from one or more databases within your organization on a scheduled basis. The Oracle Identity Analytics import engine supports complex entitlement feeds saved as either text files or XML. A glossary entry, defined as a business friendly term for typically cryptic IT entitlements, can also be captured during the import process enabling business users to view and analyze user’s access rights in a business-friendly way. Oracle Identity Analytics provides strong and robust integration capabilities with the provisioning products including Oracle Identity Manager and Oracle Waveset (formerly Sun Identity Manager). The integration focuses on synchronization of common identity data with well-defined authoritative ownership of each entity.
Attestation of Access Rights
Oracle Identity Analytics reduces operational risk exposure by providing a 360-degree view of users' access – not just who has access to what, but whether access was appropriately assigned and how it is being used. Oracle Identity Analytics securely automates existing manual re-certification or attestation processes for certifying the user access rights by business managers and application owners. This significantly reduces costs associated with existing manual controls and enhances audit effectiveness, resulting in enforcement of "least privilege" across the enterprise.
Segregation of Duties
Segregation of duties (SoD) enforcement prevents users from intentionally or inadvertently breaching security policy by having a conflicting combination of roles or entitlements. SoD enforcement directly impacts an organization¹s ability to comply with explicit requirements of the Sarbanes-Oxley Act and multiple other regulatory mandates aimed at ensuring the integrity of enterprise financial operations.
Analytical Dashboards & Reports
Oracle Identity Analytics provides comprehensive dashboards and reporting capabilities based on user identity, access and audit data residing in the Identity Warehouse. Oracle Identity Analytics provides various compliance and operational dashboards for a quick review of compliance and operational status in context of roles, segregation of duty policies, audit policies and other controls. While compliance dashboards are typically used for executive level compliance monitoring, detailed out of box reports enables IT staff, business users and auditors to structurally analyze the warehouse data.. The dashboards can further be customized for business users, compliance and audit officers and other end users on need basis. While Oracle Identity Analytics provides close to 50 out of box reports, its data dictionary is published to allow customers to extend these reports and build custom reports.
Role Lifecycle Management
Roles defined across an enterprise are subject to evolve over time, and require a robust administration and audit process. Oracle Identity Analytics provides role approvals upon detection of associated entitlement updates and performs real time impact analysis for role consolidation before changes are applied in a live environment. The role change approval process combined with role versioning, role change “what if” simulations, and rollback features, provides a complete role change and lifecycle management solution. As part of its role lifecycle management features, Oracle Identity Analytics fully audits all the changes made to role definitions including role assignment rules and entitlement mapping policies.
Feature Summary
| Key Features
|
Function
|
Benefit
|
360-degree view of assigned access
|
- Goes beyond “who has access to what” to reveal what was done with the access, including policy violations and potential violations
|
- Provides information to make intelligent decisions concerning user access
|
Closed-loop remediation
|
- Provides an automated, end-to-end solution for reviewing and revoking access
- Automatically verifies remediation and sends alerts if remediation does not take place
|
- Helps control cost of compliance by automating processes
- Reduces risk of policy violations and compliance failures
|
Rule lifecycle management
|
- Applies role lifecycle management technology to audit and role assignment rules
- Proactively determines impact of rule changes on access assignment processes
- Provides API for remotely executing rule assignment and SoD rules
|
- Improves audit effectiveness by capturing rules history
- Provides information for decision making
- Simplifies integration with systems that utilize Role Manager as authoritative source for roles
|
Role maintenance
|
- Provides role approvals upon detection of entitlement updates
- Performs impact analysis before changes
- Allows for the definition of temporary roles
- Enables simple changes in access based on changes in job responsibilities
|
- Improves organizational flexibility by making it fast and easy to change access based on business needs
|
Role certification
|
- Allows for ongoing role certification by business unit managers or role owners
|
- Improves alignment between IT and business organizations
|
| Access certification |
- Automates existing processes for certifying the access assigned to users by business managers and application owners
|
- Reduces costs by automating existing manual controls
- Enhances audit effectiveness by enforcing concept of least privilege
|
Policy enforcement
|
- Enables enterprise-level monitoring of access for conflicts in SoD and security policy
- Supports inter- and intra- application policy enforcement
- Provides complete lifecycle management of a policy violation
|
- Reduces business risk associated with failed access controls
- Enhances audit effectiveness by enforcing security policies related to SoD and least privilege
- Reduces costs by automating existing manual processes for enforcing security policies
|
Compliance dashboard
|
- Delivers an enterprise view of certification status
- Provides an enterprise view of policy exceptions
- tracks policy exceptions by type and business unit
- Provides historical trending analysis
|
- Improves compliance by providing an easily accessible view of activities
|
Data collection based on extract, transform, and load (ETL)
|
- Enables integration with any resourceful
- Eliminates the need to write connectors to applications
|
- Ensures ability to access entitlement data
- Increases efficiency and cuts costs by reducing time to load data by 70%
|
Top of Page
|
testcontent
Printer View