Identity Governance collects information from a variety of identity and application data sources in your environment. This allows your organization to periodically review and verify that users have only the level of access that they need to do their jobs. The review process results in a list of changes, or changeset that are then implemented. Additionally, request for access, also results in a list of changes. Identity Governance refers to the implementation process of a changeset as fulfillment.
The source of the identities and permissions under review drives how requested changes are fulfilled. The changes can be fulfilled manually, by a help desk service, or sent to Identity Manager, which automatically makes the changes or initiates external workflows. In a manual fulfillment process, the applications catalog specifies the individuals responsible for making the requested changes. For example, your Help Desk group might be assigned to fulfill the changeset.
Fulfillment Administrators can configure fulfillment targets, keep track of the fulfillment process, and reassign manual fulfillment items if needed. Identity Governance provides the following status conditions for fulfillment items:
Error or time out
Fulfilled
Pending fulfillment
Verified
Ignored
Retry
When the fulfiller confirms the fulfillment activities, Identity Governance updates the status of the fulfillment item. Global and Fulfillment administrators can access the Fulfillment page, as well as Auditors. After the administrator collects and publishes application sources again, Identity Governance updates the status of these fulfillment items.
For an overview of the fulfillment process, see Fulfilling Changes Requested in the Review For more information about status conditions, see Understanding Fulfillment Status
As part of the review, managers might change the permissions assigned to individuals in your organization. Business role membership changes can also generate change requests. Only Global Administrators and Fulfillment Administrators can assign Fulfillers to complete a fulfillment.
As a Fulfiller, you can:
Sort the items by column, the available columns depend on the tab you are accessing
Add a comment to an item, individually or in a batch
View the details of the item at the list level, including where the change request originated, and view additional details including potential SoD violations if any, and reason for the request by clicking on the task link.
Make the changes to the user account in the affected application
Declare your tasks complete in Identity Governance
View fulfillment errors
For more information, see Performing a Review.