Identity Governance collects information from a variety of identity and application data sources in your environment. It allows your organization to periodically review and verify that users have only the level of access that they need to do their jobs. The review process, requests for access, business role definition changes, and remediation of policy violations result in a list of changes, or changeset, that are then implemented. Identity Governance refers to the implementation process of a changeset as fulfillment.
Fulfillment target configuration, application setup, and catalog update setup by the Global or Fulfillment Administrator drives how requested changes are fulfilled. The changes can be fulfilled manually, by a help desk service, or sent to Identity Manager, which automatically makes the changes or initiates external workflows. For manual fulfillment processes, the Global or Fulfillment administrator specify individuals or groups as fulfillers responsible for making the requested changes. For example, your Help Desk group might be assigned to fulfill the changeset.
Fulfillment Administrators also monitor the fulfillment process, and reassign manual fulfillment items if needed. Identity Governance provides the following status conditions for fulfillment items:
Error or time out
Fulfilled
Pending fulfillment
Verified
Ignored
Retry
When the fulfiller confirms the fulfillment activities, Identity Governance updates the status of the fulfillment item. After the administrator collects and publishes application sources, Identity Governance again updates the status of these fulfillment items. Global and Fulfillment Administrators and Auditors can access the Fulfillment Status page to view status of all fulfillment items. For more information about fulfillment targets and fulfillment status, see Setting up Fulfillment Targets and Fulfilling Changesets
in the NetIQ Identity Governance Administrator Guide.
As part of the review, managers might change the permissions assigned to individuals in your organization. Access requests, business role definition, and user catalog changes can also generate change requests. Only Global Administrators and Fulfillment Administrators can assign Fulfillers to complete a fulfillment.
As a Fulfiller, you can:
Sort items by column (the available columns depend on the tab you are accessing)
Add a comment to an item, individually or in a batch
View the details of an item at the list level, including where the change request originated, and view additional details including potential SoD violations if any, attribute value or supervisor changes, and reason for the request by clicking on the task link
Reassign your tasks to a different user
Make the changes to the user account in the affected application
Declare your tasks complete in Identity Governance