You can manage the following tasks with an appropriate Administrator role:
Create and manage roles, resources and their assignments.
Set the Separation of Duties (SoD) constraints to avoid conflicts between two different roles in the system.
Configure the ability for users to approve permission requests through email.
Configure the default settings of your identity applications components such as roles, resources, and delegation.
For more information on each identity applications administration options, see:
A role represents a set of permissions that allows you to perform defined activities using identity applications. A role can be mapped to one or more roles, resources, and entitlements from different connected systems. You can assign any role to any user in your organization.
Identity Manager Dashboard allows you to create and manage role in your organization.
You can map role assignments to resources within a company, such as user accounts, computers, and databases. For more information, see Section 15.0, Creating and Managing Resources.
You can modify the default settings for the roles and their operations in the system that can help you to control creating and managing roles.
For more information, see Configuring Default Roles Settings.
A resource is any digital entity such as a user account, computer, or database that a business user needs to be able to access.
Each entitlement is mapped to a resource. A resource definition can have no more than one entitlement bound to it. A resource definition can be bound to the same entitlement more than once, with different entitlement parameters for each resource.
Identity Manager Dashboard allows you to create and manage resources in your organization.
For more information, see Section 14.0, Creating and Managing Roles.
You can view the default settings for the resources and their operations in the system that controls creating and managing resources.
For more information, see Configuring Default Resource Settings.
Separation of duties (SoD) policies help you manage potential conflicts between role assignments. For example, your organization might have two or more roles that could create security problems when assigned to the same individual. When a user requests one of these roles while already having a conflicting role or requests two or more conflicting roles, the identity applications respond according to the SoD policies. For more information, see Section 18.0, Separation of Duties Constraints.
Identity applications allow to send an email notifying users that they need to review a permission request. The notification can include action links that correspond to Approve and Reject so users can respond to the request. Email-based approvals also supports digital signatures to ensure authentication of the message content.
You enable email-based approvals and configure your Provisioning Request Definitions to support the feature.
For more information, see the following sources:
click in Identity Manager Dashboard.
Identity applications enable a resource administrator to publish all connected system permission assignments to Identity Manager Resource Catalog through Controlled Permission Collection and Reconciliation Service (CPRS). CPRS helps to keep Resource Catalog up-to-date with connected system permissions at any point of time. For ease of use, CPRS is integrated with the identity applications user interface.
For more information, see Section 19.0, Using Controlled Permission Reconciliation Services.