User Certification - Exclude The Account And Keep Just The Entitlements To Avoid Account Revoke (Doc ID 1997717.1)

Last updated on AUGUST 08, 2017

Applies to:

Identity Manager - Version 11.1.2.2.3 and later
Information in this document applies to any platform.

Goal

Need a way to remove / hide the Account from the Certification Review task.

Scenario: Want user managers to review just some Entitlements that users have. These are AD entitlements, and don't have any specific risk level, so they need to manually select them. Can't use Entitlement Certification, because the Certification Task will be assigned to the Certifier User (and not manager since they don't have this option). They need to use User Certification since this is the only way in which they can select User Manager as a Reviewer. When defining the Certification Definition, in Content Selection tab they have selected no Roles, just AD User as an Application Instance and the full list of the entitlement that they want to include in scope for this certification campaign. It is mandatory to select one Application Instance if they want to Certify the Entitlements.
When the Certification task is created the reviewer (manager) has to certify the entitlements that the user has + the AD Account.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms