Certification

"Identity certification is the process of reviewing user entitlements and access-privileges within an enterprise to ensure that users have not acquired entitlements that they are not authorized to have. It also involves either approving (certifying) or rejecting (revoking) each access-privilege."

Types of certification:

• User Certification (Supports multiPhases: Business  reviewer and Technical certifier)
• Role Certification
• Application Instance Certification
• Entitlement Certification

Configuring Certifications:

1. Marking a Catalog Item as Certifiable
2. Setting the Certifier in the Request Catalog
3. Setting User Manager and Organization Certifier
4. Setting User Attributes for Certification Snapshot
5. Setting Risk Levels for Individual Entities
6. Tagging Attributes: Entitlement -ITResource -AccountName
7. Configuring the Availability of Identity Certification: 

The certification feature is part of Compliance in Oracle Identity Manager. Therefore, the certification feature is available when the value of the Identity Auditor Feature Set Availability system property is set to TRUE. When the value of this property is TRUE, role lifecycle management, Segregation of Duties (SoD), and identity certification are enabled.

8. Configuring Reminders, Notifications, Escalations, and Expiry for Certifications (Optional)

Create Certification  Definition

More details can be found @ Oracle® Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager

Certification Creation Task is used to create new certification  with some predefined certification definition.  The default name of the job is Cert_DEFINITION_NAME.

Certification Event Listener

"The Event Listener mechanism detects specific business events and stores the event details for certification. The stored event details are called Certification Event Triggers, and these are processed into certifications by the Certification Event Trigger Task, running as a scheduled job. The business events currently detected by event listeners are modifications of Oracle Identity Manager users, either individually or in bulk."

This feature enable customers to define business events that require certifications, and generate these certifications automatically via Certification Event Trigger Task

Certification Reports

Certification reports required to integrate with BI Publisher which  is shipped by default with Oracle Identity Manager 11g Release 2 (11.1.2.3.0)

Enabling OIM Reports Export in Identity Certification Details page.

1. Log in to Oracle Identity Self Service Console.
   
2. Click the Compliance tab.
   
3. Click the Identity Certification box, and select Certification Configuration. The Certification Configuration page is displayed.
   
4. Select the Enable Certification Reports option.
   
5. Click Save.

Troubleshooting 

Identity Certification Logger via EM console

Tips:

1. When the job running slow. Some index maybe required.
2. When the job ran but no certification created, please ensure: 

• All the certification configuration steps have been performed
• Ensure that all required SOA patches are applied. 

Purging Identity Certification Tables

OIM Certification Purge Job will be purging the data of the following tables. Please contact oracle support to request the patch that contains this tool.
 CERT_xxx
 CERTD_xxx
 CERTDS_xxx
 CERTS_xxx

Based on the requirement set the value for following job parameters or use the default values provided.

1.            Cert Campaigns for Purge
2.            Maximum Purge Run Duration(in Mins)
3.            Purge Retention Period(in days)
4.            Purge Criteria
5.            Run the job