Student Guide - Oracle Identity Analytics 11gR1 Administration

226 12 0
  • Loading ...
1/226 trang
Tải xuống

Thông tin tài liệu

Ngày đăng: 25/11/2016, 19:20

Oracle Identity Analytics 11gR1: Administration Student Guide D68340GC20 Edition 2.0 December 2010 D71223 Authors Copyright © 2010, Oracle and/or its affiliates All rights reserved Steve Friedberg David Goldsmith Disclaimer Technical Contributors and Reviewers Neil Gandhi David Goldsmith Stephan Hausmann Stephen Man Lee Harsh Patwardhan Editors Vijayalakshmi Narasimhan PJ Schemenaur Graphic Designer Satish Bettegowda This document contains proprietary information and is protected by copyright and other intellectual property laws You may copy and print this document solely for your own use in an Oracle training course The document may not be modified or altered in any way Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle The information contained in this document is subject to change without notice If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA This document is not warranted to be error-free Restricted Rights Notice If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable: U.S GOVERNMENT RIGHTS The U.S Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S Government contract Publishers Trademark Notice Syed Ali Sumesh Koshy Oracle and Java are registered trademarks of Oracle and/or its affiliates Other names may be trademarks of their respective owners Contents Introducing Oracle Identity Analytics 11gR1 Objectives 1-2 Organizational Pressures 1-3 Controlling System Access 1-4 Achieving Compliance 1-6 Manual Processing 1-7 Problems with This Approach 1-8 Roles 1-9 Role Benefits 1-10 Enterprise Roles 1-12 Enterprise Role Management 1-14 Enterprise Role Management Categories 1-15 Oracle Identity Analytics 1-17 Oracle Identity Analytics Features 1-18 Architecture 1-20 Sample Deployment 1-21 Integration with Provisioning Systems 1-23 Functionality Matrix 1-24 Implementation Methodology 1-26 Oracle Identity Management 1-27 Available Documentation 1-29 Summary 1-30 Practice Overview: Installing the Software 1-31 Building the Identity Warehouse Objectives 2-2 Terms Used in Oracle Identity Analytics 2-3 Identity Warehouse 2-5 Identity Warehouse Contents 2-7 Business Structures 2-8 Users 2-9 Roles 2-11 Role Hierarchy 2-13 Audit Policies 2-14 Segregation of Duties (SoD) 2-15 SoD Matrix 2-16 iii Applications 2-17 Resources 2-18 Attributes 2-19 Populating the Identity Warehouse 2-20 Populating Data Manually 2-21 Adding Additional Data Elements 2-22 Importing Data (Bulk Load of Data) 2-23 Configuring a Provisioning Server 2-24 Provisioning Server Parameters 2-25 Importing from File Processing 2-27 Importing from File: Rules 2-29 Debugging Import Errors 2-30 Debugging Import Errors Exception 2-31 Job Scheduling 2-32 Job Scheduling Through the GUI 2-33 Job Scheduling Through Direct Edit 2-34 Database Entries for Job Scheduling 2-37 Summary 2-39 Practice Overview: Importing and Setting Up Identity Warehousing 2-40 Configuring Security Objectives 3-2 Oracle Identity Analytics Users (OIA Users) 3-3 Oracle Identity Analytics Roles (OIA Roles) 3-5 OIA Role Creation 3-7 OIA Role Visibility 3-8 OIA Users/Roles Database Tables 3-9 Proxy Assignments 3-10 Alternate Credential Store 3-11 Summary 3-12 Practice Overview: Configuring Security 3-13 Configuring Identity Certification Objectives 4-2 Security Challenges 4-3 Identity Certification 4-4 Automated Certification: Benefits 4-5 Certification Environment 4-6 Certification Process 4-8 Phase 1: Preparation 4-9 Phase 2: Pilot 4-13 iv Phase 3: Validation 4-14 Phase 4: Certification 4-15 Phase 5: Remediation 4-17 Certification Dashboard 4-19 Closed-Loop Remediation 4-21 Best Practices 4-22 Metrics 4-24 Return on Investment 4-25 Summary 4-26 Practice Overview: Configuring Identity Certification 4-27 Configuring Auditing Objectives 5-2 Identity Auditing 5-3 Product Capabilities 5-4 Audit Rules 5-5 Audit Policy 5-6 Actors 5-7 Policy Violations 5-8 Audit Scans 5-10 Dashboard: Overview 5-11 Dashboard 5-12 Policy Violation States 5-13 Audit Policy Actions 5-14 Job Scheduling 5-15 Event Listeners 5-16 Summary 5-17 Practice Overview: Configuring Auditing 5-18 Performing Role Mining Objectives 6-2 Role Management 6-3 Role Mining (Role Discovery) 6-4 Approaches to Role Mining 6-5 The Wave Methodology 6-7 The Wave Methodology (Step of 7) The Wave Methodology (Step of 7) The Wave Methodology (Step of 7) The Wave Methodology (Step of 7) The Wave Methodology (Step of 7) The Wave Methodology (Step of 7) 6-8 6-11 6-12 6-14 6-16 6-17 v The Wave Methodology (Step of 7) 6-19 Accessing Role Mining 6-21 Performing Role Mining 6-22 Role Mining: Minable Attributes 6-23 Role Mining: General Information 6-25 Role Mining: User Selection 6-26 Role Mining: Basic Parameters 6-27 Role Mining: Advanced Parameters 6-28 Role Mining: Preview 6-30 Role Mining: Execution 6-31 Role Mining: Users In Roles 6-32 Role Mining: Classification Rules 6-33 Role Mining: Mining Statistics 6-34 Role Mining: Roles 6-35 Role Mining: Role Mining Reports 6-37 Entitlements Discovery 6-38 Accessing Entitlements Discovery 6-39 Performing Entitlements Discovery 6-40 Entitlements Discovery: Strategy 6-41 Entitlements Discovery: Role/Users 6-42 Entitlements Discovery: Entitlements 6-43 Entitlements Discovery: Verification 6-45 Best Practices 6-46 Summary 6-47 Practice Overview: Role Engineering 6-48 Performing Role Lifecycle Management Objectives 7-2 Role Management Activities 7-3 Role Lifecycle Management 7-4 Role Engineering (Definition) 7-5 Role Maintenance (Refinement) 7-6 Examples of Change Events 7-7 Role Certification (Verification) 7-8 Workflows 7-9 Default Workflows 7-10 Editing Workflows 7-11 Custom Role Modification Workflow 7-13 Processing Role Changes 7-14 Role Modification 7-15 Workflow Status 7-16 vi Pending Requests 7-17 Modification Details 7-18 Role Versions 7-19 Role History 7-20 Best Practices 7-21 Summary 7-22 Practice Overview: Performing Lifecycle Management 7-23 Generating Reports Objectives 8-2 Reports 8-3 Reporting Categories 8-4 Accessing Reports 8-5 Report Dashboard 8-6 Business Structure Reports 8-7 Business Structure Roles Report 8-8 Creating Custom Reports 8-9 Executing Custom Reports 8-11 Summary 8-12 Practice Overview: Generating Reports 8-13 vii Introducing Oracle Identity Analytics 11gR1 Copyright © 2010, Oracle and/or its affiliates All rights reserved Objectives After completing this lesson, you should be able to: • Identify the business drivers for role management • Describe methods for meeting compliance • Describe how a role management solution streamlines the process • Describe the features and components of Oracle Identity Analytics • Describe an Oracle Identity Analytics implementation Copyright © 2010, Oracle and/or its affiliates All rights reserved Objectives Discussion: The following questions are relevant to understanding the topics covered in this lesson: • How are regulatory compliance mandates affecting companies today? • How are companies dealing with compliance? • What is a role and how can role-based access control solutions help achieve compliance? • What is the difference between a role management solution and a user provisioning solution? Oracle Identity Analytics 11gR1: Administration - Generating Reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Objectives After completing this lesson, you should be able to create: • Default reports • Custom reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Objectives Discussion: The following questions are relevant to understanding the topics covered in this lesson: • What types of reports are available and how can I use them to achieve compliance? • How can I create my own custom reports? Oracle Identity Analytics 11gR1: Administration - Reports • • Reports are critical components toward achieving compliance Oracle Identity Analytics provides the following report functionality: – Default (out-of-the-box) reports – Customizable reports • • • Reports can be run manually or scheduled Reports can be viewed online or can be downloaded directly to PDF or CSV Reports viewed online can be exported to other formats or printed Copyright © 2010, Oracle and/or its affiliates All rights reserved Reports Reports are valuable tools for evaluating, analyzing, and achieving overall compliance within an organization Reports are used extensively when performing role discovery, entitlements discovery, certifications, or simply trying to review access rights As such, reports are critical components and Oracle Identity Analytics provides extensive default reporting capabilities If default reports not meet your needs, Oracle Identity Analytics provides capabilities to extend reporting by enabling you to add your own custom reports Reports can be viewed online or downloaded to the desktop as PDF or CSV files If you review a report online, you have the option of exporting it to various formats (PDF, XLS, CSV, HTML, XML) or printing the report Oracle Identity Analytics 11gR1: Administration - Reporting Categories • • Business Structure Reports System Reports – – – – – • • User reports Role reports Policy reports Exception reports Forecast reports Audit Reports (audit exceptions) Custom Reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Reporting Categories Oracle Identity Analytics provides reporting capabilities by default with several predefined reports This information can be classified into four broad categories: Business Structure Reports, System Reports, Identity Audit Reports, and Custom Reports • Business Structure Reports are run against selected business structures and provide information pertinent to those business structures This includes reports such as the Business Structure Users Report, which provides the user identifier, first and last names, and email addresses of all users associated with a particular business structure Note: All child business structures are included in reports when its parent business structure is selected • System Reports can further be broken down into user reports, role reports, policy reports, exception reports, and forecast reports Information contained in these reports is global to the entire system and provides granularity based on the type of system report being run • Audit Reports provide audit-related exceptions and include information pertaining to segregation of duties, assigned versus actual rights violations, and terminated user reports • If one of the default reports does not meet your needs, you can create your own custom reports by using the open-source Jasper product Details on how to accomplish this are provided later in this lesson Note: Oracle Identity Analytics also has reports that are specific to the certification process These are called Certification Reports and are accessible during Certification processing See the lesson titled “Configuring Identity Certification” for more information Oracle Identity Analytics 11gR1: Administration - Accessing Reports • OIA Users access reports from the Reports tab – – – – – • Dashboard Sign off Reports Ad Hoc Reports Schedule Reports Custom Reports User interface is customized based on the OIA Role – Not all OIA Users will see this tab – OIA Users who see this tab may not see all options Copyright © 2010, Oracle and/or its affiliates All rights reserved Accessing Reports The Reports tab in the graphical user interface provides access to the following reporting features: • Dashboard: The dashboard page provides a graphical overview of executed Business Structure Reports and pending Certification Reports • Sign off Reports: The Sign off reports page provides access to pending reports and completed reports The user is able to act on pending reports and view completed reports • Ad Hoc Reports: The Ad Hoc Reports page provides access to Business Structure Reports, System Reports, Identity Audit Reports, and Custom Reports • Schedule Reports: The Schedule Reports page provides access to any previously scheduled report jobs and enables you to schedule a new report job as desired Whether the OIA User sees the tab or sees all these features depends on the system privileges assigned in their OIA Role Oracle Identity Analytics 11gR1: Administration - Report Dashboard Constraints by date: Copyright © 2010, Oracle and/or its affiliates All rights reserved Report Dashboard Selecting the Dashboard option on the Reports tab takes you to the Reports Dashboard page The Reports Dashboard page summarizes status information for reports and contains the following graphs: • Reports by Business Structure • Reports that are pending, accepted, or rejected by the managers Oracle Identity Analytics 11gR1: Administration - Business Structure Reports Reports > Ad Hoc Reports > Business Structure Reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Business Structure Reports One of the most useful features of the Reports tab is providing access to Ad Hoc Reports The Ad Hoc Reports page provides access to the following types of reports: • Business Structure Reports • System Reports • Identity Audit Reports • Custom Reports This slide shows the default Business Structure Reports provided with Oracle Identity Analytics These reports can be run and viewed online, or they can be exported to PDF or CSV for download to your local machine Click Run to execute a particular report in the user interface You can also click Download to download a particular report in a particular format Oracle Identity Analytics 11gR1: Administration - Business Structure Roles Report Copyright © 2010, Oracle and/or its affiliates All rights reserved Business Structure Roles Report This slide shows the Roles Report, which is one of the Business Structure reports After you have viewed a report online, you can export the data to other formats (PDF, XLS, CSV, HTML, XML) or print it directly from this page Oracle Identity Analytics 11gR1: Administration - Creating Custom Reports • Are located in $RBACX_HOME/reports • • Are added by importing report templates Can be created by: – Using the Jaspersoft iReport report designer – Directly editing the Jasper Report XML file • • Can be imported through the user interface Reports > Custom Reports > New Custom Report Appear as Ad Hoc Reports Reports > Ad Hoc Reports > Custom Reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Creating Custom Reports You can create custom reports in Oracle Identity Analytics to suit the requirements of your organization The following steps are involved in creating and running custom reports: Create a custom reports template Custom reports templates can be created with a graphical designer tool, such as iReport, or can be created manually by directly editing a Jasper Report XML file iReport is a free, visual, and open-source report designer for JasperReports iReport is used to create a Jasper Report XML file (.jrxml) that represents the JasperReports report definition Oracle Identity Analytics custom reports are created by importing the Jasper Report XML file Import the custom reports template Custom reports are created by importing the Jasper Report XML file into Oracle Identity Analytics Navigate within the user interface to Reports > Custom Reports and select the New Custom Report option The New Custom Report window opens and enables you to provide the specifications for the new custom report Oracle Identity Analytics 11gR1: Administration - Creating Custom Reports (continued) • • • • Report Name: This is the name that will appear when the report is referenced in the user interface Sub-Report: If you require subreports, select this check box Selecting this check box will display additional fields that you can use to specify subreport templates to be uploaded Prompts: Oracle Identity Analytics has five prompts: Business Structure, Users, Date Range, Roles, and Custom Properties Custom reports can be run on any or all of the prompts that you select Custom Properties will display five prompts where you can enter relevant values to run the report File Uploads: Click Browse to locate and upload the Jasper Report XML file Custom reports will appear as Ad Hoc reports under the Custom Reports option Run or schedule the report as needed Note: JasperForge (http://www.jasperforge.org) is the open-source development site for iReport and JasperReports From this site, you can download the iReport software from JasperForge, learn how to create Jasper Report XML files, and interact with the JasperForge community Oracle Identity Analytics 11gR1: Administration - 10 Executing Custom Reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Executing Custom Reports Custom Reports are listed as Ad Hoc Reports and can be found under the Custom Reports section This slide shows that Custom Reports have the same functionality as default reports You can run the report or download a PDF or CSV file to your local desktop If you elect to view the report online, you can then print it or export it to one of the available formats (PDF, XLS, CSV, HTML, or XML) Oracle Identity Analytics 11gR1: Administration - 11 Summary In this lesson, you should have learned to create: • Default reports • Custom reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Oracle Identity Analytics 11gR1: Administration - 12 Practice Overview: Generating Reports This practice covers the following topics: • Creating default reports • Creating custom reports Copyright © 2010, Oracle and/or its affiliates All rights reserved Oracle Identity Analytics 11gR1: Administration - 13 [...]... database solution Oracle Identity Analytics 11gR1: Administration 1 - 22 Integration with Provisioning Systems Analysis & Definition of Identity- based Controls Run-time Enforcement of Identity- based Controls Users & Accounts Roles, Policies, & Rules Oracle Identity Analytics • Role Life Cycle Mgmt • Detective Identity Compliance Oracle Identity Manager • Identity Life Cycle Mgmt • Preventative Identity Compliance... and proven methodologies The Oracle Identity Analytics software has been implemented at numerous client sites across different industries, and analysts such as Gartner and Forester agree that Oracle Identity Analytics is the leading identity compliance and role management solution on the market today Oracle Identity Analytics 11gR1: Administration 1 - 17 Oracle Identity Analytics Features A Complete... violations Oracle Identity Analytics 11gR1: Administration 1 - 23 Functionality Matrix Role Life Cycle Mgmt Oracle Identity Manager Oracle Identity Analytics User Life Cycle Mgmt End User Self Service Identity Compliance Reporting * 9 9 * 9 9 * * 9 9 9 * Primary Function Supporting Function Copyright © 2010, Oracle and/or its affiliates All rights reserved Functionality Matrix The Oracle Identity Manager... automatically Oracle Identity Analytics 11gR1: Administration 1 - 24 Functionality Matrix (continued) The Oracle Identity Manager software manages users throughout the identity life cycle It creates, deletes, and modifies accounts on managed resources and can do so by utilizing role definitions created by Oracle Identity Analytics Oracle Identity Manager can monitor data from one or more identity sources... Identity Analytics 11gR1: Administration 1 - 16 Oracle Identity Analytics Features: • Role Engineering • Role Maintenance • Role Certification • Access Certification • SoD Policy Enforcement • Securely automates and simplifies compliance processes, and aligns with business drivers Copyright © 2010, Oracle and/or its affiliates All rights reserved Oracle Identity Analytics Oracle Identity Analytics. .. to Oracle Enterprise Single Sign-On Manager based on provisioning instructions from Oracle Identity Manager • Oracle Enterprise Single Sign-On Kiosk Manager – Enhances user productivity and strengthens enterprise security by allowing users to securely access enterprise applications even at multiuser kiosks and distributed workstations Oracle Identity Analytics 11gR1: Administration 1 - 27 Oracle Identity. .. highly recommended for certifications The Glossary is a business-friendly description of entitlement values that can be managed from the user interface of the Identity Warehouse Oracle Identity Analytics 11gR1: Administration 1 - 19 Architecture Copyright © 2010, Oracle and/or its affiliates All rights reserved Architecture Oracle Identity Analytics is a Java 2 Platform, Enterprise Edition (J2EE platform)... the Oracle Identity Analytics user interface is made through a standard Web browser that uses the HTTP protocol over a particular port (in this case, port 80) Oracle Identity Analytics data (business structures, users, roles, policies, applications, and resources) is contained in its Identity Warehouse The Identity Warehouse is an RDBMS that is not included with the Oracle Identity Analytics product Oracle. .. (LDAP) Additionally, Oracle Identity Analytics can interface directly with flat files by using Java Naming and Directory Interface (JNDI), and can communicate with user provisioning systems through the Service Provisioning Markup Language (SPML) Oracle Identity Analytics 11gR1: Administration 1 - 20 Sample Deployment Application Server Connected Systems Web Interfaces Oracle Identity Analytics Administrative... requires a seven-step process for role definition as shown in the slide Note: You can obtain more information about Wave Methodology in the lesson titled “Performing Role Mining.” The Wave Methodology white paper can be found at http://www.sun.com/offers/details/wave_methodology.xml Oracle Identity Analytics 11gR1: Administration 1 - 26 Oracle Identity Management Oracle + Sun Combination Identity Administration
- Xem thêm -

Xem thêm: Student Guide - Oracle Identity Analytics 11gR1 Administration, Student Guide - Oracle Identity Analytics 11gR1 Administration, Student Guide - Oracle Identity Analytics 11gR1 Administration

Mục lục

Xem thêm

Gợi ý tài liệu liên quan cho bạn

Nạp tiền Tải lên
Đăng ký
Đăng nhập