12.2 Understanding Identity, Application, and Permission Management

12.2.1 Managing Identity Information

Identity information includes:

  • The attributes and relationships you collect through the identity collectors

  • Status in Identity Governance, such as role assignments and risk factors

  • Identity source information, such as the collector mappings, and curated and effective values for the identity attributes

To view or edit identity details:

  1. Navigate to Catalog > Identities and select a user. For example, Lisa Haagensen.

  2. View basic information about that user, and select More to see more details.

  3. Select available tabs to view items such as group membership, role assignments, and source for the user information.

  4. (Optional) Select the Edit icon next to the user.

  5. Modify the available attribute values, and then select Save.

12.2.2 Managing Application Information

Application information includes:

  • The application photo, name, and description

  • The identities of the application owner and administrators

  • The method for fulfilling changeset items

You can also specify the risk level for the application and whether reviews include the permission hierarchy of the application.

To manage the application information:

  1. Navigate to Catalog > Applications.

  2. Select the name of an application. For example, Safe Financials.

  3. Select the Edit icon.

  4. Modify the application settings, such as:

    Risk

    Specifies the importance of the application in terms of limited access and security.

    For example, you might want to review access to applications with a high risk more often than applications with a mild risk.

    Administrators

    Specifies users who can access the Catalog and can manage data.

    Tags

    Specifies a string that creates a new tag or shows existing tags from another application that match the string.

    Owners

    Specifies a user who is responsible for reviews where the review definition references the Application Owner.

    Show permission hierarchy in review

    Specifies whether you want to see the permission that was assigned in a permission hierarchy of relationships when this application is included in a review.

    Show account name in review and fulfillment details

    Specifies whether you want to hide account names.

    You can use this setting in review definitions as criteria for permissions to be included in the review. For example, if the collected accounts names are obscure names, you might not want to use them.

    Permission ID for granting accounts

    Specifies whether you want to use an autocompleter of permissions published in the system.

12.2.3 Reviewing Application Fulfillment Settings

Identity Governance allows you to specify a fulfillment target for each application. In the catalog, you can see the fulfillment settings for each application.

To review current fulfillment settings:

  1. Log in to Identity Governance.

  2. Under Catalog, click Applications, and select an application.

  3. Under Fulfillment Information, view the fulfillment type and details.

For information about configuring fulfillment, see Section 14.2, Configuring Fulfillment.

12.2.4 Managing Permission Information

Permission information includes:

  • The permission photo, name, and description

  • Identity of the permission owners

  • The risk level for the permission

You can also observe permission relationships if the permission contains other permissions, has holders, or is part of Separation of Duties (SoD) policies.

When you save changes, Identity Governance displays an icon next to a changed setting. Select the icon to reset the setting to the originally collected value.

To manage permission information:

  1. Navigate to Catalog > Permissions.

  2. Select a permission.

  3. Select the Edit icon.

  4. Modify the permissions settings, such as:

    Risk

    Specifies the importance of the permission in terms of limited access and security.

    For example, you might want to review access to permissions with a high risk more often than permissions with a mild risk.

    Permission Owner

    Specifies one or more users responsible for reviews where the review definition references the Permission Owner.

    Hide Permission from Review

    Specifies whether you want to exclude this permission from reviews.