Personas and use cases
Persona is a user archetype based on role and other characteristics that influence how a user interacts with the offering. A Persona has a related set of responsibilities. In Identity Governance and Intelligence, you can represent those responsibilities by implementing Roles, and assigning them to Users. Any Role can be associated with any set of tasks, dashboards, reports, campaigns, and other resources. This topic provides examples of tasks that a certain Role can perform.
- Administrators
- In Identity Governance and Intelligence, there are:
- Business users
Business users are defined in the Regular Users schema and can perform tasks in the Service Center.
Examples of Business users:
Virtual appliance administrators
The Virtual appliance administrator is responsible for the setup and activation of the Identity Governance and Intelligence virtual appliance and for its day-to-day administration. See the following tables for the Virtual appliance administrators deployment and maintenance tasks.
Tasks | Subtasks and references |
---|---|
Install and configure the database server. | |
(Optional) Install and configure the directory server to use the Identity Brokerage Providers module. | Installing and configuring the directory server |
Prepare the virtual machine. | Setting up the virtual machine |
Install and set up the virtual appliance. | |
For high availability, set up a virtual appliance cluster. | |
Configure the virtual appliance settings. |
Tasks | Subtasks and references |
---|---|
Prepare for disaster recovery. Set up a secondary virtual appliance for an active-passive configuration. | |
Monitor event logs, memory, CPU, storage, and cluster status. | |
Configure SNMP monitoring. | Managing the SNMP monitoring |
Configure external entities such as database servers, and OpenID connect providers. | |
Configure mail servers, custom files, and certificate stores. | |
Manage the virtual appliance update history, and license, firmware settings, and fix packs. | |
Manage log retrieval and configuration, core dumps, Identity Brokerage Providers configuration, and build information. | |
Manage network settings such as application interfaces, hosts files, routes. | |
Manage the Export/Import settings | Exporting or importing the configuration settings |
Manage the virtual appliance system settings | |
Manage the virtual appliance by using the command line interface. |
Identity Governance and Intelligence administrators
An Identity Governance and Intelligence administrator, also called Super Administrator is predefined. This Super Administrator is responsible for defining other Identity Governance and Intelligence administrator profiles in the Administration Console by using a free configuration of N base permissions.
- An administrator of a single module or of all the Identity Governance and Intelligence modules.
- An administrator who is authorized to perform a selected set of tasks on module A, B, and others.
See Super Administrator for examples of tasks that a Super Administrator can perform.
Super Administrator
A Super Administrator can perform the following tasks in the Administration Console:
Tasks | Subtasks and references |
---|---|
For target integration, configure the target system. |
|
Configure the initial entities. |
|
Configure organizational units. |
|
Configure groups. |
|
Configure roles. |
|
On-board administrators. |
|
On-board users. For example, a new employee UserA, joined the organization. |
|
Add entitlements to the on-boarded user, such as an external role. For example, assign UserA with the external role Senior Developer on the Data Manager application. |
|
Enable a custom Segregation of Duties policy. |
See General |
Define a certification campaign. |
|
Change account passwords for users. | |
Force users to change their Service Center password on their next login. | |
Configure the password service. |
|
Configure the Access Requests workflows for change password, forgot password, or password reset functionalities. | |
Configure and assign dashboards. |
Access Risk Controls module
Tasks | Subtasks and references |
---|---|
Model a business activity tree structure. | Business activities |
Associate the permissions to one or more activities. | Business activity mapping |
Set mitigation controls. | Mitigation controls |
Define risks. | Risk definition |
Define domains. | Domains |
Evaluate risk violations. | Risk violations |
Compare configurations. | Configuration comparison |
Request or download report. | Report |
Process Designer module
Tasks | Subtasks and references |
---|---|
Define activities that can be associated to a process. | Activity |
Design a process. | Process |
Assign one or more administrative roles to each activity defined in the process. | Assign |
Configure the Access Requests workflows for change password, forgot password, or password reset functionalities. |
Access Optimizer module
Tasks | Subtasks and references |
---|---|
Configure and compare data snapshots. | Data snapshot |
Define access data sets. | Access data sets |
Configure relevance criteria. | Relevance criteria |
Create and manage a data exploration analysis. | Data Exploration analysis and details |
Create a role mining request. | Role mining |
Report Designer module
Tasks | Subtasks and references |
---|---|
Create and customize report queries. | Query |
Create and customize reports. | Report |
Create and customize dashboard items. | Dashboard |
Assign the product report to a user or an entitlement. | Report assignment |
Organize the product reports. | Menu |
Task Planner module
Tasks | Subtasks and references |
---|---|
Add jobs and configure job class attributes. | Jobs |
Create and configure tasks, define job class parameters, and configure scheduling. | Tasks |
Synchronize tasks to the selected scheduler. | Scheduler |
Group tasks by context. | Context |
Application Managers
Application Managers, with administrative rights, can perform any of the following tasks in the Administration Console.
Tasks | Subtasks and references |
---|---|
For target integration, configure the target system. |
|
On-board users. For example, a new employee UserA, joined the organization. |
|
Add entitlements to the on-boarded user, such as an external role. For example, assign UserA with the external role Senior Developer on the Data Manager application. |
|
Enable a custom Segregation of Duties policy. |
See General |
User Managers
User Managers, with administrative rights, can perform any of the following tasks in the Administration Console.
Tasks | Subtasks and references |
---|---|
On-board users. For example, a new employee UserA, joined the organization. |
|
Add entitlements to the on-boarded user, such as an external role. For example, assign UserA with the external role Senior Developer on the Data Manager application. |
|
Enable a custom Segregation of Duties policy. |
See General |
Role Managers
Role Managers, with administrative rights, can perform any of the following tasks in the Administration Console, including tasks in the Process Designer module.
Tasks | Subtasks and references |
---|---|
Configure roles. |
|
On-board users. For example, a new employee UserA, joined the organization. |
|
Risk Managers
Risk Managers, with administrative rights, can perform any of the following tasks in the Administration Console, including tasks in the Access Risk Controls module.
Tasks | Subtasks and references |
---|---|
Add entitlements to the on-boarded user, such as an external role. For example, assign UserA with the external role Senior Developer on the Data Manager application. |
|
Enable a custom Segregation of Duties policy. |
See General |
Business users: Managers
The following list provides examples of tasks Managers can perform in the Service Center, depending on their configuration.
Tasks | Subtasks and references |
---|---|
Approve or revoke campaign requests. | Campaign Management |
Manage orphan accounts. | User-account matching |
Manage access requests. |
|
Reset the account password for other users. | Resetting account passwords for other users |
Reset own Service Center password. | Resetting my forgotten password |
Map permissions and activities. | |
Configure, run, and download the report. |
Business users: Help Desks
The following list provides examples of tasks that Help Desks can perform in the Service Center, depending on their configuration.
Tasks | Subtasks and references |
---|---|
Reset the account password for other users. | Resetting account passwords for other users |
Business users: Employees
The following list provides examples of tasks that Employees can perform in the Service Center, depending on their configuration.
Tasks | Subtasks and references |
---|---|
Reset own Service Center password. | Resetting my forgotten password |
Change the account password for active accounts. | Changing my account password |
View Self Care requests status | Viewing my requests in the Self Care application |
Update the security questions for account recovery | Updating my security questions |