To create an entitlement certification definition:
Log in to Oracle Identity Self Service.
Click the Compliance tab.
Click the Identity Certification box, and select Definition. The Certification Definitions page is displayed.
From the Actions menu, select Create. Alternatively, click Create on the toolbar. The General Details page of the New Certification wizard is displayed.
Enter values as follows:
Name: Enter a name for the certification.
Type: Select Entitlement to create an entitlement certification definition.
Description: Optionally enter a description for the new entitlement certification definition.
Click Next. The Base Selection page of the New Certification wizard is displayed.
In the Entitlement Selection Strategy section of the page, select a role selection strategy from the list, as shown:
Selected entitlements: Allows you to manually select the entitlements. Click Add to search and select the entitlements. To remove any selected entitlement, click Remove.
All Entitlements with Selected Certifiers: Allows you to select a list of users including all the entitlements for which they are the certifier user in the catalog.
All Entitlements: Allows you to select all entitlements from the catalog.
Entitlement Criteria: Allows you to select entitlements based on a criteria.
Select any one of the following options to specify constraints:
Entitlements with Any Level of Risk
Only High Risk Entitlements
Click Next. The Content Selection page is displayed.
Click Next. The Configuration page is displayed.
Select the configuration options, as described in Table 13-1, "Configuration Properties", and click Next. The Reviewers page is displayed.
From the Reviewer list, select a primary reviewer. The primary reviewer can be entitlement certifier or any other user that you select.
Click Next. The Incremental page is displayed.
Select Enabled for Generate Incremental Data. This setting enables certifiers to certify or revoke only changes or inclusions made to a certification. It eliminates the need to review the access of users who have been certified.
When Incremental Certification is enabled, it takes the following parameters:
Incremental Date Range (required): This includes:
Since Last Base (default): When this option is selected, current access of the user is compared against the last certification of the same type, which was created without enabling incremental and all the incremental certifications since then, to the current date when the certification is created.
Since Date: When this option is selected, current access of the user is compared against all the certifications of the same type since the given date and when the certification is created.
Show Previous Value (optional): This includes:
Disabled (default): When this is deselected, then the values that have already appeared in the previous certifications based on the Incremental Date Range parameter are not included in the certification.
Enabled: When this is selected, all the current values that existed in previous certifications are displayed with the last decisions taken for those access.
Click Next. The Summary page is displayed with the details of the user certification.
Click Create. A message is displayed asking if you want to create a certification job based on the definition and run it now. You can edit the job name, and click Yes to run the certification job.
Alternatively, click No to create a certification definition without creating and running the scheduled job. With this option, you must manually create a certification job later.
The new entitlement certification definition is displayed in the Certification Definition page.