Compliant ERP User Provisioning - Oracle

Delivered dashboard analytics and reporting. • Integration with ... Deploy Integrated Compensating Oracle GRC Advanced Controls. √. Deploy Integrated ...
296KB Sizes 24 Downloads 256 Views
Compliant ERP User Provisioning Fully Automate End-to-End User Provisioning with Oracle’s Delivered, Integrated Application Access Controls Governor (AACG) and Oracle Identity Management (OIM) Solution UNIQUE AACG FEATURES

Provisioning the workforce is a significant challenge while trying to stay ahead of the compliance curve. Accelerated employee lifecycles, meeting financial reporting

Continuously monitors application users access from high-level ERP roles and permissions to detailed access points

1,000 + Delivered, ready-to-deploy access controls

370 + Delivered access entitlements, that logically group similar access points

28,000 + Delivered ERP access points: responsibilities, menus, submenus, concurrent programs and functions

Pre-built connectors to E-Business Suite and PeopleSoft

Role-based remediation of user access incidents supported by application worklists, notifications and workflow

Simulated remediation plans before deploying to operational environment

Delivered dashboard analytics and reporting

Integration with Enterprise Governance, Rick and Controls Manager and Intelligence

User-friendly design for business users to author and configure controls

Extensible to third-party, in-house and legacy systems

obligations and industry regulations all increase staffing costs and are often handled via inefficient manual processes. While provisioning ERP users at the role-level with Oracle Identity Management (OIM) is a good start, only Oracle’s pre-built integration between OIM and AACG provides the capability to perform fine-grained SOD analysis on your sensitive ERP system to ensure complete security, compliance, and assurance.

Automating the Last Mile of ERP User Provisioning OIM provides a common identity platform with integrated services to target systems and invokes AACG SOD controls analyzer, designed to manage user access privileges across all of a firm's resources and applications, throughout the entire identity management lifecycle. One of the most sensitive business applications that OIM grants users’ access and entitlements is the organization’s ERP system. An ERP system’s many thousands of access points distributed across thousands of users enable employees and contractors to perform in many cases multiple job roles. The potential of any user, including privileged users, having inappropriate, overly broad access is a serious business risk and a significant SOD control weakness. Only by integrating OIM with AACG’s fined-grained SOD control’s analysis can security administrators validate user entitlements with the complete assurance that they are managing a compliant user provisioning process.

OIM Workflows and AACG SOD Controls Validation OIM allows management and validation of requests for user entitlements. With AACG integrated into the OIM workflows, the requests can be checked by AACG for potential access violations based on corporate policies. Provisioning users with entitlements that have access violations will either be prevented or accepted via OIM workflows, depending on the AACG control’s enforcement type. Multiple checks ensure that requests are vetted appropriately before being enacted. The resource approval OIM workflow performs real-time validation of entitlement assignment requests using AACG’s pre-defined preventive controls and returns results to OIM.

Global Semiconductor Manufacturer • •

$5+ billion revenue Uses integrated OIM and AACG to govern access provisioning in both EBS and PeopleSoft

Solution & Result: Figure 1. Integrated ERP User Provisioning with OIM and AACG.

Prevents inappropriate user access •

Full enforcement of user access policies in both EBS and People