OIM

Oracle Identity Manager (OIM) is used to request and grant access to the Human Resource System (HRS) for end users.

Documentation intended as a landing page for both requestors and approvers, including a guide for first time users or as a reference for those familiar with the system, is available in the OIM KnowledgeBase.

General info regarding OIM requests

• UW–Madison has HRS templates in the OIM Catalog. They are division or department level specific to functional areas that can be used as a more effective way for requesting access to the same set of HRS security roles. Guidance for Determining Appropriate HRS Template(s) in OIM should be used when identifying the appropriate template(s) and whether Optional and Special Request security roles are also needed. An additional resource is the HRS Security Role Catalog with comments explaining how HRS security roles are being used at UW–Madison.
• HRS entitlements in OIM can be requested up to 7 days in advance of an HR user’s new start date. If the new user currently has HRS access in another UW position, wait for that position to end before submitting OIM request. If two positions are ongoing, the security roles being requested must be attached to the correct position.
• A user has 14 calendar days to complete the Compliance Agreement; otherwise, the roles will be dropped, and a new entitlement request would be needed.
• The Approver has 6 calendar days to approve the request; otherwise, the roles will need to be resubmitted.
• HRS entitlements are removed from an end user when their position terminates or an employee moves to a new position (e.g., action reason code: transfer/original/new hire).
• Level of access reverts to the department level when action reason code is position change/change department on an employee’s current position.

Other Security-Related Requirements

• Security Awareness Assessment is required for all new HRS Core Users, including new users with Oracle Business Intelligence Enterprise Edition (OBIEE) access for HRS Shared Queries/Reports.
  • Email sent to new users at 4 p.m. on the day the HRS roles are approved.
  • User has 30 days to complete and pass the assessment.
    • HRS access (including OBIEE) will be granted prior to completion, however, access will be locked if not completed within 30 days.
    • Warning is sent before access is locked.
• Annual Security Awareness Assessment is required for all existing HRS Core Users.
• Attestation process, i.e., review of all HRS end user roles based on current business needs, occurs annually.
• Conflicts, referred to as Separation of Duties (SOD), need to be avoided whenever possible. They occur when an end user has security roles that allow an end user to add/change person/position/job data and also approve time.