Closed Loop Remediation in Identity Management and Governance
Closed-loop remediation is a term that is used in Identity Management and Governance that revokes any of the access privileges of a user which were identified for revocation during a Certification process. Ideally the Closed-loop remediation feature should directly revoke roles and entitlements from the Provisioning Tool after the Certification process or campaign has flagged such entitlements of a user for revocation. For example, in Oracle Identity Manager (OIM), when a certification is complete and all primary review tasks have been signed off, Oracle Identity Manager attempts to remove every user and privilege for which the final decision was to revoke. Requests are created to de-assign any role-assignment that is revoked, to de-provision any account that is revoked, to remove any entitlement-assignment that is revoked, and to delete or disable any user that is revoked. Note, for non-managed applications, you may have to manually revoke roles and entitlements. The key here is that