Oracle Access Governance is a cloud native identity governance and administration (IGA) solution that provides user provisioning, access reviews, and identity analytics to define and govern access privileges. It provides visibility into compliance and actionable artificial intelligence/machine learning–driven identity intelligence to reduce risks.
Please refer to the Oracle Access Governance web page for more details about the service.
Oracle Access Governance provides the following key features and functionalities:
To start using Access Governance, follow these steps:
Access Governance provides out-of-the-box integrations with Oracle and non-Oracle workloads. We will continue to add more systems and services.
Please refer to the following product documentation for more details: Access Governance Integrations.
Access Governance connects with cloud applications and cloud service providers, such as Oracle Cloud Infrastructure, through cloud application programming interfaces (APIs).
Access Governance offers a containerized agent for other integrations. This agent is customized and configured to work with a specific instance of Access Governance over a secure channel. The agent’s purpose is to facilitate the secure transfer of data between Access Governance and the customer’s on-premises source of identity and access data.
Yes, Access Governance can be seamlessly integrated with Oracle Identity Governance to perform hybrid identity governance and administration.
Yes, Access Governance can be integrated with multiple OCI tenancies, thus providing cross-cloud access correlation of identities' access privileges. We will eventually continue to add other cloud service providers, such as AWS, Azure, and Google Cloud Platform.
Users who are synchronized in Access Governance should be onboarded in Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) so they can access the Access Governance console. These users can be onboarded in OCI IAM using one of the following approaches:
Please refer to the following product documentation and tutorials for more details:
If you want to govern access privileges assigned to a subset of identities belonging to a defined location, department, organization, or any other user attribute, you can mark those users as Active in Oracle Access Governance. In Oracle Access Governance
Please refer to the documentation for more details: Activate/Inactivate Identities for License Management.
Oracle Access Governance is used to execute intelligent access review campaigns with prescriptive analytics–based identity insights to help access reviewers make informed decisions quickly. It supports event-driven, periodic, and on-demand access review campaigns. The access reviewers can review user permissions, role memberships, and OCI policies in a single dashboard view, ensuring that users only have the access privileges they need to complete their tasks.
An event-based access review is triggered for a user when their attributes, such as organization, manager, location, employment status, and so on, get updated in Access Governance.
Access Governance provides AI/ML-driven insights, such as peer group analysis, outlier detection, and recommendations, enabling reviewers to take suggested actions to complete access review tasks.
Access Governance helps an organization maintain the security posture for their OCI workloads by providing
Custom attributes of a user’s schema defined in Oracle Identity Governance can be used in Access Governance to
Please refer to the following product documentation for more details: View and Configure Custom Identity Attributes.
Yes, an access reviewer can delegate an access review task to another individual or an identity collection (user group) by defining the delegation policy for themselves in the Access Governance console.
Yes, for each decision made in an access review campaign, the following information is stored for auditing or compliance purposes:
Access Governance provides intelligent reporting for access reviews using graphs and charts that are easy to use and interpret. It also provides a detailed report of the access review campaign in CSV format.
Access Governance provides multiple workflows for access reviews out of the box. Workflows automatically perform the series of actions associated with the access review campaign.
Access Governance provides an intuitive self-service user experience to request access privileges for oneself and others and to keep track of the access request’s progress.
Access Governance provides access requests and role-based access control (RBAC), attribute-based access control (ABAC) and policy-based access control (PBAC).
Access Governance provides functionality to build custom workflows for access approvals. Multistage and parallel workflows can be defined effortlessly, without coding.
Access Governance is a smart device–optimized, web-based console designed to perform seamlessly from any device—computer, tablet, or smartphone.
Access Governance supports Oracle Cloud Infrastructure Identity and Access Management as its identity provider for user login and authorization. To log in using an external identity provider, configure OCI IAM to use that external identity provider for federated authentication.
Please refer to the following product documentation for instructions on how to set up federation with an external identity provider: Manage Identity Providers.
Access Governance is available as part of Oracle Universal Credits. When you order Oracle Access Governance through Universal Credits, you automatically get access to Oracle Cloud Infrastructure and other required services. For details, please refer to the following product documentation: Before You Begin.
You create an Access Governance instance in the Oracle Cloud Infrastructure Console. For details, please refer to the following product documentation: Set Up Service Instance.
You can manage an Access Governance instance in the Oracle Cloud Infrastructure Console. For details, please refer to the following product documentation: Manage Service Instance.
It’s accessible from the Oracle Cloud Infrastructure Console. You can navigate to the Access Governance page, select the service instance you want to access, and then click the Access Governance URL.
Go to My Oracle Support and create a service request.
No. Support is included in the subscription fee.
Access Governance is a cloud native service. Oracle takes care of patching and upgrading the service.
Please refer to the SLA documentation (PDF).
Oracle Access Governance offers three license types and five SKUs. These are
For more details, please refer to the Oracle Access Governance pricing web page.
Oracle Access Governance provides multiple tiers within the SKUs. These are
Oracle Access Governance provides a large set of integrations. The integrations supported by each of the SKUs are
There are two unit metrics in Oracle Access Governance.
Please refer to the following documentation for more details: Oracle PaaS and IaaS Universal Credits Service Descriptions.
If you want to govern access privileges assigned to a subset of identities belonging to a defined location, department, organization, or any other user attribute, you can mark those users as Active in Oracle Access Governance.
You can further flag these Active identities as Workforce or Consumer users.
Active identities in Access Governance can be workforce users or consumer users.
For more details about the capabilities of workforce and consumer users, please refer to the following documentation: Manage Identities.
These are some examples illustrating who should be marked as Workforce and Consumer users in Access Governance; they are for illustration purposes only.
|Industry/ sector||Workforce identities||Consumer identities|
|Banking and insurance||Employees and contractors: bank accountants and managers, tellers, financial advisors, administrative staff, outsourced IT staff||Customers: bank account owners, bank loan holders, insurance policy holders
Contractors: cafeteria, electric, janitorial
Partners and vendors: suppliers selling insurance or similar ancillary services
|Healthcare||Employees and contractors: doctors, clinicians, medical staff, administrative staff||Consumers: patients, beneficiaries
Contractors: cafeteria, janitorial
Partners and vendors: companies providing canes, bandages, medications, and so on
|Education||Employees and contractors: faculty, support staff, administrative staff||Consumers: students, alums, parents, guardians
Contractors: cafeteria, janitorial
Partners and vendors: companies providing textbooks, transportation service providers, and so on
Only the identities marked as Active (workforce users or consumer users) in Access Governance will be considered for billing, starting from the hour in which those identities are marked as Active. Even though the metric for Access Governance SKUs is per month, Oracle is passing benefits on to the customer by calculating the number of active identities on an hourly basis and generating the bill for the entire month.
Please refer to the following documentation for more details: Manage Identities.
Access Governance provides identity filtering or marking functionality based on which identities can be marked as Active or Workforce/Consumer users. An administrator may use identity attributes to define such rules.
Please refer to the following documentation for more details: Manage Identities.
A disabled identity can be marked as an Active workforce user or consumer user in Access Governance so you can review its access privileges.
For billing, Access Governance will include only those disabled identities marked as Active.
If you don’t mark any identity as Active, there will be no bill for Access Governance.
Yes, the license type of the Oracle Access Governance service instance can be upgraded from Oracle Access Governance for Oracle Workloads to Oracle Access Governance Premium without any service disruption. You can do it manually from the Access Governance page in the Oracle Cloud Infrastructure Console.
Yes, the Access Governance license type can be upgraded without any service disruption. You can upgrade the license type from Oracle Access Governance for Oracle Cloud Infrastructure to Oracle Access Governance for Oracle Workloads or Oracle Access Governance Premium.
No, these Access Governance license types can’t be downgraded.
Access Governance is metered hourly. Before the service instance is upgraded, you will be billed for Oracle Access Governance for Oracle Cloud Infrastructure on an hourly basis. After the license upgrade, you will be billed for Oracle Access Governance for Oracle Workloads. In effect, you would see billing for both line items throughout the month, but you will only be charged for the number of hours each license type was active.
By default, all 22,000 users synchronized from Oracle Identity Management in Access Governance will not be marked as Active. You may mark 18,000 users as Active based on their organization (Employee and Contractor). Then you can mark 8,000 users from the External organization as Consumer users.
You will be billed according to the
If you want to review the access privileges of all users in this OCI tenancy, then you may mark all users as Active in Access Governance. You will be billed for 2,000 (2 × 1,000) users in this case.
If you want to review the access privileges of users belonging to only one of the two domains, then you may define a rule to mark only users of that domain as Active in Access Governance. You will be billed for 1,000 (1 × 1,000) users in this case.
You will be metered on an hourly basis and billed monthly for active workforce users and consumer users. The bill amount is calculated based on the metered usage and your rate card. So, if the number of active workforce or active consumer users changes during the billing cycle, your bill is prorated accordingly.
Please use the cost estimator to estimate the cost of service usage by following these steps: