Set Up Identity Orchestration between Oracle Access Governance and Oracle Identity Governance (OIG)
Introduction
Oracle Access Governance is a cloud-native Identity Governance and Administration (IGA) solution that provides insights-based access reviews, identity analytics, and intelligence capabilities for businesses. For more information on Oracle Access Governance, see:
- Oracle Access Governance Product Page
- Access Governance Service Guide
- Access Governance Product Documentation
- Access Governance APIs
- Oracle Access Governance FAQ
Objective
In this tutorial, you’ll set up Identity Orchestration between Oracle Access Governance (AG) and Oracle Identity Governance (OIG). For this, you’ll need to:
- Configure Identity Orchestration in Access Governance Console.
- Deploy Identity Orchestration Agent with OIG System.
Intended Audience
This tutorial is specifically for Access Governance Administrators so that they can learn to integrate Oracle Access Governance with Oracle Identity Governance.
Prerequisites
You must have:
- Access Governance Administrator rights. For more info, see Understanding Application Roles.
- Access to the OIG URLs with administrative rights and credentials.
- OIG instance must be available and running on a compute instance.
- SSH Key to access the compute instance and install the agent_package.
Before starting the procedure, you must have the following software installed on your compute instance:
- For Windows system, OpenSSH Client.
- JDK 11 and Docker on your compute instance.
- Docker is running on the compute instance.
If your system does not satisfy any of the prerequisites, follow the given instructions to install the required software.
Install OpenSSH Client on Windows System
Run the following command to check and install SSH on your Windows system:
1. Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
2. ssh
Install JDK 11 or higher and set it to $JAVA_HOME
Run the following commands on your compute instance:
1. tar -xvf <jdk_zip>
2. export JAVA_HOME=<jdk_bin>
3. export PATH=$JAVA_HOME:$PATH
4. echo $PATH
Install and Start Docker Instance
Run the following commands on the compute instance:
1. sudo apt-get install docker-engine
2. systemctl start docker
Task 1: Configure Identity Orchestration in Oracle Access Governance Console
The following tasks must be completed in the listed order:
Sign in to the Oracle Access Governance Console
- From your browser, go to the Access Governance Console.
- In the Username field, enter AG Administrator user name.
- In the Password field, enter the password and select Sign In.
You will be navigated to the home page of your Oracle Access Governance Console.
Define System Parameters to Onboard Oracle Identity Governance
-
On the landing page of Oracle Access Governance, under Service Administration tab, click Select on the Manage Connected systems tile or click the Navigation Menu icon -> Service Administration -> Connected Systems.
-
Click Add a connected system and then select Add on the Connect to an Identity Governance System? tile. The onboarding step-wise description will display in the pop-up window.
-
(Optional) Read the instructions and click Close.
-
In the Select system step, select Oracle Identity Governance and then click Next.
-
In the Enter details step, enter the following information:
-
Enter the system name in What do you want to call this identity governance system
For example, enter OracleIdentityGovernance_AG. -
Describe your system in the How do you want to describe this identity governance system? field.
For example, enter Secure Connection to Access Governance.
-
-
Click Next.
-
In the Enter details step, enter the connection details of the agent, as follows:
- Enter the database URL of your OIG database server.
Note: Alternatively, you can click on the ‘Question mark’ icon to know more details on obtaining a JDBC URL.
- Enter the OIG database user name.
- Enter and confirm the password.
- Enter the database URL of your OIG database server.
- In the Configure step, enter the OIG Service Console details, as follows:
- Enter the OIG Server URL.
Note: Alternatively, you can click on the ‘Question mark’ icon to know more details on obtaining OIG server URL.
-
Enter the OIG server user name.
-
Enter and confirm the OIG server password.
-
Click Add.
- In the Download agent step, select the Download link and click I’m done. The zip file will be downloaded in your default download folder.
Task 2: Deploy Identity Orchestration Agent with OIG System
The following tasks must be completed in the listed order.
Save the SSH Key and Log on to the Compute Instance
You must have access to the Linux-based environment to use Secure Shell (SSH) commands and must meet all the requirements mentioned in the Prerequisites section.
For Mac and Linux-Based System
-
Log on to the Compute Instance by running the following command:
ssh -i <pvt_key_filename.key> <username>@< compute instance ipaddress>
For example
ssh -i "\home\username\oag_agent\accessgov_ssh_keyname.key" abc@152.1xx.1xx.xx
You will be logged on to the compute instance successfully.
For Windows System
-
Log on to the Compute Instance by running the following command:
ssh -i <pvt_key_filename.key> <username>@< compute instance ipaddress>
For example
ssh -i "\home\username\oag_agent\accessgov_ssh_keyname.key" abc@152.1xx.1xx.xx
You will be logged on to the compute instance successfully.
Note: Alternatively, you can use PuTTY and PuTTYgen to generate SSH private key and operate on the SSH terminal.
Transfer Downloaded Oracle Identity Governance Agent to the Compute instance
Here, you will move the agent downloaded from the Oracle Access Governance console from your local system to the Compute instance.
- Open a new Terminal or PowerShell terminal.
-
Run the following command as per the following syntax
scp -i <private key file name> <oig_agent_package.zip> <compute instance user-name>@<ipaddress>:<directory path where agent should be saved>
For example
scp -i "Home\user name\accessgov_ssh_keyname.key" "Home\username\Downloads\OracleIdentityGovernance_AG.zip" abc@152.1xx.1xx.xx:/home/opc/oag_agent/
- On the compute instance, run
ls
to view the files. The agent will be transferred to the compute instance.
Create an Agent Package Volume
You need to create a volume directory on the compute instance to persist agent data such as configuration, wallet, and logs.
-
Create a new directory.
mkdir <directory name>
-
Assign read, write and execute permissions to the directory
chmod 775 <directory name>
Install the Agent on the Compute Instance
Note: You must have JDK 11 or higher installed on your system and Docker up and running.
-
Download the ShellScript to install agent.
curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh -o agentManagement.sh
or
wget https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh
-
Install the agent
sh agentManagement.sh --volume <path to agent package volume directory> --agentpackage <path to agent package> --install
For example
sh agentManagement.sh --volume /home/opc/oag_agent/agent_vol --agentpackage ./OracleIdentityGovernance_AG.zip --install
Start and Verify the agent
-
Start the agent
sh agentManagement.sh --volume <path to agent package volume directory> --start
For example
sh agentManagement.sh --volume /home/opc/oag_agent/agent_vol --start
You will see the response Starting Agent and Starting new container.
-
Verify the agent
sh agentManagement.sh --volume <path to agent package volume directory> --status
The agent should be running and the integration status should display Success.
Description of the illustration OracleIdentityGovernance_Success.jpg
You can verify the integration status from the Access Governance Console. See Oracle Access Governance product documentation.
Acknowledgments
- Author - Komalreet Kaur
- Contributors - Abhishek Juneja, Mike Howlett
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Set Up Identity Orchestration between Oracle Access Governance and Oracle Identity Governance (OIG)
F70186-04
September 2023
Copyright © 2023, Oracle and/or its affiliates.