Set Up Identity Orchestration between Oracle Access Governance and Oracle Identity Governance (OIG)

Introduction

Oracle Access Governance is a cloud-native Identity Governance and Administration (IGA) solution that provides insights-based access reviews, identity analytics, and intelligence capabilities for businesses. For more information on Oracle Access Governance, see:

Objective

In this tutorial, you’ll set up Identity Orchestration between Oracle Access Governance (AG) and Oracle Identity Governance (OIG). For this, you’ll need to:

Intended Audience

This tutorial is specifically for Access Governance Administrators so that they can learn to integrate Oracle Access Governance with Oracle Identity Governance.

Prerequisites

You must have:

Before starting the procedure, you must have the following software installed on your compute instance:

If your system does not satisfy any of the prerequisites, follow the given instructions to install the required software.

Install OpenSSH Client on Windows System
Run the following command to check and install SSH on your Windows system:

1. Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
2. ssh

Install JDK 11 or higher and set it to $JAVA_HOME
Run the following commands on your compute instance:

1. tar -xvf <jdk_zip>
2. export JAVA_HOME=<jdk_bin>
3. export PATH=$JAVA_HOME:$PATH
4. echo $PATH

Install and Start Docker Instance
Run the following commands on the compute instance:

1. sudo apt-get install docker-engine
2. systemctl start docker

Task 1: Configure Identity Orchestration in Oracle Access Governance Console

The following tasks must be completed in the listed order:

Sign in to the Oracle Access Governance Console

  1. From your browser, go to the Access Governance Console.
  2. In the Username field, enter AG Administrator user name.
  3. In the Password field, enter the password and select Sign In.

You will be navigated to the home page of your Oracle Access Governance Console.

Define System Parameters to Onboard Oracle Identity Governance

  1. On the landing page of Oracle Access Governance, under Service Administration tab, click Select on the Manage Connected systems tile or click the Navigation Menu icon -> Service Administration -> Connected Systems.

  2. Click Add a connected system and then select Add on the Connect to an Identity Governance System? tile. The onboarding step-wise description will display in the pop-up window.

  3. (Optional) Read the instructions and click Close.

  4. In the Select system step, select Oracle Identity Governance and then click Next.

  5. In the Enter details step, enter the following information:

    1. Enter the system name in What do you want to call this identity governance system
      For example, enter OracleIdentityGovernance_AG.

    2. Describe your system in the How do you want to describe this identity governance system? field.
      For example, enter Secure Connection to Access Governance.

      Description of the illustration Enter_Details.jpg

  6. Click Next.

  7. In the Enter details step, enter the connection details of the agent, as follows:

    1. Enter the database URL of your OIG database server.

    Note: Alternatively, you can click on the ‘Question mark’ icon to know more details on obtaining a JDBC URL.

    1. Enter the OIG database user name.
    2. Enter and confirm the password.

    Description of the illustration Database_Configure.jpg

  8. In the Configure step, enter the OIG Service Console details, as follows:
    1. Enter the OIG Server URL.

    Note: Alternatively, you can click on the ‘Question mark’ icon to know more details on obtaining OIG server URL.

    1. Enter the OIG server user name.

    2. Enter and confirm the OIG server password.

    3. Click Add.

      Description of the illustration OIG_Configure.jpg

  9. In the Download agent step, select the Download link and click I’m done. The zip file will be downloaded in your default download folder.

Task 2: Deploy Identity Orchestration Agent with OIG System

The following tasks must be completed in the listed order.

Save the SSH Key and Log on to the Compute Instance

You must have access to the Linux-based environment to use Secure Shell (SSH) commands and must meet all the requirements mentioned in the Prerequisites section.

For Mac and Linux-Based System

  1. Log on to the Compute Instance by running the following command:

    ssh -i <pvt_key_filename.key> <username>@< compute instance ipaddress>

    For example

    ssh -i "\home\username\oag_agent\accessgov_ssh_keyname.key" abc@152.1xx.1xx.xx

You will be logged on to the compute instance successfully.

For Windows System

  1. Log on to the Compute Instance by running the following command:

    ssh -i <pvt_key_filename.key> <username>@< compute instance ipaddress>

    For example

    ssh -i "\home\username\oag_agent\accessgov_ssh_keyname.key" abc@152.1xx.1xx.xx

You will be logged on to the compute instance successfully.

Note: Alternatively, you can use PuTTY and PuTTYgen to generate SSH private key and operate on the SSH terminal.

Transfer Downloaded Oracle Identity Governance Agent to the Compute instance

Here, you will move the agent downloaded from the Oracle Access Governance console from your local system to the Compute instance.

  1. Open a new Terminal or PowerShell terminal.

  2. Run the following command as per the following syntax

    scp -i <private key file name> <oig_agent_package.zip> <compute instance user-name>@<ipaddress>:<directory path where agent should be saved>

    For example

    scp -i "Home\user name\accessgov_ssh_keyname.key" "Home\username\Downloads\OracleIdentityGovernance_AG.zip" abc@152.1xx.1xx.xx:/home/opc/oag_agent/
  3. On the compute instance, run ls to view the files. The agent will be transferred to the compute instance.

Create an Agent Package Volume

You need to create a volume directory on the compute instance to persist agent data such as configuration, wallet, and logs.

  1. Create a new directory.

    mkdir <directory name>

  2. Assign read, write and execute permissions to the directory

    chmod 775 <directory name>

Install the Agent on the Compute Instance

Note: You must have JDK 11 or higher installed on your system and Docker up and running.

  1. Download the ShellScript to install agent.

    curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh -o agentManagement.sh

    or

    wget https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh

  2. Install the agent

    sh agentManagement.sh --volume <path to agent package volume directory> --agentpackage <path to agent package> --install

    For example

    sh agentManagement.sh --volume /home/opc/oag_agent/agent_vol --agentpackage ./OracleIdentityGovernance_AG.zip --install

Start and Verify the agent

  1. Start the agent

    sh agentManagement.sh --volume <path to agent package volume directory> --start

    For example

    sh agentManagement.sh --volume /home/opc/oag_agent/agent_vol --start

    You will see the response Starting Agent and Starting new container.

  2. Verify the agent

    sh agentManagement.sh --volume <path to agent package volume directory> --status

The agent should be running and the integration status should display Success.

Description of the illustration OracleIdentityGovernance_Success.jpg

You can verify the integration status from the Access Governance Console. See Oracle Access Governance product documentation.

Acknowledgments

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.