1. Access Governance Cloud Service
  2. Getting Started
  3. Key Features

Key Features

Key features of Oracle Access Governance include the following:

Access Review

An Access Review is the review of access and permissions for an entity, usually an end user, that is carried out to confirm whether the access and permissions assigned to that entity are still valid. An example use case might be when an end user moves to another department in your organization, and as a result, no longer requires access to a particular resource.

Access reviews can be carried out by the following users:

  • User (review access assigned to me/self)
  • Manager (review access assigned to users in my team)
  • Owner (review access assigned to users over resources I own)
  • CloudAccessReviewer (review access of cloud resources, such as OCI IAM Policies)
  • Custom Reviewer (review access tasks assigned to a user other than end-user, manager, or owner. The default value is Me )

Access reviews enable the following features:

  • User access reviews
  • Policy reviews
  • Event-based access reviews
  • Intelligent reminders to drive action from end-users, approvers, and skip level approvers.
  • Self-reviews by the end-users

Access Review Campaigns

Access review campaigns are run on-demand or can be scheduled periodically. You can run access review campaigns one-time or opt to choose a recurring pattern like Quarterly, Monthly, Half-Yearly, or Yearly.

Access review campaigns include:
  • User Access Reviews: Comprises a group of access reviews for members of your enterprise population where individual access to a specific source is checked and either certified or remediated.
  • Policy Reviews: Comprises a group of policy reviews that evaluates access control of Identity and Access Management (IAM) Policies. Access control of each cloud resource is evaluated up to the policy statement-level. The policy statements can either be accepted or revoked. The final remediation decision will be submitted per policy, and further sent to the connected system for closed-loop access remediation.

Event-Based Access Reviews

Event-Based Access Reviews are the action-oriented access reviews carried out by Oracle Access Governance when one or more predefined event types occur. Whenever events, such as job-code change, location change, and so on occur, the event-based access review feature helps the service administrators to check, certify or remediate the impacted user or application roles, permissions, or entitlements.

Once configured, a single or a multi-event access review activity may launch. This depends on the changes in the identity profile and the duration between data refreshes for those identity changes.

For example, if a department of an organization merges into another department, it results in department change, manager change, and job-code change. As a result, the impacted members of the organization require access to the resources of the new department and should not use the resources of the previous department. If the database is updated synchronously for these events, this will trigger a multi-event access review activity within Oracle Access Governance.

Whenever such predefined event types occur, and are reflected in the database, these are automatically picked up by Oracle Access Governance through the Connected Systems functionality that initiate the Event-Based Access Review activities.

Using this feature, you can:
  • Control the event-type to initiate the access reviews.
  • Define auto-actions for low-risk access reviews.
  • Generate insights on event-based access reviews.

Identity Intelligence

Oracle Access Governance analyzes each identity and its privileges, builds insights into potential high-risk assignment and security violations, and recommends remediations. This enables access reviewers to make corrective decisions quickly. This feature enables:

  • Assimilation and analysis of identity data and access privileges.
  • Recognition of contextual insights and identification of security blind spots.
  • Remediation recommendations enable access reviewers to make corrective decisions quickly.

Workflows

Workflows provide out-of-the-box features in Oracle Access Governance. These include:

  • Notifications: Reviewers are notified about assigned and pending access reviews.
  • Multi-stage approvals: Oracle Access Governance supports one-level, two-level, and three-level access review workflows.
  • Decision making: Access reviews can be accepted or revoked.

Workflows in Oracle Access Governance enable:

  • Zero coding workflow creation.
  • Multi-stage approval workflows.
  • Suggestions for intelligent workflow based on selected criteria.

Identity Orchestration

Identity orchestration is provided by Oracle Access Governance, enabling integration with both on-premises and Cloud-connected systems. This code-less integration of identity allows for the assimilation of identity data and access privileges from multiple connected systems and subsequent analysis in Oracle Access Governance.

Features include :

  • Minimal configuration, and code-less integration with on-premises and on-cloud applications and systems.
  • Improves IT efficiency and reduces operational costs through automation.

Intuitive User Interface

The Oracle Access Governance Console provides an intuitive user interface (UI) for access reviews, allowing smart tracking of access review campaigns. Intelligent dashboards are available that assist in focusing on prioritized and urgent review tasks.

Reporting and Analytics

Oracle Access Governance enables reporting and analytics in the following areas:

  • 360-degree visibility into identities, accounts, and permissions usage in intuitive dashboards.
  • Discover, determine risk, and monitor accounts with privileged access for anomalous behavior.
  • Access Reviews outcome and fulfillment reports.