Access Governance Overview

Oracle Access Governance is a cloud-native and modern Identity Governance and Administration (IGA) solution that provides enterprise-wide visibility to manage access across all your cloud services and on-premises systems. It offers dynamic access control, a prescriptive analytics-driven access review process that helps customers automate access provisioning, get insights into access permissions, identify anomalies, and remediate security risks. By combining simplicity, automation, and robust security features, Oracle Access Governance ensures that workforce and consumers in your enterprise have only the necessary access to the right resources for performing their jobs when needed.

Enterprises use multiple digital platforms, cloud services, and interconnected systems but often have isolated systems to manage identities and their access information. Such fragmented identity and access management (IAM) systems can result in access inconsistency, rubber-stamping processes, excessive permissions, and outdated governance processes.

Oracle Access Governance helps enterprises in:
  • Setting up low-code integrations across multiple applications and services within the ecosystem.
  • Enhancing transparency and control over access rights by offering a 360-degree view of user access privileges, providing details on who has access to what.
  • Minimizing risks associated with excessive permissions by offering a granular, customizable, and dynamic access control system based on access requests, roles, attributes, and policy.
  • Optimizing access compliance and certification process by leveraging easily configured ad-hoc and periodic certifications, event-based, and time-based micro certifications.
  • Reducing certification fatigue by supporting analytics driven insights and actionable recommendations .

Oracle Access Governance Capabilities

Here's a high-level functional overview of Oracle Access Governance featuring the essential capabilities:



  • Identity Orchestration: Oracle Access Governance supports various specialized (API-based, Agent-based), and generic integrations (Generic REST and Flat File) by establishing secure and low-code integrations with the on-premises or cloud systems. By utilizing these integrations, Oracle Access Governance can:
    • Fetch identity data and identity attributes from an Authoritative Source (i.e., a trusted source of identities and their attributes), for example, Oracle Human Capital Management (HCM), Active Directory, or Lightweight Directory Access Protocol (LDAP).
    • Fetch access information from Managed Systems (i.e., applications containing account and permissions), such as Oracle Database, Microsoft Teams, and so on.
    • Define identity correlation and account matching rules
    • Transform inbound and outbound data for identity and account attributes
  • Identity Management: As part of Identity Management, Oracle Access Governance offers:
    • Self-Service: Permits the staff in your enterprise to manage certain details of their own identity and access privileges, without the intervention of an administrator. For example, requesting access to resources, delegating business processes, reviewing access reviews, or viewing access insights of who has access to what resources.
    • Lifecycle Management: Manages identity creation, modification, access provisioning, and administration, starting from onboarding to internal transferring to offboarding for an identity.
    • Fulfilment: Ensures account reconciliation (synchronizing user accounts and permissions, managing unmatched accounts) and access provisioning (creating user accounts, assigning them appropriate permissions) for your enterprise staff.
  • Access Control: Manages and regulates access permissions within your organization using the access control framework which offers the following permission models:
    • Access Request and approval
    • Role-based access control (RBAC): Assign permissions to users associated with their job profile or functions. For example, system administrators, managers, developers, etc.
    • Attribute-based access control (ABAC): Assign membership to identity collections based on core or custom identity attributes, such as location, address, email address, etc.
    • Policy-based access control (PBAC): Assign permissions to users by defining a policy. For example, users with an “HR” role can view and manage sensitive employee data.
  • Access Certification: Addresses regulatory compliance requirements related to the principle of least-privilege access by running ad-hoc, periodic access certifications event- or time-based micro-certifications.
  • Process Automation: Offers sequential and parallel code-less, approval workflows for access reviews and request approvals, prescriptive analytics-based access insights with recommendations, and automated access provisioning.
  • Compliance: It provides out-of-the-box reports with graphical insights and audits for various compliance activities such as HIPAA, SOX, etc.