Set Up Service Instance

You can create an Oracle Access Governance instance in the Oracle Cloud Infrastructure Console. The steps below show you how to create an instance and verify its operation.

Regions

When you login to your tenancy, depending on your home region, chose a region hosting Oracle Access Governance within your geographic region to create and manage service instances. The tables below list the home regions that support Oracle Access Governance and which region they need to have a subscription for to access the Oracle Access Governance service.

Full details of regions can be referred to at Regions and Availability Domains.

North America

If you have an Oracle Cloud Infrastructure tenancy in one of the below home regions, you must have a subscription to the US East (Ashburn) region to be able to access the Oracle Access Governance service.

Region Name	Region Identifier	Region Location	Region Key	Realm Key	Availability Domains
Canada Southeast (Montreal)	ca-montreal-1	Montreal, Canada	YUL	OC1	1
Canada Southeast (Toronto)	ca-toronto-1	Toronto, Canada	YYZ	OC1	1
US East (Ashburn)	us-ashburn-1	Ashburn, VA	IAD	OC1	3
US West (Phoenix)	us-phoenix-1	Phoenix, AZ	PHX	OC1	3
US West (San Jose)	us-sanjose-1	San Jose, CA	SJC	OC1	1
US Midwest (Chicago)	us-chicago-1	Chicago, IL	ORD	OC1	3

South America

If you have an Oracle Cloud Infrastructure tenancy in one of the below home regions, you must have a subscription to the Brazil East (Sao Paulo) region to be able to access the Oracle Access Governance service.

Region Name	Region Identifier	Region Location	Region Key	Realm Key	Availability Domains
Brazil East (Sao Paulo)	sa-saopaulo-1	Sao Paulo, Brazil	GRU	OC1	1
Brazil Southeast (Vinhedo)	sa-vinhedo-1	Vinhedo, Brazil	VCP	OC1	1
Chile (Santiago)	sa-santiago-1	Santiago, Chile	SCL	OC1	1
Mexico Central (Queretaro)	mx-queretaro-1	Queretaro, Mexico	QRO	OC1	1

Europe

If you have an Oracle Cloud Infrastructure tenancy in one of the below home regions, you must have a subscription to the Germany Central (Frankfurt), Switzerland North (Zurich), Italy Northwest (Milan), Saudi Arabia West (Jeddah), UK South (London), or UAE Central (Abu Dhabi) region to be able to access the Oracle Access Governance service.

Region Name	Region Identifier	Region Location	Region Key	Realm Key	Availability Domains
France Central (Paris)	eu-paris-1	Paris, France	CDG	OC1	1
France South (Marseille)	eu-marseille-1	Marseille, France	MRS	OC1	1
Germany Central (Frankfurt)	eu-frankfurt-1	Frankfurt, Germany	FRA	OC1	3
Israel Central (Jerusalem)	il-jerusalem-1	Jerusalem, Israel	MTZ	OC1	1
Italy Northwest (Milan)	eu-milan-1	Milan, Italy	LIN	OC1	1
Netherlands Northwest (Amsterdam)	eu-amsterdam-1	Amsterdam, Netherlands	AMS	OC1	1
Saudi Arabia West (Jeddah)	me-jeddah-1	Jeddah, Saudi Arabia	JED	OC1	1
South Africa Central (Johannesburg)	af-johannesburg-1	Johannesburg, South Africa	JNB	OC1	1
Sweden Central (Stockholm)	eu-stockholm-1	Stockholm, Sweden	ARN	OC1	1
Switzerland North (Zurich)	eu-zurich-1	Zurich, Switzerland	ZRH	OC1	1
UAE Central (Abu Dhabi)	me-abudhabi-1	Abu Dhabi, UAE	AUH	OC1	1
UAE East (Dubai)	me-dubai-1	Dubai, UAE	DXB	OC1	1
UK South (London)	uk-london-1	London, United Kingdom	LHR	OC1	3
UK West (Newport)	uk-cardiff-1	Newport, United Kingdom	CWL	OC1	1

Asia-Pacific

If you have an Oracle Cloud Infrastructure tenancy in one of the below home regions, you must have a subscription to the Australia East (Sydney), or India West (Mumbai) region to be able to access the Oracle Access Governance service.

Region Name	Region Identifier	Region Location	Region Key	Realm Key	Availability Domains
Australia East (Sydney)	ap-sydney-1	Sydney, Australia	SYD	OC1	1
Australia Southeast (Melbourne)	ap-melbourne-1	Melbourne, Australia	MEL	OC1	1
India South (Hyderabad)	ap-hyderabad-1	Hyderabad, India	HYD	OC1	1
India West (Mumbai)	ap-mumbai-1	Mumbai, India	BOM	OC1	1
Japan Central (Osaka)	ap-osaka-1	Osaka, Japan	KIX	OC1	1
Japan East (Tokyo)	ap-tokyo-1	Tokyo, Japan	NRT	OC1	1
Singapore (Singapore)	ap-singapore-1	Singapore,Singapore	SIN	OC1	1
South Korea Central (Seoul)	ap-seoul-1	Seoul, South Korea	ICN	OC1	1
South Korea North (Chuncheon)	ap-chuncheon-1	Chuncheon, South Korea	YNY	OC1	1

Note:

You cannot access the Oracle Access Governance service from a subscription to a region outside your geographical region. An example would be if your home region is UK South (London) then you cannot access the service with a subscription to US East (Ashburn), you must have a subscription to Germany Central (Frankfurt) within your geographical region.

Prerequisites

A prerequisite for creating and setting up a service instance is to provide permissions for agcs-instance resources.

To create an Oracle Access Governance service instance, the Oracle Cloud Infrastructure Identity and Access Management administrator or domain administrator can create a group and allow that group permissions to:

• Read objectstorage-namespace resources in tenancy in a policy statement.
• Manage agcs-instance resources for a given compartment or tenancy in a policy statement

To update or delete an Oracle Access Governance service instance, the Oracle Cloud Infrastructure Identity and Access Management administrator or domain administrator can create a group and allow that group permissions to:

• Manage agcs-instance resources for a given compartment or tenancy in a policy statement.

Example Policies for Tenancies using Identity Domains

1. Tenancy Admin

   Allow group <domain_name>/<group_name> to manage all-resources in
       tenancy

2. Compartment Admin

   Allow group <domain_name>/<group_name> to manage all-resources in compartment
       <compartment_name>
   Allow group <domain_name>/<group_name> to read objectstorage-namespace in
       tenancy

3. With ‘manage agcs-instance’ in tenancy

   Allow group <domain_name>/<group_name> to manage agcs-instance in
       tenancy
   Allow group <domain_name>/<group_name> to read objectstorage-namespace in
       tenancy

4. With ‘manage agcs-instance’ in a compartment

   Allow group <domain_name>/<group_name> to manage agcs-instance in compartment
       <compartment_name>
   Allow group <domain_name>/<group_name> to read objectstorage-namespace in
       tenancy

Example Policies for Tenancies without Identity Domains

1. Tenancy Admin

   Allow group <group_name> to manage all-resources in
       tenancy

2. Compartment Admin

   Allow group <group_name> to manage all-resources in compartment
       <compartment_name>
   Allow group <group_name> to read objectstorage-namespace in
       tenancy

3. With ‘manage agcs-instance’ in tenancy

   Allow group <group_name> to manage agcs-instance in
       tenancy
   Allow group <group_name> to read objectstorage-namespace in
       tenancy

4. With ‘manage agcs-instance’ in a compartment

   Allow group <group_name> to manage agcs-instance in compartment
       <compartment_name>
   Allow group <group_name> to read objectstorage-namespace in
       tenancy

Create Service Instance

Create an Oracle Access Governance instance in the Oracle Cloud Infrastructure console.

You can create an Oracle Access Governance service instance using the following steps:

1. Open your web browser and navigate to https://cloud.oracle.com.
2. Enter the name of your Cloud Account Administrator in the Cloud Account Name field and click Next.
3. On the Cloud Infrastructure sign-in page, enter your sign-in credentials under Oracle Cloud Infrastructure Direct Sign-In. Click Sign In.
4. When you have successfully logged in, select Regions → [US East (Ashburn)|Brazil East (Sao Paulo)|Germany Central (Frankfurt)|Australia East (Sydney)], depending on your Home region location, from the top navigation menu.
5. Click the icon in the top left corner to display the navigation menu.
6. Click Identity and Security in the navigation menu.
7. Select Access Governance from the list of products.
8. On the Service Instances page, click the Create service instance button.
9. Enter values for the service instance as detailed in the following table .

   Parameter	Value	Description
   Name		Name of the service instance.
   Description		Description of the service instance.
   Create in compartment	Compartment Name into which the service instance will be created.	Name of the OCI compartment into which the service instance will be created.
   License type		Select from the following license types: Access Governance Premium: Governance of access privileges for Oracle and Non-Oracle Workloads running anywhere Access Governance for Oracle Workloads: Governance of access privileges for Oracle Workloads running anywhere Access Governance for Oracle Cloud Infrastructure: Governance of access privileges for OCI resources and services. Access Governance for OCI is the entry level license option, covering OCI in cloud environments. Access Governance for Oracle Workloads is a broader option, covering Oracle Workloads running anywhere, and includes OCI. Access Governance Premium is the widest option, including non-Oracle as well as Oracle workloads. When you select a license option, be aware that it may take approximately 10 minutes before the licence is enabled on your service instance.
   Tagging		Tags allow you to organize and track resources within your tenancy. If you want to tag resources within the service instance, add them here. Add value as described in the following rows. If you want to add additional tags, select Another Tag to create more.
   TAG NAMESPACE		Namespace to which the tag applies.
   TAG KEY		Key for the tag.
   TAG VALUE		Value of the tag.

10. To create the service instance with the value you have input, select Create service instance. If you do not want to proceed with the service creation, select Cancel.

Verify Service Instance

You can verify an Oracle Access Governance service instance using the following steps:

1. Open your web browser and navigate to https://cloud.oracle.com.
2. Enter the name of your Cloud Account Administrator in the Cloud Account Name field and click Next.
3. On the Cloud Infrastructure sign-in page, enter your sign-in credentials under Oracle Cloud Infrastructure Direct Sign-In. Click Sign In.
4. Click the icon in the top left corner to display the navigation menu.
5. Click Identity and Security in the navigation menu
6. Select Access Governance from the list of products.
7. On the Service Instances page, select the newly created service instance.
8. Click Service Home Page to access the Oracle Access Governance Console in a browser.
   The Oracle Access Governance Home page should look similar to below. Depending on the application roles assigned to your user, you will see the following tabs:
   

   

   
   

   • My Stuff
   • Access Controls
   • Access Reviews
   • Who Has Access to What
   • Service Administration

   You can select which Oracle Access Governance task you want to perform by selecting the relevant tab, and clicking on the tile displayed for your task. Alternatively, you can select tasks from the navigation menu, .

---

Title and Copyright Information

Set Up Service Instance

Copyright © 2023, Oracle and/or its affiliates. 

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.