Integrate Oracle Access Governance with Oracle Unity

Oracle Unity can be integrated with Oracle Access Governance as a Managed system, allowing you to reconcile and provision accounts and manage role and organizations.

Overview: Integrate Oracle Access Governance with Oracle Unity

Integration between Oracle Access Governance and Oracle Unity streamlines user lifecycle management of Oracle Unity users, ensuring seamless access control and compliance through automated provisioning and enforcement of the principle of least privilege through access reviews of accounts and roles.

Oracle Unity Integration Architecture Overview

You can perform full data load for accounts in Oracle Unity. Once a connection is established, you can perform provisioning, remediation, and management tasks for user accounts, and roles.

Oracle Unity integration supports management of accounts, including the following use cases.

  • Centralized User Provisioning:

    Perform Oracle Unity account updates. Create, Update (organization), Enable, Disable, and Delete accounts from within Oracle Access Governance. See Manage Account Lifecycle with Service Desk Executive Support.

  • Access Control:

    Assign or revoke permissions (Oracle Unity roles and Oracle Unity organization) using the Access Control module of Oracle Access Governance.

    Automatically or manually revoke access for users whose access is no longer valid, based on organizational or lifecycle changes. See Automated Provisioning for Joiners, Movers, and Leavers (JML) Process.

  • Segregation of Duties:

    Enforce segregation of duties (SoD) by implementing metadata-driven rules to define eligibility criteria for granting access bundle permissions, using Oracle Access Governance access guardrails and Identity collection. See Access Guardrails - Enforce Preventive Access Control Conditions

  • Self-Service Profile Management:

    Enable users to view and update their own profile attributes using Oracle Access Governance, with updates reflected in Oracle Unity. See View Access Details and Manage Account

  • Access Reviews and Attestation:

    Periodically review and certify Oracle Unity user access to ensure appropriate entitlements. See Access Reviews Overview.

  • Audit and Compliance Support:

    Track and maintain full audit trail and recent changes of all user and access-related changes to meet regulatory and internal compliance requirements. See Audit Trail: Monitoring Access Decisions.

Functional Overview: Use Cases Supported for Oracle Unity Integration

Oracle Unity integration supports management of Oracle Unity accounts, roles and organizations from Oracle Access Governance:

  • Configure Orchestrated System

    See Configure Integration with Oracle Unity.

  • Match Identity and Account Attributes using Correlation Rules

    Review or configure matching rules to match the identity and account data and build a composite identity profile. To view the default matching rule for this orchestrated system, see Default Matching Rules.

  • Load Data

    Ingest accounts and roles that can be managed by Oracle Access Governance.

  • Create Account

    Ingest account data from your orchestrated system or request an access for an identity using the self-service capability. This allows you to provision entitlements.

  • Update Account

    Update account details by assigning or removing permissions. This allows you to update entitlements.

  • Delete Account

    Delete an account associated with an identity. This will remove access for the account. The users get removed from your Oracle Unity service instance.

  • Enable/Disable Account

    Enable or Disable an account associated with an identity. This will either remove or restore accesses for the account. The users in your Oracle Unity service instance turns Active/Inactive.