Integrate Oracle Access Governance with Microsoft Active Directory
Overview: Integrate Oracle Access Governance with Microsoft Active Directory
Integration between Oracle Access Governance and Microsoft Active Directory streamlines user lifecycle management of Microsoft Active Directory users, ensuring seamless access control and compliance through automated provisioning and enforcement of the principle of least privilege through reviews of users and groups.
Microsoft Active Directory can be integrated with Oracle Access Governance as an authoritative source or managed system, allowing you to reconcile users and groups, and provision identities and accounts.
Microsoft Active Directory Integration Architecture Overview
You can perform full data load for accounts in Microsoft Active Directory. Once a connection is established, you can perform remediation and management tasks for user accounts and groups.
Microsoft Active Directory integration supports management of Microsoft Active Directory accounts by Oracle Access Governance, including the following use cases.
- Centralized User Provisioning:
Perform Microsoft Active Directory user identity updates. Create, and modify accounts from within Oracle Access Governance.
- Access Control:
Assign or revoke Microsoft Active Directory group memberships using governance policies defined in Oracle Access Governance
Automatically or manually revoke access for users whose access is no longer valid, based on organizational or lifecycle changes.
- Segregation of Duties:
Enforce segregation of duties (SoD) by implementing metadata-driven rules to define eligibility criteria for granting access bundle permissions, using Oracle Access Governance Access Guardrails
- Self-Service Profile Management:
Enable users to view and update their own profile attributes using Oracle Access Governance, with updates reflected in Microsoft Active Directory.
- Access Reviews and Attestation:
Periodically review and certify Microsoft Active Directory user access to ensure appropriate entitlements.
- Audit and Compliance Support:
Maintain full audit logs of all user and access-related changes to meet regulatory and internal compliance requirements.
Functional Overview: Use Cases Supported for Microsoft Active Directory Integration
Microsoft Active Directory integration supports management of Microsoft Active Directory accounts by Oracle Access Governance, including the following use cases.
-
Configure Microsoft Active Directory Orchestrated System
See Configure Integration Between Oracle Access Governance and Microsoft Active Directory.
-
Match Identity and Account Attributes using Correlation Rules
Review or configure matching rules to match the identity and account data and build a composite identity profile. To view the default matching rule for this orchestrated system, see Default Matching Rules.
-
Ingest accounts and groups that can be managed by Oracle Access Governance.
-
Ingest account data from your orchestrated system or request an access for an identity. This allows you to provision entitlements.
-
Update Account
Update account details by assigning or removing permissions. This allows you to update entitlements.
-
Enable or disable an account associated with an identity. This will either remove or restore accesses for the account.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.