Identity Orchestration Process Flow: Understanding Key Tasks

We have outlined eight essential tasks from adding an orchestrated system, transforming your data, implementing matching rules, to finally provisioning your accounts using Oracle Access Governance. These tasks serve as a checklist to ensure that integrations and operations between your system and Oracle Access Governance are streamlined and efficient.

Related Topics

Identity Orchestration Process Flow

To manage Identity Orchestration using the Oracle Access Governance Console, administrators need to perform the following tasks:

  1. Add an Orchestrated System: You can integrate with a system of your choice by entering basic and configuration details. To do this, you first need to add an Orchestrated system in the Oracle Access Governance Console. Whenever you integrate an Authoritative Source or Managed System in the Oracle Access Governance Console, it is termed as an Orchestrated system in Oracle Access Governance. To know how to add orchestrated system within the Oracle Access Governance Console, see Add Orchestrated Systems.
  2. Validate the Connection: Once you have added an Orchestrated system, you must test and verify when a new connection is established or when you update the connection settings. There are various activities involved once you have added an Orchestrated System. For additional details on activities, see View Activity Log.
  3. Configure Inbound Data Transformation Rules: Different systems represent identity and access data in different data formats schema or formats or businesses may have specific data standards. To make data compatible between systems, you need to apply rules to transform the data coming into (data ingestion) or going out of (account provision) Oracle Access Governance. With data transformation, you can handle null values, aggregate, concatenate, normalize the data, etc. by writing JavaScript methods. To know how to apply data transformation in Oracle Access Governance, refer Configure Settings for an Orchestrated System and read more about data transformation and identity customization rules in the Data Rules to Customize and Transform Identity and Account Attributes article.
  4. Configure Correlation or Matching Rules: To build a composite profile, you can match data incoming from different authoritative sources, by configuring matching or correlation rules. You can also match accounts with identities by configuring the account matching rules. Accounts that do not match any identities are tagged as Unmatched Accounts in Oracle Access Governance. Read more about Unmatched Accounts to understand how Oracle Access Governance handles unmatched or orphan accounts.
  5. Activate Identities: Once the data load operation is successful, you must activate these identities within the service, and flag identities as either Workforce or Consumer users. Read more in the Manage Identities article.
  6. Configure Identity Attributes: You can configure Identity attributes (Core or Custom) to perform various functions, such as running access review campaigns, choosing identities for identity collections, or applying attribute conditions to enable/disable the available identity data set. Read more about attributes in the View and Configure Identity Attributes article.

    Note:

    Post the tasks, you can use other Oracle Access Governance features, such as running campaigns for access reviews, managing permissions using the access control framework, viewing enterprise-wide insights, delegating tasks, setting up business processes by creating approval workflows, and so on.
  7. Configure Outbound Data Transformation Rules: You can then configure outbound transformation rules using the identity attributes to define account attributes for provisioning (account provisioning) in Oracle Access Governance. To know how to apply data transformation in Oracle Access Governance, refer Configure Settings for an Orchestrated System
  8. Execute Provisioning of Accounts: Finally, Oracle Access Governance performs the fulfillment process by provisioning accounts, or by sending out review decisions for closed-loop access remediation.