Access Governance Integration with Connected Systems

Connected Systems Overview

Oracle Access Governance can be integrated with target identity systems by defining a connected system. A connected system is a definition that allows you to load data from a remote target identity system into Oracle Access Governance. The connected system will define parameters such as connection details that are required to access remote identity data. Where a direct connection between Oracle Access Governance and the target identity system is not possible, an agent may be deployed to bridge between the two.

Topology

The Oracle Access Governance agent is made up of the following components.

  • Connected System: A connected system is the footprint definition for a target identity system that can be integrated with and provide data to Oracle Access Governance. Once defined, the connected system enables integration and data synchronization between target identity systems and Oracle Access Governance, through either a direct connection or an agent.
  • Oracle Access Governance Console: The Oracle Access Governance Console allows users with the Administrators application role, to register the connected system, download agent docker image if required, and configure and monitor the progress of the connected system in real-time. The Oracle Access Governance Console also supports life cycle activity such as resetting the connected system status to trigger full or incremental synchronization, or disable or enable the connected system.
  • Agent :

    The Oracle Access Governance agent is a docker image-based agent, which allows Oracle Access Governance to synchronize continuously or periodically with target identity systems where a direct connection is not available. The agent runs scheduled distributed extract-transform-load (ETL) jobs to perform full or incremental synchronization of remote identity data, such as users, roles, application instances, entitlements, and entitlement assignments, to Oracle Access Governance. Once registered and installed, the agent can be monitored via the Oracle Access Governance Console. The agent runs in a Docker environment located at the customer. This environment should meet the following prerequisites:

    • Installation of Docker or Podman
    • Allow connection to the customer's target identity database
    • Allow connection to the customer's Oracle Access Governance instance hosted in Oracle Cloud.
    The agent uses the configuration entered in Oracle Access Governance to connect to the connected system. The agent extracts data from the connected system, transforms it, and then pushes it to Oracle Cloud Infrastructure Object Storage over HTTPS. Once transferred to object storage, the data is then picked up by the Oracle Access Governance ingestion service and is loaded into Oracle Access Governance for consumption.

On completion of access review campaigns, any permissions that have been revoked in Oracle Access Governance will be remediated by raising a revoke operation in the connected system. This revoke request will be passed to the connected system via the agent

Manage the Connected System

The connected system can be managed from the Oracle Access Governance Console. Management operations that can be performed include initiating a data load, updating connection settings, and disabling the connected system.

Data Load

To initiate a data load from the target connected system instance, perform the following tasks.

  1. In the Oracle Access Governance Console, access the navigation menu by selecting the Navigation Menuicon. Select Service Administration → Connected Systems.
  2. In the Connected Systems screen, select the Manage button for the Oracle Access Governance connected system you want to manage.
  3. Select the Load data now option from the Actions drop-down menu in the top right-hand corner. This will initiate a data load which you can track the status of in the Activity Log.

Update Connection Details

To update the connection details used by the connected system to connect to the target identity system perform the following tasks.

  1. In the Oracle Access Governance console access the navigation menu by selecting the Navigation Menuicon. Select Service Administration → Connected Systems.
  2. In the Connected Systems screen, select the Manage button for the connected system you want to update.
  3. Select the Settings option from the Actions drop-down menu in the top right-hand corner. Update connection settings and click Save.

Disable the Connected System

To disable the agent from running, perform the following tasks.

  1. In the Oracle Access Governance Console, access the navigation menu by selecting the Navigation Menuicon. Select Service Administration → Connected Systems.
  2. In the Connected Systems screen, select the Manage button for the connected system you want to disable.
  3. Select the Disable button in the top right-hand corner. The agent will display a status of Disabled on the Connected Systems page.