What's New for Oracle Access Governance
Here’s an overview of new features and enhancements added recently to improve your Oracle Access Governance experience.
Recent Updates in Oracle Access Governance
Here’s an overview of new features released, including documentation updates.
November 2024 Update
What's New in November 2024 Update
Preventive Segregation of Duties (SOD) Analysis using Oracle Fusion Cloud Risk Management and Compliance (RMC)
Feature | Description |
---|---|
Segregation of Duties (SOD) Analysis for Oracle Fusion Cloud Applications | Oracle Access Governance now supports preventive SOD checks through Oracle Fusion Cloud Risk Management and Compliance (RMC). With this update, Oracle Access Governance raises potential conflicts as part of access request approval task. Currently, the SOD violations check is scoped for Oracle Access Governance Access Bundles. For more details, see Manage Approvals. |
Access Controls: Manage Assignment of OCI Cloud Services Application Roles
Feature | Description |
---|---|
Assign users to OCI cloud service application roles from Oracle Access Governance | You can now assign OCI cloud services application roles to identities with Oracle Access Governance. For this, package one or more OCI cloud services application roles in an access bundle, and assign it to users through a policy or an access request. You may further run identity access reviews for these assignments, if these are granted through user request. |
Identity Access Reviews for OCI Permissions managed by Oracle Access Governance
Feature | Description |
---|---|
Run Identity Access Reviews for OCI Permissions managed by Oracle Access Governance | For assignments managed by Oracle Access Governance, you can certify identities assigned to OCI IAM groups and OCI cloud services application roles as part of OCI Access Bundles reviews (Grant Type as REQUEST ).
|
Data Load Settings for Orchestrated Systems
Feature | Description |
---|---|
Data Load Settings for Orchestrated Systems | You can now set how often data should be loaded and updated between Oracle Access Governance and orchestrated systems. You can configure the timing and frequency for all orchestrated system except for Flat File and Oracle Cloud Infrastructure (OCI IAM). For more details, see Configure Data Load Schedule Settings for Orchestrated Systems. |
September/October 2024 Update
What's New in September/October 2024 Update
Event Data Publisher in Oracle Access Governance
Feature | Description |
---|---|
Event Data Publisher in Oracle Access Governance | With Oracle Access Governance, you have the flexibility to export and continually publish data events to your cloud tenancy. You can export one-time and sequentially and continually publish ongoing data events to OCI Buckets or OCI Streams depending on the file size. See Event Data Publisher in Oracle Access Governance. |
Orchestrated Systems
Feature | Description |
---|---|
Database Application Tables (Oracle) and Oracle Database User Management |
|
New Orchestrated System: Integrate with Oracle Health EHR (formerly Cerner Millennium) | Oracle Health EHR (formerly Cerner Millennium): You can enable identity orchestration for provisioning of accounts in Oracle Health EHR (formerly Cerner Millennium) as a Managed System. See Oracle Health EHR ( formerly Cerner Millennium ) Integration Reference. |
Delegations
Feature | Description |
---|---|
Delegations |
|
Microsoft Entra ID Group Management
Feature | Description |
---|---|
Microsoft Entra ID Group Management | You can now manage group for Microsoft Entra ID. Oracle Access Governance supports provisioning of Security Group and Office Group using the Identity Collections functionality. |
August 2024 Update
What's New in August 2024 Update
New Application Roles in Oracle Access Governance
Feature | Description |
---|---|
New Application Roles related to Orchestrated System | New Application Owner Roles introduced for Orchestrated System:
See Predefined Application Roles Reference listing all application roles. |
New Application Roles related to Access Controls | New Access Control Restricted Administrator Role introduced for Access Controls:
See Predefined Application Roles Reference listing all application roles. |
Run Ownership Reviews and Identity Access Reviews based on Direct Permissions
Feature | Description |
---|---|
Ownership Reviews | You can schedule campaigns to review ownership of resources that are created within Oracle Access Governance, either periodically or on an ad hoc basis. By performing this review, you can ensure accountability of resources lies only with the designated owners. See Resource Ownership. |
Run Identity Access Reviews for directly assigned permissions | You can now quickly certify privileges for all Orchestrated systems based on the permissions ingested directly (DIRECT ) from a Managed System without provisioning it first from Oracle Access Governance. See Identity Access Reviews based on Permissions Assigned Directly in Managed Systems.
|
Add Resource Owners
Feature | Description |
---|---|
Add Primary and Additional Owners for Orchestrated Systems, Access Control Resources, and Organizations | You can now add primary and additional owners for Oracle Access Governance resources. Any Oracle Access Governance active identity can be assigned as the resource owner. All the owners can read, update, or delete the resources that they own. See Add Primary and Additional Owners. |
Orchestrated Systems
Feature | Description |
---|---|
New Orchestrated System: Integrate with Oracle Fusion Cloud Applications | Oracle Fusion Cloud Applications: You can enable identity orchestration, including on-boarding of identity (user) data, and provisioning of accounts for Oracle Human Capital (HCM) and Oracle Enterprise Resource Planning (ERP) accounts. This includes using Oracle Fusion Cloud Applications as an Authoritative source and as a Managed System for account provisioning. See Integrate with Fusion Cloud Applications. |
New Orchestrated System: Integrate with Database Application Tables (Oracle) | Database Application Tables (Oracle): You can enable identity orchestration, including on-boarding of identity (user) data, and provisioning of accounts for Database Application Tables (Oracle) both as an Authoritative source and as a Managed System. See Integrate with Database Application Tables (Oracle). |
Configure Account Settings | You can now configure the account settings to support the Joiners, Movers, and Leavers process for your Orchestrated system. You can configure to send email to user or user manager when a new account is created. You can also choose to either disable or delete the account whenever an identity moves within or leaves your enterprise. |
Access Controls
Feature | Description |
---|---|
Provisioning Users to OCI IAM groups from Oracle Access Governance | You can now provision users to OCI IAM groups from Oracle Access Governance. You can package multiple OCI IAM groups in an access bundle, and provision it to users through a policy or an access request. |
Identity Lifecycle - Joiners, Movers, Leavers Process | New article describing automated provisioning for Joiners, Movers, and Leavers (JML) process in Oracle Access Governance. See Identity Lifecycle Management . |
New Articles for My Access and Language Support
Feature | Description |
---|---|
Self-Service - My Access | New article on viewing your access details and managing your accounts in Oracle Access Governance. See View Access Details and Manage Account. |
Language Support in Oracle Access Governance | New article that lists various languages supported by Oracle Access Governance Console and steps to update your browser's locale settings. See Supported Languages in Oracle Access Governance. |
July 2024 Update
What's New in July 2024 Update
Access Reviews
Feature | Description |
---|---|
Access Reviews Fallback Mechanism | New fallback process is introduced to assign a valid reviewer or a campaign owner whenever an invalid reviewer or an invalid campaign owner is detected. This will prevent sudden termination of a campaign. |
New or Updated Access Reviews Articles | New or updated articles for Access Reviews:
|
June 2024 Update
What's New in June 2024 Update
Orchestrated Systems
Feature | Description |
---|---|
Integrate with Orchestrated Systems | PeopleSoft: You can now perform identity reconciliation, user management, and role assignment with PeopleSoft integration. |
May 2024 Update
What's New in May 2024 Update
Who Has Access to What
Feature | Description |
---|---|
Who Has Access to What | Enterprise-wide Browser As an Enterprise-wide Access Administrator or Administrator, get a comprehensive and centralized view of access information across your enterprise. Enterprise-wide Browser allows you to:
|
Who Has Access to What | My Access As an Oracle Access Governance user, you can view access profile details in the self service section. Go to My Stuff → My Access to view your access details. The account details visible on the My Accounts page is now available on the My Access → Accounts page. |
Notifications
Feature | Description |
---|---|
Notifications | The following enhancements have been added to notifications:
|
OCI Data Handling
Feature | Description |
---|---|
OCI Data Handling | The Identity Attributes functionality has been enhanced to provide the ability to define which OCI domain Oracle Access Governance should use as the source of truth when ingesting identity data from a multi-domain OCI instance. |
Integrations
Feature | Description |
---|---|
System Integration | PeopleSoft: You can now perform identity reconciliation, user management, and role assignment with PeopleSoft integration. |
Integrations | Updated Data Transformation topic within the Integration documentation. |
March/April 2024 Update
What's New in March/April 2024 Update
Orchestrated Systems
Feature | Description |
---|---|
Integrate with Orchestrated Systems |
|
Integrate with Orchestrated Systems | Integration documentation for the following managed systems has been updated:
|
Integration
Feature | Description |
---|---|
New/Updated Integration Articles | New/updated articles for integration:
|
Integration Landing Page | Integration landing page has been updated:
|
February 2024 Update
What's New in February 2024 Update
Orchestrated Systems
Feature | Description |
---|---|
Integrate with Orchestrated Systems | You can now integrate Oracle Access Governance with:
|
Unmatched Accounts
Feature | Description |
---|---|
Delete Unmatched Accounts | You now have the option to delete accounts which are unmatched from a Managed System. This is in addtion to the current functionality allowing you to match an unmatched account to an identity. |
Configurable Notifications
Feature | Description |
---|---|
Configurable Notifications | You can now customize and configure notifications. Notifications are sent for different types of event. You can now customize notifications in the following ways:
|
Data Transformation and Matching Rules
Feature | Description |
---|---|
Identity Attributes | For custom identity attributes, you now have the option to add a rule on how the attribute is populated. You can either use the value directly, or you can create a rule around the active value. |
January 2024 Update
What's New in January 2024 Update
Orchestrated Systems
Feature | Description |
---|---|
Integrate with Orchestrated Systems | You can now integrate Oracle Access Governance with:
|
Data Transformation and Matching Rules
Feature | Description |
---|---|
Outbound and Inbound Data Transformation | You can transform the data coming into Oracle Access Governance or going out (provisioned) of Oracle Access Governance. You can apply transformation rules on the inbound and the outbound data, by writing methods in JavaScript, for objects, identity (user) object, account object, and custom user attributes. |
Matching Rules | You can now use matching or correlation rules to avoid orphan or unmatched accounts during the data ingestion process. You can set up these rules to match the identity data imported from different authoritative sources, and/or match multiple accounts with an identity to avoid unmatched account. |
December 2023 Update
What's New in December 2023 Update
Orchestrated Systems
Feature | Description |
---|---|
Integrate with Orchestrated Systems | You can now integrate Oracle Access Governance with Oracle Fusion Cloud Applications. With this integration, you can perform User management and Role grant management operations through Oracle Access Governance. |
Outbound Data Transformations
Feature | Description |
---|---|
Outbound Data Transformation | Through Oracle Access Governance, you can now perform data transformation on the data provisioned into the Orchestrated system account. |
Identity Collection can manage a new or existing Active Directory group on a Orchestrated System
Feature | Description |
---|---|
Identity Collection can manage a new or existing Active Directory group on a Orchestrated System | While creating an identity collection in Oracle Access Governance, you can now opt to manage a group on a Orchestrated system. The selected (new or existing) group in this Orchestrated system will be managed by this identity collection. |
Reassignment of Identity and Access Reviews
Feature | Description |
---|---|
Reassign Identity and Access Reviews | Oracle Access Governance gives you the provision to reassign identity reviews and/or access review items to other users. In reassignment, the review tasks will be moved from the original reviewer and gets assigned to the new reviewer. |
Access Governance Organization
Feature | Description |
---|---|
Oracle Access Governance Organizations | Oracle Access Governance administrators can now structure identities and form relationships between identities by creating and managing Organizations in the Oracle Access Governance Console. |
Approval Workflows in the Event-Based Access Reviews
Feature | Description |
---|---|
Approval Workflows in the Event-based Access Reviews | You can now configure approval workflows for all the three event types - change event, timeline event and multi-event access reviews. |
Unmatched Accounts Access Reviews
Feature | Description |
---|---|
Unmatched Accounts Access Reviews | You can now review unmatched accounts via event-based access reviews. This allows application owners and custom users to match an unmatched account to an existing Oracle Access Governance identity, or remove the account from the Orchestrated system. |
Enhancement in Reporting of Campaign Details
Feature | Description |
---|---|
Campaign Details' Report Enhancement | In the campaign details page, for approval workflow summary, you can see count of total and pending reviews. A new link, View pending link, has been added that provides reviewer details, such as reviewer's name, email addresses, and count of pending reviews with each of them. |
November 2023 Update
What's New in the November 2023 Update
Orchestrated Systems
Feature | Description |
---|---|
Orchestrated Systems | The following types of Orchestrated System have been added to Oracle Access Governance:
|
Unmatched Accounts | The ability to manage unmatched accounts has been added. You can search for unmatched accounts, and where appropriate, match them to an Oracle Access Governance identity. |
OCI Group Membership Review | OCI IAM group memberships can now be reviewed as part of Identity Collection access reviews. |
Timeline Event Based Micro-certification | Timeline based micro-certification to trigger user access reviews based on specific dates, such as anniversary dates, has been added to the Event-Based Access Review functionality. |
Active Directory group management | AD groups can now be managed from Oracle Access Governance using the Identity Collections functionality. |
September 2023 Update
What's New in the September 2023 Update
Time-based Events
Feature | Description |
---|---|
Time-based Events | Time-based Events refer to an event which is raised for a particular date, for example, weekly, monthly, or when a user is granted access to an application on a given date, which is subject to an annual review. A review task is generated for the user on the date configured for the time-based event, to determine if the permission associated with the event is still appropriate |
July 2023 Update
What's New in July 2023 Update
List Requests that needs Approvals
Feature | Description |
---|---|
Approvals |
The Approvals page in the Oracle Access Governance console, lists access requests requiring your attention. All requests requiring approval will be displayed. These requests are listed as one access per row. If a request is made for multiple accesses, for example access to a database, a directory, and a cloud service, then this will be displayed as 3 rows requiring separate approvals in your approval list. |
Viewing Access Requests
Feature | Description |
---|---|
View My Requests |
The My Access Requests screen, in the Oracle Access Governance console displays a list of access request raised by the logged-in user for Self or for others. You can either view the details, cancel a request or can provide information on the requests. |
Request Access for Yourself or for Other Users
Feature | Description |
---|---|
Request Access |
As an Oracle Access Governance user you can request access to resources and roles. Requests can be made for yourself, or for others. This process creates an access request which is subject to an approval workflow. |
Simplifying Process of Requesting Resource Permission
Feature | Description |
---|---|
Create and Manage Access Bundle |
An Access Bundle is a collection of permissions that packages access to resources, application features, and functionality into a requestable unit. To access a particular resource, you do not have to request each permission associated with that resource individually, instead you request an access bundle containing all permissions associated with that resource. This simplifies the process of requesting resource permissions. Using Oracle Access Governance console, you can now create a new access bundle and manage it. |
Maintain Policies within your Oracle Access Governance Service
Feature | Description |
---|---|
Manage Polices |
Using policies you can now provide access to resources within your organization. These policies associate resources and permissions with identities by means of roles and access bundles. You can create and manage policies by using Oracle Access Governance Console. |
Manage Roles
Feature | Description |
---|---|
Manage Roles |
You can now create and manage roles using Oracle Access Governance console. These roles are a group of access bundles. The access bundles contained within a role can span multiple targets. For example, a Database Administrator role groups together the DBAdmin_Oracle, DBAdmin_DB2, and DBAdmin_MySQL access bundles. To use a role you must associate identities to it via a policy. |
Create and Manage Approval Workflow
Feature | Description |
---|---|
Create and Manage Approval Workflow |
In Oracle Access Governance, every permission, access request, or role that needs to be assigned to a user must be processed through an approval workflow. You as a resource administrator can design an approval workflow by specifying the required approval level and the number of approvers. Later, as a Permission Manager you can use these workflows to obtain approvals before assigning or revoking user privileges. You as a resource administrator can monitor and manage the approvals using the Oracle Access Governance Console. |
Integrate Oracle Access Governance with Target Systems
Feature | Description |
---|---|
Integrate with Orchestrated Systems |
You can now connect Oracle Access Governance with the following systems by entering connection details and credentials for the target system.
|
May 2023 Update
What's New in May 2023 Update
New License Types for Oracle Access Governance
Feature | Description |
---|---|
New License Types | Oracle Access Governance rolls out new license types for its users:
|
Added Identity Activation Rules for License Management in Oracle Access Governance
Feature | Description |
---|---|
Manage Identities | You can now optimize Oracle Access Governance instance operating cost by managing which identities can use the Oracle Access Governance service. Identities excluded from the service will not have access to Oracle Access Governance functionality and will not be billed. |
Identity Orchestration: Integrate Oracle Access Governance with Oracle Cloud Infrastructure Identity and Access Management (OCI IAM)
Feature | Description |
---|---|
Integrate with OCI IAM | You can now implement code-less integration of Oracle Access Governance directly with cloud services. This release supports Identity Orchestration set up between Oracle Access Governance and Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) system. |
Policy Reviews
Feature | Description |
---|---|
Policy Reviews | You can review OCI IAM policies either one-time or periodically from Oracle Access Governance by creating Policy Review campaigns. In this campaign, access control of each cloud resource is evaluated up to the policy statement-level. The policy statements can either be accepted or revoked. |
Who Has Access to What: Enterprise-wide Access and Individual's Access to Cloud Resources
Feature | Description |
---|---|
Who Has Access to What | The Who Has Access to What capability now includes:
|
New Capability that supports Custom Identity Attributes in Oracle Access Governance
Feature | Description |
---|---|
Custom Identity Attributes. | Oracle Access Governance now supports custom identity attributes in addition to core identity attributes for running various Oracle Access Governance operations. |
Introduced Identity Collections functionality in Oracle Access Governance
Feature | Description |
---|---|
Identity Collection | You can now create and manage a collection of identities to perform Oracle Access Governance functions collectively on a group rather than performing for each individual identity. You can create an identity collection either by defining conditional rules, known as Membership Rules, and/or by directly selecting identity names. |
Added Capability to Delegate your Access Review Tasks to an Identity or an Identity Collection
Feature | Description |
---|---|
Delegation | Oracle Access Governance now provides the capability to delegate your tasks by setting up your preferences. In this release, from the My Preferences screen, you can delegate your access review tasks to an identity or to an identity collection. |
Note:
For this release, you must upgrade your current Oracle Access Governance agent to enable code-less integration with the systems. Refer Agent Example Usage to enable the auto-upgrade flag and upgrade your agent with the latest updates.February 2023 Update
What's New in the February 2023 Update
New Available Region in Central UAE: Abu Dhabi
Feature | Description |
---|---|
Available in UAE Central: Abu Dhabi | Oracle Access Governance rolls out its services and is now available in the UAE Central Abu Dhabi region. |
New Enterprise-wide Access functionality in Who Has Access to What
Feature | Description |
---|---|
Who Has Access to What | The Who Has Access to What capability now includes 360-degree visibility into organization resources, resource types, identities who can access these resources, and assigned permissions. Here, you can view a comprehensive list of all resources across various systems Orchestrated with Oracle Access Governance. |
Auto Upgrade Feature for Oracle Access Governance Agent in Orchestrated Systems
Feature | Description |
---|---|
New Auto Upgrade Flag for Oracle Access Governance Agent in Orchestrated Systems. | You can now automatically install updates for the Oracle Access Governance Agent by enabling the autoupgrade flag during the configuration process. Through this flag, a scheduled task is run every 24 hours that checks and/or installs any updates available for the Oracle Access Governance agent. This is a crucial step and you must set this to prevent any issues in communication from the agent to the Access Governance Service. Refer Agent Example Usage to enable the auto-upgrade flag. |
October 2022 Update
What's New in the October 2022 Update
Event-based Access Reviews
Feature | Description |
---|---|
Event-based Access Reviews | You can now launch event-based access reviews from Oracle Access Governance that initiate whenever a change is detected in a user lifecycle state or a user attribute, such as onboarding of new users, department change, job-code change, location change, retirement or exit of users, or manager change. Once configured, these are automatically triggered when one or more predefined event types occur. |
Access Review Scheduler
Feature | Description |
---|---|
Access Review Scheduler | You can now schedule and run the Access Review Campaigns periodically which can be Monthly, Quarterly, Half-Yearly, or Yearly. |
June 2022 Update
What's New in the June 2022 Update
On-Demand Access Reviews
Feature | Description |
---|---|
On-Demand Access Reviews | You can launch on-demand Access Review Campaigns to review user access assignments where individual access to a specific source is checked and either certified or remediated. |
Who Has Access to What
Feature | Description |
---|---|
Who Has Access to What | You can use the Who Has Access to What functionality as a user or a user manager to see the number of applications, permissions, and roles assigned to you (self) or to your direct reports. |
Identity Orchestration in Oracle Access Governance
Feature | Description |
---|---|
Identity Orchestration | Oracle Access Governance enables code-less integration with on-premises and cloud systems. You can now configure Identity Orchestration in Oracle Access Governance Console. This release supports Identity Orchestration set up between Oracle Access Governance and Oracle Identity Governance (OIG) system. |
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.