What's New for Oracle Access Governance

Here’s an overview of new features and enhancements added recently to improve your Oracle Access Governance experience.

Recent Updates in Oracle Access Governance

Here’s an overview of new features released, including documentation updates.

November 2024 Update

What's New in November 2024 Update

Preventive Segregation of Duties (SOD) Analysis using Oracle Fusion Cloud Risk Management and Compliance (RMC)

Feature Description
Segregation of Duties (SOD) Analysis for Oracle Fusion Cloud Applications Oracle Access Governance now supports preventive SOD checks through Oracle Fusion Cloud Risk Management and Compliance (RMC). With this update, Oracle Access Governance raises potential conflicts as part of access request approval task. Currently, the SOD violations check is scoped for Oracle Access Governance Access Bundles. For more details, see Manage Approvals.

Access Controls: Manage Assignment of OCI Cloud Services Application Roles

Feature Description
Assign users to OCI cloud service application roles from Oracle Access Governance You can now assign OCI cloud services application roles to identities with Oracle Access Governance. For this, package one or more OCI cloud services application roles in an access bundle, and assign it to users through a policy or an access request. You may further run identity access reviews for these assignments, if these are granted through user request.

Identity Access Reviews for OCI Permissions managed by Oracle Access Governance

Feature Description
Run Identity Access Reviews for OCI Permissions managed by Oracle Access Governance For assignments managed by Oracle Access Governance, you can certify identities assigned to OCI IAM groups and OCI cloud services application roles as part of OCI Access Bundles reviews (Grant Type as REQUEST).

Data Load Settings for Orchestrated Systems

Feature Description
Data Load Settings for Orchestrated Systems You can now set how often data should be loaded and updated between Oracle Access Governance and orchestrated systems. You can configure the timing and frequency for all orchestrated system except for Flat File and Oracle Cloud Infrastructure (OCI IAM). For more details, see Configure Data Load Schedule Settings for Orchestrated Systems.

September/October 2024 Update

What's New in September/October 2024 Update

Event Data Publisher in Oracle Access Governance

Feature Description
Event Data Publisher in Oracle Access Governance With Oracle Access Governance, you have the flexibility to export and continually publish data events to your cloud tenancy. You can export one-time and sequentially and continually publish ongoing data events to OCI Buckets or OCI Streams depending on the file size. See Event Data Publisher in Oracle Access Governance.

Orchestrated Systems

Feature Description
Database Application Tables (Oracle) and Oracle Database User Management
  1. Oracle Access Governance now supports the following:
    • Oracle Autonomous Database
    • Oracle Database 23ai, 19c, 18c or 12c as a single database, pluggable database (PDB), or Oracle RAC implementation
  2. Oracle Access Governance now supports wallet-based authentication, in addition to basic authentication. To enable this, download the autonomous database wallet to your agent host, and then configure the Easy Connect URL for Database field in the orchestrated system. For more details, see Configure Wallet for Autonomous Database Integration .
New Orchestrated System: Integrate with Oracle Health EHR (formerly Cerner Millennium) Oracle Health EHR (formerly Cerner Millennium): You can enable identity orchestration for provisioning of accounts in Oracle Health EHR (formerly Cerner Millennium) as a Managed System. See Oracle Health EHR ( formerly Cerner Millennium ) Integration Reference.

Delegations

Feature Description
Delegations
  • Oracle Access Governance Administrator (AG_Administrator) can now manage delegations on behalf of Oracle Access Governance users. User Managers user can now update delegations for users they manage directly.
  • To manage delegation settings, you can access delegations from multiple paths within the Oracle Access Governance Console.

See Manage Delegation Preferences.

Microsoft Entra ID Group Management

Feature Description
Microsoft Entra ID Group Management You can now manage group for Microsoft Entra ID. Oracle Access Governance supports provisioning of Security Group and Office Group using the Identity Collections functionality.

August 2024 Update

What's New in August 2024 Update

New Application Roles in Oracle Access Governance

Feature Description
New Application Roles related to Orchestrated System New Application Owner Roles introduced for Orchestrated System:
  • AG_AppOwner_Admin: Can create, manage, and configure all the integrations as part of Orchestrated systems. See Application Owner Administrator.
  • AG_AppOwner_Admin_Restricted: Can create new integrations with other systems by adding an Orchestrated system but manage and configure the integrations or resources that they own, as a resource owner. See Application Owner Restricted Administrator.

See Predefined Application Roles Reference listing all application roles.

New Application Roles related to Access Controls New Access Control Restricted Administrator Role introduced for Access Controls:
  • AG_AccessControl_Admin_Restricted: Can create all the resources included in the Access Control module, such as Roles, Identity Collections, Policies, Approval Workflows, Access Bundles, and Organizations. However, they can manage only the integrations or resources that they own, as a resource owner. See Access Control Restricted Administrator.

See Predefined Application Roles Reference listing all application roles.

Run Ownership Reviews and Identity Access Reviews based on Direct Permissions

Feature Description
Ownership Reviews You can schedule campaigns to review ownership of resources that are created within Oracle Access Governance, either periodically or on an ad hoc basis. By performing this review, you can ensure accountability of resources lies only with the designated owners. See Resource Ownership.
Run Identity Access Reviews for directly assigned permissions You can now quickly certify privileges for all Orchestrated systems based on the permissions ingested directly (DIRECT) from a Managed System without provisioning it first from Oracle Access Governance. See Identity Access Reviews based on Permissions Assigned Directly in Managed Systems.

Add Resource Owners

Feature Description
Add Primary and Additional Owners for Orchestrated Systems, Access Control Resources, and Organizations You can now add primary and additional owners for Oracle Access Governance resources. Any Oracle Access Governance active identity can be assigned as the resource owner. All the owners can read, update, or delete the resources that they own. See Add Primary and Additional Owners.

Orchestrated Systems

Feature Description
New Orchestrated System: Integrate with Oracle Fusion Cloud Applications Oracle Fusion Cloud Applications: You can enable identity orchestration, including on-boarding of identity (user) data, and provisioning of accounts for Oracle Human Capital (HCM) and Oracle Enterprise Resource Planning (ERP) accounts. This includes using Oracle Fusion Cloud Applications as an Authoritative source and as a Managed System for account provisioning. See Integrate with Fusion Cloud Applications.
New Orchestrated System: Integrate with Database Application Tables (Oracle) Database Application Tables (Oracle): You can enable identity orchestration, including on-boarding of identity (user) data, and provisioning of accounts for Database Application Tables (Oracle) both as an Authoritative source and as a Managed System. See Integrate with Database Application Tables (Oracle).
Configure Account Settings You can now configure the account settings to support the Joiners, Movers, and Leavers process for your Orchestrated system. You can configure to send email to user or user manager when a new account is created. You can also choose to either disable or delete the account whenever an identity moves within or leaves your enterprise.

Access Controls

Feature Description
Provisioning Users to OCI IAM groups from Oracle Access Governance You can now provision users to OCI IAM groups from Oracle Access Governance. You can package multiple OCI IAM groups in an access bundle, and provision it to users through a policy or an access request.
Identity Lifecycle - Joiners, Movers, Leavers Process New article describing automated provisioning for Joiners, Movers, and Leavers (JML) process in Oracle Access Governance. See Identity Lifecycle Management .

New Articles for My Access and Language Support

Feature Description
Self-Service - My Access New article on viewing your access details and managing your accounts in Oracle Access Governance. See View Access Details and Manage Account.
Language Support in Oracle Access Governance New article that lists various languages supported by Oracle Access Governance Console and steps to update your browser's locale settings. See Supported Languages in Oracle Access Governance.

July 2024 Update

What's New in July 2024 Update

Access Reviews

Feature Description
Access Reviews Fallback Mechanism New fallback process is introduced to assign a valid reviewer or a campaign owner whenever an invalid reviewer or an invalid campaign owner is detected. This will prevent sudden termination of a campaign.
New or Updated Access Reviews Articles New or updated articles for Access Reviews:
  • Access Reviews in Oracle Access Governance - Certify Access Privileges with Campaigns and Event-Driven Micro Certifications
  • Working with Access Review Campaigns
  • Create Identity Access Review Campaigns
  • Create Policy Review Campaigns
  • Create Identity Collection Review Campaigns
  • Manage and Monitor Access Review Campaigns
  • Micro-Certifications: Event Driven Access Reviews
  • Configure and Manage Event-based Access Reviews
  • Understanding Reviewer's Actions for Effective Access Reviews
  • Perform Access Reviews - Evaluate and Certify Access Review Tasks

June 2024 Update

What's New in June 2024 Update

Orchestrated Systems

Feature Description
Integrate with Orchestrated Systems PeopleSoft: You can now perform identity reconciliation, user management, and role assignment with PeopleSoft integration.

May 2024 Update

What's New in May 2024 Update

Who Has Access to What

Feature Description
Who Has Access to What Enterprise-wide Browser
As an Enterprise-wide Access Administrator or Administrator, get a comprehensive and centralized view of access information across your enterprise. Enterprise-wide Browser allows you to:
  • Browse through access information using various perspective views, such as identities, identity collections, roles, permissions, policies, resources, and organizations.
  • Use search capabilities and advanced filters to optimize your search query and locate specific access information.
  • Customize the default access profile layout by hiding or showing columns or reordering columns for a better user experience.
  • Run user-created identity and access control reviews and view the access review report.
  • Download the CSV file for the first 500 records available in the access profile view or download the PDF screenshot of the access detail.
Who Has Access to What My Access

As an Oracle Access Governance user, you can view access profile details in the self service section. Go to My StuffMy Access to view your access details. The account details visible on the My Accounts page is now available on the My AccessAccounts page.

Notifications

Feature Description
Notifications The following enhancements have been added to notifications:

OCI Data Handling

Feature Description
OCI Data Handling The Identity Attributes functionality has been enhanced to provide the ability to define which OCI domain Oracle Access Governance should use as the source of truth when ingesting identity data from a multi-domain OCI instance.

Integrations

Feature Description
System Integration PeopleSoft: You can now perform identity reconciliation, user management, and role assignment with PeopleSoft integration.
Integrations Updated Data Transformation topic within the Integration documentation.

March/April 2024 Update

What's New in March/April 2024 Update

Orchestrated Systems

Feature Description
Integrate with Orchestrated Systems
  • EntraID: Configuration has been updated to allow for certificate-based authentication, in addition to existing client secret authentication.
  • Oracle Identity Governance: Configuration of the OIG Orchestrated System now includes data filters to limit the data transported and ingested from Oracle Identity Governance.
Integrate with Orchestrated Systems Integration documentation for the following managed systems has been updated:
  • Oracle Identity Governance Agent: Additional prerequisites added. Troubleshooting section added.

Integration

Feature Description
New/Updated Integration Articles New/updated articles for integration:
  • Identity Orchestration Overview
  • Identity Orchestration Components
  • Identity Orchestration Process Flow
  • Manage Oracle Access Governance Agent for Indirect Integrations
  • Manage Integrations with Orchestrated System
  • Configure Settings for an Orchestrated System
  • Supported Integrations with Oracle Access Governance
  • Data Rules to Customize and Transform Identity and Account Attributes
Integration Landing Page Integration landing page has been updated:
  • The Integration landing page has been redesigned to include new integration articles, and to provide a drop down list for each specific integrations which, when selected, will display all relevant content relating to the chosen integration system.

February 2024 Update

What's New in February 2024 Update

Orchestrated Systems

Feature Description
Integrate with Orchestrated Systems You can now integrate Oracle Access Governance with:
  • Generic REST: You can perform user management and teams group assignment tasks via Oracle Access Governance.
  • Oracle Siebel: You can perform user management and role grant management operations via Oracle Access Governance.

Unmatched Accounts

Feature Description
Delete Unmatched Accounts You now have the option to delete accounts which are unmatched from a Managed System. This is in addtion to the current functionality allowing you to match an unmatched account to an identity.

Configurable Notifications

Feature Description
Configurable Notifications You can now customize and configure notifications. Notifications are sent for different types of event. You can now customize notifications in the following ways:
  • Set the default logo
  • Set the default language in which notifications are sent
  • Enable notification type
  • Disable notification type
  • Set Subject for the notification email
  • Set content for the notification email body

Data Transformation and Matching Rules

Feature Description
Identity Attributes For custom identity attributes, you now have the option to add a rule on how the attribute is populated. You can either use the value directly, or you can create a rule around the active value.

January 2024 Update

What's New in January 2024 Update

Orchestrated Systems

Feature Description
Integrate with Orchestrated Systems You can now integrate Oracle Access Governance with:
  • Microsoft Teams: You can perform user management and teams group assignment tasks via Oracle Access Governance.
  • Oracle Primavera: You can perform user management and role grant management operations via Oracle Access Governance.

Data Transformation and Matching Rules

Feature Description
Outbound and Inbound Data Transformation You can transform the data coming into Oracle Access Governance or going out (provisioned) of Oracle Access Governance. You can apply transformation rules on the inbound and the outbound data, by writing methods in JavaScript, for objects, identity (user) object, account object, and custom user attributes.
Matching Rules You can now use matching or correlation rules to avoid orphan or unmatched accounts during the data ingestion process. You can set up these rules to match the identity data imported from different authoritative sources, and/or match multiple accounts with an identity to avoid unmatched account.

December 2023 Update

What's New in December 2023 Update

Orchestrated Systems

Feature Description
Integrate with Orchestrated Systems You can now integrate Oracle Access Governance with Oracle Fusion Cloud Applications. With this integration, you can perform User management and Role grant management operations through Oracle Access Governance.

Outbound Data Transformations

Feature Description
Outbound Data Transformation Through Oracle Access Governance, you can now perform data transformation on the data provisioned into the Orchestrated system account.

Identity Collection can manage a new or existing Active Directory group on a Orchestrated System

Feature Description
Identity Collection can manage a new or existing Active Directory group on a Orchestrated System While creating an identity collection in Oracle Access Governance, you can now opt to manage a group on a Orchestrated system. The selected (new or existing) group in this Orchestrated system will be managed by this identity collection.

Reassignment of Identity and Access Reviews

Feature Description
Reassign Identity and Access Reviews Oracle Access Governance gives you the provision to reassign identity reviews and/or access review items to other users. In reassignment, the review tasks will be moved from the original reviewer and gets assigned to the new reviewer.

Access Governance Organization

Feature Description
Oracle Access Governance Organizations Oracle Access Governance administrators can now structure identities and form relationships between identities by creating and managing Organizations in the Oracle Access Governance Console.

Approval Workflows in the Event-Based Access Reviews

Feature Description
Approval Workflows in the Event-based Access Reviews You can now configure approval workflows for all the three event types - change event, timeline event and multi-event access reviews.

Unmatched Accounts Access Reviews

Feature Description
Unmatched Accounts Access Reviews You can now review unmatched accounts via event-based access reviews. This allows application owners and custom users to match an unmatched account to an existing Oracle Access Governance identity, or remove the account from the Orchestrated system.

Enhancement in Reporting of Campaign Details

Feature Description
Campaign Details' Report Enhancement In the campaign details page, for approval workflow summary, you can see count of total and pending reviews. A new link, View pending link, has been added that provides reviewer details, such as reviewer's name, email addresses, and count of pending reviews with each of them.

November 2023 Update

What's New in the November 2023 Update

Orchestrated Systems

Feature Description
Orchestrated Systems The following types of Orchestrated System have been added to Oracle Access Governance:
  • Eloqua
  • NetSuite
  • Microsoft SQL Server
  • Microsoft Entra ID (formerly Microsoft Azure Active Directory
  • Flat File
Unmatched Accounts The ability to manage unmatched accounts has been added. You can search for unmatched accounts, and where appropriate, match them to an Oracle Access Governance identity.
OCI Group Membership Review OCI IAM group memberships can now be reviewed as part of Identity Collection access reviews.
Timeline Event Based Micro-certification Timeline based micro-certification to trigger user access reviews based on specific dates, such as anniversary dates, has been added to the Event-Based Access Review functionality.
Active Directory group management AD groups can now be managed from Oracle Access Governance using the Identity Collections functionality.

September 2023 Update

What's New in the September 2023 Update

Time-based Events

Feature Description
Time-based Events Time-based Events refer to an event which is raised for a particular date, for example, weekly, monthly, or when a user is granted access to an application on a given date, which is subject to an annual review. A review task is generated for the user on the date configured for the time-based event, to determine if the permission associated with the event is still appropriate

July 2023 Update

What's New in July 2023 Update

List Requests that needs Approvals

Feature Description
Approvals

The Approvals page in the Oracle Access Governance console, lists access requests requiring your attention. All requests requiring approval will be displayed. These requests are listed as one access per row. If a request is made for multiple accesses, for example access to a database, a directory, and a cloud service, then this will be displayed as 3 rows requiring separate approvals in your approval list.

Viewing Access Requests

Feature Description
View My Requests

The My Access Requests screen, in the Oracle Access Governance console displays a list of access request raised by the logged-in user for Self or for others. You can either view the details, cancel a request or can provide information on the requests.

Request Access for Yourself or for Other Users

Feature Description
Request Access

As an Oracle Access Governance user you can request access to resources and roles. Requests can be made for yourself, or for others. This process creates an access request which is subject to an approval workflow.

Simplifying Process of Requesting Resource Permission

Feature Description
Create and Manage Access Bundle

An Access Bundle is a collection of permissions that packages access to resources, application features, and functionality into a requestable unit.

To access a particular resource, you do not have to request each permission associated with that resource individually, instead you request an access bundle containing all permissions associated with that resource. This simplifies the process of requesting resource permissions.

Using Oracle Access Governance console, you can now create a new access bundle and manage it.

Maintain Policies within your Oracle Access Governance Service

Feature Description
Manage Polices

Using policies you can now provide access to resources within your organization. These policies associate resources and permissions with identities by means of roles and access bundles. You can create and manage policies by using Oracle Access Governance Console.

Manage Roles

Feature Description
Manage Roles

You can now create and manage roles using Oracle Access Governance console. These roles are a group of access bundles. The access bundles contained within a role can span multiple targets. For example, a Database Administrator role groups together the DBAdmin_Oracle, DBAdmin_DB2, and DBAdmin_MySQL access bundles. To use a role you must associate identities to it via a policy.

Create and Manage Approval Workflow

Feature Description
Create and Manage Approval Workflow

In Oracle Access Governance, every permission, access request, or role that needs to be assigned to a user must be processed through an approval workflow. You as a resource administrator can design an approval workflow by specifying the required approval level and the number of approvers.

Later, as a Permission Manager you can use these workflows to obtain approvals before assigning or revoking user privileges.

You as a resource administrator can monitor and manage the approvals using the Oracle Access Governance Console.

Integrate Oracle Access Governance with Target Systems

Feature Description
Integrate with Orchestrated Systems
You can now connect Oracle Access Governance with the following systems by entering connection details and credentials for the target system.
  • Active Directory
  • Oracle e-Business User Management (UM)
  • Oracle e-Business Employee Reconciliation (HRMS)
  • Database User Management (Oracle)
  • Oracle Unified Directory
  • Oracle Internet Directory
  • Database User Management (MySQL)
  • Database User Management (DB2)

May 2023 Update

What's New in May 2023 Update

New License Types for Oracle Access Governance

Feature Description
New License Types Oracle Access Governance rolls out new license types for its users:
  • Access Governance for Oracle Cloud Infrastructure
  • Access Governance for Oracle Workloads

Added Identity Activation Rules for License Management in Oracle Access Governance

Feature Description
Manage Identities You can now optimize Oracle Access Governance instance operating cost by managing which identities can use the Oracle Access Governance service. Identities excluded from the service will not have access to Oracle Access Governance functionality and will not be billed.

Identity Orchestration: Integrate Oracle Access Governance with Oracle Cloud Infrastructure Identity and Access Management (OCI IAM)

Feature Description
Integrate with OCI IAM You can now implement code-less integration of Oracle Access Governance directly with cloud services. This release supports Identity Orchestration set up between Oracle Access Governance and Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) system.

Policy Reviews

Feature Description
Policy Reviews You can review OCI IAM policies either one-time or periodically from Oracle Access Governance by creating Policy Review campaigns. In this campaign, access control of each cloud resource is evaluated up to the policy statement-level. The policy statements can either be accepted or revoked.

Who Has Access to What: Enterprise-wide Access and Individual's Access to Cloud Resources

Feature Description
Who Has Access to What The Who Has Access to What capability now includes:
  • Ability to see individual's access to cloud resources. On the My Access page, you can now select a specific option from the Group by drop-down to view access to cloud resources assigned to you.
  • 360-degree visibility into organization's cloud resources, identities who can access these resources, and assigned permissions. Here, you can view a comprehensive list of all resources across various systems or cloud tenancies Orchestrated with Oracle Access Governance.

New Capability that supports Custom Identity Attributes in Oracle Access Governance

Feature Description
Custom Identity Attributes. Oracle Access Governance now supports custom identity attributes in addition to core identity attributes for running various Oracle Access Governance operations.

Introduced Identity Collections functionality in Oracle Access Governance

Feature Description
Identity Collection You can now create and manage a collection of identities to perform Oracle Access Governance functions collectively on a group rather than performing for each individual identity. You can create an identity collection either by defining conditional rules, known as Membership Rules, and/or by directly selecting identity names.

Added Capability to Delegate your Access Review Tasks to an Identity or an Identity Collection

Feature Description
Delegation Oracle Access Governance now provides the capability to delegate your tasks by setting up your preferences. In this release, from the My Preferences screen, you can delegate your access review tasks to an identity or to an identity collection.

Note:

For this release, you must upgrade your current Oracle Access Governance agent to enable code-less integration with the systems. Refer Agent Example Usage to enable the auto-upgrade flag and upgrade your agent with the latest updates.

February 2023 Update

What's New in the February 2023 Update

New Available Region in Central UAE: Abu Dhabi

Feature Description
Available in UAE Central: Abu Dhabi Oracle Access Governance rolls out its services and is now available in the UAE Central Abu Dhabi region.

New Enterprise-wide Access functionality in Who Has Access to What

Feature Description
Who Has Access to What The Who Has Access to What capability now includes 360-degree visibility into organization resources, resource types, identities who can access these resources, and assigned permissions. Here, you can view a comprehensive list of all resources across various systems Orchestrated with Oracle Access Governance.

Auto Upgrade Feature for Oracle Access Governance Agent in Orchestrated Systems

Feature Description
New Auto Upgrade Flag for Oracle Access Governance Agent in Orchestrated Systems. You can now automatically install updates for the Oracle Access Governance Agent by enabling the autoupgrade flag during the configuration process. Through this flag, a scheduled task is run every 24 hours that checks and/or installs any updates available for the Oracle Access Governance agent. This is a crucial step and you must set this to prevent any issues in communication from the agent to the Access Governance Service. Refer Agent Example Usage to enable the auto-upgrade flag.

October 2022 Update

What's New in the October 2022 Update

Event-based Access Reviews

Feature Description
Event-based Access Reviews You can now launch event-based access reviews from Oracle Access Governance that initiate whenever a change is detected in a user lifecycle state or a user attribute, such as onboarding of new users, department change, job-code change, location change, retirement or exit of users, or manager change. Once configured, these are automatically triggered when one or more predefined event types occur.

Access Review Scheduler

Feature Description
Access Review Scheduler You can now schedule and run the Access Review Campaigns periodically which can be Monthly, Quarterly, Half-Yearly, or Yearly.

June 2022 Update

What's New in the June 2022 Update

On-Demand Access Reviews

Feature Description
On-Demand Access Reviews You can launch on-demand Access Review Campaigns to review user access assignments where individual access to a specific source is checked and either certified or remediated.

Who Has Access to What

Feature Description
Who Has Access to What You can use the Who Has Access to What functionality as a user or a user manager to see the number of applications, permissions, and roles assigned to you (self) or to your direct reports.

Identity Orchestration in Oracle Access Governance

Feature Description
Identity Orchestration Oracle Access Governance enables code-less integration with on-premises and cloud systems. You can now configure Identity Orchestration in Oracle Access Governance Console. This release supports Identity Orchestration set up between Oracle Access Governance and Oracle Identity Governance (OIG) system.