Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Integrate Oracle Access Governance with Microsoft Entra ID

Introduction

Oracle Access Governance is a cloud native solution helps meet governance and compliance requirements across many applications, workloads, infrastructures, and identity platforms. It provides organization wide visibility and capabilities to identify anomalies and mitigate security risks across cloud and on-premises environments. Using advanced analytics, Oracle Access Governance offers an intuitive user experience, providing recommendations and insights into access entitlements, behaviors, and risks.

Audience

• Oracle Access Governance and Microsoft Entra ID administrators.

Objectives

• Set up Enterprise Application in Microsoft Entra ID admin center.

• Configure Microsoft Entra ID integration in Oracle Access Governance console.

Prerequisites

• Oracle Access Governance service instance provisioned in Oracle Cloud Infrastructure (OCI). For more information, see Set Up Service Instance.

• Oracle Access Governance administrator rights.

• Microsoft Entra ID system with Cloud Application Administrator rights.

Task 1: Set up Enterprise application in Microsoft Entra ID Admin Center

1. Log in to the Microsoft Entra admin center as Cloud Application Administrator and click Microsoft Entra ID.

   

2. Navigate to Manage, App registrations and click New registration.

   

   

3. Enter the following information and click Register to complete the initial app registration.

   Note: In this tutorial, we are building a single tenant application for use only by users (or guests) in tenant.

   • Name: Enter Oracle-Access-Governance.
   • Supported Account types: Select Accounts in this organizational directory only.
   • Redirect URI: Select Public client/native and enter https://localhost.

   

4. In the App registrations page, select your application Oracle-Access-Governance and navigate to Certificates & secrets, Client secrets and click New client secret.

   

5. Enter Description, select an Expires value for the secret or specify a custom lifetime for your client secret and click Add.

   

   Note: Ensure that you note down the secret value for use in your client application code. This secret value cannot be retrieved after you leave this page.

6. Navigate to API permissions, Add a permission and select My APIs.

7. Select the Microsoft Graph API and grant the following delegated and application permissions.

   • Delegated Permission:

     • Directory.ReadWrite.All
     • Group.ReadWrite.All
     • GroupMember.ReadWrite.All
     • User.Read
     • User.ReadWrite

   • Application Permission:

     • Directory.ReadWrite.All
     • Group.ReadWrite.All
     • GroupMember.ReadWrite.All
     • User.ReadWrite.All
     • RoleManagement.ReadWrite.Directory

8. Click Grant Admin Consent to provide directory-wide full permissions to perform the related API tasks for an integrated system.

   

9. Click Overview and note down the Tenant ID and Client ID for later tasks.

   

   

Task 2: Establish Connection between Microsoft Entra ID and Oracle Access Governance in Oracle Access Governance Console

1. Log in to the Oracle Access Governance console as Domain Administrator and click the hamburger menu (≡) from the top left corner. Navigate to Service Administration and Orchestrated Systems.

2. Click Add an orchestrated system.

   

3. Select Microsoft Entra ID and click Next.

   

4. Enter the following information for the orchestrated system and click Next.

   • What do you want to call this system?: Enter OAG-EntraID.
   • How do you want to describe this system?: Enter Integrate OAG with Entra ID.
   • Select This is the authoritative source for my identities and I want to manage permissions for this system for it to be an authoritative source and manage permissions for this system.

   

5. In the Integration settings page, enter the following information and click Add to create the orchestrated system.

   • Host: Enter graph.microsoft.com.
   • Port: Enter 443.
   • Authentication Server Url: Enter your tenant ID obtained in Task 1. For example, https://login.microsoftonline.com/<Primary Domain or Directory(tenant ID)>/oauth2/v2.0/token.
   • Client ID: Enter the client ID obtained in Task 1. The client ID, also known as application ID, is obtained when registering an application in Microsoft Entra ID.
   • Client Secret: Enter the client secret ID value obtained from Task 1. This secret ID value is to authenticate the identity of your system.

   

6. You are given a choice whether to further configure your orchestrated system before running a data load. Accept the default configuration and initiate a data load. Select Activate and prepare the data load with the provided defaults.

7. The data load is successful. You can view the integration status which should display Success for Validate, Lookup Data Load and Full Data Load operations.

   

Related Links

• Integrate with Microsoft Entra ID (formerly Azure Active Directory)

• Oracle Access Governance

• Oracle Access Governance FAQ

Acknowledgments

• Author - Indiradarshni Balasundaram (Cloud Security Engineer)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Integrate Oracle Access Governance with Microsoft Entra ID

G12152-01

July 2024

Copyright ©2024,

Oracle and/or its affiliates.