Organizations face mounting pressure to balance operational efficiency with robust security controls. Oracle Access Governance continues to address these challenges, delivering continuous innovation with each release. The latest service updates introduce key features designed to strengthen security practices and enhance identity lifecycle management.
Time-Bound Access
Consider this: a developer needs administrative access to fix an application issue. The application owner grants that access and the issue is resolved, but the permissions are never revoked. Weeks later, the developer still holds the administrative rights, creating a security risk with overly privileged access or access creep.
Access Governance’s new time-bound access feature transforms how organizations manage temporarily elevated permissions. This intelligent capability ensures that access is granted precisely when needed and automatically revoked when no longer required. Some key capabilities of this feature:
- Configurable Time Limits: Application owners can define maximum allowed access durations for different types of access bundles.
- User-Driven Requests: End users can request access for specific time periods within the configured limits by selecting exact start and end dates.
- Approval Workflows: Approvers have the flexibility to reduce or increase grant time, if required.
- Grant Extensions: Access can be extended through formal approval processes when required.
- Review Extensions: Access reviewers can extend grants for limited periods during access review cycles.
- Automatic Revocation: Access is automatically removed when the access duration expires, eliminating the risk of forgotten permissions.
Time-bound access control in Oracle Access Governance enables organizations to benefit from a reduced attack surface, simpler compliance audits, and can help eliminate forgotten temporary access.
Multi-affiliations
Business owners struggle to monitor users’ job-roles when they work in different roles within the organizations – for example, a doctor working as both a practicing physician at a university hospital and an adjunct professor in the medical school. This often leads to confusion in understanding users’ access.
Oracle Access Governance solves this problem through multi-affiliations. Now, organizations can create multiple affiliations in Access Governance for multiple job profiles, enabling flexible identity representation. New identity attributes can be defined to hold affiliation data, such as project assignments, HR job codes, and more. The affiliation data can be used to define:
- Granular Access Control – including identity collection, organization, access guardrails condition
- Access Reviews – including periodic or event-based certification
These definitions provide better visibility into users’ access and reduce administrative overhead while maintaining a single identity for multiple affiliations.
Enhanced Access Reviews
Access Reviews are a key pillar of robust identity governance, but organizations need flexibility in how they structure their campaigns. Specifically, different business situations call for certain levels of review granularity. With the latest update to Oracle Access Governance, campaign owners now have more control over the scope of their access reviews:
- Permissions-Only Reviews: Focus certification efforts exclusively on the permissions assigned to users
- Comprehensive Reviews: Certify both permissions and accounts assigned to users, providing complete visibility into user access profiles
This granularity makes reviews faster, tightly focused, and allows organizations to tailor their access review campaigns based on specific compliance requirements, operational needs, or governance objectives.
Extending Governance with More Native Integrations
Oracle Access Governance continues to extend application integration capabilities. This broad integration landscape helps organizations gain centralized control over access governance across multiple database environments, even running on multi-cloud setups. The integrations catalog now includes:
- Extended integrations with databases – Postgre SQL: Access Governance now offers out-of-the-box integration with Postgre SQL databases for user management operations. Other Databases that can be integrated are Oracle Database (23ai and earlier releases), Oracle Autonomous Database, MySQL, SQL Server, and IBM DB2.
- ServiceNow User Management: Access Governance now provides identity orchestration, reconciliation, and centralized provisioning of identity accounts for ServiceNow, both as an Authoritative Source and a Managed System.
- Support for Microsoft Active Directory Lightweight Directory Services: Access Governance now supports integration with Active Directory Lightweight Directory Services (AD LDS) as an extension to the existing integration with Microsoft Active Directory.
- Safer authentication with Oracle Fusion Cloud Applications: You can now integrate Access Governance with Fusion Cloud Applications using OAuth-based authentication than using basic authentication.
The latest updates to Oracle Access Governance deliver a powerful suite of features designed to easily enable centralized identity lifecyle management and access governance. Access Governance continues to expand its capabilities in helping organizations optimize their operations, protect their data, and achieve compliance adherence goals. As organizations continue to embrace Zero Trust Architecture and cloud-first strategies, Access Governance provides the foundation for secure, efficient, and compliant security controls at scale.
Learn more about how Access Governance can help secure your organization:
- Oracle Access Governance Product Page
- Oracle Access Governance for OCI Pricing
- OCI Identity and Access Management Product Page
- Oracle Access Governance for OCI Documentation
- Oracle Access Governance for OCI Announcement Blog
- Oracle Access Governance for OCI IAM Blog