Automatic configuration of Oracle Access Governance: Landing Zones or Standalone Scripts

April 18, 2024 | 3 minute read
Anbu Anbarasu
Architect - Technical Program Management
Text Size 100%:

The Oracle Cloud Adoption Framework provides best practices and prescriptive guidance for any organization to plan, adapt, and iterate while adopting the cloud. The Cloud Adoption Framework helps ensure a smooth onboarding process to Oracle Cloud Infrastructure (OCI) tenancy and the optimal use of cloud resources. The framework divides the cloud adoption process into six conceptual pillars, each with key capabilities, shown in Figure 1.

The Oracle Cloud Adoption Framework Conceptual Pillars
Figure 1: The Oracle Cloud Adoption Framework Conceptual Pillars

Read more information about Cloud Adoption Framework.


One of the key capabilities defined in the Cloud Adoption Framework security pillar is access governance. Oracle Access Governance is a cloud native identity governance and administration service that provides enterprise-wide visibility to govern access to cloud and on-premises environments. With an intuitive user experience, dynamic access control, and prescriptive analytics driven access review process, it helps customers automate access provisioning, get insights into access permission and cloud infrastructure policy reviews, identify anomalies, and remediate security risks.


The technology implementation pillar focuses on transforming your governance and security model into a cloud environment that is deployed to meet the organization's needs. Organization’s goals can be realized by deploying a landing zone. A landing zone is a cloud environment that is built from an automated template. The landing zone serves as the foundation for your cloud deployment.


Oracle Enterprise Landing Zone is a set of services and components that are deployed in your OCI tenancy to establish a secure and scalable foundation for running enterprise workloads. It is a set of Terraform modules that are designed to make it easy to set up a secure and compliant multi-account infrastructure in OCI. Oracle Enterprise Landing Zone is composed of two landing zone stacks. The first stack deploys the core infrastructure components, and the second stack is the workload expansion, which deploys workload-specific architecture components forming the baseline for a workload deployment into the landing zone. Learn more about Oracle Enterprise Landing Zone.


Oracle Access Governance is now officially part of the Oracle Enterprise Landing Zone. Any customers who deploy Oracle Enterprise Landing Zone will have an Oracle Access Governance instance automatically created and integrated with OCI. With this capability, customers will have the ability to govern their OCI tenancy as soon as they deploy the landing zone. See more information about the Oracle Access Governance module in the landing zone.


To configure Oracle Access Governance automatically in OCI tenancies, you don’t need to deploy the full landing zone stack. There is a standalone version of the Oracle Access Governance Terraform scripts that can be run by any customers regardless of whether they are using the landing zone or not. This standalone version supports both Command Line and Oracle Resource Manager stack. See these standalone Oracle Access Governance scripts.


On the configuration side, there are two sets of parameters required for successfully setting up Oracle Access Governance through either of these approaches – the landing zone or standalone. The first one is the parameters required for creating the Oracle Access Governance service instance. These include tenancy information, administrator credentials, and the details of Oracle Access Governance service instance. The second set includes parameters to connect to the local OCI tenancy. With these parameters, the landing zone or standalone script will be able to configure Oracle Access Governance in the target tenancy.


Once the configuration is completed, you can proceed with assigning the Oracle Access Governance application roles to users and activate the users you want to govern in the Manage Identities section of the console. Then, you’re all set to govern your OCI tenancy using Oracle Access Governance. To learn more about Oracle Access Governance, refer to our documentation.

Anbu Anbarasu

Architect - Technical Program Management

Anbu has published a number of articles/whitepapers in leading technical magazines and has presented in several conferences including Oracle OpenWorld. He is also one of the primary authors of IT Strategies from Oracle (ITSO) and Oracle Reference Architecture (ORA) which includes Oracle Cloud Reference Architecture. Anbu has been with Oracle since 1999, working in various groups including Sustaining Engineering, Consulting, Solution Architecture, Enterprise Architecture, and Product Marketing.

Previous Post

Oracle supports Valkey

Karan Singh | 3 min read

Next Post

Using AI to improve PAR levels in inventory management in healthcare with OCI technology

Vaijayanti Joshi | 5 min read