Oracle Identity Governance

Comprehensive Identity and Access Governance for Rapid, Actionable Compliance

The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.

Oracle Identity Governance gives you a purposeful solution for these governance challenges. It provides a unique focus in Identity Governance by combining access grants and access monitoring. Users are thereby able to procure access when they need it. Oracle Identity Governance Suite offers you also a preventative and controlling monitor tool to ensure that users have just enough access to fulfill their job responsibilities. This will offer you a closed loop governance by using a common data model and a platform based architecture which is fully integrated with your identity and access management solution.

Oracle Identity Governance Suite is part of Oracle Identity Management 11G release 2. This release contains also:

  • Oracle Identity Manager
  • Oracle Identity Analytics
  • Oracle Privileged account manager

This together offers a complete and integrated, next-generation identity management platform that provides enormous scalability; enables rapid compliance; secures sensitive applications and data; works on premise and in the cloud while reducing operational costs by improving control.

With this new way of combining security and productivity you will not only be able to use your identity at the office. You can take it with you on your phone, in the cloud and across the social world.

Identity Governance Suite Components

Provisioning(Granting / enabling)
Access request
Privileged account request
Role lifecycle management
Check-in / check-out

De-provisioning(Monitoring / disabling)
Identity certifications
IT audit monitoring
Rogue detection & reconciliation
Reporting & privileged access monitoring

Besides those two parts of functionality which both covers four unique government challenges there is also the heart of the Oracle Identity Governance Suite in place. This heart is called the Access Catalog. The access catalog provides a storage of various access rights across applications and platforms in addition to comprehensive catalog management capabilities.  This  catalog contains a continuous job which automatically harvests new information about privileges and entitlements when they become available in the target systems or when roles are defined or modified in the role management features build in this solution. Automatically harvested data can be enriched with descriptions and risk levels to make it more business user friendly.

Access requests

Procure access by filling a browser based form, it is now possible with Oracle Identity Governance Suite. The procurement looks just like a normal web shop, instead of now you are shopping for entitlements. This will increase the user experience trough the high level of user friendliness. This will also create a bigger awareness for the user.

Privileged account management

All enterprises are familiar with highly privileged administrator accounts which can do enormous harm to even their most sensitive systems and applications. The number of privileged accounts is increasing with the addition of every server, device or application to manage. To address this challenge a privileged account manager is included in the Oracle Identity Governance Suite. It enables the separation of privileges, self-service requests to privileged accounts and provides password auditing and reporting. The privileged account manager can for example manage your credential store, policy store, wallet, authentication, authorization, and audit application programming interfaces.

Role Lifecycle management

Role lifecycle management begins with the definition of roles. Oracle Identity Governance Suite offers a unique combination of tools to define enterprise roles while achieving a role governance process. Role discovery is a comprehensive set of market leading tools of role mining and analytics that utilize the discovery of roles in an enterprise environment.

IT Audit monitoring

A well known fact for many enterprises is that most of the computer-related criminal activity is a result of activities performed by insiders. Fraud detection is one of the most important topics in identity and access management for today’s enterprises. Therefore it is very important to implement a solution to prevent such illegal activities. IT Audit monitoring helps with identifying conflicting and violating roles, privileges and entitlements for a single user.

Audit & reporting

Oracle Identity governance Suite enables a huge set of reporting possibilities. It offers for example the following out of the box reports:

  • Roles assigned to Users within each business unit in the enterprise
  • Accounts associated to Users within each business unit in the enterprise
  • Roles and associated policies within each unit in the enterprise
  • Lists of all entitlements, roles, applications and their owners
  • High privileged entitlements associated to users in the enterprise
  • Operational exception reports classifying any missing data required for important correlations such roles without any policies, users with no roles, users with no entitlements, business unit with no associated users and so on
  • Expiration forecast reports specifying user expiration, role expiration and role to user expiration
  • Terminated user reports displaying terminated users in the enterprise for historical reporting
  • Assigned vs. actual reports displaying users with access outside their roles
  • Orphan Account dashboards providing the ability to accurately determine rogue accounts or assign accounts to their rightful owners
  • Remediation Tracking Dashboards providing a comprehensive audit trail of revoked access (during certification reviews) and their remediation status
  • Identity Audit Violations with a comprehensive exception management audit trail displaying action taken by remediators to correct IT Audit exceptions caused due to toxic combinations of user access
  • Reports detailing who checked out privileged account passwords over a given period of time