Oracle Identity Governance 12.2.1.

Identity is the New Control Plane for the Evolving Enterprise

As compliance and regulatory requirements continue to evolve, companies are Key Features
increasingly dependent on their identity infrastructure. Oracle Identity
• Simplified, business friendly
Governance (OIG) 12c provides complete lifecycle management and rich self-service interface drives
access entitlement controls across a wide range of services both in the cloud productivity and can
and on-premises. OIG 12c helps secure modern workloads, support increase user satisfaction
and operational efficiency
compliance goals, and reduce total cost of ownership for organizations by
empowering user self-service, simplifying the application onboarding process, • Wizard-based self-service
application onboarding UI
automating audit and compliance tasks, and intelligently optimizing access
can help business users to
control. OIG 12c can help organizations of any size effectively implement and easily onboard applications
manage security and regulatory compliance changes. in OIG

• Centralized and extensible

access catalog to store and
define business friendly
definitions for roles,
applications & entitlements

• Simplified access requests

with intuitive and flexible
approval workflows and
policy-driven provisioning
can improve IT efficiency,
help enhance security, and
help enable compliance

• Role-based access control

with Machine Learning-
Figure 1. Oracle Identity Governance Deployment Options and Core Components
based role intelligence
coupled with advanced role
Core Functionalities lifecycle management and
role analytics.
OIG 12c is a converged solution combining Oracle Identity Manager, Oracle
Identity Manager Connectors, and Oracle Identity Role Intelligence • User-intuitive risk driven
identity certifications and
microservice to create a complete and comprehensive governance solution for
closed loop remediation.
enterprise organizations. OIG 12c provides the following functionalities, Enhanced group and
licensed and enabled as required: custom access reviews for
certifications and focused
• Business Friendly Self-Service and Access Catalog: Intuitive self-service review
experience that is persona oriented (different UI and access level for • Preventive and detective
varied personas) and provides guided navigation, a common business Segregation of Duties (SoD)
glossary for improved search capabilities, unified workflow orchestration, scan to determine and act
on toxic combinations of
and immediate access to key applications. A core component to
access privileges across the
empowering end user self-service is the expressive and comprehensive enterprise including in-
Access Catalog that includes user friendly names for all systems and flight requests
resources to help simplify the user search experience. • Manage risk and help
reduce costs with
• Simplified & Enhanced Application Onboarding: Wizard-based self- integration to leading PAM
service application onboarding UI for adding both trusted and target vendors for privileged user
applications. Extensive set of new and enhanced connectors further access

automate the onboarding process and reduce manual configuration with

features such as schema discovery for flat files and Databases.

1 Data Sheet / Oracle Identity Governance 12.2.1.4 / Version 1.0

Copyright © 2021, Oracle and/or its affiliates / Public
• IT Audit Monitoring & Reporting: OIG provides both policy-based audit
monitoring and flexible reporting capabilities. Comprehensive dashboards • Incorporates leading
enable both system administrators and delegated administrators to run industry standards, such as
SCIM/REST, J2EE, BPEL and
reports on virtually any artifact of a user’s access rights, access grants,
OASIS
and the genesis of each.
• Production ready OIG
• Enhanced Access Certification Features: The Access Certification container image with
Kubernetes and OIG
module has been enhanced to improve usability and allow base selection
container Image in Oracle
for user, role, and entitlement certification definitions. The flexible Cloud Infrastructure (OCI)
reviewer option can be filtered by group reviewer, custom access review, marketplace helps with
or sorted by certification based on percentage completed. Organizations quick evaluation

can conduct focused reviews to run a certification campaign based on

catalog metadata, such as user defined fields for GDPR and SOX Key Benefits
compliance. A new Revoke Access option is available for completing user
• Increased security: Enforce
certifications to revoke the roles and entitlements of an active user. internal security audit
policies and help eliminate
• Advanced Role Intelligence and Lifecycle Management: Oracle Identity potential security threats
Role Intelligence is a microservice introduced to discover common access from rogue, expired, and
patterns to optimize role-based access control. It uses machine learning to unauthorized accounts and
privileges
analyze existing OIG or flat file datasets and simplify role mining
processes. Roles can be mined from a myriad of resources and are • Enhanced regulatory
compliance: help enforce
available for automated or selective publishing to Oracle Identity
and attest to regulatory
Governance 12c with role approvals lifecycle management. In addition, requirements (e.g.,
role analytics enables role engineers and approvers to evaluate the impact Sarbanes-Oxley, 21 CFR Part
of role changes with inline Segregation of Duties (SoD) violation checks. 11, Gramm-Leach-Bliley,
HIPAA and GDPR)
All role activities are fully audited allowing changes to be rolled back if
associated with identifying
necessary. who has access privileges to
sensitive, high risk data
• Business Driven Access Policies: OIG 12c features a self-service user-
• Improved business
friendly interface to author access policies directly linking multiple
efficiency helps Get users
application instances. Access policy harvesting is enhanced to link productive faster through
accounts created by requests or direct provisioning. immediate access to key
applications and systems,
• Predictive Policy Validation for In-Flight Requests: Predictive analysis while enforcing security
is introduced in access request flows to implement preventive SoD checks policies
for in-flight requests that are pending approval. Policy violations observed • Reduced costs: helps
within pending approvals and to be submitted entitlement requests are Reduce IT costs through
highlighted as toxic combinations, providing additional insights to the efficient, business friendly
self-service, wizard-based
approver, and can even be marked for auto-rejection based on application onboarding and
consequent logic in the approval workflow. platform-based architecture

• Key Store and SCIM/REST API Security: OIG security modules leverage
the new Key Store Service (KSS) and support has been introduced for Available Connectors
TLS1.3 and IPV6 protocols. SCIM interfaces are secured via OWSM JWT • Business Applications:
token and custom request headers. REST interfaces are also secured via Oracle Fusion Applications,
OWSM JWT token. Oracle E-Business,
PeopleSoft, JD Edwards,
• REST APIs: REST APIs were introduced in 12c for capabilities including: Siebel, and SAP
self-service registration, forgot-password, search and browse access • LDAP stores: Oracle Internet
catalog, review certifications and track certification progress. REST APIs Directory, Oracle DSEE,
Oracle Unified Directory,
are also used for actions on pending approvals, violations, certifications,
Active Directory, and e-
fulfillment including approve | reject | provide more information | Directory
reassign | delegate | certify | remediate.
• Security systems: RSA,
RACF, Top Secret, ACF2

• Collaboration Suites:

2 Data Sheet / Oracle Identity Governance 12.2.1.4 / Version 1.0

Copyright © 2021, Oracle and/or its affiliates / Public
• New and Enhanced Connectors: A comprehensive set of new and Exchange/Domino and
GroupWise
enhanced 12c connectors are available to help simplify application
onboarding for on-premises, cloud, and hybrid deployments. • Operating systems: OEL,
Red Hat Linux, HP-UX, AIX,
• Improved Performance and Operational Efficiency: Using the online Solaris, AS/400, and
and offline Data Purge Framework, administrators can evict all possible Windows

types of unwanted OIG entities from the backend data repository. The • Ticket Management
systems: ServiceNow and
new data cleanup utility for non-production environments can be used to
BMC Remedy
purge all the data from underlying database tables. Customers can
• Cloud Connectors: Oracle
improve operational efficiency and transparency by compressing data at
CRM On Demand, Eloqua,
the mid-tier without touching the database, purge certification data in Google Apps, Office365,
real-time, and use the PL/SQL diagnostic framework to perform root Azure AD, Amazon Web
cause analysis. OIG 12c also supports the Oracle Autonomous Transaction Services, Workday,
SuccessFactors, Salesforce,
Processing (ATP) database as its backend repository for high
ServiceNow, Concur, Box,
performance. DropBox, and WebEx

• Simplified Install and Upgrade Experience: The installation footprint • Databases: Oracle, MySQL,
SQL Server, DB2, and
and time have been significantly reduced with fewer steps and less time
Sybase
using the bootstrap framework and configuration auto-discovery. OIG
• Technology Integrations:
deployments can now be patched with the Stack Patch Bundle, that
Web Services, DBAT, SSH,
includes the bundle patches for each of the select Identity Management Telnet, Flat File, JDBC,
products and their respective underlying components. LDAP V3, SOAP, Generic
Scripting (Groovy,
• OIG Container Image: Using the OIG Container Image, OIG can be Beanshell, and JS), SCIM,
deployed on-premises or in the cloud with Kubernetes container and Generic REST
orchestration, allowing deployment and upgrade automation, auto-scale,
and portability to multiple cloud and on-premises environments. Related Products

• Integrated Privileged Access Management (PAM) Solutions: OIG • Oracle Directory Services:
enables organizations to integrate with leading PAM solutions to help All-in-one directory solution
with storage, proxy,
easily manage admins or super users seeking access to critical accounts
synchronization, and
and leverage features provided by third party vendors. virtualization capabilities

To find out more information about OIG 12.2.1.4.0, please visit • Oracle Access Management:
https://docs.oracle.com/en/middleware/idm/identity- Complete solution for
adaptive authentication,
governance/12.2.1.4/index.html. authorization, federation,
SSO, and password policy

Connect with us

Call +1.800.ORACLE1 or visit oracle.com. Outside North America, find your local office at: oracle.com/contact.

blogs.oracle.com facebook.com/oracle twitter.com/oracle

Copyright © 2021, Oracle and/or its affiliates. All rights reserved. This document is Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be
provided for information purposes only, and the contents hereof are subject to change trademarks of their respective owners.
without notice. This document is not warranted to be error-free, nor subject to any
Disclaimer: This document is for informational purposes. It is not a commitment to deliver any
other warranties or conditions, whether expressed orally or implied in law, including
material, code, or functionality, and should not be relied upon in making purchasing decisions.
implied warranties and conditions of merchantability or fitness for a particular
The development, release, timing, and pricing of any features or functionality described in this
purpose. We specifically disclaim any liability with respect to this document, and no
document may change and remains at the sole discretion of Oracle Corporation.
contractual obligations are formed either directly or indirectly by this document. This
document may not be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without our prior written permission.

3 Data Sheet / Oracle Identity Governance 12.2.1.4 / Version 1.0

Copyright © 2021, Oracle and/or its affiliates / Public