Oracle is adding a variety of updates to Oracle Access Governance (AG), adding new capabilities that help organizations improve identity security, automate access lifecycle processes, and manage access governance across a broader set of enterprise systems.
As identity environments become more complex, security and business teams need governance processes that are not only periodic, but also responsive to business events. A new hire may need access before the joining date, a departing employee may need access revoked before the final termination date, a department, location, or manager change may need a focused access review. Identity data may also come from multiple trusted systems, requiring better ways to ingest, correlate, and govern that data, according to Oracle.
The latest AG updates address these needs across four key areas:
- Birthright Access and Early Termination
- Global Account Termination Settings
- Event-Based Micro-Certification
- Identity Orchestration Updates
Together, these enhancements help organizations align access governance more closely with business events, reduce manual effort, and improve visibility across identities, accounts, and access, Oracle said.
AG now supports birthright access assignment based on joining date and early termination handling before the final termination date. Administrators can use lifecycle attributes from the authoritative source to drive access provisioning and deprovisioning. Access can be assigned using Identity Collections, Access Bundles, and Policies, enabling policy-driven lifecycle automation.
With this update, organizations can support pre-hire access scenarios and early access revocation without relying only on manual intervention.
Termination handling needs to be consistent, but it also needs flexibility. AG now provides Global Account Termination Settings to define centralized account termination behavior across managed systems.
Administrators can configure what should happen to managed accounts during early termination and final termination. Supported actions include disabling accounts, deleting accounts, or taking no action. Administrators can also define override rules for selected managed systems and user populations so that business-specific exceptions can be handled without changing the global policy. This gives organizations a centralized way to manage termination behavior while still supporting exceptions where needed.
Periodic access reviews remain important, but some access changes should be reviewed when the business event happens.
AG now enhances event-based micro-certification so that administrators can trigger focused access reviews when selected identity attributes change. Administrators can configure event-based review setup and refine its scope by selecting the identity population using attribute values, narrow the review scope to specific applications, roles, or permissions, and use different workflows for each event configuration.
Identity and account correlation is foundational to access governance. If accounts are not correctly associated with identities, it becomes harder to review access, automate lifecycle actions, provision access, and report on who has access to what.AG now gives administrators more control over how matching rules are applied during data ingestion.
AG also provides visibility into identities synchronized from authoritative sources and accounts reconciled from managed systems, including their correlation status.
AG continues to expand integration coverage so customers can govern more applications and systems from a centralized identity governance platform.
The latest updates include new integrations with Palo Alto Networks Prisma Cloud, Oracle Warehouse Management Cloud, Oracle Utilities WACS, and Oracle Utilities CCS.
These integrations expand AG coverage across cloud security, warehouse management, and utility applications. They also continue the broader direction of enabling governance across both Oracle and non-Oracle workloads.
For more information about this news, visit www.oracle.com.