Arcon PAM Integration Reference
Arcon PAM Components Certified for Integration with Oracle Access Governance
The Arcon PAM components that you can integrate with are listed below.
Table - Certified Components
| Component Type | Component |
|---|---|
| System | ARCON Privileged Access Management |
Supported Configuration Modes for Arcon PAM Integrations
Oracle Access Governance integrations can be setup in different configuration modes depending on your requirement for on-boarding identity data, and provisioning accounts.
- Managed System
You can manage Arcon PAM accounts, groups and roles.
Supported Operations When Provisioning To Arcon PAM
When you provision an account from Oracle Access Governance to Arcon Privileged Access Management (Arcon PAM) certain operations are supported.
- Create User
- Update User
- Enable User
- Disable User
- Add Role
- Remove Role
- Add Group
- Remove Group
- Add Line of Business
- Remove Line of Business
- Add Multi-factor Authentication
- Remove Multi-factor Authentication
- Add Service
- Remove Service
Note:
Only Permanent services are currently supported. One-time and Time-based services are not currently supported.For more details see Oracle Access Governance Integration Functional Overview and Integrate with ARCON PAM.
Default Supported Attributes
Oracle Access Governance supports the following default Arcon PAM attributes.
- Data being provisioned into Arcon PAM from Oracle Access Governance:
account.lastNamewill map toUser.name.familyName
Table - Default Attributes for Arcon PAM
| Entity | Arcon PAM Account Attribute | Oracle Access Governance Account Attribute | Oracle Access Governance Identity attribute display name |
|---|---|---|---|
| User | id | uid | Unique Id |
| userName | name | User login | |
| displayName | displayName | Name | |
| ValidTillDate | endDate | End date | |
| emails.value | emails | ||
| domainName | domainName | Domain name | |
| phoneNumbers.value | phone | Phone | |
| userTypeId | userType | User type | |
| name.formatted | fullName | Full name | |
| name.familyName | lastName | Last name | |
| name.givenName | firstName | First name | |
| name.middleName | middleName | Middle name | |
| LobPrimary | primaryLob | Primary line of businesses | |
| IsActive | status | Status | |
| password | password | Password | |
| Roles | roles | Roles | |
| Groups | groups | Groups | |
| LOBS | lobs | Line of businesses | |
| Multi-factor Authentication | userDualAuthFactType | mfas | Multi-factor authentications |
| Services | AccessTypeId | accessTypeId | Access type |
| StartDateTime | accessDurationStartDate | Access duration start date | |
| EndDateTime | accessDurationEndDate | Access duration end date | |
| hours | perSessionHours | Per session duration in hours | |
| minutes | perSessionMinutes | Per session duration in minutes | |
| StartTime | accessPeriodStartTime | Access period start time | |
| EndTime | accessPeriodEndTime | Access period end time |
Default Matching Rules
In order to map accounts to identities in Oracle Access Governance you need to have a matching rule for each orchestrated system.
The default matching rule for the Arcon PAM orchestrated system is:
Table - Default Matching Rules
| Mode | Default Matching Rule |
|---|---|
| Managed System Account matching checks if incoming accounts match with existing identities. |
Screen value:
Attribute name:
|
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.