Managed Access Overview
Oracle Managed Access lets you manage requests for temporary access to your organization's cloud resources from OCI authorized operators.
Occasionally, authorized operators need to access resources to troubleshoot or help resolve an issue. Oracle Managed Access provides a secure workflow through which operators request access to your organization's cloud environment. You approve or deny the access requests.
Oracle Managed Access is only supported for Fusion Applications customers who subscribe to Break Glass.
- Provides the operator temporary user credentials for a specific duration.
- Specifies the access level for the representative.
- Creates logs of all actions, providing an audit trail.
Learn About Oracle Managed Access
Understand key concepts related to the Oracle Managed Access service.
Workflow
Managed Access allows authorized operators to request access to your organization's resources through a secure workflow. Operators make the request when they need to troubleshoot or fix an issue with a resource. The request is sent to the customer, and is displayed on the Access Requests page. Your organization's approvers can approve or deny a request for access to a resource. You can choose to automatically approve requests, or manually approve requests, by creating a template on the Approval templates page. Managed Access requires a minimum of one approver for manual requests. You can include up to three approvers.
Key Terms
- Lockbox
- A resource that support representatives use to request access to your organization's resource.
- Access request
-
An authorized operator's request to access a resource for troubleshooting and resolving issues.
- Target resource
- The resource that support representatives want to access.
- Resource type
- The type of resource that support representatives want to access.
- Request state
- The access states supported for requests. For a complete list, see Request States
- Access duration
- The amount of time that authorized operators must access a resource.
- Approval template
- The rules that define how requests are processed. You can include up to three approvers in the template.
- Automatic approval
- An approval template option that lets you automatically approve requests from authorized operators. This option automates approval only for your workflow. Oracle has a workflow that it follows before a request is approved and sent to you.
Resource Identifiers
Resources in Oracle Cloud Infrastructure have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID).
For information about the OCID format and other ways to identify resources, see Resource Identifiers.
Ways to Use Managed Access
You can use Oracle Managed Access with the Oracle Cloud Console (a browser-based interface).
To access the Console, you must use a supported browser. After you open the Console sign-in page, enter the name of the cloud account (tenancy), the domain (optional), username, and password.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with Oracle Cloud Infrastructure Identity and Access Management (IAM) for authentication and authorization, for the console.
An administrator in your organization needs to set up groups, compartments , and policies that control which users can access which services and resources, and the type of access. For example, policies control who can create users, create and manage a virtual cloud network (VCN (virtual cloud network) ), create instances, and create buckets .
- If you're a new administrator, see Getting Started with Policies.
- For details about writing policies for Oracle Managed Access and other services, see Policy Reference.