Release Notes

Oracle Database

Configuring the Oracle Database integration for Veza Lifecycle Management

Overview

The Veza integration for Oracle DB enables automated user provisioning, access management, and deprovisioning capabilities. This integration allows you to synchronize identity information, manage group memberships, and automate the user lifecycle from onboarding to offboarding.

Action Type
Description
Supported

SYNC_IDENTITIES

Synchronizes identity attributes between systems, with options to create new identities and update existing ones

MANAGE_RELATIONSHIPS

Controls entitlements such as group memberships for identities

DEPROVISION_IDENTITY

Safely removes or suspends access for identities

DELETE_IDENTITY

Deletes the identity name, specifically the unique identifier associated with it.

CREATE_ENTITLEMENT

Creates entitlements such as groups or roles

SOURCE_OF_IDENTITY

Oracle DB provides worker data as input for identity lifecycle policies

This document outlines the steps to enable Oracle DB integration for use in Lifecycle Management, including supported actions and relevant notes. See Supported Actions for more details.

Enabling Lifecycle Management for Oracle DB

Prerequisites

  1. You will need administrative access in Veza to configure the integration.

  2. Ensure you have an existing Oracle Database integration in Veza or add a new one for use with Lifecycle Management.

  3. Verify your Oracle DB integration has completed at least one successful extraction.

  4. Database administrator privileges in Oracle DB (ability to create common users and grant privileges)

  5. For multi-tenant configurations: access to CDB$ROOT container

  6. Supported Oracle Database versions: 19c, 21c, or 23ai

Configuration Steps

To enable the integration:

  1. In Veza, go to the Integrations overview

  2. Search for or create an Oracle DB integration

  3. Check the box, Enable usage for Lifecycle Management

Configure the extraction schedule to ensure your Oracle DB data remains current:

  1. Go to Veza Administration > System Settings

  2. In Pipeline > Extraction Interval, set your preferred interval

  3. Optionally, set a custom override for Oracle DB in the Active Overrides section

To verify the health of the Lifecycle Management data source:

  1. Use the main Veza navigation menu to open the Lifecycle Management > Integrations page or the Veza Integrations overview

  2. Search for the integration and click the name to view details

  3. In the Properties panel, click the magnifying glass icon under Lifecycle Management Enabled

Supported Actions

Oracle DB can serve as a source for identity information in Lifecycle Management Policies. User identity details are synchronized from Oracle DB, with changes propagated to connected systems.

Oracle DB can also be a target for identity management actions, based on changes in another external source of truth or as part of a workflow.

The integration supports the following Lifecycle Management Actions:

Sync Identities

The following attributes can be synchronized:

Property
Required
Type
Description
Notes

username

Yes

String

User name Identifier

Must be unique, follow Oracle identifier naming rules

password

No

String

User password

Auto-generated if not provided, requires change on first login

account_status

No

String

Account status

Values: OPEN, LOCKED, EXPIRED, etc.

profile

No

String

User profile

Profile must exist in the Oracle DB

default_tablespace

No

String

Default tablespace

Tablespace must exist

temporary_tablespace

No

String

Temporary tablespace.

Typically TEMP

authentication_type

No

String

Authentication method

PASSWORD, EXTERNAL, GLOBAL, etc.

SYNC_IDENTITIES

  • Entity Type: OracleDB User

  • Create Allowed: Yes

  • Method: SQL CREATE USER / ALTER USER

MANAGE_RELATIONSHIPS

  • Entity Types: OracleDB Role

  • Assignee Types: OracleDB User

  • Supports Remove: Yes

  • Method: SQL GRANT ROLE / REVOKE ROLE

DEPROVISION_IDENTITY

  • Entity Type: OracleDB User

  • Method: DISABLED (account lock via ALTER USER ... ACCOUNT LOCK)

  • Removes Relationships: Yes

DELETE_IDENTITY

  • Entity Type: OracleDB User

  • Method: Permanent deletion via DROP USER

Workflow Examples

Employee Onboarding

  1. Create an Oracle DB user account with the Sync Identities action

  2. Assign default role based on department with Manage Relationships

  3. Set password (requires change on first login)

  4. Configure profiles and tablespaces

Role Change Management

  1. Update user attributes (profile, tablespaces) with Sync Identities

  2. Remove old role assignments with Manage Relationships

  3. Grant new roles appropriate for the new position

Employee Offboarding

  1. Lock user account with Deprovision Identity (ACCOUNT LOCK)

  2. Remove all role assignments

  3. Preserve the user record for audit purposes

  4. Optional: Delete user permanently with Delete Identity (DROP USER)

PreviousOktaNextOracle HCM

Last updated

Was this helpful?