Managed Access Overview

Oracle Managed Access lets you manage requests for temporary access to your organization's cloud resources from OCI authorized operators.

Occasionally, authorized operators need to access resources to troubleshoot or help resolve an issue. Oracle Managed Access provides a secure workflow through which operators request access your organization's cloud environment. You approve or deny the access requests. Managed Access:
  • Provides the operator temporary user credentials for a specific duration.
  • Specifies the access level for the representative.
  • Creates logs of all actions, providing an audit trail.
The Managed Access documentation contains the following major sections:

Learn About Oracle Managed Access

Understand key concepts related to the Oracle Managed Access service.

Workflow

Managed Access allows authorized operators to request access to your organization's resources through a secure workflow. Operators make the request when they need to troubleshoot or fix an issue with a resource. The request is sent to the customer, and is displayed on the Access Requests page. Your organization's approvers can approve or deny a request for access to a resource. You can choose to automatically approve requests, or manually approve a request, by creating a template on the Request Templates page. Managed Access allows up to three levels of approvers.

Key Terms

Lockbox
A resource that support representatives use to request access to your organization's tenancy.
Access request

An authorized operator's request to access a resource for troubleshooting and resolving issues.

Target resource
The resource that support representatives want to access.
Resource type
The type of resource that support representatives want to access.
Request state
The access states supported for requests. For a complete list, see Request States
Access duration
The amount of time that authorized operators must access a resource.
Approval template
The rules that define how requests are processed. You can include up to three approvers in the template.
Automatic approval
An approval template option that lets you automatically approve requests from authorized operators. This option automates approval only for your workflow. Oracle has a workflow that it follows before a request is approved and sent to you.

Resource Identifiers

Resources in Oracle Cloud Infrastructure have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID).

For information about the OCID format and other ways to identify resources, see Resource Identifiers.

Ways to Use Managed Access

You can use Oracle Managed Access with the Oracle Cloud Console (a browser-based interface).

To access the Console, you must use a supported browser. After you open the Console sign-in page, enter the name of the cloud account (tenancy), the domain (optional), username, and password.

Authentication and Authorization

Each service in Oracle Cloud Infrastructure integrates with Oracle Cloud Infrastructure Identity and Access Management (IAM) for authentication and authorization, for the console.

An administrator in your organization needs to set up groups, compartments , and policies  that control which users can access which services and resources, and the type of access. For example, policies control who can create users, create and manage a virtual cloud network (VCN (virtual cloud network) ), create instances, and create buckets .

Getting Started with Oracle Managed Access

After completing some prerequisite steps, you can start using Oracle Managed Access to grant access to authorized operators.

Create the required IAM policies.

If you're not an administrator, you must be given access to the Managed Access service in a policy (IAM)  written by an administrator.