Fusion IdM

Committed to delivering Oracle's state

of the art Identity & Access solutions

to enterprises across Europe,

Middle East and Africa

August 2012

2

IntroductionFusion IdM is one of the fastest growing consultancies which

specialises in the development and delivery of Identity

Management solutions within the EMEA region.

Fusion IdM delivers technology solutions that help companies

solve complex business problems, gain competitive advantage

and meet compliance requirements.

We understand that a successful IAM project requires not just

outstanding technical expertise, but effective governance,

robust executive sponsorship and organizational discipline.

We believe that developing a deep understanding of our

customers’ business processes and culture is just as important

as developing the right technical solution.

Our architectural philosophy emphasises simplicity and

elegance. We are firm proponents of loosely coupled

architectures that promote agility by embracing open standards

and minimal customization.

We believe that highly customised and over-engineered IAM

solutions have a tendency to become unmanageable over time,

as business processes and organizational needs can be

extremely fluid.

A successful IAM architecture must be elegant, scalable and

adaptable enough to respond to evolving business and

regulatory demands.

Furthermore, Fusion IdM understands the political and

organizational challenges that are inherent to most large IAM

projects.

To ensure the success of our customers in this notoriously

challenging field, we have developed a unique set of best

practices and guidelines for IAM implementations, based on our

vast experience of delivering complex enterprise IAM solutions

across a wide range of industry verticals.

Fusion IdM

3

More Than Just Identity ManagementThe first step along the IdM path is to build Oracle's powerful Identity management system to

manage users and their roles.

Once Identity Management system in place, you can easily get a better return on your investment

by including additional applications and managing user access to systems by using IdM's Self-

Service and approval workflows to enable users to directly request access to these services.

Automating your business processes by making full use of your IdM system, by speeding up the

approval life-cycle and provisioning of your IT systems. This will keep your users happy by

making the IT experience pleasant and, as a bonus, it reduces costs by freeing up Applications

administrators to concentrate on developing their systems.

ConsultantRecommendation

Oracle IAM Project Manager(Principal Consultant) at RBS (UK)

“Fusion IdM team memberworked well as a member ofthe Oracle project team. Hisstrong knowledge andexperience in Oracle IdentityManager and the requisitetechnical skills are impressive.The consultant was friendly andtook a practical approach towork and always willing to pickup new areas and complexpieces of work.”

Fusion IdM

IDENTITY & ACCESS

Business Workflows

Microsoft Sharepoint

User Self-Request

LDAP Applications

Portal Applications

Consultant Recommendation – Service Delivery Manager – Oracle ACS (UAE)

“An outright domain expert in the IAM arena with great in-depth knowledge of Oracle's IdM portfolio of solutions, The consultant is a great ally to have

in your team. He was constantly able to think and evaluate strategies to enable him to tackle most problems head on and be nimble and adaptable to

most situations. No matter how varied questions are, the consultant always managed to find time to answer each question in a useful and

comprehensive way.

He was a highly qualified consultant in Oracle Identity Management and has now earned reputation in the Middle East for his delivery capabilities. He

consistently delivered solutions necessary to achieve the highest level of quality for the End Client. He had the drive and energy to see complex

obstacles through to completion, guiding teams and clients through the entire lifecycle process, on time and within budget.”

Fusion IdM 4

Company EthosAt Fusion IdM, we take pride in building strategic long-term relationships with our

customers, partners and employees.

Our success so far has been built on a number of core company values that we strongly

believe in. �

QUALITY - Delivering excellent standards consistently.��

COLLABORATIVE – We work closely with you at all stages as a team and trusted

advisor to meet the business objectives.��

COMMITTED - An open and honest engagement with the client is crucial to Fusion

IdM, whilst emphasising application of best effort to meet timescales as well as high

quality standards.��

INNOVATION – Fusion IdM is constantly seeking out new technologies, tools and

products in order to maintain high technical standards �

ASSURANCE – With the experience gained from our engagements in many enterprise

projects, you can be sure of getting competent and knowledgeable consultants.

5Fusion IdM

Protecting Company InformationProtecting Com

pany Inform

ation

Self-Request, Business Process Automation, Approval Workflow

s & A

ccess Co

ntrols

Identity AdministrationSingle-Sign-On (SSO)

Directo

ry Services

compan

y assets & applications

Consultant Recommendation – Head of Architecture at William Hill (UK)

“I hired this consultant for the first time as we were starting a huge, complex Java based project at William Hill. We had a need of a Consultant of

architect calibre and he fitted the bill perfectly. Part of the project compromised of security issues, Authentication and Authorisation aspect and the

end-to-end project was delivered on time. The Quality and Skills involved in this project was to a very high standard thanks to this consultant. Even

though he was an external consultant, I was surprised by his level of dedication, commitment and effort put by him to get the job done! I have hired

this consultant on numerous occasions as he was my first choice every time I had a need on one of our projects. The consultant excelled both in

client facing as well as a fine technical architectural roles and I have no reservation whatsoever to recommend.”

6 Fusion IdM

A Specialist Company Fusion IdM is focused solely only on Oracle Identity Solutions.

But that's ok, because Oracle’s Identity and Access

Management product set is the market leader.

The Oracle suite is a comprehensive and complex set of

enterprise products – you need experts to guide you and help

you build your security solution.

The company founders are seasoned Identity and Access

Management experts with over 20 years of Oracle Identity

management experience between them.

Our consultants have worked on various very large scale and

complex national and international IdM engagements.

Identity Manager Access Manager Directory Services

Fusion IdM’s head office is based in London (UK), with plans for a second office in Dubai (UAE) in 2013.

Ente

rpris

e Security and Business Autom

ation

7Fusion IdM

Consultant Recommendation - IDAM Team Leader at Logica for NPIA project (UK)

“I have worked with a consultant from the Fusion IdM Team on an Identity management piece of a large, complex public sector project. We worked

closely with the requirements team to generate a working solution for user provision, work groups and certificate imports. He used diligence to ensure

a good understanding of the detailed requirements and was able to negotiate with the requirements team on areas which needed to be aligned with

the capabilities of the IdM product. He was able to deliver his tasks without any faults and in a timely manner. He works well in a large team and was

able to help/guide other members of the team. I found that he has wide and deep experience of Identity management systems and general computer

technologies. He has a very pragmatic approach while defining business solutions as this helped us define the short and long term road-map for the

implementation. I would be happy to work with him again.”

Our PeopleOver many years, our people have successfully implemented

some of the world’s largest and most complex IAM projects.

On some projects, where the technical scope is very wide

and IAM forms part of the solution, we are strategic

partners to some of the world’s largest and well known

systems integrators

The company comprises of well referenced and what are

considered to be some of the best consultants in the IdM field.

To extend our ability to engage in all areas of Government, many

of our consultants currently hold UK Security Clearance including

some with Enhanced Security Clearance, to enable them to work

on some of the most sensitive IAM projects.

Our AimTo become the preferred IdM partner for most of the world's largest IT companies.

Achieve Oracle Specialist Identity Partner status by 2013 to recognise our excellence

and quality of delivery for Oracle IAM solution delivery.

To be recognised as the one of the best IAM consultancies in the world.

To attain a 300% growth by the end of 2013 to allow us to easily handle multiple

enterprise assignments in this rapidly growing market.

Consulting Excellence

ConsultantRecommendation

Head of Oracle IAMDevelopment – OracleEMEA

“I represent Oracle's Identity &

Access Management

Development Organization in

EMEA region. I was involved in a

project with the consultant on

one big Telco client in EMEA.

This consultant came with

fantastic references from their

previous contract that increased

his credentials. The Oracle

Identity Management assignment

was a very complex one as it

meant dealing with more than 8

million users. The consultants

worked very closely with both the

external and internal teams and

in my experience, this was one of

the fastest project delivered, that

had this many users. The quality

of the delivery was to a very high

standard, and the Systems

Integrator wouldn't have

delivered this project without

these consultants which they

subcontracted. This consultant

was very knowledgeable, quick

learner and always thinking

“outside the box" for solution.”

Fusion IdM 8

9

Why Fusion IdM?With the experience of many implementations, we can minimise financial

risk as well as project delivery risks to client.

You will get a team with some of the most experienced and accomplished

consultants in the IAM marketplace. We focus solely on Identity and Access

Management to maintain our lead.

We have business advisors as well technical delivery specialists.

Working as a specialist team, we are able to cut through the large

overheads of major consulting practices.

We are please to engage in fixed price assignments.

ConsultantRecommendation

Oracle IdM ProjectManager at Lloyds TSB(UK)

“This consultant mpresses the

most with his diligent and

organized approach of

gathering the requirements and

moving forward in designing

the solution. I found the

consultant very well versed with

the ID and Access

Management and related

technologies. I had an

opportunity of successfully

implementing OIM and would

give Fusion IdM my highest

endorsement.”

Fusion IdM

Our Mission Statement

Fusion IdM was founded with a vision to deliver high qualityidentity solutions through a combination of commitment,knowledge and experience.

Consultant Recommendation - Head of Oracle IdM Team at KPN (Netherlands)

“The consultants has excellent development skills coupled with a very good knowledge of Oracle Identity Management. He worked autonomously to

complete his assignment and did not required and help or guidance at any stage of the engagement. Whilst on the KPN project, he were involved with

OIM, OIM API Libraries and the development of Web Services. He integrated very well with the team culture and did not have the 9 to 5 mentality. I was

very impressed by his level of commitment, his level of IdM expertise and documentation skills. He was a very personable and dedicated consultant

who was not afraid to deal with new challenges involved in different projects. In my experience, I would rate this consultant to be one of the Top 5% of

the IdM consultants I know and I would not hesitate to recommend his services to any clients.”

Fusion IdM 10

Industry Experiencezx Financial Institutions zx Public Services zx Mobile Network Providers zx Governmental Bodies zx Educational Institutions

Fusion IdM 11

Consultant Recommendation - Managing Consultant at IBM Global Business Services (Netherlands)

“I hired this consultant when I was the Program Manager for the Oracle Identity Management implementation, which is still considered the

biggest Oracle Identity implementation (8 Million customers). He was hired to build the Identity Management and the Access Management

part and the team was very keen on his configuration management skills. Even while being an expert in IdM, Access Management and Java

technology, he was always very open to discuss different ways to improve things. I would say that he is very knowledgeable with very good

experience on the conceptual and architectural level. The consultant was flying home (UK) on a weekly basis for 2 years and that didn't at

any moment diminish his commitment on the project.”

12 Fusion IdM

Company Capabilities Specialist Testing

Service management

Infrastructure designAssessment andfeasibility study

Proof of Concept

Governance, Riskand ComplianceStrategy

Project management

Development

Oracl

e I

dent

ity & Access M

anagem

ent

Oracle Identity ManagerOracle

Identity Analytics

Oracle Access Manager

Oracle Enterprise

Directory EE

Oracle ESSO

Oracle Internet Directory

13Fusion IdM

IdM SpecialitiesOur consultant's engagement in various enterprise IAM

projects, ensures that we have a broad range of experience

in Oracle Identity products. At the heart of Oracle's Identity

product set, is Oracle Identity Manager, and we have

extensive experience with this product.

The Business Requirement

The large company in this study, used Microsoft Sharepoint to

create many enterprise-wide business applications, for example,

time keeping, holiday requests, etc. The user scope of these

applications was varied - some applications were company-wide,

whilst other applications were owned and visible only to users

within their respective business areas.

The generic applications were provided to all users by default, but

for specialised applications, the users had to manually request

access. The process of obtaining access to these applications

was kick-started by request from the employees manager.

The administrators would have to confirm that the user was entitled

use the application by making enquiries about the users job title

and business area. Then the administrator granted the user

access to the specified Sharepoint application. This manual

process was time consuming for both administrators and

users as it involved lengthy investigative tasks, followed

by a manual task of adding the users membership to

the Sharepoint application.

Extending the Oracle IdM System

The Company had recently installed an Oracle IdM system. The

companies users (and their managers) were already uswing the

IdM system on a daily basis. The company wanted to enhance

their IdM syswtem and introduce further business efficiency - one

such area was the automation of user access to Sharepoint

applications. The answer was to introduce this automation by

making use of OIM's Self-Service facility, which was already

avilable to all users.

14 Fusion IdM

The Solution

The solution

involved identifying

groups of users by

business areas. Custom

OIM Request-Templates were created

using OIM's powerful APIs. This allowed

users new capability to request Sharepoint

applications relevant to their business area.

OIM Access policies were designed and

developed to support the provisioning user

memberships of AD security groups - this in turn

enabled/disables the user's access the applications. A

bulk load tool was developed to automatically build the

required OIM Request-Template framework to support

the self-request mechanism. The Self-Service Request

Template included group controls to filter applications by

business area.

A user submitting a Self-Request resulted in the generation of an approval

workflow process which was submitted to the users managers account.

Subsequently, the manager gets a notification of a new approval task.

Once the manager approves the request, the AD security group

membership is provisioned for the user and the user is then able to access

the Sharepoint application from his/her desktop. This whole process is

automated and operates without the involvement of the Sharepoint

administrators, who are now free from this mundane task.

Case Study Oracle IdM Customised to Manage User Membership for Sharepoint Applications

15Fusion IdM

Case Study Oracle IdM Customised for Automated Obsolete Entitlement RemovalThe Problem

After the Companies IdM system is developed, users are imported in to

the IdM system and then their roles and entitlements are imported from

the various target systems. For many of these users, their access

entitlements are the cumulative sum of access granted to them over

many years of service. Some of this access will still be required for their

current role, but other access will now be obsolete and redundant - this

is a security risk.

One solution to this problem is to use the IdM system to enforce

regimented business roles which provide specific access based on their

role in the company. However, in complex enterprise environments, the

introdiuction of such a strict approach would be an unacceptable,

drastic change - this sudden loss of access across the board, would be

reject by the business divisions.

There is a security requirement to automatically correct the users

entitlements to business roles by, gradually and automatically removing

redundant access entitlements.

The Solution

The solution is to use OIM's flexible and comprehensive customisation

capabilities. The OIM core capability for user roles was extended to

incorporate a new role "lifetime" capability. When a user is granted a role,

the role would valid for a limited life (for example 6 months). Just before

the end of this lifetime, the IdM system would detect an approaching

expiry date and send a reminder to the user, that his/her role is about to

expire in a few weeks.

If the user needs that role entitlement, the user has the option to re-arm

the role using OIM's Self-Request facility. This would move the expiry

date for this role further into the future. As part of the solution, the Self-

Request mechanism was extended to build a custom

Request-Templates framework to support this functionality. In addition,

custom schedule tasks were built to warn and expire for ageing roles.

The Result

The introduction of role lifetime mechanism, over time, automatically

removes redundant roles from users. Gradually the IdM system fulfills

its purpose of limiting access to only those entitlements which are

required for the employees to perform their assigned tasks. This role

cleansing process come into effect gently, gradually and with minimal

disruption to the Companies business divsions.

AUTOMATED EXPIRYOF

REDUNDANTROLES

Fusion IdMExcellence Securely Delivered

ContactRai Chadee (rai@fusionidm.com)

Fusion IdM Limited88-90 Hatton Garden, London,

EC1N 8PN, UK

T: +44 (0)207 993 6392 | M: +44 (0)7730 869 724