Oracle IDM Overview
Transcript of Oracle IDM Overview
-
8/10/2019 Oracle IDM Overview
1/40
Oracle Identity Management SolutionsOverviewVinson Tan
IDM Sales ConsultingSeptember 2010
-
8/10/2019 Oracle IDM Overview
2/40
Oracle Identity ManagementSolutions
-
8/10/2019 Oracle IDM Overview
3/40
IDM Framework
Applications
Web Services
Authentication Authorization
!!Access Check
Password
Rules
Roles
Users
One Time
Password
ID Lifecycle
ManagementAccountProvisioning &
Reconciliation
Access Policy
Role Resolution &
Assignment
Role Mgmt
Databases
Directories
Office
Automation
Fine-GrainedAccess ControlSmart Card
Fraud
Detection
Application
PasswordManagement
Self Service
Delegated Admin
Federated
Services RiskModels
Access Risk Management
High Performance
LDAP
ID Store
Virtualization
-
8/10/2019 Oracle IDM Overview
4/40
Encryption and Masking
Privileged User Controls
Multi-Factor Authorization Activity Monitoring and Audit
Secure Configuration
Identity Management
Database Security
Oracle Security Inside Out
4Oracle Confidential
4
Information Rights ManagementDatabases
Applications
Content
Infrastructure
Role Management
Entitlements Management
Risk-Based Access Control
Virtual Directories
Document-level access control
All copies, regardless of location(even beyond the firewall)
Auditing and revocation
Information
-
8/10/2019 Oracle IDM Overview
5/40
Oracle Identity Management
Most Comprehensive, Integrated
Access ManagementIdentity Administration Directory Services
Access Manager
Adaptive Access ManagerEnterprise Single Sign-On
Identity Federation
Entitlements Server
Identity Manager Internet Directory
Virtual Directory
Directory ServerEnterprise Edition
Audit & Compliance
Identity Analytics
Enterprise Manager
Operational Manageability
Oracle Platform Security Services
-
8/10/2019 Oracle IDM Overview
6/40
Oracle IdM Suite 11g Architecture
Identity &Access
OAMOAAM
OIFOES
Enterprise AppsOIMORM
OWSMOAS4OS
Identity
Services(Standards Based)
Authentication
Authorization
Federation
Trust
Identity Admin
Provisioning
Role Mgmt.
Policy Mgmt.
EnterpriseOracle LOB/ Fusion
ISV
OIDOVD
6
Persistence(Standards Based)
LDAP(OID)
DB File
Technology
(FMW & IdM)
Virtualization
(OVD)
Orchestration
(BPEL PM)
Deploy &
Install
User
Interface
ManagementProductPortfolio
Platform SecurityFor Java
UserAdministration
CoreInfrastructure
Common AuditFramework
Access IdentityShared Services Audit Risk
-
8/10/2019 Oracle IDM Overview
7/40
IDENTITY ADMINISTRATION
-
8/10/2019 Oracle IDM Overview
8/40
-
8/10/2019 Oracle IDM Overview
9/40
Identity Lifecycle Mgmt
Policy based Provisioning
Provisioned
ApplicationsNewContractor
ApprovalSelfRegistration
Role Mgmt
NewEmployee
HRMS
RevokedApplications
ReconciliationEngine
en y
Store AccessPolicy
Workflow ConnectorUserGroup
Role Mgmt
SAPHRMS
-
8/10/2019 Oracle IDM Overview
10/40
Role Based User Provisioning
GRANT
REVOKE
GRANTREVOKE
GRANT
REVOKE
Oracle Identity Manager
Automate Roles Based Provisioning / Deprovisioning
Identify orphaned accounts
Report on Who has access to what Self-service requests
HR System ApprovalWorkflowsEmployeeJoins / Departs Applications
-
8/10/2019 Oracle IDM Overview
11/40
SoD Compliant ProvisioningPreventative Simulation
ConflictAnal sis
SoD PolicySimulation
SoD Validation Request
OIAApplications SoD Engine
OIMIdentity Administration
Resource
ApprovalWorkflow
Resource
1
SoD Validation Response
ProvisioningWorkflow
3
Provision SoDcompliant entitlementassignments
-
8/10/2019 Oracle IDM Overview
12/40
Automated De-Provisioning
Identity
Identity Lifecycle Management
Manual Task Revoked
Cell Phone
ReconciliationEngine
TerminatedEmployee
HRMS
RevokedApplications
ConnectorProvisioningWorkflow
-
8/10/2019 Oracle IDM Overview
13/40
Self Service and Delegated Admin
Delegated Admin Self-Service
Self Service Account Requests
Delegated Administration
Password Reset and Profile Management
Manager assigning proxy user User doing password reset
-
8/10/2019 Oracle IDM Overview
14/40
-
8/10/2019 Oracle IDM Overview
15/40
Available Out-of-The-Box Connectors
Database Servers Directory Servers
Enterprise Applications Enterprise Messaging
Operating Systems Security Management
Help Desk
RACFACF2
TopSecret
-
8/10/2019 Oracle IDM Overview
16/40
ACCESS MANAGEMENT
16
-
8/10/2019 Oracle IDM Overview
17/40
Oracle Access Management
Comprehensive security forapplications, data, documents
and web services
End-to-end authentication,single sign-on, and fine
Innovative anomaly detection,transaction security, and
multi-factor authentication
Extensive 3rd party
integrations
17 Copyright 2010, Oracle. All rights reserved
-
8/10/2019 Oracle IDM Overview
18/40
Oracle Access Management Suite Plus
Entitlements Server Adaptive Access Manager
Entitlements Management
Fine Grained Authorization
Risk-based Authentication
Real-time Fraud Prevention
Information Rights Mgt.
Security Beyond Firewalls
Auditing and Revocation
Access Manager/ ESSO
Web Access Control
Single Sign-On
Identity Federation
Partner SSO & Identity Federation
Fedlet SP integration
OpenSSO STS
Security Token Management
Identity Propagation
Oracle Confidential For Internal Use Only
-
8/10/2019 Oracle IDM Overview
19/40
Access Management11g Architecture
Authentication& SSO
IdentityFederation
Security TokenService
FraudPrevention
Authorization& Entitlements
Shared Services for Access (SSA)
TokenProcessing SessionManagement TrustManagement PasswordPolicy PasswordReset DelegatedAdmin
Shared Services for Identity (SSI)
Common
Oracle WebLogic Server
Oracle Platform Security Services
AuthNServices
IdentityServices
AuthZServices
CredentialStore
Audit
Framework
Key StoreServices
SSLConfiguration
Domain ManagementDeployment
Management
Post Install
Configuration
19 Confidential & Proprietary. Internal Only Copyright 2010, Oracle. All rights reserved
-
8/10/2019 Oracle IDM Overview
20/40
Enable Single Sign-OnOracle Access ManagerOracle Enterprise Single Sign-On
Desktop Login
Extranet & Intranet SSOExtranet & Intranet SSO
Oracle Access
Manager / OracleEnterprise Single
Sign-On
Portals
StrongerStronger AuthenticationAuthentication
Audit User AccessAudit User Access
Corporate Directory
Employees
us om pp ca ons
Business Applications
-
8/10/2019 Oracle IDM Overview
21/40
Oracle ESSO Suite
-
8/10/2019 Oracle IDM Overview
22/40
OAM Architecture
-
8/10/2019 Oracle IDM Overview
23/40
Identity Federation (OIF)
Identity Provider
EstablishIdentity
Filterattributes
Service Provider
MapAttributes
LinkIdentities
Flexible integration framework
Lightweight SP integration via Fedlet
Support for industry standards, SAML, WS-Federation
Enterprise-ready operational management and monitoring
Assert
Identity
Maintain
session
ass en y
Attributes to Apps
23 Copyright 2010, Oracle. All rights reserved
-
8/10/2019 Oracle IDM Overview
24/40
Identity Providers and Service
Providers
Domain B trusts Domain A
Domain A acts in an Identity Provider role
Domain B acts in a Service Provider role
-
8/10/2019 Oracle IDM Overview
25/40
Use Case: Account Mapping
The user has accounts with both federation partners and theres a commonelement available for mapping
-
8/10/2019 Oracle IDM Overview
26/40
ECM
Email
File systems
Intranet/extranetDatabases
CustomerSupplier
Oracle Information Rights Management
Securing all copies of your sensitive informationEnterprise perimeters
rac e erverPartner
Everywhere IRM-encrypted content is stored, transmitted or used
NO ACCESS FOR UNAUTHORIZED USERS Transparent, revocable access for authorized users
Centralized policy and auditing for widely distributed content
Content security beyond the database, application and firewall
-
8/10/2019 Oracle IDM Overview
27/40
Oracle Entitlements Server
Oracle Entitlements Server
Oracle Entitlements Server (OES) is a Fine-Grained
Entitlements Management Solution that provides centralizedpolicy managementand distributed, runtime policy enforcement
for applications and SOA
Oracle Confidential For Internal Use Only
Custom Apps
Access
Check
Services
Packaged Apps
DatabasesEntitlement Data
Identity
Directories
Request
Grant
Deny
Users
-
8/10/2019 Oracle IDM Overview
28/40
Fraud Prevention (OAAM)
Fraud PreventionSecureLogin
Model Risk
Evaluatetransactions
Analysis andForensics
DetectAnomalies
Strengthened authentication
Real-time anomaly detection
Preventative actions
Reporting and forensics
a enge
or Block
28 Copyright 2010, Oracle. All rights reserved
-
8/10/2019 Oracle IDM Overview
29/40
OAAM Risk Analytics
User Profile
Device Fingerprint
eo oca on
Application &
Contextual Data
-
8/10/2019 Oracle IDM Overview
30/40
Web Services Security & STS (OWSM)
AuthorizationAuthentication
Valid WebService?
Issue, renew,validate Credentials
EnforceAccess
EvaluatePolicies
Re-routeservice
Comprehensive enterprise security and token services
Shared security services authN, authZ, tokens
Support for industry standards, XACML, SOAP
Centralized policy management
Deny
Access
Token Service
30 Copyright 2010, Oracle. All rights reserved
-
8/10/2019 Oracle IDM Overview
31/40
DIRECTORY SERVICES
31
-
8/10/2019 Oracle IDM Overview
32/40
Directory Services
Combined Oracle-Sun Solution
Oracle Virtual Directory Real-time consolidation of
disparate identity stores
Oracle Internet DirectoryOracle Directory Server EE(previously Sun Directory Server EE)
High Performance Directorywith native LDAP store
Ideally suited forheterogeneous environments
High Performance Directory,built on Oracle Database
Ideally suited for Oracleapplications and environments
-
8/10/2019 Oracle IDM Overview
33/40
Centralized Identity Data
Virtualize LDAP, DB, WebVirtualize LDAP, DB, Web
Single LDAP ViewSingle LDAP View
INTERNAL
USERS AND ATTRIBUTES
EXTERNAL
USERS AND ATTRIBUTES
HR Apps Directories
Custom A lications
Portals
LDAPLDAP
Multiple DBMS
Virtually ConsolidateVirtually Consolidate
firstThen Retire ID StoresfirstThen Retire ID Stores
Rapidly Expose IdentityRapidly Expose IdentityData to ApplicationsData to Applications
MERGERS AND
ACQUISITIONS
USERS AND ATTRIBUTES
Mainframe
Business Applications
Directory ServicesManager
Web Services Directories
-
8/10/2019 Oracle IDM Overview
34/40
Customer References
-
8/10/2019 Oracle IDM Overview
35/40
Most ASEAN Telecom runsOracle Identity Management
-
8/10/2019 Oracle IDM Overview
36/40
Local Customers
Bank MandiriYear : 2007Target System : 7User Count : 18.000IDM Products : OIM
IndosatYear : 2007Target System : 23
XL AxiataYear : 2008
Target System : 47User Count : 8800IDM Products : OIM
User Count : 8000
IDM Products : OIM,OAM, ESSO, OVD/OID
-
8/10/2019 Oracle IDM Overview
37/40
-
8/10/2019 Oracle IDM Overview
38/40
BUSINESS CHALLENGE
Implement an identity management solution tominimize the risk arising from unauthorized
system access
Demonstrate compliance with Sarbanes-Oxley
legislation by ensuring clear audit trails for all
transactions
ORACLE SOLUTION
Oracle Identity Manager Oracle Access Manager
Oracle Enterprise Manager
Oracle Enterprise Single Sign-on
Oracle Internet Directory
Case Study IndosatSSO & Unified, Automated Identity & Access managementPT Indosat tbk provides fixed and wireless voice, data, and internet services. The company is Indonesiassecond-largest telecommunications provider with around 32 million subscribers.
Integrated identity management solution with 55 business and telecommunications applications, including
billing, enterprise resource planning, human resources, customer relationship management, and telco
management products
Enabled fulfilling up to 2,000 requests for user names and passwords a day
Eased IT workload, with two staff members overseeing the identity management process for 6,000 users
Fulfilled Sarbanes-Oxley requirements and enhanced IT security control by establishing clear audit trails and
enabling the production of accurate compliance reports
Improve IT security operations control
Support new business opportunities such asmobile banking
RESULTS
P i i & A A t E t i
-
8/10/2019 Oracle IDM Overview
39/40
Applications
Provision & Access Accounts Enterprise-
WidePortals
Suppliers HR & Biz
Applications
Identity
LIfecycle
Office Automation
Physical Items
Access &
Control
Databases & OS/LegacyCustomers
Employees
Other
Sources FlatFiles DatabasesDirectories
-
8/10/2019 Oracle IDM Overview
40/40
Q & A