Date post: | 15-Jan-2016 |
Category: |
Documents |
Upload: | loreen-bryan |
View: | 221 times |
Download: | 1 times |
Access and Identity Management forEnterprise Portals Rohit GuptaDirector, Identity ManagementProduct ManagementOracle Corporation
Topics
• Introduction – portal identity management issues
• Identity consolidation• Password and identity administration• Centralized authorization and authentication• Automated user identity provisioning• Federated identity support• Summary and conclusions
Oracle Fusion Middleware Application Platform Suite
Develop Orchestrate
Deploy
Secure
Access
Integrate
Manage
Analyze
Oracle Portal Aggregates Customers Web Applications
Any Data Source
Packaged Apps
Page Assembly
Engine
PersonalizationPortal
PortletEngine
Runtime(User, Session,
Management
Wireless &Mobile
Internet / intranetUsers
– Reduce web sites, simplify searches & navigation– Single sign-on security framework, enterprise search– Assemble portals from pre-built “portlets” and Web Services – Personalize portals by user / role
Any Web Site
Identity Management Challenges for Customers
Deploying PortalsProblem Issue for users Issue for
administrators
Lack of centralized user identity management
Too many identities and credentials to manage
Frequent calls to the helpdesk for password resets
Lack of centralized web authorization and authentication service
Multiple log-ins to different applications within the enterprise
Inconsistent application security policies
Manual user provisioning process
Delays in getting needed access to applications
Labor intensive, error prone, and difficult to keep in compliance
Lack of identity federation support
Multiple log-ins to applications hosted outside the enterprise
Managing authorization credentials for outside users
What is Identity Management?Securing your IT assets from within
• Management of digital user identities through their complete lifecycle
• Employee hire -> promotion -> departure • Securing access to applications and information
• Authentication: proving you are who you say you are• Authorization: what you have access to, when, where
• Scalable and available storage of identity information• Profile: roles and attributes about you
Oracle Identity Management
• Access Control• Single Sign-On• Identity Federation• Web Access Control• Web Services Security
• Identity Administration• User, Role Management• User Provisioning
• Identity Infrastructure• Virtual Directory• Directory
Identity Consolidation
Identity Consolidation Overview
• Oracle Portal includes Oracle Internet Directory as a user management repository
• Frequent deployment requirement for integration with• Enterprise directories• Application directories• User repositories
• Oracle Virtual Directory and Directory Integration Platform facilitate portal integration with these environments
Oracle Internet Directory
• Features• Full feature LDAP server with a
RDBMS data-store• Industry leading scalability and
HA capabilities• Strong Oracle Platform integration• VSLDAP certified and EAL4
compliant• Benefits
• Reduced operational cost and improved availability with Oracle Grid support
• Seamless integration with Oracle Applications and Products
Directory Integration Platform
Connectors
External Directories
Sun1(iPlanet)
Active Directory
Oracle HR
Oracle DB
OpenLDAP
eDirectory
OracleInternet
Directory
DirectoryIntegration
Service
Oracle Virtual Directory
• Features• Virtual, real-time LDAP application views of
directories, databases and other user repositories
• Modern Java & Web Services technology
• Virtualization, Proxy, Join & Routing capabilities
• Superior extensibility• Scalable multi-site administration• Direct data access
• Benefits• Rapid application deployment• Tighter controls on identity data• Realtime identity information
access
Directory Deployment Options
Portal/Access Mgmt System
Oracle Internet Directory/DIP
Other Directories
and Repositories
Portal/Access Mgmt System
Oracle Virtual
Directory
Other Directories
and Repositories
-or-
Point of Administration
Points of Administration
Benefits for Portal Deployments
• Extremely scalable, highly-available LDAP directory option for any portal deployment
• Ready integration with enterprise user repositories; rapid deployment in any environment
• Flexibility in how and where user information is administered
Password and Identity Administration
Password and Identity Administration - Overview
• Basic user administration is provided in the Portal environment
• Oracle COREid Identity provides richer enterprise user administration functionality, including• Self-service• Delegated administration• Customized approval workflows
• COREid Identity functionality integrates into Oracle Portal applications, providing a unified look and feel
Oracle COREid Identity
• Features• Web application for user, group, and
organization management• Self Service and Self
Registration functionality• Password Management• Delegated Administration• Unified Workflow
• Benefits• Reduced operational costs through user
self-service• Efficient management of large user
populations
Integrated User Administration
Oracle COREid Identity Server
Web Server
User
WebPass
Web Server
LDAPDirectories
PresentationXML and Portal Inserts allow Portal customers to customize the
look-and-feel of Oracle COREid and seamlessly integrate its functionality
into portal applications.
Benefits for Portal Deployments
• Oracle Identity Management reduces administrative burden and cost• Administer Portal and enterprise users with a single
application• Support multiple levels of delegated administration of
Portal user communities• Self-service ROI by allowing users to perform password
resets, role requests and manage identity information• Automate approval workflows for user access requests
Centralized Authorization and Authentication
Centralized Authorization and Authentication - Overview
• Oracle Single Sign-On addresses authentication for the Oracle application environment
• COREid Access provides authentication and access management for a wide variety of third party application environments
• The two components work together to provide a seamless application experience for users, and a single point of access control for administrators
Oracle COREid Access
• Features• Scalable web access management
solution• Common policy management
across applications• Multi-level, multi-factor
authentication management• Web Services interfaces
• Benefits• Centralized and consistent security
across heterogeneous environments
• Reduced administration cost• Improved end user experience• Better compliance
Single Sign-On to Heterogeneous Applications
OracleASSSO
Oracle COREidAccess
Oracle InternetDirectory
Single Sign-On
VirtualDirectory Server
Sun DirectoryServices
Microsoft ADS
Packaged eBusiness AppsPackaged eBusiness Apps
Static HTML contentStatic HTML content
App ServersApp Servers
Portals Portals
Mainframe Systems Mainframe Systems
Access Server SDK
Other Enterprise Applications
OracleApplications
Benefits for Portal Customers
• Users have single sign-on to all applications accessed through their portal
• Administrators have a single point of control for authentication and authorization
• Oracle access management is pre-integrated with Portal and other Oracle applications and offers out-of-the-box integration with other enterprise applications, portals and application servers
Automated User Identity Provisioning
Automated User Identity Provisioning - Overview
• Provisioning users to an enterprise portal typically involves also provisioning them for a number of applications• Oracle, 3rd party, custom developed• Running on a variety of platforms
• Internal processes for granting/terminating application access can be quite complex
• Handling these in a secure, efficient and compliant way requires automation
• Oracle Xellerate Identity Provisioning integrates with the portal and the backend applications to provide these capabilities
Xellerate Identity Provisioning
• Features• Identity life-cycle management
for the heterogeneous enterprise• Complete workflow for approvals• Connectors for OS’es, DBs, Directories,
Groupware, Apps, etc.• Direct connectivity to HR• Compliance reporting and account
reconciliation• Benefits
• Reduced administration cost• Critical for regulatory compliance• Improved security through
centralized administration
Benefits for Portal Deployments
• Efficient enterprise portal user management• Rapid on-boarding of new users
• Improved application security• No “old” user accounts in the system
• Improved ability to address compliance requirements• No rogue or orphan accounts
Federated Identity Support
Federated Identity Support - Overview
• Portals often have a need to service users across administrative domains• Inter-agency, partners, customers, etc.
• Emerging, web services standards are addressing these requirements• SAML, Liberty
• Oracle COREid Federation provides portal applications the ability to participate as federated identity and service providers
COREid Federation
• Features• Seamless SSO and Identity Sharing
• Multi-protocol gateway – SAML, Liberty, WS-Federation
• Service Provider or Identity Provider• Flexible deployment configurations
• Standalone for use with pre-existing web-access management solution
• Protocol SDK for custom applications• Benefits
• Secure integration with partners• Reduce administration cost• Deliver improved end user experience
Example Federated IdentitySingle Sign-On Scenario
Sign On
Identifier: Principal ABC
Password: XXXX
Employee MedicalBenefits Site
Employee Portal401k Benefits Site
Federated SSO
Federated SSO
Benefits for Portal Deployments
• Portal users can transparently access applications of federation partners (such as travel agencies, employee benefits providers, etc.)
• Applications secured by Oracle Identity Management can be made accessible to partners through federation• No need to manage these users locally• No re-engineering of applications required
Summary and Conclusions
• Enterprise portal deployments raise a number of management and security issues
• Oracle Identity Management enables Portal customers to:• Support single sign-on of portal users to enterprise applications• Provide rich user administration and self-service seamlessly
integrated into the portal environment• Manage enterprise portal and application users centrally• Automatically provision and de-provision enterprise portal users• Allow their portal users to access federated applications• Make their portals available to partner access
AQ&
For more information
Please point your browser to http://www.oracle.com/identity