47
21 iulie 2011, Universitatea Politehnica din Bucuresti Identitiy and Access Management - Oracle Solutions Octavian Morariu, Oracle
| Date post: | 27-Mar-2018 |
| Category: |
Documents |
| Upload: | dangkhuong |
| View: | 216 times |
| Download: | 2 times |
21 iulie 2011, Universitatea Politehnica din Bucuresti
Identitiy and Access Management - Oracle Solutions
Octavian Morariu, Oracle
21 iulie 2011, Universitatea Politehnica din Bucuresti
Agenda
● → Overview of Oracle Identity Management Suite
● Oracle Identity Management Solutions/Products
● A closer look inside Oracle Identiy Manger 11g– Concepts – Architecture
● Conclusions
21 iulie 2011, Universitatea Politehnica din Bucuresti
Complete. Open. Integrated.
● Oracle Identity Management 11g Suite enables customers to:
– efficiently comply with regulatory requirements– secure critical applications and sensitive data– lower operational costs
● Is the most complete and best-in-class suite of identity management solutions available
21 iulie 2011, Universitatea Politehnica din Bucuresti
Complete. Open. Integrated.
● With Oracle IdM 11g Suite enterprises can manage the entire user identity life cycle across all enterprise resources—both within and beyond the firewall.
● Oracle IDM 11g Suite is part of Oracle Fusion Middleware 11g. For more details on FMW please see http://www.oracle.com/us/products/middleware/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Service-Oriented Security
● Oracle Identity Management 11g delivers a revolutionary Service-Oriented Security architecture that introduces the industry's first declarative security framework.
● By enabling developers to seamlessly weave security into their applications, companies can reduce time-to-market and improve business efficiency.
21 iulie 2011, Universitatea Politehnica din Bucuresti
Cost Savings and Enhanced Security
● Oracle Identity Management 11g's automated user account provisioning:
– dramatically reduces help desk calls– streamlines compliance audit and reporting– consolidates identity silos– integrates rapidly with enterprise applications
● See this Forrester independent study here:www.oracle.com/us/dm/forresterteistudy-335934.pdf
21 iulie 2011, Universitatea Politehnica din Bucuresti
ORACLE IDENTITY MANAGEMENT SOLUTIONS
● Oracle Access Manager● Oracle Adaptive Access Manager● Oracle Enterprise Single Sign-On Suite● Oracle Identity Federation● Oracle Directory Services Plus● Oracle Entitlements Server
21 iulie 2011, Universitatea Politehnica din Bucuresti
Next ...
● Overview of Oracle Identity Management Suite● → Oracle Identity Management
Solutions/Products● A closer look inside Oracle Identiy Manger 11g
– Concepts – Architecture
● Conclusions
21 iulie 2011, Universitatea Politehnica din Bucuresti
ORACLE IDENTITY MANAGEMENT SOLUTIONS
● Oracle Identity Analytics● Oracle Identity Manager● Oracle Information Rights Management● Oracle Role Manager● Oracle Web Services Manager
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Access Manager
● Centralized Policy Management—Centrally managed security policies propagate in real-time to ensure aligned and consistent security and enforcement
● Security Zone Containment—Single sign-on security zones prevent unauthorized access from spreading to multiple applications
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Access Manager
● Self-Service Password Management—Self-service password creation and reset dramatically reduces help desk costs and increases productivity
● Please see this location for more information on OAM 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-access-manager/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Adaptive Access Manager
● Easy-to-deploy multifactor authentication devices enable strong authentication online and protect against threats such as phishing, trojans, and proxy attacks
● Proactive, real-time fraud prevention triggers real-time alerts and follow-up actions to prevent fraudulent transactions
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Adaptive Access Manager
● Simplified administration interfaces allow organizations to easily create, install and manage security snapshots and effectively delegate administration
● Please see this location for more information on OAAM 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-ada-access-mgr/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Enterprise Single Sign-On Suite
● Oracle Enterprise Single Sign-On Suite provides users with unified sign-on and authentication across all their enterprise resources, including desktops, client-server, custom, and host-based mainframe applications.
● SSO is beeing implemented by hooking into the desktop applications, using specific OS APIs to detect logon windows and inject credentials
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Enterprise Single Sign-On Suite
● Even if users travel or share workstations, they can enjoy the flexibility of a single log-on that eliminates the need for multiple usernames and passwords and helps enforce strong password and authentication policies.
● Please see this location for more information on Oracle eSSO 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-enterprise-sso/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Federation
● Rapid deployment enables identity providers and service providers to connect seamlessly within minutes and deploy with minimal configuration and IT support
● Securely extend business capabilities and create relationships between partners and agencies by connecting users seamlessly and securely
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Federation
● Scalable standards-based interoperable architecture simplifies the integration process between business domains and offers an open architecture for better security, increased compliance and privacy, and lower costs
● Please see this location for more information on Oracle OIF 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-federation/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Directory Services Plus
● Industry-leading scalability and availability provides superior scalability and performance; capable of handling billions of entries
● Innovative directory integration with new deployment accelerators, unified web-based administration and monitoring consoles, end-to-end auditing and enhanced, multi-level system security
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Directory Services Plus
● Lower total cost of operation provides a single point of contact for support, a single license contract, and the backing of the world's largest enterprise software company
● Please see this location for more information on Oracle ODSPlus 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-directory-services/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Entitlements Server
● Highly scalable and distributed architecture ensures real-time authorization for a large number of protected resources
● Integration with a broad category of platforms accelerates deployment and evolution of fine-grained security policies for applications, middleware, and databases
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Entitlements Server
● Support for a wide variety of modern standards ensures customers have more choices, and flexibility for rapid application deployment
● Please see this location for more information on Oracle OES 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-entitlements-server/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Analytics
● Consolidation and correlation of identity data through data warehousing, coupled with a 360-degree view of user access and automated IT controls, enable rapid compliance.
● Actionable dashboards; advanced role mining and analytics; and rich reporting tools improve analytical ability and control enterprise risk.
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Analytics
● Presentation of identity and access data in business-relevant formats offers clarity and sound intelligence to support business decisions.
● Please see this location for more information on Oracle OIA 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-analytics/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Manager
● Comprehensive identity administration supports user administration, accelerates return-on-investment, and improves user productivity
● Universal delegated administration provides for constrained delegated administration and identity control
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Manager
● Request templates improve productivity by supporting persona-based request catalogs in a business-friendly user interface
● Please see this location for more information on Oracle OIM 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-manager/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Information Rights Management
● Superior usability allows you to maintain control over your documents and support an end-user experience that allows you to control, audit, and revoke access to information and track usage even when content is outside your repository or enterprise
● Ease of management helps you keep your users current and automatically expires out-of-date content and redirect users to updated content through scalable application security policies
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Information Rights Management
● The only integrated system that destroys remote content based on business rules to ensure destruction of obsolete content and lower your risk
● Leverage Oracle Identity Management to provide centralized user access and entitlements.
● Please see this location for more information on Oracle OIRM 11g:http://www.oracle.com/us/products/middleware/identity-management/information-rights-mgmt/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Role Manager
● Accurate role-based access control ensures compliance with business policies at all times; expedites audits by reporting on roles versus individual entitlements
● Automated role-based provisioning and access control enforces entitlements in real-time by responding to business events, such as job changes, departures, or new hires
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Role Manager
● Optimized for 24/7 mission critical computing and large shared memory applications
● Automated tools for role mining provide a jump start for identity management deployments
● Please see this location for more information on Oracle ORM 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-role-manager/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Web Services Manager
● Implement security with minimal disruption to existing applications and Web services
● Protect any Web service regardless of the platform on which it resides
● Please see this location for more information on Oracle OWSM 11g:http://www.oracle.com/us/products/middleware/identity-management/oracle-web-services-mgr/overview/index.html
21 iulie 2011, Universitatea Politehnica din Bucuresti
Next ...
● Overview of Oracle Identity Management Suite● Oracle Identity Management Solutions/Products● → A closer look inside Oracle Identiy Manger
11g– Concepts – Architecture
● Conclusions
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Manager Components
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Manager Components
● Provisioning Manager– The Provisioning Manager is where provisioning
transactions are assembled and modified. The Provisioning Manager maintains the "who" and "what" of provisioning. User profiles, access policies, and resources are defined through the Provisioning Manager, as are business process workflows and business rules.
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Manager Components
● Provisioning Server– The Provisioning Server is the run-time engine for Oracle Identity
Manager. It runs the provisioning process transactions as defined through the Design Console and maintained within the Provisioning Manager.
● Adapter Factory– The Adapter Factory builds and maintains the integrations between
Oracle Identity Manager and managed systems and applications. The Adapter Factory is designed to eliminate the need for hard-coding integrations with these systems.
21 iulie 2011, Universitatea Politehnica din Bucuresti
Oracle Identity Manager Components
● Reconciliation Engine– The reconciliation engine ensures consistency
between the provisioning environment of Oracle Identity Manager and Oracle Identity Manager managed resources within the organization. The reconciliation engine discovers illegal accounts created outside Oracle Identity Manager. The reconciliation engine also synchronizes business rules located inside and outside the provisioning system to ensure consistency.
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM System Architecture
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Provisioning Process
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Provisioning Modes – Request based
● Request-based provisioning – A request can be manually created by an
administrator or, in certain cases, by users themselves. Approval workflows are started after a request is submitted and provisioning of the approved account profile is started after the approval is completed.
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Provisioning Modes – Policy based
● Policy-based provisioning– This type of provisioning refers to the automation of target
resources being granted to users through access policies. Access policies are used to define the association between user groups (or roles) and target resources. By default, each member of these user groups gets a predefined account in the target resource. In addition, you can also use Oracle Identity Manager to create approval processes that can be run as part of the policy-based provisioning cycle.
●
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Provisioning Modes – Direct
● Direct provisioning– This type of provisioning is a special
administrator-only function. You can create an account for a particular user on a target system without having to wait for any approval processes.
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Reconciliation Process
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Reconciliation Types
● Two types of reconciliation processes in OIM:– Trusted Source Reconciliation: In a trusted
source reconciliation run, newly created users on the target system are reconciled into Oracle Identity Manager. In other words, the target system acts as the trusted source for information about new users.
– The following slide shows a diagram of the trusted source reconciliation data flow
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Reconciliation – Trusted source
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Reconciliation Types
● Target Resource Reconciliation: – A target resource reconciliation run is aimed at
reconciling into Oracle Identity Manager the creation of or changes to user accounts on a target resource.
– These changes are matched against existing OIM Users and their resources
– The following slide shows a diagram of the target resource reconciliation data flow
21 iulie 2011, Universitatea Politehnica din Bucuresti
OIM Reconciliation – Target resource
21 iulie 2011, Universitatea Politehnica din Bucuresti
Next ...
● Overview of Oracle Identity Management Suite● Oracle Identity Management
Solutions/Products● A closer look inside Oracle Identiy Manger 11g
– Concepts – Architecture
● → Conclusions
21 iulie 2011, Universitatea Politehnica din Bucuresti
Conclusions
● Oracle's comprehensive suite offers the highest return on investments with improved security, lower administrative costs, high scalability, and the backing of an industry leader.
● Tight integration between components means accelerated deployments, simplified management, and increased ROI. Oracle solutions are also hot-pluggable, interoperating with all major systems to ensure enterprise-wide security.
● By automating key processes, this solution reduces audit cycles and dramatically lowers compliance costs.
![Oracle Identity Manager Oracle FLEXCUBE Universal Banking · Oracle Identity Manager Oracle FLEXCUBE Universal Banking Release 11.3.0 [May] [2011] Oracle Part Number E51536-01. ...](https://static.documents.pub/doc/80x56/5f08fc4e7e708231d424ae18/oracle-identity-manager-oracle-flexcube-universal-banking-oracle-identity-manager.jpg)
![[1]Oracle® Fusion Middleware Identity Management …...Oracle Oracle](https://static.documents.pub/doc/80x56/5e91c64b949247251b4a8b31/-1oracle-fusion-middleware-identity-management-oracle-oracle.jpg)
![Oracle Identity Management 11g · Oracle White Paper—Oracle Identity Management 11g “Oracle has established itself as the IAM [Identity and Access Management] market leader due](https://static.documents.pub/doc/80x56/5c68713909d3f25c6a8b75c7/oracle-identity-management-11g-oracle-white-paperoracle-identity-management.jpg)
