<Insert Picture Here>

Oracle Identity Management Solutions

Overview
Vinson Tan
IDM Sales Consulting
September 2010
Oracle Identity Management
Solutions
IDM Framework
Applications
Web Services
Authentication Authorization
! !
Access Check
Password
Rules
Roles
Users
One Time
Password
ID Lifecycle
Management
Account
Provisioning &
Reconciliation
Access Policy
Role Resolution &
Assignment
Role Mgmt
Databases
Directories
Office
Automation
Fine-Grained
Access Control Smart Card
Fraud
Detection
Application
Password
Management
Self Service
Delegated Admin
Federated
Services
Risk
Models
Access Risk Management
High Performance
LDAP
ID Store
Virtualization
Encryption and Masking
Privileged User Controls
Multi-Factor Authorization
Activity Monitoring and Audit
Secure Configuration
Identity Management
Database Security
Oracle Security Inside Out
User Provisioning
4
Oracle Confidential
4
Information Rights Management
Databases
Applications
Content
Infrastructure
User Provisioning
Role Management
Entitlements Management
Risk-Based Access Control
Virtual Directories
Document-level access control
All copies, regardless of location
(even beyond the firewall)
Auditing and revocation
Information
Oracle Identity Management
Most Comprehensive, Integrated
Access Management Identity Administration Directory Services
Access Manager
Adaptive Access Manager
Enterprise Single Sign-On
Identity Federation
Entitlements Server
Identity Manager
Internet Directory
Virtual Directory
Directory Server
Enterprise Edition
Audit & Compliance
Identity Analytics
Enterprise Manager
Operational Manageability
Oracle Platform Security Services
Oracle IdM Suite 11g Architecture
Identity &
Access
OAM
OAAM
OIF
OES
Enterprise Apps
OIM
ORM
OWSM
OAS4OS
Identity
Services
(Standards Based)
Authentication
Authorization
Federation
Trust
Identity Admin
Provisioning
Role Mgmt.
Policy Mgmt.
Enterprise
Oracle LOB
/ Fusion
ISV
OID
OVD
6
Persistence
(Standards Based)
LDAP
(OID)
DB File
Technology
(FMW & IdM)
Virtualization
(OVD)
Orchestration
(BPEL PM)
Deploy &
Install
User
Interface
Access
Management
Product
Portfolio
Platform Security
For Java
User
Administration
Core
Infrastructure
Common Audit
Framework
Access Identity
Shared Services
Audit Risk
IDENTITY ADMINISTRATION
Oracle Identity Administration
User Self Service & Delegated Administration
Oracle Identity Manager
Password Management
Organization Administration
Role Administration & Lifecycle Management
Request Management for Registration, Roles, Accounts & Entitlements
User Provisioning for Roles, Accounts & Entitlements
Provisioning & Reconciliation Connector Framework
Applications Integration & Connectors
Identity Lifecycle Mgmt
Policy based Provisioning
Provisioned
Applications
Identity
New
Contractor
Approval Self
Registration
Role Mgmt
New
Employee
HRMS
Revoked
Applications
Reconciliation
Engine
Identity
Store
Access
Policy
Workflow Connector
User
Group
Role Mgmt
SAP
HRMS
Role Based User Provisioning
GRANT
REVOKE
GRANT
REVOKE
GRANT
REVOKE
Oracle Identity Manager
Automate Roles Based Provisioning / Deprovisioning
Identify orphaned accounts
Report on Who has access to what
Self-service requests
HR System Approval
Workflows
Employee
Joins / Departs
Applications
SoD Compliant Provisioning
Preventative Simulation
Conflict
Analysis
SoD Policy
Simulation
SoD Validation Request
OIA
Applications SoD Engine
OIM
Identity Administration
Resource
Approval
Workflow
Resource
1
2
Analysis Simulation
SoD Validation Response
Resource
Provisioning
Workflow
2
3
Provision SoD
compliant entitlement
assignments
Automated De-Provisioning
Identity
Store
Identity Lifecycle Management
Manual Task Revoked
Cell Phone
Store
Reconciliation
Engine
Terminated
Employee
HRMS
Revoked
Applications
Connector Provisioning
Workflow
Self Service and Delegated Admin
Delegated Admin Self-Service
Self Service Account Requests
Delegated Administration
Password Reset and Profile Management
Manager assigning proxy user User doing password reset
Extranet Provisioning
Internet
Delegated admin
Password reset
Customers
Partners
Suppliers
SSO/LDAP
CRM/Billing
User
Organization
Millions of users and hundreds of organizations but simpler
provisioning policies
User/company registration, account and password management
Multi-tier delegated administration and compliance reporting
Self registration Social Networking
User
Available Out-of-The-Box Connectors
Database Servers Directory Servers
Enterprise Applications Enterprise Messaging
Operating Systems Security Management
Help Desk
RACF
ACF2
TopSecret
ACCESS MANAGEMENT
16
Oracle Access Management
Comprehensive security for
applications, data, documents
and web services
End-to-end authentication,
single sign-on, and fine
grained application protection grained application protection
Innovative anomaly detection,
transaction security, and
multi-factor authentication
Extensive 3
rd
party
integrations
17 Copyright 2010, Oracle. All rights reserved
Oracle Access Management Suite Plus
Entitlements Server Adaptive Access Manager
Entitlements Management
Fine Grained Authorization
Risk-based Authentication
Real-time Fraud Prevention
Information Rights Mgt.
Security Beyond Firewalls
Auditing and Revocation
Access Manager/ ESSO
Web Access Control
Single Sign-On
Identity Federation
Partner SSO & Identity Federation
Fedlet SP integration
OpenSSO STS
Security Token Management
Identity Propagation
Oracle Confidential For Internal Use Only
Access Management
11g Architecture
Authentication
& SSO
Identity
Federation
Security Token
Service
Fraud
Prevention
Authorization
& Entitlements
Shared Services for Access (SSA)
Token
Processing
Session
Management
Trust
Management
Password
Policy
Password
Reset
Delegated
Admin
Shared Services for Identity (SSI)
AuthN Identity AuthZ Credential
Common
Key Store SSL
Oracle WebLogic Server
Oracle Platform Security Services
AuthN
Services
Identity
Services
AuthZ
Services
Credential
Store
Common
Audit
Framework
Key Store
Services
SSL
Configuration
Domain Management
Deployment
Management
Post Install
Configuration
19 Confidential & Proprietary. Internal Only Copyright 2010, Oracle. All rights reserved
Enable Single Sign-On
Oracle Access Manager
Oracle Enterprise Single Sign-On
Desktop Login
Extranet & Intranet SSO Extranet & Intranet SSO
Oracle Access
Manager / Oracle
Enterprise Single
Sign-On
Custom Applications
Portals
Stronger Stronger Authentication Authentication
Audit User Access Audit User Access
Extranet & Intranet SSO Extranet & Intranet SSO
Corporate Directory
Employees
Custom Applications
Business Applications
Oracle ESSO Suite
OAM Architecture
Identity Federation (OIF)
Identity Provider
Establish
Identity
Filter
attributes
Service Provider
Map
Attributes
Link
Identities
Pass Identity
Flexible integration framework
Lightweight SP integration via Fedlet
Support for industry standards, SAML, WS-Federation
Enterprise-ready operational management and monitoring
Assert
Identity
Maintain
session
Pass Identity
Attributes to Apps
23 Copyright 2010, Oracle. All rights reserved
Identity Providers and Service
Providers
Domain B trusts Domain A
Domain A acts in an Identity Provider role
Domain B acts in a Service Provider role
Use Case: Account Mapping
The user has accounts with both federation partners and theres a common
element available for mapping
ECM
Email
File systems
Intranet/
extranet
Databases
Oracle IRM Server
Customer
Supplier
Oracle Information Rights Management
Securing all copies of your sensitive information
Enterprise perimeters
Oracle IRM Server
Partner
Everywhere IRM-encrypted content is stored, transmitted or used
NO ACCESS FOR UNAUTHORIZED USERS
Transparent, revocable access for authorized users
Centralized policy and auditing for widely distributed content
Content security beyond the database, application and firewall
Oracle Entitlements Server
Oracle Entitlements Server
Oracle Entitlements Server (OES) is a Fine-Grained
Entitlements Management Solution that provides centralized
policy management and distributed, runtime policy enforcement
for applications and SOA
Oracle Confidential For Internal Use Only
Custom Apps
Access
Check
Services
Packaged Apps
Databases
Entitlement Data
Identity
Directories
Request
Grant
Deny
Users
Fraud Prevention (OAAM)
Fraud Prevention
Secure
Login
Challenge
Model Risk
Evaluate
transactions
Analysis and
Forensics
Detect
Anomalies
Strengthened authentication
Real-time anomaly detection
Preventative actions
Reporting and forensics
Challenge
or Block
28 Copyright 2010, Oracle. All rights reserved
OAAM Risk Analytics
User Profile
Device Fingerprint
IP Geolocation IP Geolocation
Application &
Contextual Data
Web Services Security & STS (OWSM)
Authorization
Authentication
Valid Web
Service?
Issue, renew,
validate Credentials
Authorize /
Enforce
Access
Evaluate
Policies
Re-route
service
Trust Authority /
Comprehensive enterprise security and token services
Shared security services authN, authZ, tokens
Support for industry standards, XACML, SOAP
Centralized policy management
Authorize /
Deny
Access
Trust Authority /
Token Service
30 Copyright 2010, Oracle. All rights reserved
DIRECTORY SERVICES
31
Directory Services
Combined Oracle-Sun Solution
Oracle Virtual Directory
Real-time consolidation of
disparate identity stores
Oracle Internet Directory
Oracle Directory Server EE
(previously Sun Directory Server EE)
High Performance Directory
with native LDAP store
Ideally suited for
heterogeneous environments
High Performance Directory,
built on Oracle Database
Ideally suited for Oracle
applications and environments
Centralized Identity Data
Virtualize LDAP, DB, Web Virtualize LDAP, DB, Web
Service ID Sources Service ID Sources
Single LDAP View Single LDAP View
INTERNAL
USERS AND ATTRIBUTES
EXTERNAL
USERS AND ATTRIBUTES
HR Apps Directories
Custom Applications
Portals
LDAP LDAP
Multiple DBMS
Virtually Consolidate Virtually Consolidate
firstThen Retire ID Stores firstThen Retire ID Stores
Rapidly Expose Identity Rapidly Expose Identity
Data to Applications Data to Applications
Service ID Sources Service ID Sources
MERGERS AND
ACQUISITIONS
USERS AND ATTRIBUTES
Mainframe
Custom Applications
Business Applications
Directory Services
Manager
Web Services Directories
Customer References
Most ASEAN Telecom runs
Oracle Identity Management
Local Customers
Bank Mandiri
Year : 2007
Target System : 7
User Count : 18.000
IDM Products : OIM
Indosat
Year : 2007
Target System : 23
XL Axiata
Year : 2008
Target System : 47
User Count : 8800
IDM Products : OIM
User Count : 8000
IDM Products : OIM,OAM, ESSO, OVD/OID
Local Customers
Telkomsel
Year : 2009
Target System : 33
User Count : 12.000
IDM Products : OIM, OAM, OVD/OID
BUSINESS CHALLENGE
Implement an identity management solution to
minimize the risk arising from unauthorized
system access
Demonstrate compliance with Sarbanes-Oxley
legislation by ensuring clear audit trails for all
transactions
ORACLE SOLUTION
Oracle Identity Manager
Oracle Access Manager
Oracle Enterprise Manager
Oracle Enterprise Single Sign-on
Oracle Internet Directory
Case Study Indosat
SSO & Unified, Automated Identity & Access management
PT Indosat tbk provides fixed and wireless voice, data, and internet services. The company is Indonesias
second-largest telecommunications provider with around 32 million subscribers.
Integrated identity management solution with 55 business and telecommunications applications, including
billing, enterprise resource planning, human resources, customer relationship management, and telco
management products
Enabled fulfilling up to 2,000 requests for user names and passwords a day
Eased IT workload, with two staff members overseeing the identity management process for 6,000 users
Fulfilled Sarbanes-Oxley requirements and enhanced IT security control by establishing clear audit trails and
enabling the production of accurate compliance reports
transactions
Improve IT security operations control
Support new business opportunities such as
mobile banking
RESULTS
Applications
Provision & Access Accounts Enterprise-
Wide
Portals
Suppliers
HR & Biz
Applications
Identity
LIfecycle
Office Automation
Physical Items
Access &
Control
Databases & OS/Legacy
Customers
Employees
Other
Sources Flat
Files Databases
Directories
Q & A