<Insert Picture Here>

Oracle Identity And Access Management

The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remain at the sole discretion of Oracle.
 <Insert Picture Here>

Problem Statements
 More regulations than ever…

• Federal, state, local, industry…adding more

mandates every year!
• Need to meet AND demonstrate
compliance
• Compliance costs are unsustainable

?
Report and audit

90% Companies behind in compliance

Source: IT Policy Compliance Group, 2007.

Higher Costs Than Ever…

• User Management Costs

• User Productivity Costs
• Compliance & Remediation
Costs
• Security Breach Remediation
Costs $
It Adds Up
 5 Questions
to ask your Chief
Information Security Officer
Q: How do you control access to
your sensitive applications?

a – Usernames and passwords

b – Contextual authentication
authorization
c – Hardware token
Q: What determines your
employee’s access?

a – Give Alice whatever Wally has

b – Base on her business roles
c – Whatever her manager says
Q: Who is the most privileged user
in your enterprise?

a – Security administrator
b – CFO
c – The 3-peat summer intern who is now
working for your competitor
Q: How secure is your
identity data?

a – It is in 18 different secured stores

b – We protect the admin passwords
c – Privacy? We don’t hold credit card
numbers
Q: How much are manual
compliance controls costing
your organization?
a – Nothing, no new headcount
b – Don’t ask
c – Don’t know
 Enterprise Applications Today

Customers & Partners

• Mix of custom, legacy &
Admins Business Users packaged applications

• Silo’ed and disjointed security

• Numerous identity stores and

policy administration points

• Too many users with

privileged access

• Highly evolving and regulated

business environment
Next Generation Security Challenges

Auditors & Regulators Identity Thieves

Rogue Employees Privileged Users

Next Generation Security Solutions

ce
na n t i on
r en
ove re v
ty G P
nti r aud
I d e F
Auditors & Regulators Identity Thieves

ent i ty
em cur
na g Se
M a t er
e nt - Ce n
l e m t a
En
ti t Da
Rogue Employees Privileged Users
 Identity Governance

• Attestation of user access is a manual process

• User access does not match their jobs

• Segregation of duties policies not enforced

 Identity Theft & External Fraud

• Enterprise brand often used in phishing attacks

• Stolen identity and credit cards used to pay for on-line

purchases

• Consumers hesitate to embrace on-line self service

due to fear of identity theft
 Data Privacy & Internal Fraud

• No fine grained control of data visibility and

transaction level access

• Inappropriate or fraudulent use of enterprise IT assets

and information services

• Difficult to prove compliance with data privacy and

consumer rights regulations
 Data Center Security

• Administration of users in hundreds of DB is not

scalable

• DBA can see all data, violating data privacy mandates

• Integration of identity infrastructure takes 12 months

or longer after an acquisition
 <Insert Picture Here>

Value Propositions
Business Requirements for IT Security

Managing Increasing Sustaining

Business Value
Security & Risk Compliance

20
 Oracle Identity Management
Four C’s of Success

Cost Savings Compliance Client Cross-Channel

Experience Security

• Prevents losses • Cost-effective • Improves and • End to end

from fraud and future-proof streamlines user capabilities from a
• Provides low cost • HIPAA, SOX, experience single suite
Secondary AuthN FFIEC, PCI • Simplifies • Protects
• Reduces help compliance application applications
development and across multiple
desk calls
deployment channels

21 Copyright © 2009, Oracle. All rights reserved

How Can Identity Management Help?
Establish Enterprise Identity & Roles

• Consolidate or virtualize multiple,

complex identity environments to a single
enterprise identity source
X
? !
• Automate linkage of employee records
with user accounts

• Establish enterprise roles for automation,

compliance and business continuity

• Eliminate rogue and orphaned accounts

How Can Identity Management Help?
Enforce Strong And Granular Security Policies

• Enforce strong password policies via

synchronization or single sign-on (SSO)

• Implement strong authentication and risk

based authorization for critical apps and
web services

• Enforce minimal access rights based on

roles, attributes, and requests

• Leverage federation technologies for

cross-domain SSO
How Can Identity Management Help?
Automate Security Related Processes

• Reduce administration cost and improve

service level with delegated
administration & self-service

• Implement scalable and dynamic

approval workflows leveraging dynamic
enterprise role and organization data

• Automate detection of fraudulent activities

based on policies

• Role and attribute driven provisioning of

applications with exact access levels
How Can Identity Management Help?
Define Audit And Control Framework

• Implement automated attestation for

entitlements, roles, policies, workflows….

• Implement exception driven process

automation

• Implement segregation of duties around

roles and entitlements

• Implement automations and controls for

management of privileged users
How Can Identity Management Help?
Deploy A Scalable Integration Architecture

• Define an enterprise-wide integration

standard

• Leverage all integrations through a single

interface / application

• Heavily leverage open standards to protect

IT investments

• Maximize out-of-the-box integrations

across technology stacks: applications,
middleware, database and operating
systems
 How Can Identity Management Help?
Security And Control For Enterprise Applications

Procure-To-Pay Process
• Automate user management, manage
Financials
entitlements, enforce segregation of duties
Issue
Payment • Link HR employee data to user accounts

• Integrate application to enterprise

directories and portals
Accept
Issue PO
Shipment
• Enforce appropriate and granular level of
access control based on application and
data being accessed
ERP SCM
 How Can Identity Management Help?
Manageability and Security For Databases

• Externalize and centralize authentication

and authorization of database users with
optional strong authentication

• Centrally manage database users and

database roles
DBA

DBA • Implement strong control over DBA access

DBA
• Automate security management of shared
accounts
How Can Identity Management Help?
Compliance & Fraud Mgmt. For Financial Services

• Manage Who has access to What, When,

How and Why for SOX, FFIEC, GLBA and
PCI compliance

• Automate termination and job transfer

processes for tight security

• Detect and remediate fraudulent activities

against both outside and inside threats

• Enforce segregation of duties and Chinese

Wall regulatory mandates
How Can Identity Management Help?
Scalable Security And Administration For Retail

• Manage scalable lifecycle management for

a highly dynamic and seasonal workforce

• Improve access security for shared

terminals such as POS and warehouse
terminals

• Enforce segregation of duties across

heterogeneous systems such as receiving
and payment

• Enable federated access for supply chain

partners
How Can Identity Management Help?
Guarantee Patient Privacy For Healthcare

• Deploy secured storage and control

processes to guard patient’s data privacy

• Deploy audit and control mechanisms to

ensure cost effective compliance to HIPAA

• Implement access control to ensure the

security of shared workstations for single
sign-on and sign-off

• Enable self-service and automated

application provisioning for mobile
healthcare workers
How Can Identity Management Help?
Enable Service Delivery For Local Government
• Provide secured access for residents to
government services via strong auth’n, risk
based auth’z & safeguarding of identity data

• Enable cost efficient compliance for HIPAA,

PCI, …etc.

• Streamline management of large & distributed

user base via self-service & delegated admin.

• Simplify identity & security integration across

dispersed agencies, districts and departments
 <Insert Picture Here>

Oracle and Enterprise

Security
 Oracle Security Inside Out
Database Security

• Encryption and Masking

• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration

Identity Management
• User Provisioning
• Role Management
Information
• Entitlements Management
• Risk-Based Access Control
Infrastructure • Virtual Directories

Databases
Information Rights Management
Applications
• Document-level access control
Content
• All copies, regardless of location
(even beyond the firewall)
• Auditing and revocation

34
Oracle Confidential
34
 Information Centric Security Solutions
Content

INFORMATION
RIGHTS Centralized Document Revocation (Digital Document Activity
Access Control Shredding) Monitoring and Audit
MANAGEMENT

Applications

IDENTITY
AND ACCESS Identity Access
Administration Directory Services Management
MANAGEMENT

DATABASE Activity Monitoring Access Control and Encryption and

SECURITY Authorization Data Masking

Databases
 <Insert Picture Here>

Oracle and Identity

Management
 Oracle Identity Management
Commitment to Leadership & Innovation
Acquisition of Sun
OIA, DSEE
Acquisition of BEA
OES
Innovate Acquisition of Bharosa
OAAM
Acquisition of Bridgestream
ORM
Identity Governance Framework

Market Leader in Forrester’s IAM Wave

Oracle IdM Eco-system
Oracle eSSO
Lead Leader in Gartner’s UP & WAM Magic Quadrant
Oracle Identity and Access Management Suite
Identity Audit and Compliance offering
Acquisition of OctetString
OVD
Acquisition of Thor
OIM
Build Acquisition of Oblix
OAM, OIF & OWSM
Acquisition of Phaos
Federation and WS technologies
Oracle Internet Directory

1999 2005 2006 2007 2009 2010

 Oracle IdM Key Success Factors

• Acquire best-of-breed products and talents

• Phaos, Oblix, Thor, OctetString, Bharosa, Bridgestream
• Each company had strong technical and management talents
• Integrate BEA and Sun
• Retain and invest
• Still have > 90% retention rate of acquired employees
• Acquired employees hold key mgmt. and technical positions
• Team size grew organically by > 100% post 2005 acquisitions
• Customer focus
• Focus on low TCO architecture
• Focus on customer success
• Focus on long-term customer partnership
 IdM Is Strategic To Oracle

• IdM is key security infrastructure for Fusion

• IdM is a key component of the GRC strategy
• Oracle has invested in 7 acquisitions in IdM since 2005
• Oracle has invested heavily in organic growth
• > 500 developers
• > 25 product managers
• > 80 QA
• > 100 support
 <Insert Picture Here>

Products & Partnerships

 5 variations of the suite solution and product slides
Oracle’s Identity Management Portfolio

Identity Administration Access Management* Directory Services

Access Manager
Adaptive Access Manager Directory Server EE
Identity Manager
Enterprise Single Sign-On Internet Directory
Identity Federation Virtual Directory
Entitlements Server
Identity & Access Governance

Identity Analytics

Platform Security Services

Operational Manageability

Management Pack For Identity Management

*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
 5 variations of the suite solution and product slides
Oracle’s Identity Management Portfolio

Identity Administration Access Management Directory Services

Identity lifecycle Authentication & SSO

Role & Relationship Risk-based Authorization LDAP storage
Management Federation and STS LDAP synchronization
Provisioning & Fine grained entitlements Identity virtualization
Reconciliation OS authentication
Password management Web Services security
Identity & Access Governance

Audit Reporting Analytics Fraud Forensics Attestation SoD

Platform Security Services

Operational Manageability

SLA Performance Configuration Automation Diagnostics Patching

*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
 5 variations of the suite solution and product slides
Oracle’s Identity Management Suite

Identity Admin. Access Management Directory Services

Access Manager
Identity Manager Adaptive Access Manager Internet Directory
Enterprise Single Sign-On
Identity Federation + Fedlet Virtual Directory
Entitlements Server
Web Services Manager Directory Server EE
OpenSSO STS

Identity & Access Governance Manageability

Identity Analytics Enterprise Manager IdM Pack
 5 variations of the suite solution and product slides
Oracle Identity Management

Provisioning & Access Directory

Identity Management Services
Administration

Roles-based User Authentication, SSO & LDAP Storage

Provisioning Fraud Prevention
Virtualized Identity
Password Management Authorization & Access
Entitlements
Self Service Request &
Approval Web Services Security
Information Rights
Management

Identity Analytics Platform Security Services

Reporting Attestation SoD Mining Identity Services for Developers
Oracle Access Management

• Comprehensive security for

applications, data, documents,
web services

• End-to-end authentication,
single sign-on, and fine
grained application protection

• Innovative anomaly detection,

transaction security, and
secondary authentication

• Extensive 3rd party

integrations

45 Copyright © 2009, Oracle. All rights reserved

 Access Management

• Single Platform to Secure Access to Data,

Applications and WebServices

• Centralized Session Management

to deliver stronger security

• Stronger methods of Authentication

including OTP tokens, and KBA

• Enhanced Manageability
• Centralized Server and Agent Administration
• Inline Diagnostics and Troubleshooting

- Confidential - © 2009 Oracle Corporation

46
SSO, Authorization & Entitlements

• Pluggable authentication,
flexible identity assertion

• Centralized, fine grained

policy administration

• Distributed, dynamic access

enforcement

• Compliance auditing
 Oracle Access Manager
Oracle HTTP Server Deployed
Application
Authentication

OAM Webgate agent Local User

Store
End User
Authentication
Decisions WebLogic Server
LDAP
Authentication User
Authentication Flexibility to use other LDAP servers for
Authentication Decisions
Optional with
OAM Oracle Access Manager

User Data User Enterprise

Synchronization User Store

Oracle Internet Directory Directory Integration Enterprise User Store

Platform or Oracle
Identity Manager
Oracle Identity Federation
Applications
Fedlet for
Service partners

IDM infrastructures Oracle Identity

Identity Federation Trade partners
Stores SAML 1.1
Certificate Identity Provider
SAML 2.0
Policy Stores
WS-Fed
configuration discovery
Cert Stores

AuthN & SSO Account Integration

mapping APIs

Portals
Fedlet for
Affiliates
Fraud Prevention

• Real-time anomaly detection

• Automatically learns patterns

• Knowledge-based and one-

time-pin challenges based on
risk

• Centralized policy
administration, dashboards,
investigation/forensics tools
 Authentication & Fraud Prevention
Oracle Adaptive Access Manager
Secure
Login Model Analysis and Detect
Risk Forensics Anomalies

Evaluate
transactions
Challenge
or Block

• Authentication Security
• Real-time Anomaly Detection
• Proactive Fraud Prevention
• Reporting and forensics
Security for Applications

• Consolidated application
security policy

• Enforcement across
application and data tiers

• Fine grained controls enables

fine grained compliance

• Anomaly and risk based

authentication & authorization

52 Copyright © 2009, Oracle. All rights reserved

 Entitlements Management
Before After

App
App
Application

Oracle Access

App
App
Management Suite

App
• Hard-coded security policies • Externalized entitlements
• Brittle policy management • Agile business policies
• Application policy silos • Centralized policy management
 Entitlements Management
Entitlements Administration Authorization Enforcement

Model Define Evaluate Enforce

Resources Policies Policies Access
Distribute
GRANT
Policies
REVOKE
Map Enterprise
Entitlements

Application

• Complete application security

• Fine-grained entitlements
• Granular enforcement & controls
• Risk aware fine-grained authorizations
 Oracle Entitlements Server
OES PDP • Leverage existing
identity stores and
enterprise data for
entitlements decisions
policy App
OES PAP
Audit
policy OES PDP
LDAP

App
policy

• Centralized policy Audit

management, distribution
OES PDP
• Localized policy
decisions and Enterprise Data
enforcement
• Protect any system or App
business component
across heterogeneous
platforms Audit
 Oracle Web Services Manager
Policy Enforcement Points (PEP)

Client-Side Server-Side
Agents Option Agents Option
Gateway Option (Last-Mile Security)

Clients Web Services

J2SE, J2EE, .NET Endpoints (J2EE, .NET)

Policy Management Monitoring

OWSM Server And Admin Console

 Extranet Provisioning

Organization Delegated admin SSO/LDAP

Customers
Partners Internet
Suppliers
Password reset CRM/Billing

User
Self registration Social Networking

• Millions of users and hundreds of organizations but

simpler provisioning policies
• User/company registration, account and password
management
• Multi-tier delegated administration and compliance
reporting
 Centralize Identity Data
Oracle Virtual Directory

Single
View

Identity Data Multiple Identity Data Stores

• Virtual consolidated view of identity silos

• Real-time identity data integration
• Accelerated applications deployment
• Eases pain of directory consolidation
 Scalable, Secured & Agile Infrastructure
DBAs
Enterprise
AD
User
Security

LDAP
Centralized Management of DBAs
Integration with Active Directory
LDAP SoD for Privileged DBA Access
Oracle
Virtual
Directory DB Vault

Finance DBA
HR

App A Finance

CRM
App B
CRM DBA
Identity as a Service

Fusion Apps 3rd Party/Custom Apps Cloud Service Providers

Web Services

Declarative Security Services

Authorization Federation Authentication Audit ID Admin Role Mgmt Directory Svs

Identity Store, Credential Store, and Policy Store Providers

Access Management Identity Administration Directory Services

Oracle’s Comprehensive IdM Solutions
End Users Administrator Info. Sec, Auditor

Strong Authentication Identity Admin Reporting & Analytics

Risk Based Authorization Account Admin Attestation
Federation Organization Admin Segregation of Duties
Self-Service Role Management Fraud Detection
Delegated Admin

Oracle Identity Management & Security Platform

Provisioning LDAP Virtualization Java Platform Security

Reconciliation LDAP Storage Authentication For
Operating Systems
Password Mgmt. LDAP Synchronization
WS Security DB User Security

Business Apps, HR Directories, DB App Server, OS

For More Information

search.oracle.com

Identity management

or
oracle.com