Oracle Identity and Access
Management Suite
Rafael Torres
Sr. Solutions Architect
[email protected]
Identity Management
Business Value
“Identity management projects are much more
than technology implementations — they drive
real business value by reducing direct costs,
improving operational efficiency and enabling
regulatory compliance.”
Business Challenges
• Trusted and Reliable Security
• Efficient Adherence to Compliance
• Lower Administrative
and Development Costs
• Enable Online Business Networks
• Better End-User Experience
Regulatory Compliance
• Privacy & Security Regulations
•
•
•
•
•
Safe Harbor laws (EU & others)
Gramm Leach Bliley Act (GLB-Act)
US Patriot Act
HIPAA
US Homeland Security Policy Directive (HSPD-12)
• Financial & Market Regulations
•
•
•
•
SOX (Sarbanes-Oxley or SarbOx)
Japanese SOX (expected in 2008)
Basel II
UK Companies Act
Oracle Differentiators
 Most Comprehensive, Best-In-Class Suite
 Hot-pluggable and Open
 Application Centric Identity Management
Oracle Identity Management
Best-of-breed, Complete & Differentiated Portfolio
Area
Oracle
Sun
CA
HP
IBM
Oracle Identity Federation



P

Web Access Mgmt
Oracle Access Manager





Web Svcs Security
Oracle Web Services Manager




Oracle Enterprise Single Sign-On

P

Del Admin
Oracle Access Manager



Pwd. Mgmt.
Oracle Identity Manager


Provisioning
Oracle Identity Manager

Oracle SmartRoles (TBA)
Federation
NOVL














P
P
P
Directory Integration Platform




AuthN/PKI
Oracle Certificate Authority


Virtual Dir
Oracle Virtual Directory

Directory
Oracle Internet Directory

Ent. Role Mgmt
Meta




ESSO
BMC




P


P


•P = Partnership
Faster ROI  Higher Quality  Lower Risk
Hot-pluggable, Heterogeneous Support
Portals
Application/Web Servers
Applications
Groupware
Directories
Operating Systems
ACF-2 & TSS
RACF
Application-Centric Identity Management
• Comprehensive, loosely coupled, out-of-the-box
integrations with business applications
• An integral component of a wider application
development and deployment framework
• Architected for future SOA application environment
• Identity management as a re-usable service for all
applications
Oracle Identity and Access Management
Suite
Overview
Key Areas of Identity Management
• Access Control
•
•
•
•
Single Sign-On
Identity Federation
Web Access Control
Web Services Security*
• Identity Administration
• User, Role Management
• User Provisioning
• Identity Infrastructure
• Virtual Directory
• Directory
*Oracle Web Services Manager licensed separately from the Identity
and Access Management Suite
Enterprise Identity Management
External
SOA
Applications
Internal
Delegated
Admin
Customers
Partners
IT Staff
Employees
SOA
Applications
Identity Management Service
Access Management
Identity Administration
• Authentication & SSO
• Authorization & RBAC
• Identity Federation
• Delegated Administration
• Self-Registration & Self-Service
• User & Group Management
Auditing
and
Reporting
Monitoring
and
Management
Policy and Workflow
Directory Services
Identity Provisioning
• LDAP Directory
• Meta-Directory
• Virtual Directory
• Agent-based
• Agentless
• Password Synchronization
Applications
Systems & Repositories
ERP
CRM
OS (Unix)
HR
Mainframe
NOS/Directories
Oracle Identity Manager
•
Features
• Automated user provisioning and
de-provisioning
• Rich, flexible connector framework
• User-friendly request & policy wizards
• Sophisticated workflow & reconciliation engines
• Unique compliance automation & reporting
•
Benefits
•
•
•
•
•
Reduced administration cost
Improved end user experience
Critical for regulatory compliance
Improved security
HRMS
User
created or
removed in
HR system
Differentiators
• Enables compliance via comprehensive audit history
and periodic attestation framework
• Powers largest global provisioning implementation by
number of targets
• Adapter Factory significantly lowers the TCO of
customers’ solutions over time
Workflow;
Assign or
revoke
roles,
privileges
Application
Driven Identity
Business
System
Applications
Provision
accounts and
access rights
Oracle Identity Federation
•
Features
•
•
•
•
Benefits
•
•
•
•
Identity and trust sharing across business
partners, both as Service Provider (Hub) or
Identity Provider (Spoke)
Lightweight, multi-protocol gateway – SAML,
Liberty, WS-Federation
Integrates with leading Identity Management
platforms
Reduced cost of interaction between business
partners
Reduce administration cost
Deliver improved end user experience
Differentiators
•
•
•
•
Self-contained, easy to deploy solution
Flexible deployment configurations
Rich, 100% web-based configuration interfaces
for improved administrator and end user
experience
Proven scalability - large production
deployments
Oracle Internet Directory
•
Features
•
•
•
•
•
Benefits
•
•
•
Full feature LDAP server with a
RDBMS data-store
Industry leading scalability and
HA capabilities
Strong Oracle Platform integration
VSLDAP certified and EAL4 compliant
Reduced operational cost with
Oracle Grid support
Seamless integration with Oracle Applications
and Products
Differentiators
•
•
•
•
RDBMS backend provides proven scalability &
performance
Rich, built in auditing of all events and operations
Flexible data replication and redundancy features
Ships with built-in directory integration
functionality
Oracle Virtual Directory
•
•
•
Features
• Virtualization, Proxy, Join &
Routing capabilities
• Modern Java & Web Services technology
• Superior extensibility
• Scalable multi-site administration
• Direct data access
Benefits
• Perform Real-time directory integration
• Accelerate application deployment
• Lower development costs
Differentiators
• Lightweight & flexible architecture
• Supports true virtualization without local
cache, enabling stringent policy or privacy
requirements
• Modular architecture supports the addition
of connectors to a wide array of identity
stores
WEB SERVICES
LDAP
WEB GATEWAY
VDE DIRECTORY ENGINE
JOIN VIEW
Local
Store
LDAP
DB
NT
Custom
Oracle Access Manager
• Features
• Multi-level, multi-factor authentication
• Web and App server level authorization
• Workflow driven Self-service & Delegated
administration
• Services-based architecture eases integration with
existing IT infrastructure
Authentication
• Benefits
• Policy-based access management
• Centralized and consistent security
across heterogeneous environments
• Reduced administration cost
• Increased IT governance and compliance
readiness
Authorization
• Differentiators
• Administrative scalability via workflow and
delegation
• Access control leverages up to date identity
information
• Comprehensive auditing to a common database
Identity Admin
Oracle Enterprise
Single Sign-on (ESSO) Suite
• Oracle ESSO Logon Manager is an event-driven single sign-on
solution that eliminates the need for end users to remember and
manage their sign-on credentials
• Oracle ESSO Password Reset enables end users to reset their
Windows password from a locked workstation (note: also
available stand-alone)
• Oracle ESSO Authentication Manager enables end users to
authenticate with forms of strong authentication and grant
specific levels of access based on the form of authentication
• Oracle ESSO Provisioning Gateway enables OIM to add, edit
and delete credentials within an end user’s Oracle ESSO
credential store
• Oracle ESSO Kiosk Manager provides fast user switching and
sign-on/sign-off support for kiosk users
Oracle Identity and Access Management
Suite
Case Studies
Case Study – Manitoba Telecom Services
BUSINESS CHALLENGE
ORACLE SOLUTION
• Needed to integrate and rapidly deploy new and
old services (Internet, mobile, TV, content, local
phone, and long distance phone)
• Needed to provide head of household ability to
manage accounts and privileges for self and
other members of household
• Wanted to base new services on
telecommunication standards-based framework:
IP Multi-media Subsystem (IMS)
• Wanted comprehensive technology to address in
internal users, external households, and both
providers and consumers of MTS services
• Oracle Identity and Access Management Suite
• Oracle Access Manager for Single SignOn and Delegated Administration to head
of household
• Oracle Identity Federation for providing
system access to providers and consumers
of MTS services
• Oracle Internet Directory to provide robust
directory solution built on top of Oracle
database
• Oracle Identity Manager (with 11
connectors) to provision employees to
internal systems
RESULTS
• Initial deployment for Internet, TV, and Mobile customers
• Planned to include VOIP Users and MTS supported ISP subscribers
• Enables MTS to be competitive in a very competitive marketplace for telecom and multi-media content services
Case Study – Scottish Government
BUSINESS CHALLENGE
• Fragmented customer records and no single
source of Citizen info across Scottish Govt.
• Need to integrate to the UK Government
Gateway so that users can access the Citizen
Account (single, electronic customer record)
ORACLE SOLUTION
• The Scottish Govt., National Infrastructure
Project selected Oracle Identity and Access
Management Suite beating out Software AG
• Suite will integrate UK Govt. Gateway
• Working with Sopra, Newell and Budge as the
prime contract provider
RESULTS
• IAM will authenticate Citizens and Govt. employees when they access the system either via the Council
Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal
site where the Citizen Account will be running
• Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M
Citizens of Scotland where they can change personal details only once across multiple agencies as well as
enroll for entitlements
Problem:
•
•
•
•
•
Number one identified problem by USPS employees: too many
passwords
Very large scale environment: 3 million users with over 155,000
knowledge workers
Thousands of known applications, many beyond central IT reach
Very limited IT staff to implement and maintain
CTO wanted a solution that could be fully deployed in less than a
year
Solution:
•
•
•
•
•
Evaluated 7 different SSO vendors selected v-GO SSO
155,000 users deployed in less than 8 months
Over 7,000 applications enabled
Helpdesk password calls dropped from >1,000 per day to an
average of 10 per day
Saved over $4 million per year
“Passlogix was
instrumental in
helping the USPS
solve its most
critical end user
problem –
forgotten
passwords – and
solve it quickly.”
Bob Otto
CTO
Analyst Endorsements
Leader in User Provisioning!
Gartner, April 2006
“[Oracle] has amassed a very strong
management team and IAM technology
portfolio …
Its IAM road map looks the best of all
vendors.”
More Analyst Endorsements
“Oracle’s offering of IAM products now pushes ahead of other IAM
competitors such as BMC, Computer Associates International,
Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems”
- Roberta Witty, Gartner (Nov 2005)
“Oracle's acquisition of Thor and OctetString is a good move. These
acquisitions coupled with Oracle's unique application top down
approach to Identity Management will send ripples through the
industry.”
- Mike Neuenschwander, Burton Group (Nov 2005)
“Oracle has an advantage and early lead with its top down application
strategy that is aligned with customer needs.”
- Chris Christiansen, IDC (Nov 2005)
Learn More
Learn the Technology
• Visit: oracle.com/identity
View whitepapers, buyer’s guides, and webinars
Try the Software
• Visit OTN: otn.oracle.com
Download software, get technical information
Ask Our Experts
• Call: 1-800-438-0626
Speak with an Identity Management specialist