In this training article, before we get into the finer details of Oracle Identity and Access Management, let us consider some use cases. After all, there must have been some reason as to why Oracle Identity and Access Management suite is a need for the business. In this example, a new employee joins an organization; a record gets created in HR System. This can be in Oracle EBS HR or Peoplesoft or Fusion HCM or Workday or SAP. But this employee that has joined would require access to the enterprise applications like emails, access to websites, and company resources to do their job.
A typical problem faced by Organizations in this use case are :
- No company would like a week to be taken for their account creation after an employee is on-boarded.
Have you ever been to an organization in a new job where it takes a week to get your laptop access to relevant applications sorted? :) - The company may have many applications in many locations, with less control over some of those locations.
- There may be many usernames and passwords for each application.
- It is hard to manage frauds due to improper access to systems.
- There are increasing set of requirements for compliance & regulation and enforcement of segregation of duties.
Solution:
Oracle Identity Management Suite with its range of services and different products provides us with the perfect solution:
• SSO and Identity Federation
• It provides a single Username/Password for different applications which are configured with OAM (Oracle Access Manager). Hence once a user is authenticated in OAM, they can then access all other hosted applications which are connected with OAM.
• OIF enables us to set up single sign on across domains, such as to other hosting partners such as Workday, Salesforce etc.
• Identity Management (OIM)
• Better control over account provisioning.
• Faster On-Boarding process with automated workflows.
• Faster approval of user accounts and better tracking of access.
• Efficiently deactivating accounts for terminated employee.
• Better visibility on different kind of access, easily managed using single console.
• Strong Authentication - OAAM
• Provides virtual key board, security questions, image based authentication which makes harder for unauthorized users to access the resources. Helps to reduce fraud.
• Risk-based approach for stronger authentication
• Oracle Identity Analytics (OIA)
• OIA provides screens to manage the attestation and certification process
• Addresses regulatory mandate and quickly make compliance a repeatable and sustainable part of business.
• Directory Services
• Different applications might be using different identity stores, internal (OID/OVD/DSSE) or external (Microsoft AD, Novell etc).
• Can be easily synchronized by using workflows in OIM, hence we can maintain a single consistency across different identity stores.
Different services provided by Oracle IDM are as shown:
Let us see the details of each component to begin with
Directory Services:
Oracle Internet Directory (OID) |
OID is a repository that stores the user credentials such as username, password, user identifiers, groups they belong to etc. It is LDAP v3 directory service which leverages high availability, scalability and security features of Oracle Database Serves as central user repository for Oracle Access Manager and other applications Stores and accesses identity data (User Credentials-Authentication, Access Privileges-Authorization, and Profile Information) Includes ODIP (Directory integration platform) which supports OID synchronization with other directories. Authentication is a process of validating a user against some Ldap store. Authorization is a process of authorizing an authenticated user to give privilege to access a resource. OID includes Oracle Directory Services Manager (ODSM), a web-based administration user interface for server configuration. |
Oracle Virtual Directory (OVD) |
Sometimes user identity might be present in different identity stores (like in OID and Active Directory). OVD helps to logically combine both of these stores and fetch the required data from both based on specified conditions.
Single logical directory that exposes data from multiple heterogeneous data sources without directory synchronization.
OVD includes two primary components: the OVD Server to which applications connect and ODSM |
Oracle Directory Server Enterprise Edition (ODSEE) |
Enterprise identity services including the LDAP Directory Server, Directory Proxy, Directory Synchronization, web-based management user interface and deployment tools. ODSEE is the industry’s leading, carrier-grade directory. ODSEE has been the most widely adopted directory for interoperability and ISV (Independent Software Vendor) adoption in contrast to OID which is the backbone identity store for Oracle applications like eBusiness Suite, Database Security, and Identity and Access Management |
Access Management:
OAM (Oracle Access Manager) |
OAM provides centralized, policy driven services for web applications authentication, web single sign-on (SSO), and identity assertion. |
OAAM (Oracle Adaptive Access Manager) |
OAAM provides resource protection through real-time fraud prevention, software-based multifactor authentication, and unique authentication strengthening. E.g., virtual keyboards we see while entering passwords, secret questions when we login from new IP address |
eSSO(Enterprise Single Sign-On) |
Oracle eSSO is a Microsoft Windows desktop based set of components providing unified authentication and single sign-on to both thick and thin-client applications with no modification required to existing applications. |
OES (Oracle Entitlements Server) |
OES is a fine-grained authorization engine that externalizes, unifies, and simplifies the management of complex entitlement policies. . As a simple example, a coarse grain security might allow or disallow a user from accessing a screen, whereas a fine grain security can allow or disallow users seeing specific buttons and might hide/show a field or make a field read only etc. |
OIF (Oracle Identity Fedration) |
OIF is a self-contained solution enabling browser-based, cross-domain single sign-on using industry standards (SAML, Liberty ID-FF, WS-Federation and Microsoft Windows CardSpace). |
Identity Management and Governance:
OIM (Oracle Identity Manager) |
OIM typically answers the question “Who has access to What, When, How, and Why?” OIM is designed to administer both intranet and extranet user access privileges across a company’s resources throughout the entire identity management life cycle, from initial on-boarding to final de-provisioning of an identity. |
OIA (Oracle Identity Analytics) |
OIA helps enterprises address regulatory mandates, automate processes, and quickly make compliance a repeatable and sustainable part of business. OIA provides a comprehensive solution for attestation (access certification), role governance, and enterprise level segregation-of-duties enforcement. |
For any training needs, please feel free to contact us on contact ( at) apps2fusion.com. In trainings we will cover configuration and implementation of each of these products in great detail.
Comments
xgqqdzcvcxbnniy nbn
RSS feed for comments to this post