User Provisioning and                                              Compliance:                                         SAN...
Agenda         • User Provisioning Challenges         • Overview of User Provisioning           with Oracle Identity Manag...
Self-Service Provisioning                                         Made Simple:                                          A ...
Why Provisioning is Important• Attackers are focusing on users like never  before   – Social engineering attacks + extensi...
Oracle Identity Manager 11g R2                      Review•   The focus of the review included:     – Personalization and ...
Overall Impression• Oracle Identity Manager (OIM) 11g R2 reduced  complexities normally associated with IAM self-  service...
Task 1: UI PersonalizationSpecific task/information “portlets” added to the UI         © 2012 The SANS™ Institute - www.sa...
Task 1.1: UI Customization• Customization included specific saved search  queries, logo addition, and use of UI  “sandboxe...
Task 2: Self-Service Application                Provisioning• The scenario: An employee needs access to a  timecard applic...
Task 2: Self-Service Application                 Provisioning• The employee uses the familiar “shopping cart” to  request ...
Task 2: Self-Service Application               ProvisioningAfter approval, the employee’s entitlement isapproved, and the ...
Task 2: More complex entitlements   © 2012 The SANS™ Institute - www.sans.org   12
Task 3: Legacy Application                 Provisioning• Some apps won’t have APIs, or won’t be  easily integrated for pro...
Task 3: Legacy Application                Provisioning• Custom form manages access to app     © 2012 The SANS™ Institute -...
Task 3: Legacy Application              ProvisioningA user request using the new form      © 2012 The SANS™ Institute - ww...
Task 3: Manual Tasks for Provisioning• Finally, the manager in the workflow needs to  approve the request   – One manual t...
Task 4: Asset Request with Multiple                Approvers• User needs a new corporate-issued mobile  device        © 20...
Task 4: Asset Request with Multiple               Approvers• What does the user see during this asset  request process?• T...
Conclusion• User interfaces greatly simplified as business  units demand control over their own  applications   – The enti...
Customer Perspectives:  SuperValuPhillip Black, Director of Identity & Access Management, SuperValuPatrick Abreo, Principa...
SuperValu Background21   Copyright © 2012, Oracle and/or its affiliates. All rights reserved.   Insert Information Protect...
Business Drivers for SuperValu     Simplify Customer Experience and Consolidate Identities                              Op...
SuperValu Roadmap                          Prioritize Based on Drivers and Efficiency                                     ...
Key Learning Experiences                                                                                                  ...
Oracle Identity Manager 11gR2SummaryViresh GargDirector of Product Management, Oracle25   Copyright © 2012, Oracle and/or ...
Oracle Identity Governance     Governance Platform                                                                        ...
Oracle Identity ManagerKey Capabilities• Comprehensive user administration• Centralized role lifecycle management• Self se...
Oracle Identity Manager 11gR2 Overview                                                                                    ...
Shopping Cart Experience for Access Request          Simple self-service access      Search Catalog                       ...
Customizable User Interface              Flexible, durable personalization and customization•    Durable UI customization•...
Sophisticated Approval Workflows      View and take action on approval       tasks via email, mobile (browser) and       ...
Oracle Identity Governance Suite           Closed-loop Remediation                                                        ...
Part of a Complete Identity Management     Solution                     Governance                                        ...
Q&34                                                    A     Copyright © 2012, Oracle and/or its affiliates. All rights r...
www.oracle.com/Identity                                                                                           www.face...
Upcoming SlideShare
Loading in...5
×

SANS Institute Product Review of Oracle Identity Manager

4,135

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,135
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Question for Phil:Welcome Phil. Can you tell us about your role ?Question for Patrick:Welcome Patrick. Tell us about your role and how you got started with Identity Management?
  • Phil - Tell us a little bit aboutSuperValu and the scope of operations in North America?
  • Questions for Phil:What was the environment and infrastructure like when you started?What were the chief business drivers for SuperValu’s Identity Management deployment ?
  • Lets discuss Learning Experiences Questionsfor Phil:1. From your perspective, when starting with provisioning what area of the enterprise would you start ?2. What advise would you give to architects getting started with provisioning and Identity Management ? 
  • Familiar, OOB Access Request with user friendly glossarySophisticated, standards based approval workflowsBusiness Manager has risk based guidance, friendly interfaces and closed loop to address issuesStandard and PrivFlexible Administrative interfaces: drag and drop Admin for Delegation, If you must customize; durable customization
  • Join The Community
  • SANS Institute Product Review of Oracle Identity Manager

    1. 1. User Provisioning and Compliance: SANS Institute Product Review of Oracle Identity ManagerDave Shackleford, Senior Instructor and Analyst, SANSPhillip Black, Director of Identity & Access Management, SuperValuPatrick Abreo, Principal Security Architect, SuperValuViresh Garg, Director of Product Management, Oracle © 2012 The SANS™ Institute - www.sans.org
    2. 2. Agenda • User Provisioning Challenges • Overview of User Provisioning with Oracle Identity Manager • Use Case Review • Customer Perspectives: SuperValu • Oracle Identity Manager 11gR2 Summary • Q&A
    3. 3. Self-Service Provisioning Made Simple: A Review of Oracle Identity Manager 11g R2Dave Shackleford, for SANS and Voodoo Security © 2012 The SANS™ Institute - www.sans.org
    4. 4. Why Provisioning is Important• Attackers are focusing on users like never before – Social engineering attacks + extensive privileges = breaches• Self-service provisioning aims to help with this – Often part of a larger IAM suite• Insider Threats• Compliance• The downside? Self-provisioning tools have traditionally been complex – Business users driving more simplicity © 2012 The SANS™ Institute - www.sans.org 4
    5. 5. Oracle Identity Manager 11g R2 Review• The focus of the review included: – Personalization and customization of the User Interface (UI) – Provisioning entitlements based on use cases and user profiles of varying complexity – Creating self-service permissions and workflow to legacy systems and applications – A workflow use case involving an asset request with multiple parties needed to identify and approve the request – Provisioning to a mobile device• These use cases were important due to their real- world relevance and key functionality areas © 2012 The SANS™ Institute - www.sans.org 5
    6. 6. Overall Impression• Oracle Identity Manager (OIM) 11g R2 reduced complexities normally associated with IAM self- service tools – Automated workflow – Provisions to legacy apps without new coding, connectors or XML• Use cases and interfaces are business friendly and incorporate features we already know, like shopping carts• There are many features, not all of which were explored © 2012 The SANS™ Institute - www.sans.org 6
    7. 7. Task 1: UI PersonalizationSpecific task/information “portlets” added to the UI © 2012 The SANS™ Institute - www.sans.org 7
    8. 8. Task 1.1: UI Customization• Customization included specific saved search queries, logo addition, and use of UI “sandboxes” – Customization for business look and feel – Customized company or business unit features automatically show up on customer interfaces – Sandboxes allow testing of UI changes © 2012 The SANS™ Institute - www.sans.org 8
    9. 9. Task 2: Self-Service Application Provisioning• The scenario: An employee needs access to a timecard application• Based on a user’s ID and group, with specific assigned privileges, they can search for the app © 2012 The SANS™ Institute - www.sans.org 9
    10. 10. Task 2: Self-Service Application Provisioning• The employee uses the familiar “shopping cart” to request the app and kick off a workflow for approval• The manager is then notified and can approve the request through portal © 2012 The SANS™ Institute - www.sans.org 10
    11. 11. Task 2: Self-Service Application ProvisioningAfter approval, the employee’s entitlement isapproved, and the Timecard application isavailable © 2012 The SANS™ Institute - www.sans.org 11
    12. 12. Task 2: More complex entitlements © 2012 The SANS™ Institute - www.sans.org 12
    13. 13. Task 3: Legacy Application Provisioning• Some apps won’t have APIs, or won’t be easily integrated for provisioning• We call these apps “disconnected” and use a custom form to provision © 2012 The SANS™ Institute - www.sans.org 13
    14. 14. Task 3: Legacy Application Provisioning• Custom form manages access to app © 2012 The SANS™ Institute - www.sans.org 14
    15. 15. Task 3: Legacy Application ProvisioningA user request using the new form © 2012 The SANS™ Institute - www.sans.org 15
    16. 16. Task 3: Manual Tasks for Provisioning• Finally, the manager in the workflow needs to approve the request – One manual task for adding the user is performed, and the workflow continues © 2012 The SANS™ Institute - www.sans.org 16
    17. 17. Task 4: Asset Request with Multiple Approvers• User needs a new corporate-issued mobile device © 2012 The SANS™ Institute - www.sans.org 17
    18. 18. Task 4: Asset Request with Multiple Approvers• What does the user see during this asset request process?• Treated much like a legacy “disconnected” provisioning request © 2012 The SANS™ Institute - www.sans.org 18
    19. 19. Conclusion• User interfaces greatly simplified as business units demand control over their own applications – The entitlement provisioning is presented to end users through a self-service “shopping cart” interface – Provides a familiar and straightforward “look and feel” for them• Legacy “disconnected” apps are easily integrated into the workflows• Custom forms and personalization attributes are simple to create © 2012 The SANS™ Institute - www.sans.org 19
    20. 20. Customer Perspectives: SuperValuPhillip Black, Director of Identity & Access Management, SuperValuPatrick Abreo, Principal Security Architect, SuperValu 20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    21. 21. SuperValu Background21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    22. 22. Business Drivers for SuperValu Simplify Customer Experience and Consolidate Identities Operational Costs User Productivity Compliance Enforcement Customer Satisfaction22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    23. 23. SuperValu Roadmap Prioritize Based on Drivers and Efficiency External Authorization Risk-based AuthenticationMaturity Fat Client and Mobile Integration Self-Service Provisioning Single Sign On 23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    24. 24. Key Learning Experiences • Map out the big picture • Plan strategically, work tactically • Adopt an incremental and result- oriented approach • Prioritize in favor of customer value24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    25. 25. Oracle Identity Manager 11gR2SummaryViresh GargDirector of Product Management, Oracle25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    26. 26. Oracle Identity Governance Governance Platform Connectors Provisioning De-provisioning Access Request Privileged Account Role Lifecycle Checkin/Checkout Rogue Account IT Audit Monitoring Reporting & Privileged Management Management Identity Certifications Detection & Remediation Access Monitoring Roles Ownership, Risk & Audit Objectives Entitlements Accounts Catalog Management Glossaries26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    27. 27. Oracle Identity ManagerKey Capabilities• Comprehensive user administration• Centralized role lifecycle management• Self service interfaces for access requestBenefits• Simplifies user lifecycle management• Eliminates ghost accounts, excess or erroneous privileges• Enforces compliance mandates such as segregation of duties27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    28. 28. Oracle Identity Manager 11gR2 Overview “Shopping Cart” Access Request Durable UI Customization Sophisticated Approval Workflows Closed Loop Remediation28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    29. 29. Shopping Cart Experience for Access Request Simple self-service access Search Catalog Add To Cart Checkout Approval29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    30. 30. Customizable User Interface Flexible, durable personalization and customization• Durable UI customization• Cost-effective• Simplified lifecycle management• Facilitates integration with UI Look & Feel Forms UI Look & Feel corporate portal strategies Work Flow Logic 30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    31. 31. Sophisticated Approval Workflows  View and take action on approval tasks via email, mobile (browser) and self-service UI  Add comments and attachments  See current and future approvers  Prioritize and organize tasks31 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    32. 32. Oracle Identity Governance Suite Closed-loop Remediation Access Request Monitor Rogue Access Enterprise/ Detection Roles Reduce Risk Provisioning Improve & ConnectorsAudit/ Policy Compliance AccessMonitoring Certification 32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    33. 33. Part of a Complete Identity Management Solution Governance Access Directory Password Reset Web Single Sign-on LDAP Storage Privileged Accounts Federation Virtual Directory Access Request Mobile, Social & Cloud Meta Directory Roles Based Provisioning External Authorization Role Mining SOA Security Attestation Integrated ESSO Separation of Duties Token Services Platform Security Services33 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    34. 34. Q&34 A Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
    35. 35. www.oracle.com/Identity www.facebook.com/OracleIDM www.twitter.com/OracleIDM blogs.oracle.com/OracleIDM35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16

    ×