Idm Workshop

3,001 views
2,815 views

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,001
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
250
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Idm Workshop

  1. 2. Why Oracle Identity and Access Management? <ul><li>Oracle Identity and Access Management is fundamentally about securing access to your organization’s information assets from within the enterprise. </li></ul><ul><li>At it’s core this represents the efficient management of typically thousands of user accounts across hundreds of applications, from the time user accounts are created to through their complete lifecycle including role changes and termination </li></ul>
  2. 3. Oracle Identity Manager
  3. 4. What is Oracle Identity Manager ? <ul><li>Oracle Identity Manager is an application that handles and selectively automates tasks that manage a user’s access privileges. Such tasks include: </li></ul><ul><ul><li>Creating access privileges to resources for users </li></ul></ul><ul><ul><li>Modifying these privileges dynamically based on changes to user and business requirements </li></ul></ul><ul><ul><li>Removing these access privileges from users </li></ul></ul>
  4. 5. Oracle Identity Manager Architecture <ul><li>The architecture for Oracle Identity Manager: </li></ul><ul><ul><li>Is based on a Java 2 Enterprise Edition (J2EE) environment </li></ul></ul><ul><ul><li>Separates the platform’s Presentation, Server, and Data & Enterprise Integration tiers </li></ul></ul><ul><ul><li>Enables the creation of n levels of layers </li></ul></ul>
  5. 6. Oracle Identity Manager Architecture: Tiers <ul><li>The Oracle Identity Manager architecture has three tiers: </li></ul>Presentation tier Server tier Data & Enterprise Integration tier
  6. 7. Tier 1: Presentation Tier <ul><li>The Presentation tier of Oracle Identity Manager has two layers: </li></ul><ul><ul><li>Presentation layer </li></ul></ul><ul><ul><ul><li>Two consoles for Oracle Identity Manager: A dministrative Console and Design Console </li></ul></ul></ul><ul><ul><li>Dynamic Presentation Logic layer </li></ul></ul><ul><ul><ul><li>Logic for generating dynamic pages for the Administrative Console by using JSPs, Java Servlets, XML, and JavaBeans </li></ul></ul></ul>
  7. 8. Tier 2: Server Tier <ul><ul><li>The Server tier of Oracle Identity Manager is the interface between the Presentation and Data & Enterprise Integration tiers. </li></ul></ul><ul><ul><li>The application server for Oracle Identity Manager: </li></ul></ul><ul><ul><ul><li>Resides in the Server tier </li></ul></ul></ul><ul><ul><ul><li>Provides the life-cycle management, security, deployment, and run-time services to the logical components that support Oracle Identity Manager </li></ul></ul></ul>
  8. 9. Tier 2: Server Tier <ul><li>The Server tier of Oracle Identity Manager supports: </li></ul><ul><ul><li>Clustering </li></ul></ul><ul><ul><li>Load balancing </li></ul></ul><ul><ul><li>Security management </li></ul></ul><ul><ul><li>Scheduling </li></ul></ul>
  9. 10. Tier 3: Data & Enterprise Integration Tier <ul><li>The Data & Enterprise Integration tier of Oracle Identity Manager has two layers: </li></ul><ul><ul><li>Data Access layer </li></ul></ul><ul><ul><ul><li>Layer that has components, which Oracle Identity Manager needs to communicate with its database </li></ul></ul></ul><ul><ul><li>Back-end Database layer </li></ul></ul><ul><ul><ul><li>Layer where the database resides </li></ul></ul></ul>
  10. 11. Tier 3: Data & Enterprise Integration Tier <ul><li>The Back-end Database layer leverages the following capabilities: </li></ul><ul><ul><li>Clustering </li></ul></ul><ul><ul><li>Standby database </li></ul></ul><ul><ul><li>Replication </li></ul></ul>
  11. 12. Reconciliation and Provisioning: Overview <ul><ul><li>Reconciliation is the process by which Oracle Identity Manager receives information from an external resource. </li></ul></ul><ul><ul><li>Provisioning is the process by which Oracle Identity Manager sends information to a target resource. </li></ul></ul><ul><ul><li>By using reconciliation and provisioning, Oracle Identity Manager can perform the following actions: </li></ul></ul><ul><ul><ul><li>Create a user record in a resource </li></ul></ul></ul><ul><ul><ul><li>Modify the privileges that the user has with the resource </li></ul></ul></ul><ul><ul><ul><li>Remove the user record from the resource </li></ul></ul></ul>
  12. 13. Reconciliation: Types <ul><li>There are two types of reconciliation that Oracle Identity Manager performs: </li></ul><ul><ul><li>Trusted source reconciliation </li></ul></ul><ul><ul><li>Targeted resource reconciliation </li></ul></ul>
  13. 14. Reconciliation: Events <ul><li>Oracle Identity Manager can perform three types of reconciliation events with an external resource: </li></ul><ul><ul><li>Reconciliation Insert </li></ul></ul><ul><ul><li>Reconciliation Update </li></ul></ul><ul><ul><li>Reconciliation Delete </li></ul></ul>
  14. 15. Provisioning: Types <ul><li>There are two types of provisioning that Oracle Identity Manager performs: </li></ul><ul><ul><li>Day-one provisioning </li></ul></ul><ul><ul><ul><li>Initial creation of access privileges to resources for users </li></ul></ul></ul><ul><ul><ul><li>Removal of these privileges from users </li></ul></ul></ul><ul><ul><li>Day-two provisioning </li></ul></ul><ul><ul><ul><li>Dynamic modification of user privileges with resources, based on changes to user and business requirements </li></ul></ul></ul>
  15. 16. Trusted Source Reconciliation: Conceptual Diagram <ul><li>Via provisioning and reconciliation, Oracle Identity Manager can build an accurate picture of the user identities that it manages in both a trusted source and a target resource. </li></ul>1 Reconciliation flow Provisioning flow Target resource (for example, an Oracle database) Administrator End user Trusted source (for example, a corporate directory)
  16. 17. Targeted Resource Reconciliation: Conceptual Diagram <ul><li>Via provisioning and reconciliation, Oracle Identity Manager can build an accurate picture of the user identities it manages in both a trusted source and a target resource. </li></ul>Reconciliation flow Provisioning flow 2 End user Administrator Trusted source (for example, a corporate directory) Target resource (for example, an Oracle database)
  17. 18. Oracle Identity Manager Connector: Overview <ul><li>An Oracle Identity Manager connector is a container that holds all of the information that Oracle Identity Manager needs to: </li></ul><ul><ul><li>Reconcile with an external resource </li></ul></ul><ul><ul><li>Provision a user with a target resource </li></ul></ul>
  18. 19. Oracle Identity Manager Connector: Components <ul><li>A connector must have the following seven components: </li></ul><ul><ul><li>IT resource type </li></ul></ul><ul><ul><li>IT resource </li></ul></ul><ul><ul><li>Process form </li></ul></ul><ul><ul><li>Process task adapter </li></ul></ul><ul><ul><li>Resource object </li></ul></ul><ul><ul><li>Provisioning process </li></ul></ul><ul><ul><li>Process task </li></ul></ul>
  19. 20. Constructing an Oracle Identity Manager Connector: Step 1 <ul><li>Create an IT resource type. This record represents the classification type, parameter fields, and encryption settings that are associated with a resource. </li></ul>IT resource type 1
  20. 21. Constructing an Oracle Identity Manager Connector: Step 1 <ul><li>This screenshot illustrates an IT resource type for an Oracle database. There is a one-to-one relationship between the IT resource type and the connector. That is, each connector should have only one IT resource type. </li></ul>
  21. 22. Constructing an Oracle Identity Manager Connector: Step 2 <ul><li>Define an IT resource. This record contains the values that Oracle Identity Manager needs to communicate with a resource and access it as a system administrator (for provisioning or reconciliation purposes). </li></ul>IT resource IT resource type 2
  22. 23. Constructing an Oracle Identity Manager Connector: Step 2 <ul><li>This screenshot illustrates an IT resource for an Oracle database. There is a one-to-one relationship between the IT resource and the system, service, or application that it represents. If you have four resources, you would thus have four IT resources. </li></ul>
  23. 24. Constructing an Oracle Identity Manager Connector: Step 3 <ul><li>Create a custom process form. This record is a central housing mechanism that holds everything that Oracle Identity Manager needs to either provision a user to a target resource or reconcile a user with an external resource. </li></ul>IT resource type Custom process form 3 IT resource
  24. 25. Constructing an Oracle Identity Manager Connector: Step 3 <ul><li>This screenshot illustrates a custom process form for an Oracle database. </li></ul>
  25. 26. Constructing an Oracle Identity Manager Connector: Step 4 <ul><li>Build a process task adapter. This piece of Java code is used by Oracle Identity Manager to automate the completion of a provisioning process task. </li></ul>IT resource IT resource type Custom process form Process task adapter 4
  26. 27. Constructing an Oracle Identity Manager Connector: Step 4 <ul><li>A process task adapter automates the creation of a user’s account in an Oracle database. There is a one-to-one relationship between the adapter and a process task: each task can be associated with only one adapter. </li></ul>
  27. 28. Constructing an Oracle Identity Manager Connector: Step 5 <ul><li>Define a resource object. This record is a virtual representation of a resource and contains everything needed to either provision a user to that resource or reconcile a user with it. </li></ul>IT resource IT resource type Resource object Custom process form Process task adapter 5
  28. 29. Constructing an Oracle Identity Manager Connector: Step 5 <ul><li>Example of a resource object for an Oracle database </li></ul>
  29. 30. Constructing an Oracle Identity Manager Connector: Step 6 <ul><li>Create a provisioning process. This record contains the steps that Oracle Identity Manager must complete to perform provisioning or reconciliation with a particular resource. </li></ul>IT resource IT resource type Resource object Provisioning process Custom process form Process task adapter 6
  30. 31. Constructing an Oracle Identity Manager Connector: Step 6 <ul><li>There is a 1-to-1 relationship between a provisioning process and the workflow that it represents. If you have two resource-related workflows, you should have two processes. </li></ul>
  31. 32. Constructing an Oracle Identity Manager Connector: Step 7 <ul><li>Create a process task. </li></ul>IT resource IT resource type Resource object Provisioning process Custom process form Process task adapter Process task 7
  32. 33. Constructing an Oracle Identity Manager Connector: Step 7 <ul><li>Example of a process task that Oracle Identity Manager uses to create a user’s account in an Oracle database </li></ul>
  33. 34. Constructing an Oracle Identity Manager Connector: Step 8 <ul><li>Attach the process task adapter to the process task. </li></ul>IT resource IT resource type Resource object Provisioning process Custom process form Process task adapter Process task 8
  34. 35. Constructing an Oracle Identity Manager Connector: Step 8 <ul><li>Example of a process task adapter being connected to a process task to create a user’s account in an Oracle database </li></ul>
  35. 36. Connectors List <ul><li>Collaboration and Messaging Applications: </li></ul><ul><ul><li>IBM Lotus Notes/Domino </li></ul></ul><ul><ul><li>Microsoft Exchange </li></ul></ul><ul><ul><li>Novell GroupWise </li></ul></ul><ul><li>Datbase: </li></ul><ul><ul><li>IBM DB2/UDB Database </li></ul></ul><ul><ul><li>Microsoft SQL Server Database </li></ul></ul><ul><ul><li>Oracle Database </li></ul></ul><ul><ul><li>Sybase ASE Database </li></ul></ul><ul><li>Directory Services: </li></ul><ul><ul><li>Microsoft Active Directory </li></ul></ul><ul><ul><li>Microsoft Active Directory Password Synchronization </li></ul></ul><ul><ul><li>Novell eDirectory </li></ul></ul><ul><ul><li>Oracle Internet Directory </li></ul></ul><ul><ul><li>Sun Java System Directory </li></ul></ul>
  36. 37. Connectors List <ul><li>Enterprise Business Applications: </li></ul><ul><ul><li>JD Edwards EnterpriseOne </li></ul></ul><ul><ul><li>Oracle e-Business User Management </li></ul></ul><ul><ul><li>Oracle e-Business Employee Reconciliation </li></ul></ul><ul><ul><li>Oracle Retail Warehouse Management System </li></ul></ul><ul><ul><li>PeopleSoft Employee Reconciliation </li></ul></ul><ul><ul><li>PeopleSoft User Management </li></ul></ul><ul><ul><li>SAP User Management </li></ul></ul><ul><ul><li>SAP Employee Reconciliation </li></ul></ul><ul><ul><li>SAP CUA </li></ul></ul><ul><ul><li>SAP Enterprise Portal </li></ul></ul><ul><ul><li>Siebel User Management </li></ul></ul><ul><li>Help Desk: </li></ul><ul><ul><li>BMC Remedy User Management </li></ul></ul><ul><ul><li>BMC Remedy Ticket Management </li></ul></ul>
  37. 38. Connectors List <ul><li>Security Applications: </li></ul><ul><ul><li>CA ACF2 Advanced </li></ul></ul><ul><ul><li>CA Top Secret Advanced </li></ul></ul><ul><ul><li>IBM RACF Standard </li></ul></ul><ul><ul><li>IBM RACF Advanced </li></ul></ul><ul><ul><li>RSA Authentication Manager </li></ul></ul><ul><li>Web Access Control: </li></ul><ul><ul><li>RSA ClearTrust </li></ul></ul>
  38. 39. Certified Operating Systems <ul><li>Oracle Identity Manager release 9.1.0.1 is certified for the following operating systems:  </li></ul><ul><li>■ AIX 5L Version 5.3 (pSeries 64-bit) </li></ul><ul><li>■ Microsoft Windows Server 2003 R2 (Intel x86 32-bit and EM64T/AMD 64-bit) </li></ul><ul><li>■ Microsoft Windows Server 2003 R2 (Itanium 64-bit) </li></ul><ul><li>■ Microsoft Windows Vista Ultimate </li></ul><ul><li>■ Oracle Enterprise Linux 4 and 5 (Intel x86 32-bit and EM64T/AMD 64-bit) </li></ul><ul><li>■ Oracle Virtualization Machine - OEL4 </li></ul><ul><li>■ Red Hat Enterprise Linux AS Release 4 and 5 (Intel x86 32-bit and EM64T/AMD </li></ul><ul><li>64-bit) </li></ul><ul><li>■ Red Hat Enterprise Linux AS Release 4 (Itanium 64-bit) </li></ul><ul><li>■ Solaris Operating System 10 (UltraSparc 64-bit) </li></ul><ul><li>■ HP-UX 11.23 (PA-RISC/Itanium 64-bit) </li></ul><ul><li>■ SUSE Linux Enterprise 10 (Intel x86 32-bit and EM64T/AMD 64-bit) </li></ul><ul><li>■ SUSE Linux Enterprise Server 10 (Itanium 64-bit) </li></ul>
  39. 40. Certified Application Servers <ul><li>Oracle Identity Manager release 9.1.0.1 is certified for the following application servers: </li></ul><ul><li>■ Oracle WebLogic Server 10.3 </li></ul><ul><li>■ IBM WebSphere Application Server 6.1.0.19 and later fix packs (that is, 6.1.0.19 and later) </li></ul><ul><li>■ JBoss Application Server 4.2.3 GA </li></ul><ul><li>■ Oracle Application Server 10.1.3.3 and later (Upgrade patch 10.1.3.3 applied on top of the base package bundled in Oracle SOA Suite 10g Release 10.1.3.1) </li></ul>
  40. 41. Certified Databases <ul><li>Oracle Identity Manager release 9.1.0 is certified for the following databases: </li></ul><ul><li>  </li></ul><ul><li>■ Oracle Database Deployment </li></ul><ul><li>- Oracle9 i Database Enterprise Edition release 9.2.0.8 </li></ul><ul><li>- Oracle Database 10g Enterprise Edition release 10.1.0.5 and later patch sets </li></ul><ul><li>(that is, 10.1.0.6 and later) </li></ul><ul><li>  - Oracle Database 10 g Standard Edition and Enterprise Edition release 10.2.0.1and later </li></ul><ul><li>- Oracle Database 11 g Standard Edition and Enterprise Edition release 11.1.0.6 </li></ul><ul><li>and later patch sets </li></ul><ul><li>■ Oracle RAC Deployment </li></ul><ul><li>- Oracle Database 10 g Enterprise Edition release 10.2.0.3 and later patch sets </li></ul><ul><li>- Oracle Database 11 g Enterprise Edition release 11.1.0.6 and later patch sets </li></ul>
  41. 42. Oracle Virtual Directory
  42. 43. What is Oracle Virtual Directory ? <ul><li>Oracle Virtual Directory is an LDAPv3-enabled service that provides virtualized abstraction of one or more enterprise data sources into a single directory view. Oracle Virtual Directory provides the ability to integrate LDAP-aware applications into diverse directory environments while minimizing or eliminating the need to change either the infrastructure or the applications. </li></ul>
  43. 44. OVD Supported Software <ul><li>Supported directories: </li></ul><ul><ul><li>Oracle Internet Directory </li></ul></ul><ul><ul><li>Microsoft Active Directory and ADAM </li></ul></ul><ul><ul><li>Sun Java System Directory Server </li></ul></ul><ul><ul><li>CA eTrust Directory </li></ul></ul><ul><ul><li>IBM Tivoli Directory Server </li></ul></ul><ul><ul><li>Novell eDirectory </li></ul></ul><ul><ul><li>Siemens DirX </li></ul></ul><ul><li>Supported databases: </li></ul><ul><ul><li>Oracle 9.2.0.7, 10.1.0.5, 10.2.0.2 (Stand-alone and Real Application Clusters ) </li></ul></ul><ul><ul><li>Microsoft SQL Server </li></ul></ul><ul><ul><li>IBM DB2 </li></ul></ul>
  44. 45. Oracle Virtual Directory Adapters <ul><li>OVD supports the following types of adapters: </li></ul><ul><ul><li>Proxy adapters </li></ul></ul><ul><ul><ul><li>LDAP proxy adapter </li></ul></ul></ul><ul><ul><ul><li>Database proxy adapter </li></ul></ul></ul><ul><ul><ul><li>NT Domain (NTLM) proxy adapter </li></ul></ul></ul><ul><ul><li>Storage adapters </li></ul></ul><ul><ul><ul><li>Local-store adapter </li></ul></ul></ul><ul><ul><li>Functional adapters </li></ul></ul><ul><ul><ul><li>Join view adapter </li></ul></ul></ul><ul><ul><li>Custom adapters </li></ul></ul>
  45. 46. LDAP Proxy Adapter Oracle Virtual Directory LDAP Database NTLM Local-store Join view Custom
  46. 47. LDAP Adapter: Initial Configuration
  47. 48. LDAP Adapter: Configuration
  48. 49. LDAP Adapter: SSL Configuration
  49. 50. Database Adapter Oracle Virtual Directory Database LDAP NTLM Local-store Join view Custom
  50. 51. Database Adapter: Initial Configuration
  51. 52. Database Adapter: Table Mapping
  52. 53. Database Adapter: LDAP Object Mapping
  53. 54. Database Adapter: Configuration
  54. 55. Oracle Enterprise Single Sign-On Suite
  55. 56. What is Oracle Enterprise Single Sign-On Suite ? <ul><li>Enterprise users can enjoy the benefits of single sign-on to all of their applications, whether they are connected to the corporate network, traveling away from the office, roaming between computers or working at a shared workstation. </li></ul><ul><li>Administrators have the flexibility of easily deploying Oracle Enterprise Single Sign-On into their existing infrastructure without change - no integration or large deployment effort. </li></ul><ul><li>Oracle Enterprise Single Sign-On is architected to use any LDAP directory, Active Directory or any SQL database server as its user profile and credential repository. </li></ul><ul><li>Enterprise Single Sign-On can accept primary authentication directly from the Windows logon, it also works with most industry-leading smart cards, biometrics or token solutions. Confidently delivering stronger password authentication or advanced authentication is simple with Oracle Enterprise Single Sign-On. </li></ul>
  56. 57. Oracle Enterprise Single Sign-On Suite Components <ul><li>Oracle Enterprise Single Sign-On Suite is comprised of five components that improve authentication capabilities and deliver efficient access and self-service capabilities for Web and non Web-based applications. These include: </li></ul><ul><li>• Oracle Enterprise Single Sign-On Logon Manager – helps increase security and decrease complexity by enabling individuals to securely use the same username and password for their Web-based and legacy applications; </li></ul><ul><li>• Oracle Enterprise Single Sign-On Password Reset – can reduce costs by providing organizations the ability to set flexible, custom policies for users to recover lost or forgotten desktop passwords through secure, self-service interfaces; </li></ul><ul><li>• Oracle Enterprise Single Sign-On Authentication Manager – strengthens security and helps streamline compliance by allowing organizations to use a combination of tokens, smart cards, biometrics and passwords to control access to their applications throughout the enterprise; </li></ul>
  57. 58. Oracle Enterprise Single Sign-On Suite Components <ul><li>• Oracle Enterprise Single Sign-On Provisioning Gateway – helps streamline the user provisioning process by allowing organizations to automatically provision diverse accounts through a single identity administration process; and </li></ul><ul><li>• Oracle Enterprise Single Sign-On Kiosk Manager – allows individuals to access applications more quickly and securely even at multi-user kiosks and workstations. </li></ul>
  58. 59. Supported Operating Systems <ul><li>The ESSO-LM components are supported on the following Operating Systems: </li></ul><ul><li>Operating System Versions Supported </li></ul><ul><li>Microsoft® Windows® 2000 SP4 </li></ul><ul><li>Microsoft Windows XP Professional SP2 </li></ul><ul><li>Microsoft Windows Server 2003 SP1 </li></ul><ul><li>Microsoft Vista Business Edition, v2 </li></ul>

×