SlideShare a Scribd company logo

Whitepaper Oracle Identity Management

Bristlecone SCC
Bristlecone SCC

The whitepaper on Oracle Identity Management

Business
1 of 15
Download to read offline
BRISTLECONE TEAM BRISTLECONE INDIA PVT. LTD. INDIA PVT. LTD. | WWW.BCONE.COM Oracle Identity Management (OIM) TECHNICAL OVERVIEW | BRISTLECONE WHITEPAPER | AUGUST 2015 AUHTOR: RAKESH SHARMA
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 1 Table of Contents Overview........................................................................................................................................... 3 Key Features.................................................................................................................................. 3 Simplified Self Service................................................................................................................ 4 Self-Registration ........................................................................................................................ 4 Profile Management.................................................................................................................. 4 Password Management ............................................................................................................. 4 Self-Service Access Request ....................................................................................................... 4 Tracking a Request..................................................................................................................... 4 Handling Requests – Complex Workflows .................................................................................. 4 Extensible User Interface........................................................................................................... 5 Global Customizations ............................................................................................................... 5 Personalization.......................................................................................................................... 5 Advanced Identity and Role Administration....................................................................................... 5 OIM Data Warehouse .................................................................................................................... 5 Connectors.................................................................................................................................... 5 Generic Technology Connector.................................................................................................. 6 Identity Connector Framework .................................................................................................. 6 OIM Architecture............................................................................................................................... 6 Oracle Identity Management Platform........................................................................................... 7 Identity Governance products:................................................................................................... 7 Access Management products: .................................................................................................. 8 Directory Services products ....................................................................................................... 8 Platform Security services.......................................................................................................... 8 Support for Open Standards .......................................................................................................... 8 Oracle Identity Manager.................................................................................................................... 9 OIM User....................................................................................................................................... 9 User Group.................................................................................................................................... 9 Organization.................................................................................................................................. 9 Access Policy ................................................................................................................................. 9 Resource Object .......................................................................................................................... 10 IT Resource.................................................................................................................................. 10 User Provisioning Process................................................................................................................ 10 Discretionary Account Provisioning.............................................................................................. 10 Self Service Provisioning .............................................................................................................. 11 Workflow-based provisioning...................................................................................................... 11
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 2 Access Policy Driven Provisioning................................................................................................. 11 OIM Provisioning Integration........................................................................................................... 11 Prebuilt connectors ..................................................................................................................... 12 Generic Technology Connector.................................................................................................... 12 Conclusion................................................................................................................................... 12 Reference........................................................................................................................................ 14
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 3 Overview Over the last decade, the mission of identity and access management (IDM) systems has expanded to include a range of business objectives. Whereas early identity systems served primarily to simplify account management, today organizations are building IDM technologies into their controls infrastructure. Oracle Identity Governance Suite enables organizations to simplify access grants and review access by consolidating the key strengths of its industry leading and best-in-class provisioning (Oracle Identity Manager), newly released privileged access (Oracle Privileged Access Manager), role, policy and risk management (Oracle Identity Analytics) into a common, and consistent and unified governance suite. With a single, converged platform, Oracle Identity Governance suite can provide benefits like: Increased end-user productivity - consistent and intuitive user interfaces, common business glossary, immediate access to key applications, role lifecycle management Reduced risk - guaranteed access revocation, detect and manage orphaned accounts, proactive and reactive IT audit policies detection and enforcement, fine grained authorization controlling who can do what, periodic re-certifications, continuous policy and role based access re-evaluation. Increased operational efficiency - risk based identity certification reducing overall time to certify, automated repeatable user administration tasks, role consolidation, and ease of deployment Reduced total cost - single vendor platform for governance, flexible and simplified customization framework, easily attest to regulatory requirements, common connector, standards based technology. Oracle Identity Management provides a unified, integrated security platform designed to manage user identities, provision resources to users, secure access to corporate resources, and enable trusted online business partnerships and support governance and compliance across the enterprise. It provides increased efficiency through improved integration, automation, and increased effectiveness in terms of application-centric security, risk management, and governance. OIM supports the full life cycle of enterprise applications, from development to deployment and production. Oracle Identity Manager (OIM) automates the administration of user access privileges across a company's resources, throughout the entire identity management life cycle—from initial on-boarding to final de-provisioning of an identity. OIM helps to answer critical compliance questions like "who has access to what resources and when? How did users get access to resources and why?" Key Features Oracle Identity Management allows enterprises to manage the end-to-end life cycle of user identities across enterprise resources and independently from enterprise applications. Its comprehensive set of services include identity administration and role management; user provisioning and compliance; web applications and web services access control; single sign-on and federated identities; fraud detection; strong, multifactor authentication and risk management; role governance and identity analytics, audit and reports. Some of its key features are listed below.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 4 Simplified Self Service OIM offers a wide range of self-service functions enabling business users to register for an account, manage their own profiles and credentials. These self-service capabilities easily pay for it many times over through reduced help desk calls and administrative costs. Self-Registration OIM provides a configurable interface where end users (typically in an extranet environment) can submit a request for an account for themselves in the enterprise. A configurable workflow allows such requests to be approved before actually granting and notifying the account details to the user. Profile Management Using OIM’s self-service interface, users can easily manage their own mutable profile data like changing their email ID, postal address, telephone number, emergency contact info, their password recovery questions and answers or set up a proxy/delegate user to act on their behalf for a specified time period. Password Management OIM’s self-service interface enables users to manage their enterprise password that is used in single sign-on (SSO). OIM then synchronizes this password across all target resources provisioned to the user. OIM enforces compliance of this password with enterprise password policies, which may be authored in OIM itself. For the recovery of forgotten passwords, OIM employs the security challenge questions set during the user’s first login or captured during self-registration. OIM also provides random password generation capabilities that may be invoked during registration or administrator- based password reset. Self-Service Access Request OIM provides a browser-based tool to request access. The access request experience is similar to the “shopping cart” metaphor used on commercial websites, so users are able to request access without training on the tool and with only a basic understanding the organization’s roles and entitlements. End users simply search for the roles and entitlements they require by entering keywords. They can further refine and filter search results by using the tool’s automated suggestions. Once users find the entitlements they need, they simply place the appropriate entitlements in a cart and submit the request. OIM enables users to bundle frequently requested privileges and model them as a saved shopping cart. In OIM, a saved shopping cart is called a “request profile” that can also be shared with other users. Tracking a Request Users and helpdesk administrators can track the progress of their requests online through OIM’s tracking tool. The tracking tool graphically displays the current state of the request approval in the provisioning workflow. An image displays what steps are complete and what steps remain to fulfill the request. Using this tool, users can then help ensure their requests are handled in a timely fashion. Handling Requests – Complex Workflows OIM allows approvers to take various actions on an access request without significant difficulty. In addition to approving or denying the request, the approver may delegate the approval step to another person or role. As approvals may get critical in the overall user productivity, the system also supports configurable approval reminders and escalations. As approval needs can change over the period of time, policy owners can change the approval routing logic using a web interface.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 5 Extensible User Interface While OIM out of the box includes a complete self-service access request capability that is business user friendly, organizations may want to customize the tool to cater to their organization specific user interface standards and principles. Global Customizations OIM supports customizations that range from simple branding/logo/style-sheet changes to changing the layout of the page or changing the labels of various widgets on the page. Some of the advanced customizations may involve extending the out-of-box definition of various entities like users, roles, organizations, catalog entities by defining additional attributes on them and deciding various UI pages where the new attributes should appear. The system also provides a sandbox environment to perform, test, commit or rollback all such customizations without impacting other users. Personalization OIM provides a powerful personalization framework as part of its business user interface. When using OIM, each user sees a home page with multiple regions for the most commonly used features and information. Business users can personalize the layout of the home page by rearranging or hiding regions. Additionally, some of the non-technical users like helpdesk administrators or delegated administrators may perform the same query over and over again on various entities. Rather than entering the query criteria again and again, users can save their searches and reuse them across sessions. Advanced Identity and Role Administration Users’ access rights are managed in OIM throughout the identity lifecycle. When new users are on- boarded, they receive a set of accounts and entitlements based on any applicable “birthright provisioning” policies. Account and entitlement assignments may change as users’ identity attributes change in the enterprise as a result of promotions, transfers, or other organizational changes. OIM automatically provisions these changes in the target systems. Users may also get additional access by requesting roles, accounts, or entitlements using OIM’s self-service capabilities. OIM Data Warehouse The core of OIM is its centralized identity warehouse. The identity warehouse contains three key types of data: Identities: Users’ identities may be created based on authoritative systems or directly in OIM using self-service or delegated administration features. OIM can create user accounts and reconcile attributes and access based on data from any number of authoritative systems such as Oracle E- Business HRMS, PeopleSoft HRMS etc. OIM can synchronize the database with any number of LDAP directories. Many customers synchronize the identities created in OIM into an LDAP to setup an enterprise LDAP that may be wired to various authentication and authorization systems that may need access to user’s identity attributes. Connectors OIM’s Connector Framework eliminates the complexity associated with creating and maintaining connections to proprietary interfaces in business applications. The connector framework separates connector code (integration libraries specific and optimized for the target system) from connector meta-data (data models, forms, connectivity information and process). This separation makes extending, maintaining, and upgrading connectors a manageable and straightforward process.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 6 OIM provides the following integration technologies for the connector development. Generic Technology Connector The Adapter Factory enables customers to create new integrations or modify existing integrations using a graphical user interface, without programming or scripting. Generic Technology Connector can communicate with any target resource by using standard protocols such as HTTP, SMTP, FTP, and Web Services combined with generic message formats such as CSV, SPML, and LDIF. Identity Connector Framework The Generic Technology Connector framework provides a complimentary solution for data flows to applications that accept file formats. ICF provides Connector Servers which enables remote execution of the Identity Connector. Connector servers are available for both Java and .NET. An ICF compliant converged connector is a connector that can be commonly used for both Oracle Identity Manager and Oracle Wave set. OIM Architecture Oracle Identity Management components integrate seamlessly with Oracle applications such as Oracle’s PeopleSoft, Oracle’s Siebel, and other Oracle Fusion Middleware components such as Oracle SOA, Oracle WebCenter, and Oracle Business Intelligence. OIM integrates with Oracle Database through its own directory and identity virtualization services, thus providing scalability and lower cost of ownership. Oracle Identity Management is an integral part of Oracle Fusion Middleware. OIM leverages its services such as Business Intelligence, Enterprise Management, and SOA and Process Management, and it provides security services to multiple Oracle Fusion Middleware components and Oracle Fusion Applications.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 7 Oracle Identity Management Platform Oracle’s identity platform consists of three functional pillars and underlying platform services, as shown in the following figure. Identity Governance involves setup of the environment in advance of access, as well as review of the environment to ensure policies are enforced as intended. The Access Management includes the technologies involved in run-time enforcement of access—that is, when users are actively using the system. Directory Services operate at the data layer to provide identity context to the other two pillars. Oracle also provides Platform Security Services that enable developers to access any component in the pillars, externalize security decisions, and take advantage of platform security features. Oracle 11g R2 IDM Platform Identity Governance products: Oracle Identity Manager (OIM) is an identity provisioning product. OIM includes features for self- service password management, access request forms, delegated administration, approval routing workflows, and entitlement management across any number of connected systems. Oracle Identity Analytics (OIA) collects logs from IdM products and other systems to report on usage, build effective IT roles, and detect account-related audit issues such as orphaned accounts. Oracle Privileged Account Manager (OPAM) secures accounts with elevated access, such as root accounts on Unix systems and databases, by implementing a password checkout system
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 8 Access Management products: Oracle Access Manager (OAM) is a Web Access Management (WAM) product that enables SSO across an organization’s web presence. Oracle Adaptive Access Manager (OAAM) enables organizations to apply stronger, risk-based, and multi-factor access control to an organization’s web presence. Oracle Enterprise Gateway (OEG) is a soft-appliance XML gateway for securing and managing application and web access to an organizations web presence Oracle Identity Federation (OIF) provides standards-based identity federation capabilities for enabling SSO across websites. Oracle Security Token Service (OSTS) is a WS-Trust compliant STS implementation. An STS converts security tokens of various types, enabling compatibility and trust across federation boundaries. Oracle Entitlements Server (OES) is a fine-grained entitlements service that supports a variety of externalized authorization mechanisms including XACML 3.0. Oracle Enterprise Single Sign-On (OeSSO) is a client-based SSO product that enables users to access web, client-server, and legacy applications though a single, strong authentication “wallet” for authentication. Directory Services products Oracle Unified Directory (OUD) includes both a highly scalable LDAP directory service based on Java and the Oracle Virtual Directory (OVD) product. See the section below for more information on OVD. Oracle Internet Directory (OID) is a scalable LDAP directory service based on Oracle database technology. Oracle Virtual Directory (OVD) enables efficient and elegant integration to data sources. Platform Security services Oracle Platform Security Services (OPSS) provide developer access to essential security functions. Oracle Enterprise Gateway (OEG) enables SOA applications to establish an identity-based control at the edge of enterprise networks. OEG also provides REST-ful interfaces to the identity platform for mobile applications. And when combined with Oracle Web Services Manager (OWSM) also adds encryption, PKI, and related policy control to web services. Support for Open Standards Oracle Identity Platform supports all relevant standards, including LDAP, SAML, WS-Trust, WS- Federation, XACML, OpenID, OAuth, and SPML. Oracle also continues to innovate in the standards community. The identity platform offers technologies that make it easy to integrate with partners, suppliers, and cloud services. The access technologies support all the major federation standards, including SAML 1.x and 2.x, WS-Federation, and OpenID
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 9 Oracle Identity Manager Oracle Identity Manager (OIM), is central component of Oracle’s identity management strategy. It provides a platform for designing provisioning processes for user and access information to solve the challenge of getting the right accounts and privileges automatically set up for users across all applications they need to Access. OIM is a fundamental building block for an overall identity management solution. Access management, role management, directory services, and entitlement management all depend on having a working user provisioning solution that ensures the right identity data exists in the right location for other solutions to use. And with so many different types of policies, processes, and integrations involved in a typical provisioning problem, the provisioning technology needs to support a high level of flexibility and customization. However, with added flexibility comes complexity, so OIM tries to achieve a balance between supporting customization of provisioning without making the implementation process too difficult. OIM User In OIM, a user represents an entity in context of enterprise user provisioning and as such can be provisioned to accommodate different applications. An OIM user defines a specific default data model with certain standard identity attributes, such as First Name, Last Name, Employee Type, Title, Organization, and so on, that can be extended as needed. User Group In many applications, users are grouped together based on common functions, organization, job level, and so forth. OIM provides the user group object as a mechanism to support organizing users into simple compartments according to certain rules and policies. A user can be associated to a group either via direct membership assignments or rule driven memberships. Direct assignments are performed in a discretionary manner by another privileged user (such as administrators, managers, and so on), and the memberships are maintained in a static way (memberships are also revoked in a discretionary way). . The other way of assigning groups is to use rule based membership which is a more automated manner. Membership rules are simple conditional statements that are evaluated against each user to determine whether or not the user belongs to a group. Figure below shows a membership rule, “location == San Francisco.” This is an example of automating group memberships based a “location” attribute value. User groups using membership rules are more dynamic in nature and provide significant flexibility for managing who belongs to which groups and therefore should be granted what resources. Organization An OIM organization is meant to represent a business function or regional department, such as Sales, Product Development, North America Business Unit, and so on. OIM organization objects can be nested and therefore represent real-world organizational hierarchies. An organization is different from a user group because a user can have at most one organization, but it can have multiple user group associations at the same time Access Policy An access policy is a way in OIM to map who should have access to what resource. The overall mapping from the user to the resource can be made up of mappings from the user to user groups and from user groups to resources. In addition to controlling the resource, it is possible to control each user’s
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 10 privileges within each resource by associating application-level privileges to user groups in the access policy. For example, it is required that two user groups, “Data Analyst” and “Data Administrator,” should both be provisioned to access the same database application but with different database roles (such as analyst and DBA).Mapping of user group to database roles can be set inside an access policy. Resource Object A resource object is an OIM object representing a logical resource for which users need to have accounts created. For instance, you can have OIM resource objects called “e-mail Server” and “Customer Database.” A resource object can represent almost anything, from applications, databases, and operating systems, to physical assets and any other entity relevant to provisioning. A resource object is used to track which users are provisioned to what logical assets. It can report on the current list of users who are provisioned to the E-mail Server resource in our example. Resource objects are also used to design approval workflows and policies around those workflows that are application-centric. So, for example, if a specific person is assigned to approve all new accounts to the e-mail Server system, resource object can be set to that condition in workflow rule. OIM resource objects do not represent the physical resources themselves and therefore do not contain physical details (such as IP addresses, server hostnames, and so on). For physical server representations and details, OIM provides the concept called IT resources. IT Resource An IT resource is a physical representation of a logical resource object. It holds all the physical details of the resource for which a new user is provisioned. If, for example, you have a resource object called Customer Database, you need to also define one or more corresponding IT resource objects that representthe physical characteristics of the resource (suchas server hostnames,IPaddresses, physical locations, and so on). This information is used by the OIM integration engine when it needs to communicate with those servers to complete a provisioning-related task. The specific set of attributes of an IT resource is highly dependent on the type of system on which the account is being created (relational database IT Resources expect schema names and passwords; LDAP servers IT Resources expect names places and directory information tree details). OIM allows you to define an IT resource type that acts as a template to define a specific data model for certain types of IT resources. User Provisioning Process A user provisioning process looks similar to any other business process. It represents a logical flow of events that deal with creating accounts within enterprise resources to make a new user productive. Every provisioning process uses some fundamental building blocks, and the following sections provide different levels of sophistication in user provisioning. Choice of sophistication level should, obviously, depend on the requirement and sensitivity of the particular resource. Discretionary Account Provisioning Discretionary account provisioning is a style of provisioning by which an existing OIM administrator or privileged user can provision a user to an application in a discretionary manner. Inherently, a discretionary methodis less consistent and leaves itup to the administrator to know what to do, rather than using a codifying a policy in the provisioning process. By default, this style of provisioning is automatically set up when an OIM is set up with an application using a packaged connector. And typically enterprises use this as a baseline to start designing and implementing their automation rules to make the process less discretionary.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 11 Typically, discretionary provisioning is useful for enterprises that are looking to take the first step from manual provisioning processes to a basic level of automation and centralization. Also, if the enterprise lacks formal governance rules and policies around access to systems and information, handling provisioning requests in a request-based manner might be the inevitable first step. However, if OIM has been put in place, you can accelerate your path to better provisioning automation by leveraging a lot of the built-in features of OIM, such as allowing users to make new requests through OIM and performing basic maintenance tasks such as password resets. Self Service Provisioning The discretionary account provisioning requires an administrator or a privileged user to initiate the provisioning process. In other words, users will still need to make a phone call or send an email to the administrator to request a new account in an application. However, OIM can be easily configured so that users can communicate entirely through the OIM framework when requesting access to new resources. Over the past few years, self-service user provisioning has been a popular solution especially when delivering simple capabilities such as resetting passwords and requesting accounts in new systems and applications. It can greatly reduce the burden on administrators for performing highly repetitive tasks of manually inputting data from paper forms submitted by an end user. However, enabling the self- service capabilities on resources usually leads to some manual oversight, typically enforced through approval workflows that allow administrators to verify and sign-off on requests from end users. Without such approvals, the resource might as well be a fully public resource. Workflow-based provisioning A workflow-based provisioning process gathers the required approvals from the designated approvers before granting a user access to an application or another resource. For example, the Finance application might require that every new account request be approved by the CFO to maintain tight control of who gets to see sensitive financial information. Access Policy Driven Provisioning Access Policy Driven Provisioning is response to a basic question as in “Who should have access to what resources?” Access policy can be implemented through OIM Admin console, and has four facets - what is provisioned, when it is issued, what not to be provisioned, and who this is for. Steps required to set up access policy are as follows 1. Create an select Access Policy under OIM Admin console 2. Select the resource(s) to be provisioned under the chosen access policy 3. Set the date this for which access needs to be issued 4. Select the resource(s) that should be denied to the user through this access policy 5. Select the user groups that apply to this access policy OIM Provisioning Integration User provisioning has become a critical problem for most enterprises looking to lower their administrative burdens of account management while also trying to reduce risk by centralizing the control for granting access to important applications. Instead, with a user provisioning solution, new account creation tasks can execute in a consistent manner, whereby certain approvals and verifications are mandated before access is provided to new users. The other critical user provisioning challenge is a technical one—system integration. A typical enterprise has a wide-ranging set of applications built on different technologies, standards, and semantics and therefore centralizing the account creation process is often an integration nightmare.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 12 Choice of integration between OIM and an external target systems falls into one of the following categories: Prebuilt connectors A specific connector implementation for a specific system or application (such as Active Directory, PeopleSoft, SAP, DB2, Oracle Database, and so on). Generic Technology Connector A connector for commonly-used formats and industry standards (such as flat files, Web Services, and Service Provisioning Markup Language). Prebuilt connectors OIM provides a connector pack that bundles prebuilt and packaged connectors to most third-party systems of all types, including databases, enterprise resource planning (ERP) applications, operating systems, Lightweight Directory Access Protocol (LDAP) servers, and so on. Setting up these connectors in OIM is a fairly straightforward process: 1. Copy the connector files to the OIM server. 2. Import the connector’s (XML-based) descriptor file into the OIM repository through the Deployment Manager section in the OIM web console. 3. Define the IT resources associated to this connector Through this connector install process, OIM automatically creates the foundational elements of the new resource by creating the necessary resource, IT resource(s), and IT resource type objects associated to the connector. At this point, the environment is ready for basic request driven provisioning. Generic Technology Connector As enterprises are looking to automate provisioning to all types of applications (enterprise and departmental), Oracle needed a solution that targeted those applications and systems with a simpler approach to provisioning. The GTC supports simple integrations to custom-built applications or other systems that rely on simpler data exchange formats such as comma-separated fields. It also supports many industry standard protocols such as Service Provisioning Mark-up Language (SPML). The GTC is an example of a packaged integration used for a common set of applications that can read and exchange information in a standard format. While the GTC does not necessarily solve complex integration scenarios, it does provide a quick integration to medium- to low-complexity applications. A GTC-based integration provides a set of packaged functionalities, known as “providers,” to perform the different types of actions needed to execute an end-to-end user provisioning process. The process runs starting from identity data reconciliation from a source system to provisioning to a target application. The GTC is a useful choice whenever you’re dealing with applications that can support simpler or standard data exchange formats, such as comma-separated files or the SPML format. The typical cost to set up and maintain a GTC-based integration is much lower than that of other types of OIM integrations. Unlike the prebuilt connectors, the GTC code is shipped with the OIM server so there is no need to install additional software. Conclusion Oracle Identity Manager is the most flexible and scalable enterprise identity administration and user provisioning application available on the market. With its innovative and advanced feature set, OIM helps an enterprise to reduce security risk, reduce the cost of compliance, and greatly improve service level and end-user experience. Its flexibility to integrate with Oracle and 3rd party applications and
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 13 being a part of the Oracle Identity Governance Suite makes it an ideal choice to start or compliment an existing identity management deployment as an enterprise advances to reach its identity and access governance goals.
BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 14 Reference  http://www.oracle.com/us/products/middleware/identity- management/overview/index.html  http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oim-11gr2-business- wp-1928893.pdf  http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oracle-idm-wp-11gr2- 1708738.pdf  http://www.oracle.com/technetwork/middleware/id-mgmt/overview/idm-tech-wp-11g-r1- 154356.pdf  https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8& ved=0CC8QFjADahUKEwjq8L2IjobHAhVBqpQKHb5mAH0&url=http%3A%2F%2Fwww.oracle.c om%2Ftechnetwork%2Fmiddleware%2Fid-mgmt%2Foverview%2Fidentity-manager-wp- 11gr1-156947.pdf&ei=R827VaqxG8HU0gS- zYHoBw&usg=AFQjCNF9BH4O_1TFS2qOyF71R_9VQ3HHnA&bvm=bv.99261572,d.dGo

Recommended

Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
wardell henley
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer Presentation
Delivery Centric
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
Delivery Centric
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
Profesia Srl, Lynx Group
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
Atul Goyal
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
DLT Solutions
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
Evolveum
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 

Recommended

Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
wardell henley
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer Presentation
Delivery Centric
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
Delivery Centric
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
Profesia Srl, Lynx Group
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
Atul Goyal
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
DLT Solutions
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
Evolveum
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
Aidy Tificate
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
Tamim Khan
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management Overview
SAP Technology
 
Features of identity management ps2
Features of identity management ps2Features of identity management ps2
Features of identity management ps2
Nitai Partners Inc
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundations
Bertrand Carlier
 
Identity_Management_Vendor_Evaluation
Identity_Management_Vendor_EvaluationIdentity_Management_Vendor_Evaluation
Identity_Management_Vendor_Evaluation
Jerry Ruggieri
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Grant Reveal
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access Management
Kalyana Sundaram
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0
John Bernhard
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
CA API Management
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
Kiril Anastasov
 
Quest One Identity Management Summary
Quest One Identity Management SummaryQuest One Identity Management Summary
Quest One Identity Management Summary
Quest Software
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
Richard Tong
 
Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
OracleIDM
 
Short Overview
Short OverviewShort Overview
Short Overview
EmpowerID
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
Aidy Tificate
 
Identity management11gr2launch finalv2
Identity management11gr2launch finalv2Identity management11gr2launch finalv2
Identity management11gr2launch finalv2
OracleIDM
 
Identity Management
Identity ManagementIdentity Management
Identity Management
Venkatesh Jambulingam
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Systems, Inc.
 
Buyers Guide for Governance
Buyers Guide for GovernanceBuyers Guide for Governance
Buyers Guide for Governance
Courion Corporation
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-a
Bibhuti Kr Jha +91-9810016292
 

More Related Content

What's hot

Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
Tamim Khan
 
Identity_Management_Vendor_Evaluation
Identity_Management_Vendor_EvaluationIdentity_Management_Vendor_Evaluation
Identity_Management_Vendor_Evaluation
Jerry Ruggieri
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0
John Bernhard
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
CA API Management
 
Identity management11gr2launch finalv2
Identity management11gr2launch finalv2Identity management11gr2launch finalv2
Identity management11gr2launch finalv2
OracleIDM
 

What's hot (20)

IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management Overview
 
Features of identity management ps2
Features of identity management ps2Features of identity management ps2
Features of identity management ps2
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundations
 
Identity_Management_Vendor_Evaluation
Identity_Management_Vendor_EvaluationIdentity_Management_Vendor_Evaluation
Identity_Management_Vendor_Evaluation
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_finalSso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access Management
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
 
Quest One Identity Management Summary
Quest One Identity Management SummaryQuest One Identity Management Summary
Quest One Identity Management Summary
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
 
Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
 
Short Overview
Short OverviewShort Overview
Short Overview
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 
Identity management11gr2launch finalv2
Identity management11gr2launch finalv2Identity management11gr2launch finalv2
Identity management11gr2launch finalv2
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate Edition
 

Similar to Whitepaper Oracle Identity Management

20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
Kiran Kumar
 
Beyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User ProvisioningBeyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User Provisioning
Hitachi ID Systems, Inc.
 
Oracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered SystemsOracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered Systems
GregOracle
 

Similar to Whitepaper Oracle Identity Management (20)

Buyers Guide for Governance
Buyers Guide for GovernanceBuyers Guide for Governance
Buyers Guide for Governance
 
Open iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-aOpen iam technicalarchitecture-v3-a
Open iam technicalarchitecture-v3-a
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Resume
ResumeResume
Resume
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
 
Kiran_CV
Kiran_CVKiran_CV
Kiran_CV
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
Beyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User ProvisioningBeyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User Provisioning
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity Management
 
Oracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered SystemsOracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered Systems
 
ING webcast platform
ING webcast platformING webcast platform
ING webcast platform
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1
 
Identity management
Identity managementIdentity management
Identity management
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
Oracle Fusion Middleware Solution
Oracle Fusion Middleware SolutionOracle Fusion Middleware Solution
Oracle Fusion Middleware Solution
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
 

More from Bristlecone SCC

More from Bristlecone SCC (17)

Beyond the Hype: Building a Sustainable Supplier Risk Strategy
Beyond the Hype: Building a Sustainable Supplier Risk StrategyBeyond the Hype: Building a Sustainable Supplier Risk Strategy
Beyond the Hype: Building a Sustainable Supplier Risk Strategy
 
Bristlecone SAP offerings
Bristlecone SAP offeringsBristlecone SAP offerings
Bristlecone SAP offerings
 
Rim & Disney infographics
Rim & Disney infographics Rim & Disney infographics
Rim & Disney infographics
 
Naresh Hingorani at SCCPulse 2017
Naresh Hingorani at SCCPulse 2017Naresh Hingorani at SCCPulse 2017
Naresh Hingorani at SCCPulse 2017
 
Joe Krkoska, Dow AgroSciences at SCCPulse2017
Joe Krkoska, Dow AgroSciences at SCCPulse2017Joe Krkoska, Dow AgroSciences at SCCPulse2017
Joe Krkoska, Dow AgroSciences at SCCPulse2017
 
Omar Campbell, Global Demand Planning & S&OP Executive, Tupperware
Omar Campbell, Global Demand Planning & S&OP Executive, TupperwareOmar Campbell, Global Demand Planning & S&OP Executive, Tupperware
Omar Campbell, Global Demand Planning & S&OP Executive, Tupperware
 
Ron Spangler, Senior Industrial Liaison Officer
Ron Spangler, Senior Industrial Liaison OfficerRon Spangler, Senior Industrial Liaison Officer
Ron Spangler, Senior Industrial Liaison Officer
 
Bristlecone Innovation by Sweeni Ponoth VP & GM, Bristlecone Labs
Bristlecone Innovation by Sweeni Ponoth VP & GM, Bristlecone LabsBristlecone Innovation by Sweeni Ponoth VP & GM, Bristlecone Labs
Bristlecone Innovation by Sweeni Ponoth VP & GM, Bristlecone Labs
 
Phoebe Kwan VP BD, C2Sense at SCCPulse2017
Phoebe Kwan VP BD, C2Sense at SCCPulse2017Phoebe Kwan VP BD, C2Sense at SCCPulse2017
Phoebe Kwan VP BD, C2Sense at SCCPulse2017
 
Brian Subirana Director of the MIT Auto-ID Laboratory at SCCPulse2017
Brian Subirana Director of the MIT Auto-ID Laboratory at SCCPulse2017Brian Subirana Director of the MIT Auto-ID Laboratory at SCCPulse2017
Brian Subirana Director of the MIT Auto-ID Laboratory at SCCPulse2017
 
Alan Ringvald, CEO of Relativity6 at SCCPulse2017
Alan Ringvald, CEO of Relativity6 at SCCPulse2017Alan Ringvald, CEO of Relativity6 at SCCPulse2017
Alan Ringvald, CEO of Relativity6 at SCCPulse2017
 
Michael J Casey at Bristlecone Pulse 2017, MIT
Michael J Casey at Bristlecone Pulse 2017, MITMichael J Casey at Bristlecone Pulse 2017, MIT
Michael J Casey at Bristlecone Pulse 2017, MIT
 
Irfan khan at Bristlecone Pulse 2017, MIT
Irfan khan at Bristlecone Pulse 2017, MITIrfan khan at Bristlecone Pulse 2017, MIT
Irfan khan at Bristlecone Pulse 2017, MIT
 
Dr Abel Sanchez at Bristlecone Pulse 2017 MIT
Dr Abel Sanchez at Bristlecone Pulse 2017 MITDr Abel Sanchez at Bristlecone Pulse 2017 MIT
Dr Abel Sanchez at Bristlecone Pulse 2017 MIT
 
Big Data & Analytics to Improve Supply Chain and Business Performance
Big Data & Analytics to Improve Supply Chain and Business PerformanceBig Data & Analytics to Improve Supply Chain and Business Performance
Big Data & Analytics to Improve Supply Chain and Business Performance
 
The Future of Procurement in the Digital Era
The Future of Procurement in the Digital EraThe Future of Procurement in the Digital Era
The Future of Procurement in the Digital Era
 
The Power of Resilience - How the Best Companies Manage the Unexpected
The Power of Resilience - How the Best Companies Manage the UnexpectedThe Power of Resilience - How the Best Companies Manage the Unexpected
The Power of Resilience - How the Best Companies Manage the Unexpected
 

Recently uploaded

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 

Recently uploaded (20)

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 

Whitepaper Oracle Identity Management

  • 1. BRISTLECONE TEAM BRISTLECONE INDIA PVT. LTD. INDIA PVT. LTD. | WWW.BCONE.COM Oracle Identity Management (OIM) TECHNICAL OVERVIEW | BRISTLECONE WHITEPAPER | AUGUST 2015 AUHTOR: RAKESH SHARMA
  • 2. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 1 Table of Contents Overview........................................................................................................................................... 3 Key Features.................................................................................................................................. 3 Simplified Self Service................................................................................................................ 4 Self-Registration ........................................................................................................................ 4 Profile Management.................................................................................................................. 4 Password Management ............................................................................................................. 4 Self-Service Access Request ....................................................................................................... 4 Tracking a Request..................................................................................................................... 4 Handling Requests – Complex Workflows .................................................................................. 4 Extensible User Interface........................................................................................................... 5 Global Customizations ............................................................................................................... 5 Personalization.......................................................................................................................... 5 Advanced Identity and Role Administration....................................................................................... 5 OIM Data Warehouse .................................................................................................................... 5 Connectors.................................................................................................................................... 5 Generic Technology Connector.................................................................................................. 6 Identity Connector Framework .................................................................................................. 6 OIM Architecture............................................................................................................................... 6 Oracle Identity Management Platform........................................................................................... 7 Identity Governance products:................................................................................................... 7 Access Management products: .................................................................................................. 8 Directory Services products ....................................................................................................... 8 Platform Security services.......................................................................................................... 8 Support for Open Standards .......................................................................................................... 8 Oracle Identity Manager.................................................................................................................... 9 OIM User....................................................................................................................................... 9 User Group.................................................................................................................................... 9 Organization.................................................................................................................................. 9 Access Policy ................................................................................................................................. 9 Resource Object .......................................................................................................................... 10 IT Resource.................................................................................................................................. 10 User Provisioning Process................................................................................................................ 10 Discretionary Account Provisioning.............................................................................................. 10 Self Service Provisioning .............................................................................................................. 11 Workflow-based provisioning...................................................................................................... 11
  • 3. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 2 Access Policy Driven Provisioning................................................................................................. 11 OIM Provisioning Integration........................................................................................................... 11 Prebuilt connectors ..................................................................................................................... 12 Generic Technology Connector.................................................................................................... 12 Conclusion................................................................................................................................... 12 Reference........................................................................................................................................ 14
  • 4. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 3 Overview Over the last decade, the mission of identity and access management (IDM) systems has expanded to include a range of business objectives. Whereas early identity systems served primarily to simplify account management, today organizations are building IDM technologies into their controls infrastructure. Oracle Identity Governance Suite enables organizations to simplify access grants and review access by consolidating the key strengths of its industry leading and best-in-class provisioning (Oracle Identity Manager), newly released privileged access (Oracle Privileged Access Manager), role, policy and risk management (Oracle Identity Analytics) into a common, and consistent and unified governance suite. With a single, converged platform, Oracle Identity Governance suite can provide benefits like: Increased end-user productivity - consistent and intuitive user interfaces, common business glossary, immediate access to key applications, role lifecycle management Reduced risk - guaranteed access revocation, detect and manage orphaned accounts, proactive and reactive IT audit policies detection and enforcement, fine grained authorization controlling who can do what, periodic re-certifications, continuous policy and role based access re-evaluation. Increased operational efficiency - risk based identity certification reducing overall time to certify, automated repeatable user administration tasks, role consolidation, and ease of deployment Reduced total cost - single vendor platform for governance, flexible and simplified customization framework, easily attest to regulatory requirements, common connector, standards based technology. Oracle Identity Management provides a unified, integrated security platform designed to manage user identities, provision resources to users, secure access to corporate resources, and enable trusted online business partnerships and support governance and compliance across the enterprise. It provides increased efficiency through improved integration, automation, and increased effectiveness in terms of application-centric security, risk management, and governance. OIM supports the full life cycle of enterprise applications, from development to deployment and production. Oracle Identity Manager (OIM) automates the administration of user access privileges across a company's resources, throughout the entire identity management life cycle—from initial on-boarding to final de-provisioning of an identity. OIM helps to answer critical compliance questions like "who has access to what resources and when? How did users get access to resources and why?" Key Features Oracle Identity Management allows enterprises to manage the end-to-end life cycle of user identities across enterprise resources and independently from enterprise applications. Its comprehensive set of services include identity administration and role management; user provisioning and compliance; web applications and web services access control; single sign-on and federated identities; fraud detection; strong, multifactor authentication and risk management; role governance and identity analytics, audit and reports. Some of its key features are listed below.
  • 5. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 4 Simplified Self Service OIM offers a wide range of self-service functions enabling business users to register for an account, manage their own profiles and credentials. These self-service capabilities easily pay for it many times over through reduced help desk calls and administrative costs. Self-Registration OIM provides a configurable interface where end users (typically in an extranet environment) can submit a request for an account for themselves in the enterprise. A configurable workflow allows such requests to be approved before actually granting and notifying the account details to the user. Profile Management Using OIM’s self-service interface, users can easily manage their own mutable profile data like changing their email ID, postal address, telephone number, emergency contact info, their password recovery questions and answers or set up a proxy/delegate user to act on their behalf for a specified time period. Password Management OIM’s self-service interface enables users to manage their enterprise password that is used in single sign-on (SSO). OIM then synchronizes this password across all target resources provisioned to the user. OIM enforces compliance of this password with enterprise password policies, which may be authored in OIM itself. For the recovery of forgotten passwords, OIM employs the security challenge questions set during the user’s first login or captured during self-registration. OIM also provides random password generation capabilities that may be invoked during registration or administrator- based password reset. Self-Service Access Request OIM provides a browser-based tool to request access. The access request experience is similar to the “shopping cart” metaphor used on commercial websites, so users are able to request access without training on the tool and with only a basic understanding the organization’s roles and entitlements. End users simply search for the roles and entitlements they require by entering keywords. They can further refine and filter search results by using the tool’s automated suggestions. Once users find the entitlements they need, they simply place the appropriate entitlements in a cart and submit the request. OIM enables users to bundle frequently requested privileges and model them as a saved shopping cart. In OIM, a saved shopping cart is called a “request profile” that can also be shared with other users. Tracking a Request Users and helpdesk administrators can track the progress of their requests online through OIM’s tracking tool. The tracking tool graphically displays the current state of the request approval in the provisioning workflow. An image displays what steps are complete and what steps remain to fulfill the request. Using this tool, users can then help ensure their requests are handled in a timely fashion. Handling Requests – Complex Workflows OIM allows approvers to take various actions on an access request without significant difficulty. In addition to approving or denying the request, the approver may delegate the approval step to another person or role. As approvals may get critical in the overall user productivity, the system also supports configurable approval reminders and escalations. As approval needs can change over the period of time, policy owners can change the approval routing logic using a web interface.
  • 6. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 5 Extensible User Interface While OIM out of the box includes a complete self-service access request capability that is business user friendly, organizations may want to customize the tool to cater to their organization specific user interface standards and principles. Global Customizations OIM supports customizations that range from simple branding/logo/style-sheet changes to changing the layout of the page or changing the labels of various widgets on the page. Some of the advanced customizations may involve extending the out-of-box definition of various entities like users, roles, organizations, catalog entities by defining additional attributes on them and deciding various UI pages where the new attributes should appear. The system also provides a sandbox environment to perform, test, commit or rollback all such customizations without impacting other users. Personalization OIM provides a powerful personalization framework as part of its business user interface. When using OIM, each user sees a home page with multiple regions for the most commonly used features and information. Business users can personalize the layout of the home page by rearranging or hiding regions. Additionally, some of the non-technical users like helpdesk administrators or delegated administrators may perform the same query over and over again on various entities. Rather than entering the query criteria again and again, users can save their searches and reuse them across sessions. Advanced Identity and Role Administration Users’ access rights are managed in OIM throughout the identity lifecycle. When new users are on- boarded, they receive a set of accounts and entitlements based on any applicable “birthright provisioning” policies. Account and entitlement assignments may change as users’ identity attributes change in the enterprise as a result of promotions, transfers, or other organizational changes. OIM automatically provisions these changes in the target systems. Users may also get additional access by requesting roles, accounts, or entitlements using OIM’s self-service capabilities. OIM Data Warehouse The core of OIM is its centralized identity warehouse. The identity warehouse contains three key types of data: Identities: Users’ identities may be created based on authoritative systems or directly in OIM using self-service or delegated administration features. OIM can create user accounts and reconcile attributes and access based on data from any number of authoritative systems such as Oracle E- Business HRMS, PeopleSoft HRMS etc. OIM can synchronize the database with any number of LDAP directories. Many customers synchronize the identities created in OIM into an LDAP to setup an enterprise LDAP that may be wired to various authentication and authorization systems that may need access to user’s identity attributes. Connectors OIM’s Connector Framework eliminates the complexity associated with creating and maintaining connections to proprietary interfaces in business applications. The connector framework separates connector code (integration libraries specific and optimized for the target system) from connector meta-data (data models, forms, connectivity information and process). This separation makes extending, maintaining, and upgrading connectors a manageable and straightforward process.
  • 7. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 6 OIM provides the following integration technologies for the connector development. Generic Technology Connector The Adapter Factory enables customers to create new integrations or modify existing integrations using a graphical user interface, without programming or scripting. Generic Technology Connector can communicate with any target resource by using standard protocols such as HTTP, SMTP, FTP, and Web Services combined with generic message formats such as CSV, SPML, and LDIF. Identity Connector Framework The Generic Technology Connector framework provides a complimentary solution for data flows to applications that accept file formats. ICF provides Connector Servers which enables remote execution of the Identity Connector. Connector servers are available for both Java and .NET. An ICF compliant converged connector is a connector that can be commonly used for both Oracle Identity Manager and Oracle Wave set. OIM Architecture Oracle Identity Management components integrate seamlessly with Oracle applications such as Oracle’s PeopleSoft, Oracle’s Siebel, and other Oracle Fusion Middleware components such as Oracle SOA, Oracle WebCenter, and Oracle Business Intelligence. OIM integrates with Oracle Database through its own directory and identity virtualization services, thus providing scalability and lower cost of ownership. Oracle Identity Management is an integral part of Oracle Fusion Middleware. OIM leverages its services such as Business Intelligence, Enterprise Management, and SOA and Process Management, and it provides security services to multiple Oracle Fusion Middleware components and Oracle Fusion Applications.
  • 8. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 7 Oracle Identity Management Platform Oracle’s identity platform consists of three functional pillars and underlying platform services, as shown in the following figure. Identity Governance involves setup of the environment in advance of access, as well as review of the environment to ensure policies are enforced as intended. The Access Management includes the technologies involved in run-time enforcement of access—that is, when users are actively using the system. Directory Services operate at the data layer to provide identity context to the other two pillars. Oracle also provides Platform Security Services that enable developers to access any component in the pillars, externalize security decisions, and take advantage of platform security features. Oracle 11g R2 IDM Platform Identity Governance products: Oracle Identity Manager (OIM) is an identity provisioning product. OIM includes features for self- service password management, access request forms, delegated administration, approval routing workflows, and entitlement management across any number of connected systems. Oracle Identity Analytics (OIA) collects logs from IdM products and other systems to report on usage, build effective IT roles, and detect account-related audit issues such as orphaned accounts. Oracle Privileged Account Manager (OPAM) secures accounts with elevated access, such as root accounts on Unix systems and databases, by implementing a password checkout system
  • 9. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 8 Access Management products: Oracle Access Manager (OAM) is a Web Access Management (WAM) product that enables SSO across an organization’s web presence. Oracle Adaptive Access Manager (OAAM) enables organizations to apply stronger, risk-based, and multi-factor access control to an organization’s web presence. Oracle Enterprise Gateway (OEG) is a soft-appliance XML gateway for securing and managing application and web access to an organizations web presence Oracle Identity Federation (OIF) provides standards-based identity federation capabilities for enabling SSO across websites. Oracle Security Token Service (OSTS) is a WS-Trust compliant STS implementation. An STS converts security tokens of various types, enabling compatibility and trust across federation boundaries. Oracle Entitlements Server (OES) is a fine-grained entitlements service that supports a variety of externalized authorization mechanisms including XACML 3.0. Oracle Enterprise Single Sign-On (OeSSO) is a client-based SSO product that enables users to access web, client-server, and legacy applications though a single, strong authentication “wallet” for authentication. Directory Services products Oracle Unified Directory (OUD) includes both a highly scalable LDAP directory service based on Java and the Oracle Virtual Directory (OVD) product. See the section below for more information on OVD. Oracle Internet Directory (OID) is a scalable LDAP directory service based on Oracle database technology. Oracle Virtual Directory (OVD) enables efficient and elegant integration to data sources. Platform Security services Oracle Platform Security Services (OPSS) provide developer access to essential security functions. Oracle Enterprise Gateway (OEG) enables SOA applications to establish an identity-based control at the edge of enterprise networks. OEG also provides REST-ful interfaces to the identity platform for mobile applications. And when combined with Oracle Web Services Manager (OWSM) also adds encryption, PKI, and related policy control to web services. Support for Open Standards Oracle Identity Platform supports all relevant standards, including LDAP, SAML, WS-Trust, WS- Federation, XACML, OpenID, OAuth, and SPML. Oracle also continues to innovate in the standards community. The identity platform offers technologies that make it easy to integrate with partners, suppliers, and cloud services. The access technologies support all the major federation standards, including SAML 1.x and 2.x, WS-Federation, and OpenID
  • 10. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 9 Oracle Identity Manager Oracle Identity Manager (OIM), is central component of Oracle’s identity management strategy. It provides a platform for designing provisioning processes for user and access information to solve the challenge of getting the right accounts and privileges automatically set up for users across all applications they need to Access. OIM is a fundamental building block for an overall identity management solution. Access management, role management, directory services, and entitlement management all depend on having a working user provisioning solution that ensures the right identity data exists in the right location for other solutions to use. And with so many different types of policies, processes, and integrations involved in a typical provisioning problem, the provisioning technology needs to support a high level of flexibility and customization. However, with added flexibility comes complexity, so OIM tries to achieve a balance between supporting customization of provisioning without making the implementation process too difficult. OIM User In OIM, a user represents an entity in context of enterprise user provisioning and as such can be provisioned to accommodate different applications. An OIM user defines a specific default data model with certain standard identity attributes, such as First Name, Last Name, Employee Type, Title, Organization, and so on, that can be extended as needed. User Group In many applications, users are grouped together based on common functions, organization, job level, and so forth. OIM provides the user group object as a mechanism to support organizing users into simple compartments according to certain rules and policies. A user can be associated to a group either via direct membership assignments or rule driven memberships. Direct assignments are performed in a discretionary manner by another privileged user (such as administrators, managers, and so on), and the memberships are maintained in a static way (memberships are also revoked in a discretionary way). . The other way of assigning groups is to use rule based membership which is a more automated manner. Membership rules are simple conditional statements that are evaluated against each user to determine whether or not the user belongs to a group. Figure below shows a membership rule, “location == San Francisco.” This is an example of automating group memberships based a “location” attribute value. User groups using membership rules are more dynamic in nature and provide significant flexibility for managing who belongs to which groups and therefore should be granted what resources. Organization An OIM organization is meant to represent a business function or regional department, such as Sales, Product Development, North America Business Unit, and so on. OIM organization objects can be nested and therefore represent real-world organizational hierarchies. An organization is different from a user group because a user can have at most one organization, but it can have multiple user group associations at the same time Access Policy An access policy is a way in OIM to map who should have access to what resource. The overall mapping from the user to the resource can be made up of mappings from the user to user groups and from user groups to resources. In addition to controlling the resource, it is possible to control each user’s
  • 11. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 10 privileges within each resource by associating application-level privileges to user groups in the access policy. For example, it is required that two user groups, “Data Analyst” and “Data Administrator,” should both be provisioned to access the same database application but with different database roles (such as analyst and DBA).Mapping of user group to database roles can be set inside an access policy. Resource Object A resource object is an OIM object representing a logical resource for which users need to have accounts created. For instance, you can have OIM resource objects called “e-mail Server” and “Customer Database.” A resource object can represent almost anything, from applications, databases, and operating systems, to physical assets and any other entity relevant to provisioning. A resource object is used to track which users are provisioned to what logical assets. It can report on the current list of users who are provisioned to the E-mail Server resource in our example. Resource objects are also used to design approval workflows and policies around those workflows that are application-centric. So, for example, if a specific person is assigned to approve all new accounts to the e-mail Server system, resource object can be set to that condition in workflow rule. OIM resource objects do not represent the physical resources themselves and therefore do not contain physical details (such as IP addresses, server hostnames, and so on). For physical server representations and details, OIM provides the concept called IT resources. IT Resource An IT resource is a physical representation of a logical resource object. It holds all the physical details of the resource for which a new user is provisioned. If, for example, you have a resource object called Customer Database, you need to also define one or more corresponding IT resource objects that representthe physical characteristics of the resource (suchas server hostnames,IPaddresses, physical locations, and so on). This information is used by the OIM integration engine when it needs to communicate with those servers to complete a provisioning-related task. The specific set of attributes of an IT resource is highly dependent on the type of system on which the account is being created (relational database IT Resources expect schema names and passwords; LDAP servers IT Resources expect names places and directory information tree details). OIM allows you to define an IT resource type that acts as a template to define a specific data model for certain types of IT resources. User Provisioning Process A user provisioning process looks similar to any other business process. It represents a logical flow of events that deal with creating accounts within enterprise resources to make a new user productive. Every provisioning process uses some fundamental building blocks, and the following sections provide different levels of sophistication in user provisioning. Choice of sophistication level should, obviously, depend on the requirement and sensitivity of the particular resource. Discretionary Account Provisioning Discretionary account provisioning is a style of provisioning by which an existing OIM administrator or privileged user can provision a user to an application in a discretionary manner. Inherently, a discretionary methodis less consistent and leaves itup to the administrator to know what to do, rather than using a codifying a policy in the provisioning process. By default, this style of provisioning is automatically set up when an OIM is set up with an application using a packaged connector. And typically enterprises use this as a baseline to start designing and implementing their automation rules to make the process less discretionary.
  • 12. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 11 Typically, discretionary provisioning is useful for enterprises that are looking to take the first step from manual provisioning processes to a basic level of automation and centralization. Also, if the enterprise lacks formal governance rules and policies around access to systems and information, handling provisioning requests in a request-based manner might be the inevitable first step. However, if OIM has been put in place, you can accelerate your path to better provisioning automation by leveraging a lot of the built-in features of OIM, such as allowing users to make new requests through OIM and performing basic maintenance tasks such as password resets. Self Service Provisioning The discretionary account provisioning requires an administrator or a privileged user to initiate the provisioning process. In other words, users will still need to make a phone call or send an email to the administrator to request a new account in an application. However, OIM can be easily configured so that users can communicate entirely through the OIM framework when requesting access to new resources. Over the past few years, self-service user provisioning has been a popular solution especially when delivering simple capabilities such as resetting passwords and requesting accounts in new systems and applications. It can greatly reduce the burden on administrators for performing highly repetitive tasks of manually inputting data from paper forms submitted by an end user. However, enabling the self- service capabilities on resources usually leads to some manual oversight, typically enforced through approval workflows that allow administrators to verify and sign-off on requests from end users. Without such approvals, the resource might as well be a fully public resource. Workflow-based provisioning A workflow-based provisioning process gathers the required approvals from the designated approvers before granting a user access to an application or another resource. For example, the Finance application might require that every new account request be approved by the CFO to maintain tight control of who gets to see sensitive financial information. Access Policy Driven Provisioning Access Policy Driven Provisioning is response to a basic question as in “Who should have access to what resources?” Access policy can be implemented through OIM Admin console, and has four facets - what is provisioned, when it is issued, what not to be provisioned, and who this is for. Steps required to set up access policy are as follows 1. Create an select Access Policy under OIM Admin console 2. Select the resource(s) to be provisioned under the chosen access policy 3. Set the date this for which access needs to be issued 4. Select the resource(s) that should be denied to the user through this access policy 5. Select the user groups that apply to this access policy OIM Provisioning Integration User provisioning has become a critical problem for most enterprises looking to lower their administrative burdens of account management while also trying to reduce risk by centralizing the control for granting access to important applications. Instead, with a user provisioning solution, new account creation tasks can execute in a consistent manner, whereby certain approvals and verifications are mandated before access is provided to new users. The other critical user provisioning challenge is a technical one—system integration. A typical enterprise has a wide-ranging set of applications built on different technologies, standards, and semantics and therefore centralizing the account creation process is often an integration nightmare.
  • 13. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 12 Choice of integration between OIM and an external target systems falls into one of the following categories: Prebuilt connectors A specific connector implementation for a specific system or application (such as Active Directory, PeopleSoft, SAP, DB2, Oracle Database, and so on). Generic Technology Connector A connector for commonly-used formats and industry standards (such as flat files, Web Services, and Service Provisioning Markup Language). Prebuilt connectors OIM provides a connector pack that bundles prebuilt and packaged connectors to most third-party systems of all types, including databases, enterprise resource planning (ERP) applications, operating systems, Lightweight Directory Access Protocol (LDAP) servers, and so on. Setting up these connectors in OIM is a fairly straightforward process: 1. Copy the connector files to the OIM server. 2. Import the connector’s (XML-based) descriptor file into the OIM repository through the Deployment Manager section in the OIM web console. 3. Define the IT resources associated to this connector Through this connector install process, OIM automatically creates the foundational elements of the new resource by creating the necessary resource, IT resource(s), and IT resource type objects associated to the connector. At this point, the environment is ready for basic request driven provisioning. Generic Technology Connector As enterprises are looking to automate provisioning to all types of applications (enterprise and departmental), Oracle needed a solution that targeted those applications and systems with a simpler approach to provisioning. The GTC supports simple integrations to custom-built applications or other systems that rely on simpler data exchange formats such as comma-separated fields. It also supports many industry standard protocols such as Service Provisioning Mark-up Language (SPML). The GTC is an example of a packaged integration used for a common set of applications that can read and exchange information in a standard format. While the GTC does not necessarily solve complex integration scenarios, it does provide a quick integration to medium- to low-complexity applications. A GTC-based integration provides a set of packaged functionalities, known as “providers,” to perform the different types of actions needed to execute an end-to-end user provisioning process. The process runs starting from identity data reconciliation from a source system to provisioning to a target application. The GTC is a useful choice whenever you’re dealing with applications that can support simpler or standard data exchange formats, such as comma-separated files or the SPML format. The typical cost to set up and maintain a GTC-based integration is much lower than that of other types of OIM integrations. Unlike the prebuilt connectors, the GTC code is shipped with the OIM server so there is no need to install additional software. Conclusion Oracle Identity Manager is the most flexible and scalable enterprise identity administration and user provisioning application available on the market. With its innovative and advanced feature set, OIM helps an enterprise to reduce security risk, reduce the cost of compliance, and greatly improve service level and end-user experience. Its flexibility to integrate with Oracle and 3rd party applications and
  • 14. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 13 being a part of the Oracle Identity Governance Suite makes it an ideal choice to start or compliment an existing identity management deployment as an enterprise advances to reach its identity and access governance goals.
  • 15. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 14 Reference  http://www.oracle.com/us/products/middleware/identity- management/overview/index.html  http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oim-11gr2-business- wp-1928893.pdf  http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oracle-idm-wp-11gr2- 1708738.pdf  http://www.oracle.com/technetwork/middleware/id-mgmt/overview/idm-tech-wp-11g-r1- 154356.pdf  https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8& ved=0CC8QFjADahUKEwjq8L2IjobHAhVBqpQKHb5mAH0&url=http%3A%2F%2Fwww.oracle.c om%2Ftechnetwork%2Fmiddleware%2Fid-mgmt%2Foverview%2Fidentity-manager-wp- 11gr1-156947.pdf&ei=R827VaqxG8HU0gS- zYHoBw&usg=AFQjCNF9BH4O_1TFS2qOyF71R_9VQ3HHnA&bvm=bv.99261572,d.dGo