Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Oracle Identity & Access Management

571 views

Published on

Oracle Identity & Access Management

Published in: Software
  • Be the first to comment

  • Be the first to like this

Oracle Identity & Access Management

  1. 1. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity & Access Management USTRANSCOM September 28, 2016
  2. 2. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Oracle Confidential – Internal/Restricted/Highly Restricted 2
  3. 3. Copyright © 2016 Oracle and/or its affiliates. All rights reserved. | GOVERNANCE MANAGEMENT SERVICES USER AUTHENTICATION LOCATION DATA EXTREME SCALE LOW TCO INTEGRATED INTEROPERABLE DEVICE AUTHN NAMING SERVICES HOST ACCESS CONTROL AP P THOUSANDS MILLIONS BILLIONS 10s of BILLIONS VIRTUAL DIRECTORY META DIRECTORY LDAP DIRECTORY IDENTITY FEDERATION EXTERNAL AUTHORIZATION ENTERPRISE& WEBSINGLE SIGN-ON MOBILE &SOCIAL SIGN-ON FRAUD DETECTION EMPLOYEES CONTRACTORS & PARTNERS CUSTOMERS & PROSPECTS OPERATING SYSTEMS DIRECTORY SERVICES A P P S APPLICATIONS COMMON REPOSITORY DATABASES SINGLE USER VIEW ACCESS REQUEST ENTITLEMENT CATALOG PRIVILEGED ACCOUNT MANAGEMENT ACCESS CERTIFICATION PRIVILIGED ACCOUNTS USER PROVISIONING CERTIFICATION REVIEW ACCESS REQUEST INTEGRATED PLATFORM
  4. 4. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Oracle Fusion Middleware’s Security Pillar CloudOn-Premise Authentication Intelligent, Risk-based Strong Authentication Common Policy Model – Shared Infrastructure Services Web Mobile Social Internet of Things 4 Authorization Real-Time, Context-Aware Externalized Policies Federation Standards-Based Leverages Social Identities Mobile and API RESTful Interfaces API Security Managed Cloud Scalability, High Availability, Disaster Recovery System Management
  5. 5. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Access Management • Complete • Context-aware and risk-aware • Scalable, highly available • Standards-based and modular 5 Services and Capabilities Authentication, SSO Adaptive Access and Fraud Prevention Identity Federation Secure Token Service Mobile Security and Social Identity Access Portal Enterprise SSO External, Fine-Grained Authorization Web Services Security API Security
  6. 6. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Access Management – Web SSO • Web authentication – User name and password – Windows native authentication (WNA) – Strong authentication (CAC / PIV) – Multi-Factor • Web Single Sign-On (SSO) • Fine-grained authorization 6Oracle Confidential – Internal
  7. 7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Integrated Risk, Fraud, and Strong Authentication • Context-aware, risk-aware and content- aware • Leverage real-time context for authentication and authorization • Native mobile OTP for step-up authentication • Real-time risk analysis and fraud prevention • Data redaction through dynamic authorization based on risk • Cross-platform consistent policies; adaptive to context, content and risk 7 LOW HIGH MED RESPONSE ALLOW DENY RISK
  8. 8. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance Unified Approach to Complete Identity Governance Self Service Access Request, Password Management Platform & Integration Layer 8 Compliance Access Certification, SOD, Continuous Compliance Identity Intelligence Operational Reporting, Access Dashboards Privileged Access Privileged Access, Privileged Audit, Session Recording Common Data Model Role & Policy Library Workflows and Service Desk Integration Access Catalog Identity Connector Framework – Provisioning/De-Provisioning CloudOn-Premise Managed Cloud Cloud MobileEnterprise
  9. 9. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Business-Friendly Request Catalog • Business-friendly Access Catalog • Self-Service Application On-boarding And Administration • Search, Browse And Contextual Recommendations • In-line Policy Checks To Prevent SOD Violations • Flexible Forms For Advanced Data Capture • End-to-end Visibility Into The Approval and Fulfillment Process Enabling end-users to get the access they need Search, Browse, Recommend Policy-compliant Access Request Business-Friendly Access Catalog
  10. 10. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Access Catalog provides ability to browse and search • Smart search forms allow users to navigate the Catalog in a guided manner • Catalog search results indicate relevance • Access Catalog can recommend access based on pre-defined and user-defined criteria • Support for Start/End Dates for Access Grants • Preventative SoD Analysis Intelligent Access Catalog
  11. 11. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Business users can request creation of new roles and changes to existing ones • Role requests can leverage the same request and approval framework available for Access Requests and Certification • Role owners can see comprehensive auditing and prior versions Comprehensive Role Lifecycle Management
  12. 12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Comprehensive role analytics allows business users to see the impact of new roles and changes to existing ones • Role owners can reduce role explosion by review the effectiveness of the roles and consolidate new roles with existing ones • Business users can create roles using “model users” Comprehensive Role Lifecycle Management
  13. 13. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance SOD Detection and Closed Loop Remediation • SOD Rule and Policy Definition • Define rules across users, applications, roles and entitlements • Detective SOD Analysis • Detective Policy Enforcement – Closed Loop Remediation • Access History to audit all violations and decisions • Review High Risk policy violations in Certifications • Preventative SOD Analysis • Enforce SOD policies during access requests • Review policy violations during approvals and launch exception workflows
  14. 14. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Administrators can define custom security roles to control who can do what at an attribute level • Users can be assigned security roles via rules reducing administration burden • User actions and the context that they used to perform the action are audited Simplified yet granular security
  15. 15. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Privileged Account Manager • Check-Out / Check-In Self Service Console • Custom built approvals (e.g. phone) • Custom built ticketing system integration • Custom built notifications • Access Request Interface – Privilege Accounts added to OIG resource catalog • Keystroke logging • Session recording 15 Accountability
  16. 16. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Extended managed targets • UNIX SSH Targets • LDAP • Database • Windows • SSH based targets • SAP • UNIX / Linux server • Oracle Database • Microsoft SQL Server • Sybase • IBM DB2 • Microsoft Active DirectorySession Management control policies • Session Recording OPAM 16 More managed targets, greater control and more visibility
  17. 17. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | OUD VirtualizationStorage Synchronization Cloud Apps Databases Enterprise Apps Servers Mobile Apps HR DBDSEE Active Directory OUD – The All in One Directory 17 • Storage, virtualization and Sync • High performance • Extreme scalability • REST support
  18. 18. 3 - 18Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Enterprise Manager Fusion Middleware Control

×