The document discusses Oracle Identity Manager, including its architecture and capabilities. It describes Oracle Identity Manager as an application that handles tasks related to managing user access privileges, such as creating, modifying, and removing access privileges. It then outlines Oracle Identity Manager's architecture, which includes presentation, server, and data/enterprise integration tiers. The presentation tier includes administrative and design consoles. The server tier provides services to logical components. And the data/enterprise integration tier includes data access and backend database layers.

1. Phase 1.0 POC Mar 2010 Mohamed Atef MW Administrator

2. AGENDA Why Oracle Identity Management Etisalat Architecture for Identity Managment. What is Oracle Identity Manager Oracle Identity Manager Architecture Identity Manager reconciliation and provisioning Identity Manager Connector Identity Manager certifies POC

3. WHY ORACLE IDENTITY MANAGEMENT Oracle Identity Management allows enterprises to manage end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more. Oracle Identity Management is a member of the Oracle Fusion Middleware family of products, which brings greater agility, better decision-making, and reduced cost and risk to diverse IT environments today.

4. Oracle Identity Management Solutions Single Sign-On and Web Access Control: Oracle Access Manager (Protecting resources at a point of access and delegating authentication and authorization decisions to a central authority, help secure web, J2EE and enterprise applications). Oracle Enterprise Single Sign-On Suite Plus (Enterprise users can enjoy the benefits of single sign-on to all of their applications, whether they are connected to the corporate network, traveling away from the office, roaming between computers or working at a shared workstation). Directory Services: Oracle Internet Directory (Is an LDAP v3 compliant directory with meta-directory capabilities. It is built on the industry leading Oracle database and is fully integrated into Oracle Fusion Middleware and Oracle Applications). Oracle Virtual Directory (Creating a secure application environment requires integration of existing user identity information. For some companies, that information is contained in databases. Others use LDAP directories or Windows Domains. For most, this information is scattered across multiple locations and multiple services, provides Internet and industry-standard LDAP and XML views of existing enterprise identity information, without synchronizing or moving data from its native locations). Oracle Directory Server Enterprise Edition (Formerly “SUN Directory Server Enterprise Edition” is the best known directory server with proven large deployments in carrier and enterprise environments. It is also the most supported directory by ISVs, so it is ideal for heterogeneous environments. ODSEE provides a core directory service with embedded database, directory proxy, Active Directory (AD) synchronization and a Web administration console). Oracle Authentication Services for Operating Systems (Oracle Authentication Services for Operating Systems provides centralized authentication and account management for Unix and Linux platforms. This page contains information to get you started with Oracle Authentication Services for Operating Systems.).

5. Oracle Identity Management Solutions Content Access Control: Oracle Information Rights Management (Formerly “SealedMedia” is a new form of information security technology that secures and tracks sensitive digital information everywhere it is stored and used, such as encrypting ("sealing") and classifying documents, emails and web pages, and the requirement to install Oracle IRM Desktop agent software on every end user device on which sealed information is created or used). Strong Authentication: Extended Identity Management Ecosystem (Organizations commonly have multiple security systems in place—one technology to secure physical access, another to secure legacy applications, and yet another to secure network access. To cope with these "silo'd" solutions, Oracle has partnered with best-of-breed ISVs to offer a central and effective means to enforce security policy across all enterprise resources. As part of the Oracle Identity Management Ecosystem, partner solutions seamlessly integrate into Oracle Identity Management solutions extend a common security and identity management framework across all enterprise applications). Oracle Adaptive Access Manager (Oracle Adaptive Access Manager consists of two primary components that together create one of the most powerful and flexible weapons in the war against fraud. Adaptive Strong Authenticator provides multifactor authentication and protection mechanisms for sensitive information such as passwords, PINs, security questions, account numbers and other credentials). Identity Administration: Oracle Identity Manager (Formerly known as “Oracle Xellerate Identity Provisioning”, is a powerful and flexible enterprise identity management system that automatically manages users' access privileges within enterprise IT resources). Oracle Role Manager (Previously known as “Bridgestream SmartRoles”, is an enterprise-class application for managing business and organizational role lifecycle management).

6. Oracle Identity Management Solutions Federated Identity: Oracle Identity Federation (Significantly reduces the need to create unnecessary identity in an enterprise directory and lowers the ongoing costs of partner integrations through support of industry federation standards, protects existing IT investments by integrating with a wide variety of data stores, user directories, authentication providers and applications) Fine Grained Entitlements: Oracle Entitlements Server (Secures access to application resources and software components (such as URLs, EJBs, and JSPs) as well as arbitrary business objects (such as customer accounts or patient records). Oracle Entitlements Server policies specify which users, groups, and/or roles can access application resources, allowing those roles to be dynamically resolved at runtime). Oracle – Sun: Oracle Waveset (Providesoperational and business efficiency by providing complete automation of user accounts and entitlements provisioning into a variety of enterprise business applications. Oracle Waveset integrates automated identity lifecycle management with identity auditing capabilities, and makes it possible to manage these processes at the business role level). Oracle OpenSSO (Is a complete solution that provides Web access management, federated single sign-on and Web services security in a single, self-contained application).

7. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

8. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

9. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

10. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

11. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

12. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

13. ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1 Oracle HRMS Administrator Oracle Identity Manager Oracle HRMS Active Directory Users Temp & Vendors Accounts Self Registration

14. WHAT IS ORACLE IDENTITY MANAGER Oracle Identity Manager is an application that handles and selectively automates tasks that manage a user’s access privileges. Such tasks include: Creating access privileges to resources for users. Modifying these privileges dynamically based on changes to user and business requirements. Removing these access privileges from users.

15. ORACLE IDENTITY MANAGER ARCHITECTURE The architecture for Oracle Identity Manager : Is based on a Java 2 Enterprise Edition (J2EE) environment. Separates the platform’s Presentation, Server, and Data & Enterprise Integration tiers. Enables the creation of n levels of layers.

16. ORACLE IDENTITY MANAGER ARCHITECTURE The Oracle Identity Manager architecture has three tiers: Presentation tier Server tier Data & Enterprise Integration tier

17. TIER1: PRESENTATION TIER The Presentation tier of Oracle Identity Manager has two layers: Presentation layer Two consoles for Oracle Identity Manager: Administrative Console and Design Console Dynamic Presentation Logic layer Logic for generating dynamic pages for the Administrative Console by using JSPs, Java Servlets, XML, and JavaBeans

18. TIER2: SERVER TIER The Server tier of Oracle Identity Manager is the interface between the Presentation and Data & Enterprise Integration tiers. The application server for Oracle Identity Manager : Resides in the Server tier. Provides the life-cycle management, security, deployment, and run-time services to the logical components that support Oracle Identity Manager.

19. TIER2: SERVER TIER The Server tier of Oracle Identity Manager supports: Clustering Load balancing Security management Scheduling

20. TIER3: DATA & ENTERPRISE INTEGRATION TIER The Data & Enterprise Integration tier of Oracle Identity Manager has two layers: Data Access layer Layer that has components, which Oracle Identity Manager needs to communicate with its database. Back-end Database layer Layer where the database resides.

21. TIER3: DATA & ENTERPRISE INTEGRATION TIER The Back-end Database layer leverages the following capabilities: Clustering Standby database Replication

22. RECONCILIATION & PROVISIONING: OVERVIEW Reconciliation is the process by which Oracle Identity Manager receives information from an external resource. Provisioning is the process by which Oracle Identity Manager sends information to a target resource. By using reconciliation and provisioning, Oracle Identity Manager can perform the following actions: Create a user record in a resource Modify the privileges that the user has with the resource Remove the user record from the resource

23. RECONCILIATION: TYPES There are two types of reconciliation that Oracle Identity Manager performs: Trusted source reconciliation. Targeted resource reconciliation.

24. RECONCILIATION: EVENTS Oracle Identity Manager can perform three types of reconciliation events with an external resource: Reconciliation Insert. Reconciliation Update. Reconciliation Delete.

25. PROVISIONING: TYPES There are two types of provisioning that Oracle Identity Manager performs: Day-one provisioning Initial creation of access privileges to resources for users. Removal of these privileges from users. Day-two provisioning Dynamic modification of user privileges with resources, based on changes to user and business requirements.

26. TRUSTED SOURCE RECONCILIATION: CONCEPTUAL DIAGRAM Via provisioning and reconciliation, Oracle Identity Manager can build an accurate picture of the user identities that it manages in both a trusted source and a target resource. 1 Reconciliation flow Provisioning flow Target resource (for example, an Oracle HRMS) Administrator End user Trusted source (for example, Active Directory)

27. TARGET RESOURCE RECONCILIATION: CONCEPTUAL DIAGRAM Via provisioning and reconciliation, Oracle Identity Manager can build an accurate picture of the user identities it manages in both a trusted source and a target resource. Reconciliation flow Provisioning flow 2 End user Administrator Trusted source (for example, a Active Directory) Target resource (for example, an Oracle HRMS)

28. ORACLE IDENTITY MANAGER CONNECTOR: OVERVIEW An Oracle Identity Manager connector is a container that holds all of the information that Oracle Identity Manager needs to: Reconcile with an external resource. Provision a user with a target resource.

29. ORACLE IDENTITY MANAGER CONNECTOR: COMPONENTS A connector must have the following seven components: IT resource type. IT resource. Process form. Process task adapter. Resource object. Provisioning process. Process task.

30. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP1 Create an IT resource type. This record represents the classification type, parameter fields, and encryption settings that are associated with a resource. IT resource type 1

31. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP1 This screenshot illustrates an IT resource type for an Oracle HRMS. There is a one-to-one relationship between the IT resource type and the connector. That is, each connector should have only one IT resource type.

32. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP2 Define an IT resource. This record contains the values that Oracle Identity Manager needs to communicate with a resource and access it as a system administrator (for provisioning or reconciliation purposes). IT resource IT resource type 2

33. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP2 This screenshot illustrates an IT resource for an Oracle HRMS. There is a one-to-one relationship between the IT resource and the system, service, or application that it represents. If you have four resources, you would thus have four IT resources.

34. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP3 Create a custom process form. This record is a central housing mechanism that holds everything that Oracle Identity Manager needs to either provision a user to a target resource or reconcile a user with an external resource. IT resource type Custom process form 3 IT resource

35. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP3 This screenshot illustrates a custom process form for an Oracle HRMS.

36. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP4 Build a process task adapter. This piece of Java code is used by Oracle Identity Manager to automate the completion of a provisioning process task. IT resource IT resource type Custom process form Process task adapter 4

37. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP4 A process task adapter automates the creation of a user’s account in an Oracle HRMS. There is a one-to-one relationship between the adapter and a process task: each task can be associated with only one adapter.

38. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP5 Define a resource object. This record is a virtual representation of a resource and contains everything needed to either provision a user to that resource or reconcile a user with it. IT resource IT resource type Resource object Custom process form Process task adapter 5

39. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP5 Example of a resource object for an Oracle HRMS

40. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP6 Create a provisioning process. This record contains the steps that Oracle Identity Manager must complete to perform provisioning or reconciliation with a particular resource. IT resource IT resource type Resource object Provisioning process Custom process form Process task adapter 6

41. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP6 There is a 1-to-1 relationship between a provisioning process and the workflow that it represents. If you have two resource-related workflows, you should have two processes.

42. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP7 Create a process task. IT resource IT resource type Resource object Provisioning process Custom process form Process task adapter Process task 7

43. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP7 Example of a process task that Oracle Identity Manager uses to create a user’s account in an Oracle HRMS

44. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP8 Attach the process task adapter to the process task. IT resource IT resource type Resource object Provisioning process Custom process form Process task adapter Process task 8

45. CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP8 Example of a process task adapter being connected to a process task to create a user’s account in an Oracle HRMS

46. ORACLE IDENTITY MANAGER CONNECTORS LIST Collaboration and Messaging Applications: IBM Lotus Notes/Domino Microsoft Exchange Novell GroupWise Database: IBM DB2/UDB Database Microsoft SQL Server Database Oracle Database Sybase ASE Database Directory Services: Microsoft Active Directory Microsoft Active Directory Password Synchronization Novell e-Directory Oracle Internet Directory Sun Java System Directory

47. ORACLE IDENTITY MANAGER CONNECTORS LIST Enterprise Business Applications: JD Edwards Enterprise One Oracle e-Business User Management Oracle e-Business Employee Reconciliation Oracle Retail Warehouse Management System PeopleSoft Employee Reconciliation PeopleSoft User Management SAP User Management SAP Employee Reconciliation SAP CUA SAP Enterprise Portal Siebel User Management Help Desk: BMC Remedy User Management BMC Remedy Ticket Management

48. ORACLE IDENTITY MANAGER CONNECTORS LIST Security Applications: CA ACF2 Advanced CA Top Secret Advanced IBM RACF Standard IBM RACF Advanced RSA Authentication Manager Web Access Control: RSA ClearTrust

49. ORACLE IDENTITY MANAGER CERTIFIED OPERATING SYSTEMS Oracle Identity Manager release 9.1.0.2 is certified for the following operating systems: ■ AIX 5L Version 5.3 (pSeries 64-bit) ■ Microsoft Windows Server 2003 R2 (Intel x86 32-bit and EM64T/AMD 64-bit) ■ Microsoft Windows Server 2003 R2 (Itanium 64-bit) ■ Microsoft Windows Vista Ultimate ■ Oracle Enterprise Linux 4 and 5 (Intel x86 32-bit and EM64T/AMD 64-bit) ■ Oracle Virtualization Machine - OEL4 ■ Red Hat Enterprise Linux AS Release 4 and 5 (Intel x86 32-bit and EM64T/AMD 64-bit) ■ Red Hat Enterprise Linux AS Release 4 (Itanium 64-bit) ■ Solaris Operating System 10 (UltraSparc 64-bit) ■ HP-UX 11.23 (PA-RISC/Itanium 64-bit) ■ SUSE Linux Enterprise 10 (Intel x86 32-bit and EM64T/AMD 64-bit) ■ SUSE Linux Enterprise Server 10 (Itanium 64-bit)

50. ORACLE IDENTITY MANAGER CERTIFIED APPLICATION SERVERS Oracle Identity Manager release 9.1.0.1 is certified for the following application servers: ■ Oracle WebLogic Server 10.3 ■ IBM WebSphere Application Server 6.1.0.19 and later fix packs (that is, 6.1.0.19 and later) ■ JBoss Application Server 4.2.3 GA ■ Oracle Application Server 10.1.3.3 and later (Upgrade patch 10.1.3.3 applied on top of the base package bundled in Oracle SOA Suite 10g Release 10.1.3.1)

51. ORACLE IDENTITY MANAGER CERTIFIED DATABASES Oracle Identity Manager release 9.1.0 is certified for the following databases: ■ Oracle Database Deployment - Oracle9 i Database Enterprise Edition release 9.2.0.8 - Oracle Database 10g Enterprise Edition release 10.1.0.5 and later patch sets (that is, 10.1.0.6 and later) - Oracle Database 10 g Standard Edition and Enterprise Edition release 10.2.0.1and later - Oracle Database 11 g Standard Edition and Enterprise Edition release 11.1.0.6 and later patch sets ■ Oracle RAC Deployment - Oracle Database 10 g Enterprise Edition release 10.2.0.3 and later patch sets - Oracle Database 11 g Enterprise Edition release 11.1.0.6 and later patch sets

53. POC: SCOPE Oracle Identity Manager work in two flows automatically Reconciliation employees from Oracle HRMS Provisioning records to Active Directory. Reconciliation flow Provisioning flow Active Director Oracle HRMS

54. POC: DEMO Add new employee record in Oracle HRMS. .

55. POC: DEMO Add generic responsibility to employee staff . .

56. POC: DEMO Employees data recorded from Oracle HRMS to Oracle Identity Manager.

57. POC: DEMO Synchronized employee data with Oracle Identity Manager user fields.

58. POC: DEMO Provisioned employee record to Active Directory through Oracle Identity Manager .

59. POC: DEMO Employee data at Active Directory.