The document discusses the challenges and requirements of universal access management in the context of the new digital economy, emphasizing the need for robust, scalable solutions to manage user access across multiple platforms. It highlights Oracle’s access management solutions, including their features and benefits, such as context-aware security and centralized policy management. Real-world case studies illustrate successful implementations of Oracle’s solutions in various industries.

1. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.1
Securing The Extended
Enterprise: Universal Access
Management
Satish Kumar
Delivery Centric
Email: satish.kumar@deliverycentric.com

2. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.2
This document is for informational purposes. It is not a commitment to
deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. The development, release, and timing of any
features or functionality described in this document remains at the sole
discretion of Oracle. This document in any form, software or printed matter,
contains proprietary information that is the exclusive property of
Oracle. This document and information contained herein may not be
disclosed, copied, reproduced or distributed to anyone outside Oracle
without prior written consent of Oracle. This document is not part of your
license agreement nor can it be incorporated into any contractual agreement
with Oracle or its subsidiaries or affiliates.

3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.3
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap

4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.4
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap

5. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.5
The New Digital Economy Is Shaping the World
Organizational interactions with users are primarily via
web/mobile
Authentication considered an obstacle and security an
absolute expectation
Mobile use rapidly eclipsing PC use as dominant form factor
for access
Consumerization of IT creating parallel expectations for
consumers and employees
Rapidly emerging cloud, mobile and cloud opportunities
attractive to private and public sector organizations

6. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.6
Challenges of the New Digital Economy
Application Proliferation Straining IT Organizations And
Causing Fragmented Identities Across Systems
Inconsistent User Experiences Across Apps And
Channels
User And Application Data Subject To Persistent And
Clever Breach Attacks
Accommodating The Ever Increasing Internet Scale Is
Challenging Antiquated Systems
Managing User Access

7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.7
Requirements for the New Digital Economy
Unified Access Management
Optimized User Access From Any Device
Context Aware Security Across All Channels
Scalable Access & Authorizations Model
Integrated Strong Authentication
Centralized Policy And User Management






8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted8
Toyota
Securing Vehicle Telematics And Connecting Owners To Their Cars
 Needed a robust scalable Access Management solution to
secure vehicle integration with mobile technologies for safety,
diagnostics and advanced infotainment services
 Deployed 11gR2 versions of OAM, OMSS, OAG and OUD to
replace CA Siteminder
 Chose Oracle based on its robust, scalable infrastructure,
converged simplified platform and market leading capabilities
such as Mobile and Social
• Supports daily volume of 200,000+ transactions with a service
response time of < 1 sec and 99.9% Service Availability
CUSTOMER PRESENTATION

9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted9
Turkcell
Secure Multi-channel Access for Wireless Users of Applications
• Needed to determine the numbers of customers authenticating to the
applications on the network and from what type of devices
• Needed to deliver strong security to applications such as online banking
and online shopping to protect customer data
• Installed Oracle Access Management Suite Plus 11gR2 to Unify Access
Experience
• Migrated all applications that needed authentication to utilize OAM
including 9 custom applications which provided real time customer
experience data
• Deployment cost for new applications has been reduced by 75%
SUCCESS STORY VIDEO

10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.10
Access Management 11gR2 Adoption
0
100
200
300
400
500
600
700
800
900
1000
3/31/2013 7/9/2013 10/17/2013 1/25/2014
OAM 11g R2 Active
Customers

11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.11
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap

12. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.12
Oracle Access Management
Unified Approach to Complete Authentication, Authorization and Audit
Enterprise AppsCloud Apps Mobile Apps
Authentication Authorization Mobile and API Federation
Common Policy Model Scalable High Availability
and DR
Authentication Plugin
Framework
Intelligent Risk Based
Authentication
Integrated Strong
Authentication
Real Time
External Security
Policies
RESTful Interfaces
API Management Standards Based
Platform
Social
Standards Bases
Approach
Desktop Apps Oracle Apps

13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.13
Unified Access Management
Key Solution Requirements
Seamless, Multi-Channel
Access
Secure, Universal Access
Scalable for today’s
Internet Needs
Standards Based Modular
Architecture
Integrated Risk, Fraud
& Strong Authentication
Increase Agility with
External Security Policies
Simple, Centralized System
Management

14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.14
Seamless Multi-Channel Access
 Optimize User Experience Delivers
Consistent Access Across All Channels
 Extend Common Policies To Cloud,
Mobile And Enterprise Apps
 Reduce Risk With Intelligent, Context-
Aware Policies
 Streamline Operations Via Converged
Access Management Services For All
Channels And Platforms
Common User Experience And Access Controls Across Platforms

15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.15
Secure Universal Access
 Provide Seamless User Access To Any
Application From A Cloud Access Portal
 Prevent Unauthorized Access With Strong
Authentication And Fine-grained Authorization
 Optimize The Mobile User Experience With
Single Sign On For Web And Native Apps
 Enable Secure Access To Legacy Applications
Via API Gateway
 Extend Identities To Cloud Services Via SAML,
OAuth, XACML or REST Standards
Access Any App from Any Device, Anywhere

16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.16
Scalability for today’s internet needs
Support future business growth
 Performance Tested Highly Scalable
Architecture
 Multi Data Center Support
– Active Active
– Active Passive
– Active Hot Stand By
 Automated Policy replication across
Data Centers
Authentication
250M Users
3K TPS – 1 server
5K TPS – 2 servers
Authorization

17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.17
Integrated Risk, Fraud & Strong Authentication
 Leverage contextual information to
challenge for proper authentication
type
 Native Mobile OTP for step up
authentication
 Real-time risk analysis and fraud
prevention
 Data Redaction through dynamic
authorization based on risk
 One platform consistent policy and
adaptive to context, content and risk
Context-aware, Content-aware and Risk-aware
LOW
HIGH
ME
D
RESPONSE
ALLOW DENY
RISK

18. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.18
Standards-Based, Modular Architecture
Your Requirements, Your Path, Your Schedule
 Modular Architecture Designed To Fit Your
Evolving Access Requirements
 Standards-Based To Integrate Fully With Other
Legacy Solutions
 Paths to Value for Access Management
– Extend Single Sign On to Mobile Apps
– Deliver Strong Authentication
– Mobile Enable Legacy Enterprise Apps
– Externalize Application Security Models
– Offer Federation for Cloud Apps

19. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.19
Increase Agility with External Security Policies
 Accelerate Application Time To Market By
Externalizing Authorization Logic
 Ensure Consistent Policies Across
Enterprise, Cloud and Mobile Apps
 Provide Scalable Fine Grained
Authorization to Content Management
Portals, like SharePoint and Webcenter
 Require No Application Modification
Consistent Authorization Management
HTTP / REST / SOAP
/
Oauth Clients
OES Policy Engine
Back End Systems
API
Gateway

20. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.20
Oracle Application Integration
 Pre-integrated, certified access
management for Oracle Aps
 Reduces integration complexity
and reduce maintenance costs
 Quickly deliver valuable business
applications to the market with
complete integrated security
Out of the box Integrations with Oracle Applications

21. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.21
Simplified Management
 Reduced TCO via Unified Solution
– Unified User & Admin Interface
– Share Server
– Single Data Repository
 Shorten Deployment cycle through an
automated installer and accelerate time to value
 Automated patching reduces on-going
maintenance cost
 Enterprise Manager monitors system health
increasing Up Time to guarantee SLAs

22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.22
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap

23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.23
Access Management Roadmap
 Enable Mobile and Cloud
– Convergence of Bitzer Mobile into Access
– IDaaS Cloud SSO
– OAM as a service
– Office365 certification
 Simplify Management
– Complete native password management capabilities
– More native OTP capabilities
– Advanced end-to-end platform diagnostics
 Enable Mobile and Cloud
– OpenID Connect support
– IDaaS strong authentication as a service
– API Management
– Mobile eSSO
 Intelligent Access
– Native risk analysis
– Enhanced adaptive authentication
 Simplify Management
– Convergence of OAAM
– Convergence of OES
– Automatic discovery / registration of Oracle Products
– Server side patch management
2H CY 2014 CY 2015

24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.24
Enable Mobile and Cloud
 Mobile Convergence
– Unified container and mobile SDK
– Extend OAM capabilities to containerized mobile apps including native app and browser SSO,
authorization, risk based step up authentication and OAuth support
– Unified Administration for Mobile Security
 Cloud services
– Access Portal in the cloud for users to SSO to all their cloud and on-prem apps
– Enable OAM as a service through REST based cloud agent
– Multi-tenancy
 API Security
– OOB enabling federation and Oauth with Salesforce, Google, Amazon AWS, SQS
– Additional protocol support of WebSockets for real-time chat, gaming, etc
– More messaging control capabilities with embedded Apache ActiveMQ
 Office365 certification
Access Management 11gR2 PS3

25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.25
Simplify Management
 More strong authentication options for Adaptive Authentication
 Native OAM change password and forget password services
 Simplified webgate management with profile bulk update
 Improved diagnostics for troubleshooting
– Capture & Publish additional metrics
– Improve WebGate level logging
– OES Runtime Monitoring & Statistics
Access Management 11gR2 PS3 (11.1.2.3.0)

26. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.26

27. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.27