Download as PDF, PPTX
Uploaded byDLT Solutions
Oracle Identity & Access Management
The document discusses Oracle Identity and Access Management solutions. It provides an overview of Oracle's offerings for authentication, authorization, federation, mobile security, access management, identity governance, privileged access management, and directory services. Key capabilities mentioned include single sign-on, adaptive access and fraud prevention, identity federation, role-based access control, and support for cloud, mobile, and on-premise deployments at large scale.
More Related Content
![[❤PDF❤] Oracle 19c Database Administration Oracle Simplified](https://cdn.slidesharecdn.com/ss_thumbnails/0137142838-210409040449-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Oracle Identity & Access Management
![Lect 1 Number systems and base conversions. [Autosaved].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/lect1numbersystemsandbaseconversions-260111134109-67c2d865-thumbnail.jpg?width=640&height=640&fit=bounds)
Oracle Identity & Access Management
- 1. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity & Access Management USTRANSCOM September 28, 2016
- 2. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Oracle Confidential – Internal/Restricted/Highly Restricted 2
- 3. Copyright © 2016Oracle and/or its affiliates. All rights reserved. | GOVERNANCE MANAGEMENT SERVICES USER AUTHENTICATION LOCATION DATA EXTREME SCALE LOW TCO INTEGRATED INTEROPERABLE DEVICE AUTHN NAMING SERVICES HOST ACCESS CONTROL AP P THOUSANDS MILLIONS BILLIONS 10s of BILLIONS VIRTUAL DIRECTORY META DIRECTORY LDAP DIRECTORY IDENTITY FEDERATION EXTERNAL AUTHORIZATION ENTERPRISE& WEBSINGLE SIGN-ON MOBILE &SOCIAL SIGN-ON FRAUD DETECTION EMPLOYEES CONTRACTORS & PARTNERS CUSTOMERS & PROSPECTS OPERATING SYSTEMS DIRECTORY SERVICES A P P S APPLICATIONS COMMON REPOSITORY DATABASES SINGLE USER VIEW ACCESS REQUEST ENTITLEMENT CATALOG PRIVILEGED ACCOUNT MANAGEMENT ACCESS CERTIFICATION PRIVILIGED ACCOUNTS USER PROVISIONING CERTIFICATION REVIEW ACCESS REQUEST INTEGRATED PLATFORM
- 4. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Oracle Fusion Middleware’s Security Pillar CloudOn-Premise Authentication Intelligent, Risk-based Strong Authentication Common Policy Model – Shared Infrastructure Services Web Mobile Social Internet of Things 4 Authorization Real-Time, Context-Aware Externalized Policies Federation Standards-Based Leverages Social Identities Mobile and API RESTful Interfaces API Security Managed Cloud Scalability, High Availability, Disaster Recovery System Management
- 5. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Access Management • Complete • Context-aware and risk-aware • Scalable, highly available • Standards-based and modular 5 Services and Capabilities Authentication, SSO Adaptive Access and Fraud Prevention Identity Federation Secure Token Service Mobile Security and Social Identity Access Portal Enterprise SSO External, Fine-Grained Authorization Web Services Security API Security
- 6. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Access Management – Web SSO • Web authentication – User name and password – Windows native authentication (WNA) – Strong authentication (CAC / PIV) – Multi-Factor • Web Single Sign-On (SSO) • Fine-grained authorization 6Oracle Confidential – Internal
- 7. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Integrated Risk, Fraud, and Strong Authentication • Context-aware, risk-aware and content- aware • Leverage real-time context for authentication and authorization • Native mobile OTP for step-up authentication • Real-time risk analysis and fraud prevention • Data redaction through dynamic authorization based on risk • Cross-platform consistent policies; adaptive to context, content and risk 7 LOW HIGH MED RESPONSE ALLOW DENY RISK
- 8. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance Unified Approach to Complete Identity Governance Self Service Access Request, Password Management Platform & Integration Layer 8 Compliance Access Certification, SOD, Continuous Compliance Identity Intelligence Operational Reporting, Access Dashboards Privileged Access Privileged Access, Privileged Audit, Session Recording Common Data Model Role & Policy Library Workflows and Service Desk Integration Access Catalog Identity Connector Framework – Provisioning/De-Provisioning CloudOn-Premise Managed Cloud Cloud MobileEnterprise
- 9. Copyright © 2015,Oracle and/or its affiliates. All rights reserved. | Business-Friendly Request Catalog • Business-friendly Access Catalog • Self-Service Application On-boarding And Administration • Search, Browse And Contextual Recommendations • In-line Policy Checks To Prevent SOD Violations • Flexible Forms For Advanced Data Capture • End-to-end Visibility Into The Approval and Fulfillment Process Enabling end-users to get the access they need Search, Browse, Recommend Policy-compliant Access Request Business-Friendly Access Catalog
- 10. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Access Catalog provides ability to browse and search • Smart search forms allow users to navigate the Catalog in a guided manner • Catalog search results indicate relevance • Access Catalog can recommend access based on pre-defined and user-defined criteria • Support for Start/End Dates for Access Grants • Preventative SoD Analysis Intelligent Access Catalog
- 11. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Business users can request creation of new roles and changes to existing ones • Role requests can leverage the same request and approval framework available for Access Requests and Certification • Role owners can see comprehensive auditing and prior versions Comprehensive Role Lifecycle Management
- 12. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Comprehensive role analytics allows business users to see the impact of new roles and changes to existing ones • Role owners can reduce role explosion by review the effectiveness of the roles and consolidate new roles with existing ones • Business users can create roles using “model users” Comprehensive Role Lifecycle Management
- 13. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance SOD Detection and Closed Loop Remediation • SOD Rule and Policy Definition • Define rules across users, applications, roles and entitlements • Detective SOD Analysis • Detective Policy Enforcement – Closed Loop Remediation • Access History to audit all violations and decisions • Review High Risk policy violations in Certifications • Preventative SOD Analysis • Enforce SOD policies during access requests • Review policy violations during approvals and launch exception workflows
- 14. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Identity Governance • Administrators can define custom security roles to control who can do what at an attribute level • Users can be assigned security roles via rules reducing administration burden • User actions and the context that they used to perform the action are audited Simplified yet granular security
- 15. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | Oracle Privileged Account Manager • Check-Out / Check-In Self Service Console • Custom built approvals (e.g. phone) • Custom built ticketing system integration • Custom built notifications • Access Request Interface – Privilege Accounts added to OIG resource catalog • Keystroke logging • Session recording 15 Accountability
- 16. Copyright © 2014Oracle and/or its affiliates. All rights reserved. | • Extended managed targets • UNIX SSH Targets • LDAP • Database • Windows • SSH based targets • SAP • UNIX / Linux server • Oracle Database • Microsoft SQL Server • Sybase • IBM DB2 • Microsoft Active DirectorySession Management control policies • Session Recording OPAM 16 More managed targets, greater control and more visibility
- 17. Copyright © 2015Oracle and/or its affiliates. All rights reserved. | OUD VirtualizationStorage Synchronization Cloud Apps Databases Enterprise Apps Servers Mobile Apps HR DBDSEE Active Directory OUD – The All in One Directory 17 • Storage, virtualization and Sync • High performance • Extreme scalability • REST support
- 18. 3 - 18Copyright© 2015, Oracle and/or its affiliates. All rights reserved. Oracle Enterprise Manager Fusion Middleware Control