SlideShare a Scribd company logo

Presentation- on OIM

Download as PPTX, PDF
Tamim Khan
Tamim Khan

1) The document discusses Oracle Identity Governance and Access Management projects for several clients, including integrating numerous applications with OIM and implementing ESSO. 2) It provides an overview of integrating applications with OIM using connectors and protecting web applications using OAM with WebGates deployed. 3) Finally, it outlines different deployment approaches for OAM including agent-based, agent-less, using a terminal server as a gateway, and a hybrid approach combining methods.

1 of 15
Implementation of Oracle Identity Governance & Access Management Powered by 1
Our Major Projects on Oracle Identity Governance and Access Management Client: Robi (An Axiata Telecom Company) Project Scope: Supply of hardware and software; integration of 11 applications with OIM; implementation of ESSO on 20 applications Client: Banglalink Project Scope: Integration of 16 applications with OIM; Implementation of ESSO on 24 applications Client: Acleda Bank Plc, Cambodia Project Scope: Implementation of ESSO on 15 applications Client: Grameenphone Ltd Project Scope: Supply of hardware and software; integration of 134 applications with OIM; integration of 700+ nodes with OPAM 2
Integration with OIM using connectors 3 Application Database Recon Employee Master Data Provisioning Reconciliation Adapter Provisioning Adapter Reconciliation HRMS Data From Authentic Source (Trusted Reconciliation) Oracle Identity Manager Identity Connector Framework (ICF) [DBAT]
Protecting Web Application Server using OAM Web Servers (Apache, IIS, OHS etc) Users OAM Cluster LDAP Server (Active Directory/OID/OUD) OAM WebGate Deployed to Protect Resources Verifies User Credentials Pass Security TokensUser Request Web URL
Single Sign On Request Flow in OAM End Users User Store (LDAP) Web Server With WebGate Oracle Access Manager User Request Web URL Check Protection Evaluates & Returns Policy DecisionRedirect To App if Unprotected Sends Login Page if Protected Send User Credentials Verify User Credentials Create Sessions , Cookies or HTTP Headers Check User access 10 Evaluates and Return Authorization 11 Redirects to Application if Authorized 1 2 34 5 6 7 8 9
Integration with OAM for SSO using webgate External Users Front End Proxy (Deploy Webgate) Application Servers Internal Users Oracle Traffic Director Oracle Access Manager Active Directory Oracle Internet Directory
HOLISTIC VIEW OPAM DEPLOYMENT 77 Remote Users VPN SSH/RDP Internal User RDP Access Over LAN OPAM Windows Agent OPAM Application Server Database Server Metadata logs and Video Capture SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow OPAM Session Manager Terminal Server/Jump Server LDAP Server OPAM Windows Agent
AGENT-BASED DEPLOYMENT (WINDOWS) 8 Database Server OPAM Application Server Metadata logs and Video Capture OPAM Windows Agent OPAM Windows Agent OPAM Windows Agent OPAM Windows Agent ActiveDirectoryFileServerApplicationServerDesktop Remote Users VPN RDP RDP RDP Internal User RDP Access Over LAN Local login Direct Login User Session Data Flow Audit Data Flow
AGENT-LESS DEPLOYMENT (LINUX/UNIX) 9Database Server OPAM Application Server Metadata logs and Session Capture Remote Users VPN SSH Internal User SSH OPAMSession Manager User Session Data Flow Audit Data Flow OPAM Session Manager LDAP Server Authentication
TERMINAL SERVER AS A GATEWAY 10 Remote Users VPN RDP Internal User RDP Access Over LAN Putty Web Browsers (Web Portals) OPAM Windows Agent OPAM Application Server Database Server Metadata logs and Video Capture SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow OPAM Agent Terminal Server/Jump Server
FIREWALL CONFIGURATION FOR GATEWAY APPROACH 11 • Network Firewall do not allow end user to bypass Terminal server. RDP Internal User Access Over LAN Remote Users VPN RDP Terminal Server
HYBRID DEPLOYMENT-PROPOSED SOLUTIONS (AGENT-BASED + AGENT LESS + GATEWAY APPROACH) 1212 Remote Users VPN SSH/RDP Internal User RDP Access Over LAN OPAM Windows Agent OPAM Application Server Database Server Metadata logs and Video Capture SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow OPAM Agent Terminal Server/Jump Server LDAP Server OPAM Windows Agent 2FA 2FA 2FA
ORACLE ACCESS MANAGER - 2FA 1313 Remote Users VPN OPAM Self Service Console Internal User User Login using RDP Access Over LAN OPAM Server Terminal Server/Jump Server LDAP Server OAM Server 2FA1 2 Token for 2FA 4 OPAM Windows Agent 3 2 FA Token
ON DEMAND ACCESS 1414 OIM & SOA PlatformEnd Users Approval Policy Terminal Server/Jump Server LDAP Server Reset Password Authentication SSH RDP SSH/Telnet/Web Browser Request for Access Approval Process
Thank you… 15

Recommended

Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
Atul Goyal
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
DLT Solutions
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
Delivery Centric
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
Atul Goyal
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
guestf6dc99b
 

Recommended

Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
Atul Goyal
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
DLT Solutions
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
Delivery Centric
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
Atul Goyal
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
guestf6dc99b
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
OIM Connector for Webservices
OIM Connector for WebservicesOIM Connector for Webservices
OIM Connector for Webservices
Atul Goyal
 
Oracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxOracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptx
GarvitNTT
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
Salesforce Developers
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
msewtz
 
WebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt PackWebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt Pack
DLT Solutions
 
Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
Troy Kitch
 
Oracle Cloud Infrastructure Overview Deck.pptx
Oracle Cloud Infrastructure Overview Deck.pptxOracle Cloud Infrastructure Overview Deck.pptx
Oracle Cloud Infrastructure Overview Deck.pptx
LabibKhairi
 
Introduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure ServicesIntroduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure Services
Knoldus Inc.
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
Bob Rhubart
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
Gokhan Atil
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
New Relic Infrastructure in the Real World: AWS
New Relic Infrastructure in the Real World: AWSNew Relic Infrastructure in the Real World: AWS
New Relic Infrastructure in the Real World: AWS
New Relic
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
apidays
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
 
Hit Refresh with Oracle GoldenGate Microservices
Hit Refresh with Oracle GoldenGate MicroservicesHit Refresh with Oracle GoldenGate Microservices
Hit Refresh with Oracle GoldenGate Microservices
Bobby Curtis
 

More Related Content

What's hot

Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
OIM Connector for Webservices
OIM Connector for WebservicesOIM Connector for Webservices
OIM Connector for Webservices
Atul Goyal
 
Oracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxOracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptx
GarvitNTT
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
Salesforce Developers
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
msewtz
 
WebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt PackWebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt Pack
DLT Solutions
 
Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
Troy Kitch
 
Oracle Cloud Infrastructure Overview Deck.pptx
Oracle Cloud Infrastructure Overview Deck.pptxOracle Cloud Infrastructure Overview Deck.pptx
Oracle Cloud Infrastructure Overview Deck.pptx
LabibKhairi
 
Introduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure ServicesIntroduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure Services
Knoldus Inc.
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
Bob Rhubart
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
Gokhan Atil
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
New Relic Infrastructure in the Real World: AWS
New Relic Infrastructure in the Real World: AWSNew Relic Infrastructure in the Real World: AWS
New Relic Infrastructure in the Real World: AWS
New Relic
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
apidays
 

What's hot (20)

Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
 
OIM Connector for Webservices
OIM Connector for WebservicesOIM Connector for Webservices
OIM Connector for Webservices
 
Oracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxOracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptx
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
 
WebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt PackWebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt Pack
 
Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
 
Oracle Cloud Infrastructure Overview Deck.pptx
Oracle Cloud Infrastructure Overview Deck.pptxOracle Cloud Infrastructure Overview Deck.pptx
Oracle Cloud Infrastructure Overview Deck.pptx
 
Introduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure ServicesIntroduction to Oracle Cloud Infrastructure Services
Introduction to Oracle Cloud Infrastructure Services
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
New Relic Infrastructure in the Real World: AWS
New Relic Infrastructure in the Real World: AWSNew Relic Infrastructure in the Real World: AWS
New Relic Infrastructure in the Real World: AWS
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 

Similar to Presentation- on OIM

Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
 
Hit Refresh with Oracle GoldenGate Microservices
Hit Refresh with Oracle GoldenGate MicroservicesHit Refresh with Oracle GoldenGate Microservices
Hit Refresh with Oracle GoldenGate Microservices
Bobby Curtis
 
Oracle goldegate microservice
Oracle goldegate microserviceOracle goldegate microservice
Oracle goldegate microservice
Mojtaba Khandan
 
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Craig Randall
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
Hamza Malik
 
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
mfrancis
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
AVEVA
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
FIWARE
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
RightScale
 
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
mfrancis
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
ForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Sydney cloud foundry meetup - Service Brokers
Sydney cloud foundry meetup - Service BrokersSydney cloud foundry meetup - Service Brokers
Sydney cloud foundry meetup - Service Brokers
Lawrence Crowther
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy server
Meera Hapaliya
 
InTouch Machine Edition 2014 R2: What is New and Advanced Features
InTouch Machine Edition 2014 R2: What is New and Advanced FeaturesInTouch Machine Edition 2014 R2: What is New and Advanced Features
InTouch Machine Edition 2014 R2: What is New and Advanced Features
Wonderware InTouch Machine Edition
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
FIWARE
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
cdanger
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
VMware Tanzu
 
Con8439 fusion apps customs to ebs
Con8439 fusion apps customs to ebsCon8439 fusion apps customs to ebs
Con8439 fusion apps customs to ebsBerry Clemens
 

Similar to Presentation- on OIM (20)

Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Hit Refresh with Oracle GoldenGate Microservices
Hit Refresh with Oracle GoldenGate MicroservicesHit Refresh with Oracle GoldenGate Microservices
Hit Refresh with Oracle GoldenGate Microservices
 
Oracle goldegate microservice
Oracle goldegate microserviceOracle goldegate microservice
Oracle goldegate microservice
 
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
 
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
Service Scenarios and Learnings from the Belgacom EasyHome Lab - Bernard Boël...
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Sydney cloud foundry meetup - Service Brokers
Sydney cloud foundry meetup - Service BrokersSydney cloud foundry meetup - Service Brokers
Sydney cloud foundry meetup - Service Brokers
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy server
 
InTouch Machine Edition 2014 R2: What is New and Advanced Features
InTouch Machine Edition 2014 R2: What is New and Advanced FeaturesInTouch Machine Edition 2014 R2: What is New and Advanced Features
InTouch Machine Edition 2014 R2: What is New and Advanced Features
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
Con8439 fusion apps customs to ebs
Con8439 fusion apps customs to ebsCon8439 fusion apps customs to ebs
Con8439 fusion apps customs to ebs
 

Presentation- on OIM

  • 1. Implementation of Oracle Identity Governance & Access Management Powered by 1
  • 2. Our Major Projects on Oracle Identity Governance and Access Management Client: Robi (An Axiata Telecom Company) Project Scope: Supply of hardware and software; integration of 11 applications with OIM; implementation of ESSO on 20 applications Client: Banglalink Project Scope: Integration of 16 applications with OIM; Implementation of ESSO on 24 applications Client: Acleda Bank Plc, Cambodia Project Scope: Implementation of ESSO on 15 applications Client: Grameenphone Ltd Project Scope: Supply of hardware and software; integration of 134 applications with OIM; integration of 700+ nodes with OPAM 2
  • 3. Integration with OIM using connectors 3 Application Database Recon Employee Master Data Provisioning Reconciliation Adapter Provisioning Adapter Reconciliation HRMS Data From Authentic Source (Trusted Reconciliation) Oracle Identity Manager Identity Connector Framework (ICF) [DBAT]
  • 4. Protecting Web Application Server using OAM Web Servers (Apache, IIS, OHS etc) Users OAM Cluster LDAP Server (Active Directory/OID/OUD) OAM WebGate Deployed to Protect Resources Verifies User Credentials Pass Security TokensUser Request Web URL
  • 5. Single Sign On Request Flow in OAM End Users User Store (LDAP) Web Server With WebGate Oracle Access Manager User Request Web URL Check Protection Evaluates & Returns Policy DecisionRedirect To App if Unprotected Sends Login Page if Protected Send User Credentials Verify User Credentials Create Sessions , Cookies or HTTP Headers Check User access 10 Evaluates and Return Authorization 11 Redirects to Application if Authorized 1 2 34 5 6 7 8 9
  • 6. Integration with OAM for SSO using webgate External Users Front End Proxy (Deploy Webgate) Application Servers Internal Users Oracle Traffic Director Oracle Access Manager Active Directory Oracle Internet Directory
  • 7. HOLISTIC VIEW OPAM DEPLOYMENT 77 Remote Users VPN SSH/RDP Internal User RDP Access Over LAN OPAM Windows Agent OPAM Application Server Database Server Metadata logs and Video Capture SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow OPAM Session Manager Terminal Server/Jump Server LDAP Server OPAM Windows Agent
  • 8. AGENT-BASED DEPLOYMENT (WINDOWS) 8 Database Server OPAM Application Server Metadata logs and Video Capture OPAM Windows Agent OPAM Windows Agent OPAM Windows Agent OPAM Windows Agent ActiveDirectoryFileServerApplicationServerDesktop Remote Users VPN RDP RDP RDP Internal User RDP Access Over LAN Local login Direct Login User Session Data Flow Audit Data Flow
  • 9. AGENT-LESS DEPLOYMENT (LINUX/UNIX) 9Database Server OPAM Application Server Metadata logs and Session Capture Remote Users VPN SSH Internal User SSH OPAMSession Manager User Session Data Flow Audit Data Flow OPAM Session Manager LDAP Server Authentication
  • 10. TERMINAL SERVER AS A GATEWAY 10 Remote Users VPN RDP Internal User RDP Access Over LAN Putty Web Browsers (Web Portals) OPAM Windows Agent OPAM Application Server Database Server Metadata logs and Video Capture SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow OPAM Agent Terminal Server/Jump Server
  • 11. FIREWALL CONFIGURATION FOR GATEWAY APPROACH 11 • Network Firewall do not allow end user to bypass Terminal server. RDP Internal User Access Over LAN Remote Users VPN RDP Terminal Server
  • 12. HYBRID DEPLOYMENT-PROPOSED SOLUTIONS (AGENT-BASED + AGENT LESS + GATEWAY APPROACH) 1212 Remote Users VPN SSH/RDP Internal User RDP Access Over LAN OPAM Windows Agent OPAM Application Server Database Server Metadata logs and Video Capture SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow OPAM Agent Terminal Server/Jump Server LDAP Server OPAM Windows Agent 2FA 2FA 2FA
  • 13. ORACLE ACCESS MANAGER - 2FA 1313 Remote Users VPN OPAM Self Service Console Internal User User Login using RDP Access Over LAN OPAM Server Terminal Server/Jump Server LDAP Server OAM Server 2FA1 2 Token for 2FA 4 OPAM Windows Agent 3 2 FA Token
  • 14. ON DEMAND ACCESS 1414 OIM & SOA PlatformEnd Users Approval Policy Terminal Server/Jump Server LDAP Server Reset Password Authentication SSH RDP SSH/Telnet/Web Browser Request for Access Approval Process