This document provides an overview of Oracle Identity Management (OIM) and its key features. It discusses OIM's capabilities for simplified self-service, advanced identity and role administration, flexible architecture, user provisioning processes, and integration options. OIM allows enterprises to manage the full lifecycle of user identities and access to resources. It offers self-service registration, profile management, and access request tracking along with connectors for provisioning integration and identity administration.
- The document introduces Oracle Identity and Access Management (IAM) solutions including Access Control, Directory Services, Identity Administration, Authentication & Authorization, Single Sign-On, Federation, Web Services Security, Identity Lifecycle Administration, Role & Membership Administration, Provisioning & Reconciliation, Compliance Automation, Virtualization, Synchronization, Storage, Audit & Compliance, and Management.
- It discusses Oracle IAM products that address these solutions and how Oracle has been a leader in industry evaluations. Customer examples are provided that demonstrate cost savings, improved security and compliance, and consolidated identity management.
- The future of Oracle IAM is discussed in terms of expanding the product portfolio, building security into databases and middleware,
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
The document discusses Oracle Identity Management and provides an overview of its products and vision. It describes how Oracle Identity Management offers a unified approach to access management, governance, directory services, and mobile security to help organizations secure access across the extended enterprise. It highlights key customer use cases and provides a roadmap for further enhancing cloud and mobile identity capabilities and simplifying identity management.
Comprehensive Identity and Access Governance for Rapid, Actionable Compliance
The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
Profesia, Lynx Group, presenta la terza puntata di masterclass sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Autenticazione e autorizzazione, riconoscimento e abilitazione all'accesso. L'Identity server è uno strumento in grado di gestire l'autenticazione dei vostri utenti, interni ed esterni , di gestire le sessioni di login e di effettuare autenticazioni mirate al contesto applicativo. È consigliabile prediligere sempre un prodotto on-premise o in cloud compatible GDPR che supporta protocolli SAML e oAuth2 e permette la federazione con i maggiori IDP social.
Se stai pensando a una trasformazione digitale per evolvere verso un business agile scrivi a contact@profesia.it e parla con uno dei nostri esperti
- Oracle Identity Manager 11gR2-PS2 has a component architecture that includes a self-contained J2EE application, SOA for workflow and notifications, OES for authorization, BI for reporting, and external dependencies like LDAP and databases.
- The functional architecture has four tiers - presentation, business services, integration services, and data. Key services include identity provisioning, common services, and integration with target applications.
- Identity provisioning services within OIM handle tasks like resource management, account management, provisioning workflow, role integration, and reconciliation.
The document discusses Oracle Identity and Access Management solutions. It provides an overview of Oracle's offerings for authentication, authorization, federation, mobile security, access management, identity governance, privileged access management, and directory services. Key capabilities mentioned include single sign-on, adaptive access and fraud prevention, identity federation, role-based access control, and support for cloud, mobile, and on-premise deployments at large scale.
Evolveum: All you need to know about identity & access managementEvolveum
On these 15 slides, we will explain you what identity & access management is, how it is used and we will also mention 4 major categories of IAM components.
Oracle Identity Manager (OIM) is an identity management product that automates user provisioning, identity administration, and password management through a comprehensive workflow engine. It is a powerful and flexible enterprise identity management system that automatically manages users' access privileges within enterprise IT resources both within and beyond the firewall and into the cloud. The OIM architecture consists of three tiers - a presentation tier for the GUI, a middleware tier that implements the business logic, and a data tier responsible for data storage.
- The document introduces Oracle Identity and Access Management (IAM) solutions including Access Control, Directory Services, Identity Administration, Authentication & Authorization, Single Sign-On, Federation, Web Services Security, Identity Lifecycle Administration, Role & Membership Administration, Provisioning & Reconciliation, Compliance Automation, Virtualization, Synchronization, Storage, Audit & Compliance, and Management.
- It discusses Oracle IAM products that address these solutions and how Oracle has been a leader in industry evaluations. Customer examples are provided that demonstrate cost savings, improved security and compliance, and consolidated identity management.
- The future of Oracle IAM is discussed in terms of expanding the product portfolio, building security into databases and middleware,
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
The document discusses Oracle Identity Management and provides an overview of its products and vision. It describes how Oracle Identity Management offers a unified approach to access management, governance, directory services, and mobile security to help organizations secure access across the extended enterprise. It highlights key customer use cases and provides a roadmap for further enhancing cloud and mobile identity capabilities and simplifying identity management.
Comprehensive Identity and Access Governance for Rapid, Actionable Compliance
The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
Profesia, Lynx Group, presenta la terza puntata di masterclass sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Autenticazione e autorizzazione, riconoscimento e abilitazione all'accesso. L'Identity server è uno strumento in grado di gestire l'autenticazione dei vostri utenti, interni ed esterni , di gestire le sessioni di login e di effettuare autenticazioni mirate al contesto applicativo. È consigliabile prediligere sempre un prodotto on-premise o in cloud compatible GDPR che supporta protocolli SAML e oAuth2 e permette la federazione con i maggiori IDP social.
Se stai pensando a una trasformazione digitale per evolvere verso un business agile scrivi a contact@profesia.it e parla con uno dei nostri esperti
- Oracle Identity Manager 11gR2-PS2 has a component architecture that includes a self-contained J2EE application, SOA for workflow and notifications, OES for authorization, BI for reporting, and external dependencies like LDAP and databases.
- The functional architecture has four tiers - presentation, business services, integration services, and data. Key services include identity provisioning, common services, and integration with target applications.
- Identity provisioning services within OIM handle tasks like resource management, account management, provisioning workflow, role integration, and reconciliation.
The document discusses Oracle Identity and Access Management solutions. It provides an overview of Oracle's offerings for authentication, authorization, federation, mobile security, access management, identity governance, privileged access management, and directory services. Key capabilities mentioned include single sign-on, adaptive access and fraud prevention, identity federation, role-based access control, and support for cloud, mobile, and on-premise deployments at large scale.
Evolveum: All you need to know about identity & access managementEvolveum
On these 15 slides, we will explain you what identity & access management is, how it is used and we will also mention 4 major categories of IAM components.
Oracle Identity Manager (OIM) is an identity management product that automates user provisioning, identity administration, and password management through a comprehensive workflow engine. It is a powerful and flexible enterprise identity management system that automatically manages users' access privileges within enterprise IT resources both within and beyond the firewall and into the cloud. The OIM architecture consists of three tiers - a presentation tier for the GUI, a middleware tier that implements the business logic, and a data tier responsible for data storage.
1) The document discusses Oracle Identity Governance and Access Management projects for several clients, including integrating numerous applications with OIM and implementing ESSO.
2) It provides an overview of integrating applications with OIM using connectors and protecting web applications using OAM with WebGates deployed.
3) Finally, it outlines different deployment approaches for OAM including agent-based, agent-less, using a terminal server as a gateway, and a hybrid approach combining methods.
SAP Identity Management helps companies centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. More information: http://scn.sap.com/community/idm.
OIM provides comprehensive identity management features including self-service access requests, profile management, role-based access administration, delegated administration, connectors for application integration, and reporting and auditing. It offers a centralized identity data warehouse, extensible user interfaces, and streamlined workflows for access requests and provisioning. Connectors provide out-of-the-box integration for many applications while also supporting custom connectors.
This document evaluates major identity and access management (IAM) vendors. It identifies the key products from CA, IBM, Novell, Oracle, and Sun Microsystems that address common IAM requirements. The document recommends further evaluation of Oracle and Sun due to their flexible solutions that scale from small to large businesses, as well as their strong partnerships and integration capabilities. IBM is only recommended for very large deployments due to complexity at smaller scales.
My Presentation on using SSO as both a Business tool and a Security tool. Examples show how working with the business one can bring productivity and cost savings while also implementing the same tool as a security control.
This document provides guidance on building a comprehensive identity roadmap. It recommends prioritizing initiatives based on complexity and assessing the existing identity infrastructure. Quick wins can be found in addressing orphaned accounts, role management, and implementing single sign-on and password management. The roadmap should plan for increasing maturity through user lifecycle management, role-based access controls, and risk analytics. It also suggests considering identity as a service hosted in the cloud.
John Bernhard will present on identity management at Airline Company. Identity management (IdM) provides a federated infrastructure to manage access for employees, contractors, business partners, and customers. It aims to consistently enforce business and security policies regardless of how users access the network. IdM gives Airline Company competitive advantages like an agile infrastructure and enables compliance with regulations like SOX and PCI. The presentation will cover what IdM is, the business rationale and benefits, and IdM service architecture concepts.
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This document provides an overview of SAP NetWeaver Identity Management. It discusses Identity Management's role in centralizing user information and provisioning access. Key features covered include provisioning workflows, reporting and auditing, business roles, and integration with Access Control/GRC and Single Sign On. The presentation also reviews Identity Center and Virtual Directory Server, the two main components of SAP Identity Management.
Summary of Quest One IAM solutions that address core Federal Identity Credentialing and Access Management (FICAM) suggested framework to meet the various challenges of both the DOD and Federal Civilian Agencies.
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
A general guide on how to use SIF IDM V2.7 and V3.1 for identity management in education technology solutions, especially for complex multi-vendor, multi-application frameworks. Includes the typical use cases such as provisioning and SSO establishment, workflows, best practice in U.S. and Australia implementations, and architectural contexts.
Con9573 managing the oim platform with oracle enterprise manager OracleIDM
The document discusses how Qualcomm implemented Oracle Enterprise Manager 12c to manage its Oracle Identity Management platform. Some key points:
- Qualcomm needed to provide high service levels for identity and access management (IAM) and databases, monitor SLAs, and improve compliance through role-based access.
- It implemented EM12c in a highly available configuration with disaster recovery to manage applications, middleware, IAM, and databases from a single console.
- Through dynamic groups and roles in EM12c, IAM administrators, network operators, and database administrators received restricted views of only their relevant targets while using a shared infrastructure.
- This streamlined operations and improved compliance by allowing different teams to manage incidents
EmpowerID is an identity and access management solution that uses visual workflows to automate enterprise identity lifecycles and access controls. It answers the question of who should have access to which IT resources and enforces access across all systems. Organizations can design business processes as workflows to manage identities, roles, and resource access. EmpowerID provides role-based access management, user provisioning, directory synchronization, and a unified management console for access controls.
Oracle Identity Management 11g R2 aims to secure the new digital experience by providing identity management and security solutions. It offers simplified user experiences, a modernized platform to support extreme scale, and a clear upgrade path. The release focuses on simplifying access requests, supporting mobile and social sign-on, improving privileged account management, and providing operational scale through optimized systems and a unified directory.
Pre-configured business processes and policies, to quickly deliver rich IAM automation using the Hitachi ID Identity and Access Management Suite.
See more at: http://hitachi-id.com/documents/
This document provides an overview and buyer's guide for identity and access governance (IAG) solutions. It discusses the key functions of IAG, including defining roles and permissions, requesting and approving access, certifying access, auditing and ensuring compliance, and monitoring through identity and access intelligence tools. The guide is intended to help organizations define requirements and evaluate IAG vendors and solutions. It provides tables to assess and compare features for role management, access requests, approvals, certifications, audits, monitoring and other areas. The tables can help capture information from vendor demonstrations and product tests.
The document provides an overview of the technical architecture of OpenIAM, an identity and access management solution. The architecture includes key components like an enterprise service bus, business process engine, messaging, scripting, presentation tier, security architecture, and more. OpenIAM takes a service-oriented approach and exposes over 30 services through the ESB for features like user management, authorization, provisioning, and reporting.
1) The document discusses Oracle Identity Governance and Access Management projects for several clients, including integrating numerous applications with OIM and implementing ESSO.
2) It provides an overview of integrating applications with OIM using connectors and protecting web applications using OAM with WebGates deployed.
3) Finally, it outlines different deployment approaches for OAM including agent-based, agent-less, using a terminal server as a gateway, and a hybrid approach combining methods.
SAP Identity Management helps companies centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. More information: http://scn.sap.com/community/idm.
OIM provides comprehensive identity management features including self-service access requests, profile management, role-based access administration, delegated administration, connectors for application integration, and reporting and auditing. It offers a centralized identity data warehouse, extensible user interfaces, and streamlined workflows for access requests and provisioning. Connectors provide out-of-the-box integration for many applications while also supporting custom connectors.
This document evaluates major identity and access management (IAM) vendors. It identifies the key products from CA, IBM, Novell, Oracle, and Sun Microsystems that address common IAM requirements. The document recommends further evaluation of Oracle and Sun due to their flexible solutions that scale from small to large businesses, as well as their strong partnerships and integration capabilities. IBM is only recommended for very large deployments due to complexity at smaller scales.
My Presentation on using SSO as both a Business tool and a Security tool. Examples show how working with the business one can bring productivity and cost savings while also implementing the same tool as a security control.
This document provides guidance on building a comprehensive identity roadmap. It recommends prioritizing initiatives based on complexity and assessing the existing identity infrastructure. Quick wins can be found in addressing orphaned accounts, role management, and implementing single sign-on and password management. The roadmap should plan for increasing maturity through user lifecycle management, role-based access controls, and risk analytics. It also suggests considering identity as a service hosted in the cloud.
John Bernhard will present on identity management at Airline Company. Identity management (IdM) provides a federated infrastructure to manage access for employees, contractors, business partners, and customers. It aims to consistently enforce business and security policies regardless of how users access the network. IdM gives Airline Company competitive advantages like an agile infrastructure and enables compliance with regulations like SOX and PCI. The presentation will cover what IdM is, the business rationale and benefits, and IdM service architecture concepts.
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This document provides an overview of SAP NetWeaver Identity Management. It discusses Identity Management's role in centralizing user information and provisioning access. Key features covered include provisioning workflows, reporting and auditing, business roles, and integration with Access Control/GRC and Single Sign On. The presentation also reviews Identity Center and Virtual Directory Server, the two main components of SAP Identity Management.
Summary of Quest One IAM solutions that address core Federal Identity Credentialing and Access Management (FICAM) suggested framework to meet the various challenges of both the DOD and Federal Civilian Agencies.
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
A general guide on how to use SIF IDM V2.7 and V3.1 for identity management in education technology solutions, especially for complex multi-vendor, multi-application frameworks. Includes the typical use cases such as provisioning and SSO establishment, workflows, best practice in U.S. and Australia implementations, and architectural contexts.
Con9573 managing the oim platform with oracle enterprise manager OracleIDM
The document discusses how Qualcomm implemented Oracle Enterprise Manager 12c to manage its Oracle Identity Management platform. Some key points:
- Qualcomm needed to provide high service levels for identity and access management (IAM) and databases, monitor SLAs, and improve compliance through role-based access.
- It implemented EM12c in a highly available configuration with disaster recovery to manage applications, middleware, IAM, and databases from a single console.
- Through dynamic groups and roles in EM12c, IAM administrators, network operators, and database administrators received restricted views of only their relevant targets while using a shared infrastructure.
- This streamlined operations and improved compliance by allowing different teams to manage incidents
EmpowerID is an identity and access management solution that uses visual workflows to automate enterprise identity lifecycles and access controls. It answers the question of who should have access to which IT resources and enforces access across all systems. Organizations can design business processes as workflows to manage identities, roles, and resource access. EmpowerID provides role-based access management, user provisioning, directory synchronization, and a unified management console for access controls.
Oracle Identity Management 11g R2 aims to secure the new digital experience by providing identity management and security solutions. It offers simplified user experiences, a modernized platform to support extreme scale, and a clear upgrade path. The release focuses on simplifying access requests, supporting mobile and social sign-on, improving privileged account management, and providing operational scale through optimized systems and a unified directory.
Pre-configured business processes and policies, to quickly deliver rich IAM automation using the Hitachi ID Identity and Access Management Suite.
See more at: http://hitachi-id.com/documents/
This document provides an overview and buyer's guide for identity and access governance (IAG) solutions. It discusses the key functions of IAG, including defining roles and permissions, requesting and approving access, certifying access, auditing and ensuring compliance, and monitoring through identity and access intelligence tools. The guide is intended to help organizations define requirements and evaluate IAG vendors and solutions. It provides tables to assess and compare features for role management, access requests, approvals, certifications, audits, monitoring and other areas. The tables can help capture information from vendor demonstrations and product tests.
The document provides an overview of the technical architecture of OpenIAM, an identity and access management solution. The architecture includes key components like an enterprise service bus, business process engine, messaging, scripting, presentation tier, security architecture, and more. OpenIAM takes a service-oriented approach and exposes over 30 services through the ESB for features like user management, authorization, provisioning, and reporting.
To tell that - IT environment has shifted, and this would be a huge understatement. We just see this happening around us. Yet to say, the transition is not necessarily a bad thing. Like in other technology organizations, Identity governance is in the process of change. We can see that this can be a positive transformation; as the way it allows us to be more flexible and stronger.
Visit : https://techdemocracy.com
This document contains the resume of Mian Kamran Suleman. It summarizes his objective of seeking an IT position applying his skills in software quality assurance, testing, and security. It then lists his extensive professional experience in these areas, including over 7 years at CareFirst BlueCross BlueShield and IBC Insurance Company. It details his responsibilities and accomplishments in roles such as Senior Information Security Specialist, Senior Security Specialist, and Lead QA. Finally, it provides details of his technical proficiencies and education.
Identity and Access Management (IAM) is responsible for managing access to systems and resources. IAM uses tools and services to centrally manage applications and identities. It is important for managers to request access for personnel, review access periodically, and remove access when people leave. The IAM program aims to centralize identity management, implement access reviews, and provide compliance reporting. The IAM portal is used to automate provisioning, conduct certifications, and provide transparency into who has access to applications.
Kiran Reddy has over 5 years of experience in identity and access management using Oracle products like Oracle Identity Manager, Oracle Access Manager, Oracle Internet Directory and Oracle Virtual Directory. He has expertise in integrating these products, developing connectors, configuring workflows, provisioning, reconciliation, single sign-on and access policies. He has worked on several projects for clients to implement identity management solutions.
Kiran Kumar has over 7 years of experience in system administration and software testing. He has worked on projects involving taxation software, workflow management, and CRM systems for clients like Supreme Industries and Adaequare Info Pvt Ltd. His skills include system administration, test case design, functional testing, regression testing, and automation testing using tools like HP QTP and QC. He has expertise in SQL, VBScript, and testing concepts like the SDLC and STLC.
Enterprise-scale organizations employ large numbers of internal users, with different access requirements spanning large numbers of systems, directories and applications. The dynamic nature of modern enterprises demand that organizations efficiently and securely provision and deactivate systems access to reflect rapidly changing user responsibilities.
This document introduces a strategy for large-scale enterprise user administration. This strategy complements the traditional role-based approach with user-issued security requests combined with periodic audits.
Using this approach, new privileges are granted to users in response to user-entered requests, rather than
being predicted by an automatic privilege model. Excessive user privileges are periodically identified and cleaned up using a distributed, interactive user rights review and certification process.
The document discusses Oracle Identity Governance, a unified identity and access governance solution. It addresses challenges of managing access across enterprise, mobile, and cloud applications. The solution provides identity administration, access request management, access risk management, privileged access management, and other features. It uses a modular architecture with components like self-service interfaces, runtime engines, connectors, and common services.
Capgemini's Identity and Access Management solution places identity management at the core of an integrated security infrastructure. It comprises processes and technologies that help strengthen compliance, secure operations, and improve agility. Capgemini takes a three-stage approach to implementation: planning to understand needs, preparation to design technical and process solutions, and implementation to realize the solution. Capgemini's advantage is experience in diverse sectors, alliances with leading vendors, and expertise in both commercial and public security solutions.
This document introduces the business problems of user life-cycle management: slow and complex onboarding; redundant administration effort; slow and unreliable deactivation; excess security entitlements and inconsistent user profile data. It then describes how Hitachi ID Identity Manager addresses these problems using streamlined business processes built on integrated technology. Finally, the benefits of enabling automation and self-service to improve user and security management processes are described.
Identity management is the combination of business process and technology used to manage data on IT systems and applications about users. Managed data includes user objects, identity attributes, security entitlements and authentication factors.
This document defines the components of identity management, starting with the underlying business challenges of managing user identities and entitlements across multiple systems and applications. Identity management functions are defined in the context of these challenges.
This document discusses leveraging Oracle's engineered systems for deploying and running Oracle Identity Management. It introduces Oracle's engineered systems, including Oracle Exalogic and Exadata, which are designed to improve performance, scalability, and simplify deployment for mission-critical applications like Oracle Identity Management. The document also summarizes the benefits of using Oracle Exalogic and Exadata, such as reduced costs, risk, and ability to consolidate hundreds of servers into a single system. It provides examples of large customers that have achieved significant performance and scalability running Oracle Identity Management on Oracle's engineered systems.
ING implemented Oracle Identity Manager and Oracle Identity Analytics to manage access to over 16,000 users and 16,000 applications. This replaced a homegrown system that did not scale. The implementation was phased, beginning with automating revokes on termination and password management. Later phases automated provisioning of base roles and application access based on roles. Role-based attestation improved on resource-based attestation. The platform approach reduced costs and improved auditability, compliance, and user experience versus disparate systems.
The document provides sizing guidelines for deploying Oracle Identity Manager 11gR2PS1 based on testing. It discusses factors that impact hardware sizing like the number of users, provisioning operations, reconciliation data volume and frequency, and certification campaigns. The guidelines help estimate the computing resources and database size needed to support expected usage.
Nitai Partners is a leading firm specialized in building cloud-based data and analytics solutions. They provide identity management solutions using Oracle Identity Manager to enable simplified self-service functions for users like self-registration, profile management, password management, and tracking access requests. Their solutions help secure organizations and build strong customer relationships through engineered cloud solutions.
The document discusses FulcrumWay, a provider of governance, risk, and compliance (GRC) expertise, solutions, and software services. It outlines FulcrumWay's offerings including risk management consulting, packaged Oracle-based GRC solutions, and software services to help organizations assess and monitor risks and controls. It also provides examples of FulcrumWay clients and events.
Addvantum offers Oracle Fusion Middleware based solutions to enable organizations to extend their business processes, evolve, be connected, and remain agile.
This reference architecture outlines a general solution for a centralized Identity Management (IdM) system without
committing itself to any specific business needs.
Similar to Whitepaper Oracle Identity Management (20)
Disney needed to gain visibility into its $22 billion annual spend across 400,000+ suppliers worldwide. It implemented a web-based spend management tool to integrate data from multiple sources, classify the heterogeneous spend according to a common taxonomy, and provide a single view of direct and indirect spend. This enabled Disney to accurately enrich 100% of vendor data, optimize its vendor base, reduce T&E spend, and lower IT expenses through a more effective spend management process.
Naresh Hingorani presents Bristlecone's new A-Index, a holistic measurement of organizational health and resilience. The A-Index was developed over months of research and collaboration with customers, partners, and analysts to provide an actionable framework for measuring key performance metrics across processes, social responsibility, analytics, and resilience. It incorporates proprietary metric hierarchies, benchmarking, and analytical tools to evaluate factors like technology strategy, data accuracy, customer satisfaction, and flexibility. Initial feedback on the A-Index has been positive, with some praising its holistic, granular, and actionable nature.
Ron Spangler, Senior Industrial Liaison OfficerBristlecone SCC
The document provides an overview of MIT's innovation ecosystem, which serves as a central hub connecting students, researchers, entrepreneurs, industry, and investors. MIT is a world-leading research institution that produces cutting-edge technologies and annually spins out over 15 companies based on intellectual property. The surrounding area in Cambridge further enhances the ecosystem through a concentration of educational and medical institutions, startup companies, venture capital firms, and over 180 global corporations with local offices. This vibrant environment allows for fluid sharing of ideas and resources.
This document discusses Bristlecone's innovations in digital supply chain technologies. It describes how machine learning, IoT, analytics and other digital tools can help supply chains better predict demand, assess risks, improve efficiency and quality. Bristlecone Labs is developing projects in network monitoring using blockchain and IoT, machine learning-based forecasting, and autonomous early warning and planning systems. The company engages with clients through co-innovation, rapid prototyping and establishing centers of excellence. It also envisions a future "Uberized" supply chain marketplace that provides on-demand access to skills and capabilities.
C2Sense is a company that develops gas sensing technology to generate recurring subscription revenue from industrial customers. Their small, accurate, and affordable sensors monitor factors like yield and freshness in the poultry and food industries. They have received $5M in investments and $1.5M in non-dilutive capital to launch commercially in the food industry in 2017 and poultry industry in August 2017, with plans to expand to industrial safety applications in 2018.
Brian Subirana Director of the MIT Auto-ID Laboratory at SCCPulse2017Bristlecone SCC
The document discusses conversational commerce and blockchain technology. It notes that conversational commerce via voice assistants is growing rapidly and will likely lead to major changes in retail. Blockchain could help strengthen supply chain management by increasing transparency. Typical uses of blockchain include financial transactions, supply chain tracking, and digital identity verification. The effects of these technologies on retail are uncertain but could include both greater disruption of traditional retailers as well as new opportunities for brands to engage with customers.
Alan Ringvald, CEO of Relativity6 at SCCPulse2017Bristlecone SCC
Alan Ringvald of Relativity6 discusses how machine learning can help companies better engage customers. He notes that companies currently have high customer churn rates and transactional relationships due to a lack of understanding individual customers. Relativity6's approach uses proprietary algorithms to analyze customer behaviors and historical purchase data to make predictions about win-back, cross-sell, and churn prevention with over 80% accuracy. This helps companies personalize relationships and improve financial outcomes.
Michael J Casey at Bristlecone Pulse 2017, MITBristlecone SCC
Michael J Casey, Senior Advisor, Blockchain Research at MIT Media Lab / Consultant - Fintech / Public Speaker / Author, spoke about The truth machine - The Blockchain and the Future of Everything
The document discusses how supply chain transformation can change businesses and the world. It highlights key aspects of supply chain management like end-to-end visibility, networks instead of pipelines, real-time adjustment, and benchmarking. The document also discusses how supply chain data can help workers, customers, and address challenges of automation. Overall, the document promotes the company's services in helping clients navigate supply chain changes.
Big Data & Analytics to Improve Supply Chain and Business PerformanceBristlecone SCC
Prof. David Simchi Levi, Engineering Systems Professor at MIT and Chairman of OPS Rules spoke at Bristlecone Pulse 2017 about delivering customer value through digitization, analytics and automation.
Supply Chain thought leader and Transformation Expert James Heidrich spoke at Bristlecone Pulse 2017 about self-aware supply chains of the future, the procurement and supplier relationships they need for success and optimizing the end-user experience - which is essential. #SCCPulse2017
The Power of Resilience - How the Best Companies Manage the UnexpectedBristlecone SCC
In this seminal presentation, Yossi Sheffi,
Elisha Gray II Professor of Engineering Systems, and Director, MIT Center for Transportation and Logistics talks about the dichotomy and classification of risks and how enterprises can prepare for risks with better SCM, supplier management and leadership.
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...Niswey
50 million companies worldwide leverage WhatsApp as a key marketing channel. You may have considered adding it to your marketing mix, or probably already driving impressive conversions with WhatsApp.
But wait. What happens when you fully integrate your WhatsApp campaigns with HubSpot?
That's exactly what we explored in this session.
We take a look at everything that you need to know in order to deploy effective WhatsApp marketing strategies, and integrate it with your buyer journey in HubSpot. From technical requirements to innovative campaign strategies, to advanced campaign reporting - we discuss all that and more, to leverage WhatsApp for maximum impact. Check out more details about the event here https://events.hubspot.com/events/details/hubspot-new-delhi-presents-unlocking-whatsapp-marketing-with-hubspot-integrating-messaging-into-your-marketing-strategy/
Discover the Beauty and Functionality of The Expert Remodeling Serviceobriengroupinc04
Unlock your kitchen's true potential with expert remodeling services from O'Brien Group Inc. Transform your space into a functional, modern, and luxurious haven with their experienced professionals. From layout reconfiguration to high-end upgrades, they deliver stunning results tailored to your style and needs. Visit obriengroupinc.com to elevate your kitchen's beauty and functionality today.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART KALYAN CHART
The report *State of D2C in India: A Logistics Update* talks about the evolving dynamics of the d2C landscape with a particular focus on how brands navigate the complexities of logistics. Third Party Logistics enablers emerge indispensable partners in facilitating the growth journey of D2C brands, offering cost-effective solutions tailored to their specific needs. As D2C brands continue to expand, they encounter heightened operational complexities with logistics standing out as a significant challenge. Logistics not only represents a substantial cost component for the brands but also directly influences the customer experience. Establishing efficient logistics operations while keeping costs low is therefore a crucial objective for brands. The report highlights how 3PLs are meeting the rising demands of D2C brands, supporting their expansion both online and offline, and paving the way for sustainable, scalable growth in this fast-paced market.
Cover Story - China's Investment Leader - Dr. Alyce SUmsthrill
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
Prescriptive analytics BA4206 Anna University PPTFreelance
Business analysis - Prescriptive analytics Introduction to Prescriptive analytics
Prescriptive Modeling
Non Linear Optimization
Demonstrating Business Performance Improvement
AI Transformation Playbook: Thinking AI-First for Your BusinessArijit Dutta
I dive into how businesses can stay competitive by integrating AI into their core processes. From identifying the right approach to building collaborative teams and recognizing common pitfalls, this guide has got you covered. AI transformation is a journey, and this playbook is here to help you navigate it successfully.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
4. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 3
Overview
Over the last decade, the mission of identity and access management (IDM) systems has expanded to
include a range of business objectives. Whereas early identity systems served primarily to simplify
account management, today organizations are building IDM technologies into their controls
infrastructure. Oracle Identity Governance Suite enables organizations to simplify access grants and
review access by consolidating the key strengths of its industry leading and best-in-class provisioning
(Oracle Identity Manager), newly released privileged access (Oracle Privileged Access Manager), role,
policy and risk management (Oracle Identity Analytics) into a common, and consistent and unified
governance suite. With a single, converged platform, Oracle Identity Governance suite can provide
benefits like:
Increased end-user productivity - consistent and intuitive user interfaces, common business glossary,
immediate access to key applications, role lifecycle management
Reduced risk - guaranteed access revocation, detect and manage orphaned accounts, proactive and
reactive IT audit policies detection and enforcement, fine grained authorization controlling who can
do what, periodic re-certifications, continuous policy and role based access re-evaluation.
Increased operational efficiency - risk based identity certification reducing overall time to certify,
automated repeatable user administration tasks, role consolidation, and ease of deployment
Reduced total cost - single vendor platform for governance, flexible and simplified customization
framework, easily attest to regulatory requirements, common connector, standards based
technology.
Oracle Identity Management provides a unified, integrated security platform designed to manage user
identities, provision resources to users, secure access to corporate resources, and enable trusted
online business partnerships and support governance and compliance across the enterprise. It
provides increased efficiency through improved integration, automation, and increased effectiveness
in terms of application-centric security, risk management, and governance. OIM supports the full life
cycle of enterprise applications, from development to deployment and production.
Oracle Identity Manager (OIM) automates the administration of user access privileges across a
company's resources, throughout the entire identity management life cycle—from initial on-boarding
to final de-provisioning of an identity. OIM helps to answer critical compliance questions like "who has
access to what resources and when? How did users get access to resources and why?"
Key Features
Oracle Identity Management allows enterprises to manage the end-to-end life cycle of user identities
across enterprise resources and independently from enterprise applications. Its comprehensive set of
services include identity administration and role management; user provisioning and compliance; web
applications and web services access control; single sign-on and federated identities; fraud detection;
strong, multifactor authentication and risk management; role governance and identity analytics, audit
and reports. Some of its key features are listed below.
5. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 4
Simplified Self Service
OIM offers a wide range of self-service functions enabling business users to register for an account,
manage their own profiles and credentials. These self-service capabilities easily pay for it many times
over through reduced help desk calls and administrative costs.
Self-Registration
OIM provides a configurable interface where end users (typically in an extranet environment) can
submit a request for an account for themselves in the enterprise. A configurable workflow allows such
requests to be approved before actually granting and notifying the account details to the user.
Profile Management
Using OIM’s self-service interface, users can easily manage their own mutable profile data like
changing their email ID, postal address, telephone number, emergency contact info, their password
recovery questions and answers or set up a proxy/delegate user to act on their behalf for a specified
time period.
Password Management
OIM’s self-service interface enables users to manage their enterprise password that is used in single
sign-on (SSO). OIM then synchronizes this password across all target resources provisioned to the
user. OIM enforces compliance of this password with enterprise password policies, which may be
authored in OIM itself. For the recovery of forgotten passwords, OIM employs the security challenge
questions set during the user’s first login or captured during self-registration. OIM also provides
random password generation capabilities that may be invoked during registration or administrator-
based password reset.
Self-Service Access Request
OIM provides a browser-based tool to request access. The access request experience is similar to the
“shopping cart” metaphor used on commercial websites, so users are able to request access without
training on the tool and with only a basic understanding the organization’s roles and entitlements.
End users simply search for the roles and entitlements they require by entering keywords. They can
further refine and filter search results by using the tool’s automated suggestions. Once users find the
entitlements they need, they simply place the appropriate entitlements in a cart and submit the
request. OIM enables users to bundle frequently requested privileges and model them as a saved
shopping cart. In OIM, a saved shopping cart is called a “request profile” that can also be shared with
other users.
Tracking a Request
Users and helpdesk administrators can track the progress of their requests online through OIM’s
tracking tool. The tracking tool graphically displays the current state of the request approval in the
provisioning workflow. An image displays what steps are complete and what steps remain to fulfill
the request. Using this tool, users can then help ensure their requests are handled in a timely
fashion.
Handling Requests – Complex Workflows
OIM allows approvers to take various actions on an access request without significant difficulty. In
addition to approving or denying the request, the approver may delegate the approval step to
another person or role. As approvals may get critical in the overall user productivity, the system also
supports configurable approval reminders and escalations. As approval needs can change over the
period of time, policy owners can change the approval routing logic using a web interface.
6. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 5
Extensible User Interface
While OIM out of the box includes a complete self-service access request capability that is business
user friendly, organizations may want to customize the tool to cater to their organization specific
user interface standards and principles.
Global Customizations
OIM supports customizations that range from simple branding/logo/style-sheet changes to changing
the layout of the page or changing the labels of various widgets on the page. Some of the advanced
customizations may involve extending the out-of-box definition of various entities like users, roles,
organizations, catalog entities by defining additional attributes on them and deciding various UI
pages where the new attributes should appear. The system also provides a sandbox environment to
perform, test, commit or rollback all such customizations without impacting other users.
Personalization
OIM provides a powerful personalization framework as part of its business user interface. When
using OIM, each user sees a home page with multiple regions for the most commonly used features
and information. Business users can personalize the layout of the home page by rearranging or
hiding regions. Additionally, some of the non-technical users like helpdesk administrators or
delegated administrators may perform the same query over and over again on various entities.
Rather than entering the query criteria again and again, users can save their searches and reuse
them across sessions.
Advanced Identity and Role Administration
Users’ access rights are managed in OIM throughout the identity lifecycle. When new users are on-
boarded, they receive a set of accounts and entitlements based on any applicable “birthright
provisioning” policies. Account and entitlement assignments may change as users’ identity attributes
change in the enterprise as a result of promotions, transfers, or other organizational changes. OIM
automatically provisions these changes in the target systems. Users may also get additional access
by requesting roles, accounts, or entitlements using OIM’s self-service capabilities.
OIM Data Warehouse
The core of OIM is its centralized identity warehouse. The identity warehouse contains three key
types of data:
Identities: Users’ identities may be created based on authoritative systems or directly in OIM using
self-service or delegated administration features. OIM can create user accounts and reconcile
attributes and access based on data from any number of authoritative systems such as Oracle E-
Business HRMS, PeopleSoft HRMS etc.
OIM can synchronize the database with any number of LDAP directories. Many customers
synchronize the identities created in OIM into an LDAP to setup an enterprise LDAP that may be
wired to various authentication and authorization systems that may need access to user’s identity
attributes.
Connectors
OIM’s Connector Framework eliminates the complexity associated with creating and maintaining
connections to proprietary interfaces in business applications. The connector framework separates
connector code (integration libraries specific and optimized for the target system) from connector
meta-data (data models, forms, connectivity information and process). This separation makes
extending, maintaining, and upgrading connectors a manageable and straightforward process.
7. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 6
OIM provides the following integration technologies for the connector development.
Generic Technology Connector
The Adapter Factory enables customers to create new integrations or modify existing integrations
using a graphical user interface, without programming or scripting. Generic Technology Connector
can communicate with any target resource by using standard protocols such as HTTP, SMTP, FTP,
and Web Services combined with generic message formats such as CSV, SPML, and LDIF.
Identity Connector Framework
The Generic Technology Connector framework provides a complimentary solution for data flows to
applications that accept file formats. ICF provides Connector Servers which enables remote execution
of the Identity Connector. Connector servers are available for both Java and .NET. An ICF compliant
converged connector is a connector that can be commonly used for both Oracle Identity Manager and
Oracle Wave set.
OIM Architecture
Oracle Identity Management components integrate seamlessly with Oracle applications such
as Oracle’s PeopleSoft, Oracle’s Siebel, and other Oracle Fusion Middleware components such as
Oracle SOA, Oracle WebCenter, and Oracle Business Intelligence. OIM integrates with Oracle Database
through its own directory and identity virtualization services, thus providing scalability and lower cost
of ownership.
Oracle Identity Management is an integral part of Oracle Fusion Middleware. OIM leverages its
services such as Business Intelligence, Enterprise Management, and SOA and Process Management,
and it provides security services to multiple Oracle Fusion Middleware components and Oracle Fusion
Applications.
8. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 7
Oracle Identity Management Platform
Oracle’s identity platform consists of three functional pillars and underlying platform services, as
shown in the following figure.
Identity Governance involves setup of the environment in advance of access, as well as review of the
environment to ensure policies are enforced as intended.
The Access Management includes the technologies involved in run-time enforcement of access—that
is, when users are actively using the system.
Directory Services operate at the data layer to provide identity context to the other two pillars. Oracle
also provides Platform Security Services that enable developers to access any component in the pillars,
externalize security decisions, and take advantage of platform security features.
Oracle 11g R2 IDM Platform
Identity Governance products:
Oracle Identity Manager (OIM) is an identity provisioning product. OIM includes features for self-
service password management, access request forms, delegated administration, approval routing
workflows, and entitlement management across any number of connected systems.
Oracle Identity Analytics (OIA) collects logs from IdM products and other systems to report on
usage, build effective IT roles, and detect account-related audit issues such as orphaned accounts.
Oracle Privileged Account Manager (OPAM) secures accounts with elevated access, such as root
accounts on Unix systems and databases, by implementing a password checkout system
9. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 8
Access Management products:
Oracle Access Manager (OAM) is a Web Access Management (WAM) product that enables SSO
across an organization’s web presence.
Oracle Adaptive Access Manager (OAAM) enables organizations to apply stronger, risk-based, and
multi-factor access control to an organization’s web presence.
Oracle Enterprise Gateway (OEG) is a soft-appliance XML gateway for securing and managing
application and web access to an organizations web presence
Oracle Identity Federation (OIF) provides standards-based identity federation capabilities for
enabling SSO across websites.
Oracle Security Token Service (OSTS) is a WS-Trust compliant STS implementation. An STS converts
security tokens of various types, enabling compatibility and trust across federation boundaries.
Oracle Entitlements Server (OES) is a fine-grained entitlements service that supports a variety of
externalized authorization mechanisms including XACML 3.0.
Oracle Enterprise Single Sign-On (OeSSO) is a client-based SSO product that enables users to access
web, client-server, and legacy applications though a single, strong authentication “wallet” for
authentication.
Directory Services products
Oracle Unified Directory (OUD) includes both a highly scalable LDAP directory service based on Java
and the Oracle Virtual Directory (OVD) product. See the section below for more information on OVD.
Oracle Internet Directory (OID) is a scalable LDAP directory service based on Oracle database
technology.
Oracle Virtual Directory (OVD) enables efficient and elegant integration to data sources.
Platform Security services
Oracle Platform Security Services (OPSS) provide developer access to essential security functions.
Oracle Enterprise Gateway (OEG) enables SOA applications to establish an identity-based control at
the edge of enterprise networks. OEG also provides REST-ful interfaces to the identity platform for
mobile applications. And when combined with Oracle Web Services Manager (OWSM) also adds
encryption, PKI, and related policy control to web services.
Support for Open Standards
Oracle Identity Platform supports all relevant standards, including LDAP, SAML, WS-Trust, WS-
Federation, XACML, OpenID, OAuth, and SPML. Oracle also continues to innovate in the standards
community. The identity platform offers technologies that make it easy to integrate with partners,
suppliers, and cloud services. The access technologies support all the major federation standards,
including SAML 1.x and 2.x, WS-Federation, and OpenID
10. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 9
Oracle Identity Manager
Oracle Identity Manager (OIM), is central component of Oracle’s identity management strategy. It
provides a platform for designing provisioning processes for user and access information to solve the
challenge of getting the right accounts and privileges automatically set up for users across all
applications they need to
Access.
OIM is a fundamental building block for an overall identity management solution. Access
management, role management, directory services, and entitlement management all depend on
having a working user provisioning solution that ensures the right identity data exists in the right
location for other solutions to use. And with so many different types of policies, processes, and
integrations involved in a typical provisioning problem, the provisioning technology needs to support
a high level of flexibility and customization. However, with added flexibility comes complexity, so OIM
tries to achieve a balance between supporting customization of provisioning without making the
implementation process too difficult.
OIM User
In OIM, a user represents an entity in context of enterprise user provisioning and as such can be
provisioned to accommodate different applications. An OIM user defines a specific default data model
with certain standard identity attributes, such as First Name, Last Name, Employee Type, Title,
Organization, and so on, that can be extended as needed.
User Group
In many applications, users are grouped together based on common functions, organization, job level,
and so forth. OIM provides the user group object as a mechanism to support organizing users into
simple compartments according to certain rules and policies. A user can be associated to a group
either via direct membership assignments or rule driven memberships.
Direct assignments are performed in a discretionary manner by another privileged user (such as
administrators, managers, and so on), and the memberships are maintained in a static way
(memberships are also revoked in a discretionary way).
.
The other way of assigning groups is to use rule based membership which is a more automated
manner. Membership rules are simple conditional statements that are evaluated against each user to
determine whether or not the user belongs to a group. Figure below shows a membership rule,
“location == San Francisco.” This is an example of automating group memberships based a “location”
attribute value. User groups using membership rules are more dynamic in nature and provide
significant flexibility for managing who belongs to which groups and therefore should be granted what
resources.
Organization
An OIM organization is meant to represent a business function or regional department, such as Sales,
Product Development, North America Business Unit, and so on. OIM organization objects can be
nested and therefore represent real-world organizational hierarchies. An organization is different
from a user group because a user can have at most one organization, but it can have multiple user
group associations at the same time
Access Policy
An access policy is a way in OIM to map who should have access to what resource. The overall mapping
from the user to the resource can be made up of mappings from the user to user groups and from
user groups to resources. In addition to controlling the resource, it is possible to control each user’s
11. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 10
privileges within each resource by associating application-level privileges to user groups in the access
policy. For example, it is required that two user groups, “Data Analyst” and “Data Administrator,”
should both be provisioned to access the same database application but with different database roles
(such as analyst and DBA).Mapping of user group to database roles can be set inside an access policy.
Resource Object
A resource object is an OIM object representing a logical resource for which users need to have
accounts created. For instance, you can have OIM resource objects called “e-mail Server” and
“Customer Database.” A resource object can represent almost anything, from applications, databases,
and operating systems, to physical assets and any other entity relevant to provisioning.
A resource object is used to track which users are provisioned to what logical assets. It can report on
the current list of users who are provisioned to the E-mail Server resource in our example. Resource
objects are also used to design approval workflows and policies around those workflows that are
application-centric. So, for example, if a specific person is assigned to approve all new accounts to the
e-mail Server system, resource object can be set to that condition in workflow rule.
OIM resource objects do not represent the physical resources themselves and therefore do not
contain physical details (such as IP addresses, server hostnames, and so on). For physical server
representations and details, OIM provides the concept called IT resources.
IT Resource
An IT resource is a physical representation of a logical resource object. It holds all the physical details
of the resource for which a new user is provisioned. If, for example, you have a resource object called
Customer Database, you need to also define one or more corresponding IT resource objects that
representthe physical characteristics of the resource (suchas server hostnames,IPaddresses, physical
locations, and so on). This information is used by the OIM integration engine when it needs to
communicate with those servers to complete a provisioning-related task.
The specific set of attributes of an IT resource is highly dependent on the type of system on which the
account is being created (relational database IT Resources expect schema names and passwords; LDAP
servers IT Resources expect names places and directory information tree details).
OIM allows you to define an IT resource type that acts as a template to define a specific data model
for certain types of IT resources.
User Provisioning Process
A user provisioning process looks similar to any other business process. It represents a logical flow of
events that deal with creating accounts within enterprise resources to make a new user productive.
Every provisioning process uses some fundamental building blocks, and the following sections provide
different levels of sophistication in user provisioning. Choice of sophistication level should, obviously,
depend on the requirement and sensitivity of the particular resource.
Discretionary Account Provisioning
Discretionary account provisioning is a style of provisioning by which an existing OIM administrator or
privileged user can provision a user to an application in a discretionary manner. Inherently, a
discretionary methodis less consistent and leaves itup to the administrator to know what to do, rather
than using a codifying a policy in the provisioning process. By default, this style of provisioning is
automatically set up when an OIM is set up with an application using a packaged connector. And
typically enterprises use this as a baseline to start designing and implementing their automation rules
to make the process less discretionary.
12. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 11
Typically, discretionary provisioning is useful for enterprises that are looking to take the first step from
manual provisioning processes to a basic level of automation and centralization. Also, if the enterprise
lacks formal governance rules and policies around access to systems and information, handling
provisioning requests in a request-based manner might be the inevitable first step. However, if OIM
has been put in place, you can accelerate your path to better provisioning automation by leveraging a
lot of the built-in features of OIM, such as allowing users to make new requests through OIM and
performing basic maintenance tasks such as password resets.
Self Service Provisioning
The discretionary account provisioning requires an administrator or a privileged user to initiate the
provisioning process. In other words, users will still need to make a phone call or send an email to the
administrator to request a new account in an application. However, OIM can be easily configured so
that users can communicate entirely through the OIM framework when requesting access to new
resources.
Over the past few years, self-service user provisioning has been a popular solution especially when
delivering simple capabilities such as resetting passwords and requesting accounts in new systems and
applications. It can greatly reduce the burden on administrators for performing highly repetitive tasks
of manually inputting data from paper forms submitted by an end user. However, enabling the self-
service capabilities on resources usually leads to some manual oversight, typically enforced through
approval workflows that allow administrators to verify and sign-off on requests from end users.
Without such approvals, the resource might as well be a fully public resource.
Workflow-based provisioning
A workflow-based provisioning process gathers the required approvals from the designated approvers
before granting a user access to an application or another resource. For example, the Finance
application might require that every new account request be approved by the CFO to maintain tight
control of who gets to see sensitive financial information.
Access Policy Driven Provisioning
Access Policy Driven Provisioning is response to a basic question as in “Who should have access to
what resources?” Access policy can be implemented through OIM Admin console, and has four
facets - what is provisioned, when it is issued, what not to be provisioned, and who this is for. Steps
required to set up access policy are as follows
1. Create an select Access Policy under OIM Admin console
2. Select the resource(s) to be provisioned under the chosen access policy
3. Set the date this for which access needs to be issued
4. Select the resource(s) that should be denied to the user through this access policy
5. Select the user groups that apply to this access policy
OIM Provisioning Integration
User provisioning has become a critical problem for most enterprises looking to lower their
administrative burdens of account management while also trying to reduce risk by centralizing the
control for granting access to important applications. Instead, with a user provisioning solution, new
account creation tasks can execute in a consistent manner, whereby certain approvals and
verifications are mandated before access is provided to new users.
The other critical user provisioning challenge is a technical one—system integration. A typical
enterprise has a wide-ranging set of applications built on different technologies, standards, and
semantics and therefore centralizing the account creation process is often an integration nightmare.
13. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 12
Choice of integration between OIM and an external target systems falls into one of the following
categories:
Prebuilt connectors A specific connector implementation for a specific system or application (such
as Active Directory, PeopleSoft, SAP, DB2, Oracle Database, and so on).
Generic Technology Connector A connector for commonly-used formats and industry standards
(such as flat files, Web Services, and Service Provisioning Markup Language).
Prebuilt connectors
OIM provides a connector pack that bundles prebuilt and packaged connectors to most third-party
systems of all types, including databases, enterprise resource planning (ERP) applications, operating
systems, Lightweight Directory Access Protocol (LDAP) servers, and so on. Setting up these connectors
in OIM is a fairly straightforward process:
1. Copy the connector files to the OIM server.
2. Import the connector’s (XML-based) descriptor file into the OIM repository through the Deployment
Manager section in the OIM web console.
3. Define the IT resources associated to this connector
Through this connector install process, OIM automatically creates the foundational elements of the
new resource by creating the necessary resource, IT resource(s), and IT resource type objects
associated to the connector. At this point, the environment is ready for basic request driven
provisioning.
Generic Technology Connector
As enterprises are looking to automate provisioning to all types of applications (enterprise and
departmental), Oracle needed a solution that targeted those applications and systems with a simpler
approach to provisioning. The GTC supports simple integrations to custom-built applications or other
systems that rely on simpler data exchange formats such as comma-separated fields. It also supports
many industry standard protocols such as Service Provisioning Mark-up Language (SPML). The GTC is
an example of a packaged integration used for a common set of applications that can read and
exchange information in a standard format. While the GTC does not necessarily solve complex
integration scenarios, it does provide a quick integration to medium- to low-complexity applications.
A GTC-based integration provides a set of packaged functionalities, known as “providers,” to perform
the different types of actions needed to execute an end-to-end user provisioning process. The process
runs starting from identity data reconciliation from a source system to provisioning to a target
application.
The GTC is a useful choice whenever you’re dealing with applications that can support simpler or
standard data exchange formats, such as comma-separated files or the SPML format. The typical cost
to set up and maintain a GTC-based integration is much lower than that of other types of OIM
integrations. Unlike the prebuilt connectors, the GTC code is shipped with the OIM server so there is
no need to install additional software.
Conclusion
Oracle Identity Manager is the most flexible and scalable enterprise identity administration and user
provisioning application available on the market. With its innovative and advanced feature set, OIM
helps an enterprise to reduce security risk, reduce the cost of compliance, and greatly improve service
level and end-user experience. Its flexibility to integrate with Oracle and 3rd party applications and
14. BRISTLECONE INDIA PVT. LTD. | WHITEPAPER 13
being a part of the Oracle Identity Governance Suite makes it an ideal choice to start or compliment
an existing identity management deployment as an enterprise advances to reach its identity and
access governance goals.