19.03.12
1
<Insert Picture Here>
Oracle Identity und Access Management Solution Overview
Suvad Sahovic [email protected]
© 2011 Oracle Corporation – Proprietary and Confidential
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.
Oracle Fusion Middleware
3 Copyright © 2010, Oracle. All rights reserved
19.03.12
2
Oracle Identity Management Stack Complete, Innovative and Integrated
• Password Management
• Self-Service Request & Approval
• Roles based User Provisioning
• Analytics, Policy Monitoring
• Risk-based Access Certification
• Privileged Account Management
• Single Sign-On & Federation
• Web Services Security
• Authentication & Fraud Prevention
• Authorization & Entitlements
• Access from Mobile Devices
• LDAP Storage
• Virtualized Identity Access
• LDAP Synchronization
• Next Generation (Java) Directory
Platform Security Services Identity Services for Developers
Identity Governance Access Management Directory Services
Oracle Identity Management Oracle + Sun Combination
Oracle Platform Security Services
Access Management* Identity Administration Directory Services
Access Manager Adaptive Access Manager Enterprise Single Sign-On
Identity Federation Entitlements Server
Identity Manager Directory Server EE
Unified Directory Internet Directory Virtual Directory
Identity Analytics
Management Pack For Identity Management
Operational Manageability
Identity & Access Governance
*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
5 Copyright © 2010, Oracle. All rights reserved
© 2011 Oracle Corporation – Proprietary and Confidential
Oracle Identity Manager
19.03.12
3
Oracle Identity Lifecycle
1. Hire Process
10. Leave Process
9. Reporting
8. Attestation Recertification
7. Delegated Administration
2. First User Login Self Registration
3. Manager Self Service
4. User Self Service
5. Forgotten Password Reset
6. Change of HR Data
Oracle Identity Manager
Policy based Provisioning
New Employee/Student
HIS
Provisioned Applications
Revoked Applications
Reconciliation Engine
Identity Store
Access Policy Workflow Connector Role
Student Approval Self Service
Automated De-Provisioning
Identity Store
Reconciliation Engine
Terminated Employee/Student
HIS
Oracle Identity Manager
Revoked Applications
Connector Provisioning Workflow
Manual Task Revoked Device
19.03.12
4
10
Oracle Identity Manager 11g Architecture
Oracle WebLogic Server and Oracle Standard Install/Upgrade
Resource Access Administration
Provisioning Reconciliation Connector Framework
User, Role, Org Admin
Delegated Admin
Request Management/Approval WF
Shared Services for Identity (SSI)
Oracle Fusion Middleware Services
SOA Suite OES OVD JRF (ADF/MDS/OPSS)
BI Publisher Enterprise
Manager
Domain Template Management OPatch Patching Oracle Upgrade
Assistant
ID Store Operational DB Audit DB
OUI Install and Post Install Config
Data Tier
Scheduler
Administrative & User Console
JDeveloper Connectors SPML WS &
Java API
Oracle Identity Manager Connectors
Database Servers
Directory Servers
Enterprise Applications
Enterprise Messaging
Operating Systems Security Management
Help Desk Web Access Control
RACF ACF2 TopSecret
Connector Integration
Adapter Factory Visual Integration Development Environment
GUI Driven Java Code Generator
Identity Connector Framework Common Codebase with Oracle/Sun Waveset
Out-of-The-Box App Specific Connectors
e.g. eBusiness, SAP, AD, Notes, RACF
Out-of-The-Box Generic Techology
e.g. WS-SPML, Flat Files, DB
19.03.12
5
University Scenario
Identity Store
Oracle Identity Manager
Connector
New Employee
HIS SVA
New Student
HIS SOS
HIS QIS
Bibliothek
LDAP/JDBC
LDAP
JDBC/CSV
HIS INONE
LDAP
JDBC/CSV
JDBC/CSV
Reporting - OOTB
Reporting - advanced
19.03.12
6
© 2011 Oracle Corporation – Proprietary and Confidential
Oracle Access Manager
Oracle Access Management
• Comprehensive security for applications, data, documents and web services
• End-to-end authentication, single sign-on, and fine grained application protection
• Innovative anomaly detection, transaction security, and multi-factor authentication
• Extensive 3rd party integrations
Oracle Access Management Suite Plus Entitlements Server Adaptive Access Manager
Access Manager
• Entitlements Management
• Fine Grained Authorization
• Web Access Control • Single Sign-On
• Risk-based Authentication
• Real-time Fraud Prevention
Identity Federation
• Partner SSO & Identity Federation
• Fedlet SP integration
OpenSSO STS
• Security Token Management
• Identity Propagation
19.03.12
7
Oracle Access Manager Product Architecture
Identity Repository
Access Server
Webgate
Accessgate
ASDK
Policy & Config
Oracle Access Manager
Gartner MQ User Provisioning H2 2011
Gartner Marketscope Web Access Mgmt. H2 2011
Gartner Magic Quadrant for Identity and Access Governance H2 2011
Gartner Marketscope ESSO H2 2011
Identity Management Market
21 Oracle Confidential, Not for Redistribution
Identity Administration Customers