oracle identity and access management suite rafael torres sr. solutions architect...
TRANSCRIPT
Identity ManagementBusiness Value
“Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling
regulatory compliance.”
Business Challenges
• Trusted and Reliable Security
• Efficient Adherence to Compliance
• Lower Administrative and Development Costs
• Enable Online Business Networks
• Better End-User Experience
Regulatory Compliance• Privacy & Security Regulations
• Safe Harbor laws (EU & others)• Gramm Leach Bliley Act (GLB-Act)• US Patriot Act • HIPAA• US Homeland Security Policy Directive (HSPD-12)
• Financial & Market Regulations• SOX (Sarbanes-Oxley or SarbOx)• Japanese SOX (expected in 2008)• Basel II• UK Companies Act
Oracle Differentiators
Most Comprehensive, Best-In-Class Suite
Hot-pluggable and Open
Application Centric Identity Management
Oracle Identity ManagementBest-of-breed, Complete & Differentiated Portfolio
Area Oracle Sun CA HP IBM NOVL BMC
Federation Oracle Identity Federation P Web Access Mgmt Oracle Access Manager Web Svcs Security Oracle Web Services Manager ESSO Oracle Enterprise Single Sign-
On P
Del Admin Oracle Access Manager Pwd. Mgmt. Oracle Identity Manager Provisioning Oracle Identity Manager Ent. Role Mgmt Oracle SmartRoles (TBA) P P P
Meta Directory Integration Platform AuthN/PKI Oracle Certificate Authority Virtual Dir Oracle Virtual Directory P
Directory Oracle Internet Directory P
Faster ROI Higher Quality Lower Risk
•P = Partnership
Hot-pluggable, Heterogeneous Support
Applications
Directories
Application/Web Servers
Operating Systems
Groupware
ACF-2 & TSS
Portals
RACF
Application-Centric Identity Management
• Comprehensive, loosely coupled, out-of-the-box integrations with business applications
• An integral component of a wider application development and deployment framework
• Architected for future SOA application environment
• Identity management as a re-usable service for all applications
Oracle Identity and Access Management Suite
Overview
Key Areas of Identity Management
• Access Control• Single Sign-On• Identity Federation• Web Access Control• Web Services Security*
• Identity Administration• User, Role Management• User Provisioning
• Identity Infrastructure• Virtual Directory• Directory
*Oracle Web Services Manager licensed separately from the Identity and Access
Management Suite
Enterprise Identity Management
NOS/DirectoriesOS (Unix)
Systems & RepositoriesApplications
ERP CRM HR Mainframe
Auditingand
ReportingPolicy and Workflow
EmployeesIT Staff SOA Applications
Partners
External
Delegated Admin
SOA Applications
Customers
Internal
Identity Management Service
Access Management•Authentication & SSO•Authorization & RBAC• Identity Federation
Identity Administration•Delegated Administration•Self-Registration & Self-Service•User & Group Management
Directory Services•LDAP Directory•Meta-Directory•Virtual Directory
Identity Provisioning•Agent-based•Agentless•Password Synchronization
Monitoringand
Management
Oracle Identity Manager
• Features• Automated user provisioning and
de-provisioning• Rich, flexible connector framework • User-friendly request & policy wizards• Sophisticated workflow & reconciliation engines• Unique compliance automation & reporting
• Benefits• Reduced administration cost• Improved end user experience• Critical for regulatory compliance• Improved security
• Differentiators
• Enables compliance via comprehensive audit history and periodic attestation framework
• Powers largest global provisioning implementation by number of targets
• Adapter Factory significantly lowers the TCO of customers’ solutions over time
HRMSUser
created or removed in HR system
Business Applications
Workflow;Assign or
revoke roles,
privileges
Application Driven Identity
SystemProvision
accounts and access rights
Oracle Identity Federation
• Features• Identity and trust sharing across business
partners, both as Service Provider (Hub) or Identity Provider (Spoke)
• Lightweight, multi-protocol gateway – SAML, Liberty, WS-Federation
• Integrates with leading Identity Management platforms
• Benefits• Reduced cost of interaction between business
partners• Reduce administration cost• Deliver improved end user experience
• Differentiators• Self-contained, easy to deploy solution• Flexible deployment configurations• Rich, 100% web-based configuration interfaces
for improved administrator and end user experience
• Proven scalability - large production deployments
Oracle Internet Directory
• Features• Full feature LDAP server with a
RDBMS data-store• Industry leading scalability and
HA capabilities• Strong Oracle Platform integration• VSLDAP certified and EAL4 compliant
• Benefits• Reduced operational cost with
Oracle Grid support• Seamless integration with Oracle Applications and
Products
• Differentiators• RDBMS backend provides proven scalability &
performance• Rich, built in auditing of all events and operations• Flexible data replication and redundancy features• Ships with built-in directory integration functionality
Oracle Virtual Directory
• Features• Virtualization, Proxy, Join &
Routing capabilities• Modern Java & Web Services technology• Superior extensibility• Scalable multi-site administration• Direct data access
• Benefits• Perform Real-time directory integration• Accelerate application deployment• Lower development costs
• Differentiators• Lightweight & flexible architecture• Supports true virtualization without local
cache, enabling stringent policy or privacy requirements
• Modular architecture supports the addition of connectors to a wide array of identity stores
LDAP
VDE DIRECTORY ENGINE
WEB GATEWAYWEB SERVICES WEB GATEWAY
JOIN VIEW
LocalStore
LDAP DB NTCustom
Oracle Access Manager
• Features• Multi-level, multi-factor authentication• Web and App server level authorization• Workflow driven Self-service & Delegated
administration• Services-based architecture eases integration
with existing IT infrastructure• Benefits
• Policy-based access management• Centralized and consistent security
across heterogeneous environments• Reduced administration cost• Increased IT governance and compliance
readiness
• Differentiators• Administrative scalability via workflow and
delegation• Access control leverages up to date identity
information• Comprehensive auditing to a common database
Authentication
Authorization
Identity Admin
Oracle Enterprise Single Sign-on (ESSO) Suite
• Oracle ESSO Logon Manager is an event-driven single sign-on solution that eliminates the need for end users to remember and manage their sign-on credentials
• Oracle ESSO Password Reset enables end users to reset their Windows password from a locked workstation (note: also available stand-alone)
• Oracle ESSO Authentication Manager enables end users to authenticate with forms of strong authentication and grant specific levels of access based on the form of authentication
• Oracle ESSO Provisioning Gateway enables OIM to add, edit and delete credentials within an end user’s Oracle ESSO credential store
• Oracle ESSO Kiosk Manager provides fast user switching and sign-on/sign-off support for kiosk users
Oracle Identity and Access Management Suite
Case Studies
Case Study – Manitoba Telecom Services
• Initial deployment for Internet, TV, and Mobile customers
• Planned to include VOIP Users and MTS supported ISP subscribers
• Enables MTS to be competitive in a very competitive marketplace for telecom and multi-media content services
BUSINESS CHALLENGE
• Needed to integrate and rapidly deploy new and old services (Internet, mobile, TV, content, local phone, and long distance phone)
• Needed to provide head of household ability to manage accounts and privileges for self and other members of household
• Wanted to base new services on telecommunication standards-based framework: IP Multi-media Subsystem (IMS)
• Wanted comprehensive technology to address in internal users, external households, and both providers and consumers of MTS services
RESULTS
ORACLE SOLUTION
• Oracle Identity and Access Management Suite
• Oracle Access Manager for Single Sign-On and Delegated Administration to head of household
• Oracle Identity Federation for providing system access to providers and consumers of MTS services
• Oracle Internet Directory to provide robust directory solution built on top of Oracle database
• Oracle Identity Manager (with 11 connectors) to provision employees to internal systems
Case Study – Scottish Government
• IAM will authenticate Citizens and Govt. employees when they access the system either via the Council Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal site where the Citizen Account will be running
• Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M Citizens of Scotland where they can change personal details only once across multiple agencies as well as enroll for entitlements
BUSINESS CHALLENGE
• Fragmented customer records and no single source of Citizen info across Scottish Govt.
• Need to integrate to the UK Government Gateway so that users can access the Citizen Account (single, electronic customer record)
RESULTS
ORACLE SOLUTION
• The Scottish Govt., National Infrastructure Project selected Oracle Identity and Access Management Suite beating out Software AG
• Suite will integrate UK Govt. Gateway
• Working with Sopra, Newell and Budge as the prime contract provider
Problem: • Number one identified problem by USPS employees: too many
passwords• Very large scale environment: 3 million users with over 155,000
knowledge workers• Thousands of known applications, many beyond central IT
reach• Very limited IT staff to implement and maintain• CTO wanted a solution that could be fully deployed in less than
a year
Solution:• Evaluated 7 different SSO vendors selected v-GO SSO• 155,000 users deployed in less than 8 months• Over 7,000 applications enabled • Helpdesk password calls dropped from >1,000 per day to an
average of 10 per day• Saved over $4 million per year
“Passlogix was
instrumental in
helping the USPS
solve its most
critical end user
problem –
forgotten
passwords – and
solve it
quickly.”
Bob OttoCTO
Analyst Endorsements
Leader in User Provisioning! Gartner, April 2006
“[Oracle] has amassed a very strong management team and IAM technology portfolio … Its IAM road map looks the best of all vendors.”
“Oracle’s offering of IAM products now pushes ahead of other IAM competitors such as BMC, Computer Associates International,
Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems”- Roberta Witty, Gartner (Nov 2005)
“Oracle's acquisition of Thor and OctetString is a good move. These acquisitions coupled with Oracle's unique application top down approach to Identity Management will send ripples through the
industry.”- Mike Neuenschwander, Burton Group (Nov 2005)
“Oracle has an advantage and early lead with its top down application strategy that is aligned with customer needs.”
- Chris Christiansen, IDC (Nov 2005)
More Analyst Endorsements
Learn the Technology• Visit: oracle.com/identity
View whitepapers, buyer’s guides, and webinars
Try the Software• Visit OTN: otn.oracle.com
Download software, get technical information
Ask Our Experts• Call: 1-800-438-0626
Speak with an Identity Management specialist
Learn More
AQ&