Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Published byLoreen Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation."— Presentation transcript:

1

2

3 Access and Identity Management for Enterprise Portals
Rohit Gupta Director, Identity Management Product Management Oracle Corporation

4 Topics Introduction – portal identity management issues
Identity consolidation Password and identity administration Centralized authorization and authentication Automated user identity provisioning Federated identity support Summary and conclusions

5

6 Oracle Fusion Middleware Application Platform Suite
Integrate Orchestrate Develop Analyze Deploy Access Secure Manage

7 Oracle Portal Aggregates Customers Web Applications
Packaged Apps Internet / intranet Users Page Assembly Engine Portlet Engine Personalization Portal Runtime (User, Session, Management Any Data Source Wireless & Mobile Reduce web sites, simplify searches & navigation Single sign-on security framework, enterprise search Assemble portals from pre-built “portlets” and Web Services Personalize portals by user / role Any Web Site

8 Identity Management Challenges for Customers Deploying Portals
Problem Issue for users Issue for administrators Lack of centralized user identity management Too many identities and credentials to manage Frequent calls to the helpdesk for password resets Lack of centralized web authorization and authentication service Multiple log-ins to different applications within the enterprise Inconsistent application security policies Manual user provisioning process Delays in getting needed access to applications Labor intensive, error prone, and difficult to keep in compliance Lack of identity federation support Multiple log-ins to applications hosted outside the enterprise Managing authorization credentials for outside users

9 What is Identity Management? Securing your IT assets from within
Management of digital user identities through their complete lifecycle Employee hire -> promotion -> departure Securing access to applications and information Authentication: proving you are who you say you are Authorization: what you have access to, when, where Scalable and available storage of identity information Profile: roles and attributes about you Identity Management is fundamentally about securing access to your organization’s information assets from within the enterprise. At it’s core this represents the efficient management of typically thousands of user accounts across hundreds of applications, from the time user accounts are created to through their complete lifecycle including role changes and termination. Identity Management has three fundamental components: Authentication, which consists of being able to verify who you are, I.e. username/password in most cases Authorization, which defines policies for what data and resources a user has access to Profile, attributes about you, such as your name, title, role, contact info, groups belonged to, etc.

10 Oracle Identity Management
Access Control Single Sign-On Identity Federation Web Access Control Web Services Security Identity Administration User, Role Management User Provisioning Identity Infrastructure Virtual Directory Directory We are now going to quickly highlight some of the key areas of Identity Management. Our discussion today is going to be based mostly around these topics. On the subsequent slides we’ll highlight key functionality and benefits offered by each of these functional areas.

11 Identity Consolidation

12 Identity Consolidation Overview
Oracle Portal includes Oracle Internet Directory as a user management repository Frequent deployment requirement for integration with Enterprise directories Application directories User repositories Oracle Virtual Directory and Directory Integration Platform facilitate portal integration with these environments

13 Oracle Internet Directory
Features Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle Platform integration VSLDAP certified and EAL4 compliant Benefits Reduced operational cost and improved availability with Oracle Grid support Seamless integration with Oracle Applications and Products Scalability Millions of users 1000’s of simultaneous clients High availability Multimaster & Fan-out replication Hot backup/recovery, RAC, etc. Manageability Grid Control multi-node monitoring Security Flexible authentication mechanisms Role & policy based access control Auditability Extensibility & Virtualization Plug-in Framework Attribute and namespace virtualization External authentication Custom password policies Certifications Open Group VSLDAP Certified Common Criteria EAL4 Compliant

14 Directory Integration Platform
External Directories Directory Integration Service Sun1(iPlanet) Active Directory Oracle Internet Directory Oracle HR Oracle DB OpenLDAP eDirectory Connectors

15 Oracle Virtual Directory
Features Virtual, real-time LDAP application views of directories, databases and other user repositories Modern Java & Web Services technology Virtualization, Proxy, Join & Routing capabilities Superior extensibility Scalable multi-site administration Direct data access Benefits Rapid application deployment Tighter controls on identity data Realtime identity information access

16 Directory Deployment Options
Portal/Access Mgmt System Portal/Access Mgmt System Oracle Internet Directory/DIP Oracle Virtual Directory Point of Administration Other Directories and Repositories Other Directories and Repositories Points of Administration

17 Benefits for Portal Deployments
Extremely scalable, highly-available LDAP directory option for any portal deployment Ready integration with enterprise user repositories; rapid deployment in any environment Flexibility in how and where user information is administered

18 Password and Identity Administration

19 Password and Identity Administration - Overview
Basic user administration is provided in the Portal environment Oracle COREid Identity provides richer enterprise user administration functionality, including Self-service Delegated administration Customized approval workflows COREid Identity functionality integrates into Oracle Portal applications, providing a unified look and feel

20 Oracle COREid Identity
Features Web application for user, group, and organization management Self Service and Self Registration functionality Password Management Delegated Administration Unified Workflow Benefits Reduced operational costs through user self-service Efficient management of large user populations

21 Integrated User Administration
PresentationXML and Portal Inserts allow Portal customers to customize the look-and-feel of Oracle COREid and seamlessly integrate its functionality into portal applications. Finally, to provide a high-quality, customized user experience, these administrative tools need to integrate into the look-and-feel of the portal environment. Using mechanisms call PresentationXML and Portal Inserts, Oracle COREid integrates easily and seamlessly into the portal. WebPass Web Server Oracle COREid Identity Server Web Server LDAP Directories User

22 Self-Service and Delegated Administration
Site 1 3 End Users Self-service Change identity profile Password changes Initiate workflow changes WebPass Site 2 1 Delegated Administrator 6 End Users Delegated administration Create and delete users at site Ongoing management of users at site Approve workflow changes Web Server Oracle COREid Access or other access manager Step 4: User role automatically updated in directory Site 3 2 Delegated Administrator 8 End Users An important aspect of customization is managing and administering the user’s identity, organizational roles, application preferences and credentials such as passwords and PINs. We saw how this was accomplished using Oracle COREid…. Step 3: Extranet team approves change Extranet Team Oracle Internet Directory or other LDAP-based Directory Server Step 2: Delegated administrator approves change Step1: End User requests change to role

23 Benefits for Portal Deployments
Oracle Identity Management reduces administrative burden and cost Administer Portal and enterprise users with a single application Support multiple levels of delegated administration of Portal user communities Self-service ROI by allowing users to perform password resets, role requests and manage identity information Automate approval workflows for user access requests

24 Centralized Authorization and Authentication

25 Centralized Authorization and Authentication - Overview
Oracle Single Sign-On addresses authentication for the Oracle application environment COREid Access provides authentication and access management for a wide variety of third party application environments The two components work together to provide a seamless application experience for users, and a single point of access control for administrators

26 Oracle COREid Access Features Benefits
Scalable web access management solution Common policy management across applications Multi-level, multi-factor authentication management Web Services interfaces Benefits Centralized and consistent security across heterogeneous environments Reduced administration cost Improved end user experience Better compliance Dual purpose role Stand alone product Common Services Platform for Oracle eBus, PeopleSoft, JDE, Retek, iFlex, App Server, Portal, OCS… Provisioning Console Front end UI, Target Registration, Workflow SOA Enabled Identity Management BPEL Integration “Entity” Management Verizon (Telco) Manage 50M entries Highest possible availability Geographical distribution AT&T (Telco) Scalable Customer Directory 25M entries for various applications Shanda (China online gaming company) Scale to 200M users started with 50M user Highly available Directory based on combined directory replication and OracleAS cluster with RAC DB Centralize control of security policies and authentication

27 Single Sign-On to Heterogeneous Applications
Oracle Applications OracleAS SSO Other Enterprise Applications Oracle Internet Directory App Servers Access Server SDK Single Sign-On Packaged eBusiness Apps Oracle COREid Access As we have seen, deploying a portal involves aggregating a number of enterprise applications into a single interface. Controlling access and authorizations to these applications is essential to the organization's security policy, and to the user experience. Here we show some of the Oracle technology involved in making this happen … Portals Sun Directory Services Static HTML content Virtual Directory Server Microsoft ADS Mainframe Systems

28 Benefits for Portal Customers
Users have single sign-on to all applications accessed through their portal Administrators have a single point of control for authentication and authorization Oracle access management is pre-integrated with Portal and other Oracle applications and offers out-of-the-box integration with other enterprise applications, portals and application servers

29 Automated User Identity Provisioning

30 Automated User Identity Provisioning - Overview
Provisioning users to an enterprise portal typically involves also provisioning them for a number of applications Oracle, 3rd party, custom developed Running on a variety of platforms Internal processes for granting/terminating application access can be quite complex Handling these in a secure, efficient and compliant way requires automation Oracle Xellerate Identity Provisioning integrates with the portal and the backend applications to provide these capabilities

31 Xellerate Identity Provisioning
Features Identity life-cycle management for the heterogeneous enterprise Complete workflow for approvals Connectors for OS’es, DBs, Directories, Groupware, Apps, etc. Direct connectivity to HR Compliance reporting and account reconciliation Benefits Reduced administration cost Critical for regulatory compliance Improved security through centralized administration Provisioning Application COREid Identity Administration Server Provisioning Server – Interfaces with BPEL engine Provisioning Tools, APIs and Web Services Provisioning Meta Data Provisioning Process and Sub-process Templates Policy Data Process Designer Graphical tool to model a business process Customers use this tool to create their provisioning process from the shipped templates BPEL Orchestration Engine Executes various BPEL processes for user provisioning Identity and Account Repository To store identity and account information for users, groups Broad directory support Provisioning Connectors For Oracle Ebiz Suite, Peoplesoft, JDE, SAP, Lotus Notes, RACF and others Pre-packaged with sub-process templates for each Administer users and groups Using COREid Identity Administration Rich delegated administration capability End-user self-service Workflow for creation of users and groups, requests and approvals Provision user accounts in Oracle and custom apps Using Oracle’s provisioning server Configure provisioning targets through command-line tools Built-in events notification engine Built-in attributes mapping engine Continued support for MIIS, where needed For 3rd-party application provisioning Leverage industry standards (BPEL, SPML) For provisioning workflow and policy management For JCA-based provisioning connectors Graphical rule-based provisioning policy and workflow management Automatic account discovery and reconciliation Graphical attributes mapping Graphical configuration of connectors New provisioning connectors For PeopleSoft, JDE, SAP, Siebel, IBM Domino/Notes, Exchange, IBM RACF, AS/400 and other 3rd-party packaged applications and systems

32 Benefits for Portal Deployments
Efficient enterprise portal user management Rapid on-boarding of new users Improved application security No “old” user accounts in the system Improved ability to address compliance requirements No rogue or orphan accounts

33 Federated Identity Support

34 Federated Identity Support - Overview
Portals often have a need to service users across administrative domains Inter-agency, partners, customers, etc. Emerging, web services standards are addressing these requirements SAML, Liberty Oracle COREid Federation provides portal applications the ability to participate as federated identity and service providers

35 COREid Federation Features Benefits Seamless SSO and Identity Sharing
Multi-protocol gateway – SAML, Liberty, WS-Federation Service Provider or Identity Provider Flexible deployment configurations Standalone for use with pre-existing web-access management solution Protocol SDK for custom applications Benefits Secure integration with partners Reduce administration cost Deliver improved end user experience Part of Oracle Identity Management, a component of Oracle Fusion Middleware Umbrella for federation technologies solution: Standalone federation server Java based SDKs Liberty Alliance Certified Interoperable Oracle Secure Federation Server (OSFS) Self-contained package deployable on any platform 3rd party LDAP and authentication system support Load balancing and high availability Federation server with support for third party AAA infrastructures (Netegrity, Oblix, etc.).   Management/logging/auditing console will be specific to federation features/functions – i.e., the customer will not need to interact with the underlying Oracle stack.  Federation server will support J2EE standard management interfaces (JMX) and thus lend itself to be managed and monitored via management consoles and tools based on these open standards.  Highly scalable.  Support for Liberty ID-FF 1.1, 1.2, SAML 2.0 (available after specification ratifies) No dependency or requirement for third party application server. The Federation server will be capable of accessing resources/applications residing on third party application servers. Platform support for Linux, Windows, Solaris, HP, AIX, HP Tru64.   Installs via Oracle Universal Installer.  Capable of acting in the role of an Identity Provider or a Service Provider.  Capable of being pre-loaded on a standalone box – i.e. an organization acting in the role of a service provider can easily add partner IDPs by dropping in additional servers. Stand-alone, drop-in federation server product Can be both an IDP or SP Federation management admin console Configurable for integration with third party LDAP and AAA infrastructures Self-contained bundle All the necessary components to run are bundled Runs on any platform Full federation protocol support Web based management and monitoring Web-based administration console Configuration of federations, user data in the context of supported protocols Auditing and monitoring features Oracle Fusion Middleware OSFS can leverage platform-level features of Oracle Fusion Middleware Centralized management High Availability Web Services and Service Oriented Architecture (SOA) Oracle Identity Management Certified with Oracle Internet Directory, Oracle Single Sign-On and Oracle COREid Access and Identity Authorization, authentication and provisioning functionality Oracle products that leverage Oracle Identity Management: Oracle Database – OSFS to be certified against Oracle 10g Oracle Applications Oracle Collaboration Suite Oracle E-Business Suite

36 Example Federated Identity Single Sign-On Scenario
401k Benefits Site Employee Portal Employee Medical Benefits Site Federated SSO Federated SSO Identifier: Principal ABC Password: XXXX Sign On

37 Benefits for Portal Deployments
Portal users can transparently access applications of federation partners (such as travel agencies, employee benefits providers, etc.) Applications secured by Oracle Identity Management can be made accessible to partners through federation No need to manage these users locally No re-engineering of applications required

38 Summary and Conclusions
Enterprise portal deployments raise a number of management and security issues Oracle Identity Management enables Portal customers to: Support single sign-on of portal users to enterprise applications Provide rich user administration and self-service seamlessly integrated into the portal environment Manage enterprise portal and application users centrally Automatically provision and de-provision enterprise portal users Allow their portal users to access federated applications Make their portals available to partner access

39 Q & A

40 Please point your browser to http://www.oracle.com/identity
For more information Please point your browser to

41

Download ppt "Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation."

Similar presentations

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Virtual SharePoint Summit 2010 hosted by Rackspace Overcoming Collaboration Challenges with SharePoint Chris Samson Leslie Sistla Virtual SharePoint Summit.

Virtual SharePoint Summit 2010 hosted by Rackspace Overcoming Collaboration Challenges with SharePoint Chris Samson Leslie Sistla Virtual SharePoint Summit.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity and Access Management

Identity and Access Management
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Optimizing Business Operations Business Priorities Presentation.

Optimizing Business Operations Business Priorities Presentation.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution www.cognizancesecurity.com.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution

Similar presentations

Ads by Google