Presentation is loading. Please wait.

Presentation is loading. Please wait.

OracleAS Identity Management

Published byLouise Short Modified over 5 years ago

Similar presentations

Presentation on theme: "OracleAS Identity Management"— Presentation transcript:

1 OracleAS Identity Management
Solving Real World Problems

2 Web applications are great ...
Inexpensive development Rapid deployment Access from anywhere BUT ….

3 …but they can be an administrative and usability nightmare!

4 Business Problem Many more users of your business system
Anyone with PC has potential access Not all users are employees or students partners, suppliers … and hackers Managing users is more complicated Authorized users need to access multiple applications Proliferation of accounts, passwords, privileges Critical business applications and data are online Real risk is greater, awareness of risk is also greater Legal mandates for protection of certain data Critical business applications and data are online Real risk is greater Old truism that 80% of breakins are from insiders is no longer true Awareness of risk is greater New technologies (e.g., web services) add unknown additional risk New regulations mandate protection of specific data Sarbanes Oxley (corporate financial/governance data) SB 1386 (private user information)

5 IT operational challenges
New employee or student enrollment Create identity and credentials for the user Create accounts for all applications he/she needs Define authorizations User’s organizational role changes (or user terminated) Automate privilege changes in applications Revoke accounts and authorizations for all applications he/she had access to Disable user’s identity and credentials

6 IT operational challenges, contd.
Manage user authentication securely Enforce password complexity Detect and prevent password attacks Implement efficient procedures for password resets Deploy a new application Integrate the application with corporate Portal Delegate administration Leverage an existing authentication service Automate account provisioning for the application Maintain synch among existing directories such as AD

7 IT operational challenges, contd.
Support complex deployment scenarios Deploy many applications and servers securely, with least privilege Decentralized IT administration High availability Support load balancers, firewalls, HW accelerators

8 Oracle’s Solution Security platform enabled by Oracle Identity Management Platform components with high assurance What specific problem area or customer pain point does this product address ? For example -- Businesses need to: Scale their Web sites and applications to accommodate growth Improve performance to meet rising customer expectations for user-driven, dynamic content (improve QoS) Maximize Hardware ROI and manage costs

9 What is Identity Management?
“Identity management is the process by which the complete security lifecycle for users and other entities is managed and controlled for an organization or community of organizations.”

10 Identity Management Infrastructure
An enterprise directory - Oracle Internet Directory (OID) Directory of users, groups, applications, roles & policies Meta-directory platform and connectors - Directory Synchronization Service (DSS) Access management services Single Sign-on (SSO) Centralized authorization repository (OID) Provisioning platform - Prov. Integration Service (PIS) Provisioning policy and account management tools Provisioning integration platform Provisioning event propagation, workflow automation Provisioning connectors

11 Identity Management Infrastructure
Delegated Administration Services (DAS) End user self-service tools Enterprise user, group and role management tools Application administration delegation tools Public Key Infrastructure Services Oracle Certificate Authority (OCA) Certificate / key archives Online certificate status Auditing and security monitoring services Enterprise audit policy management tools Central audit log archive and mining tools

12 Identity Management Benefits
Saves Money Centralized user management reduces admin cost Easier to automate and less error prone Improves Security By preventing fragmented security Enhances user experience Single password and Single Sign-on Personalization Delegated Administration and Self-service

13 Oracle Identity Management in Oracle Security Architecture
OracleAS 10g JAAS Roles, Component access Controls, Java2 Permissions,… Oracle 10g RDBMS Enterprise Roles VPD Label Security, .. E-Biz Responsibility Oracle E-Business Suite Oracle Collaboration Suite File privileges, Secure Mail, Interpersonal Rights granting Delegated Administration Services Provisioning Service OracleAS SSO 3rd Party Authentication Service Oracle Certificate Authority Oracle Internet Directory Directory Integration Services 3rd Party Directory Service OracleAS (9i or 10g) 4

14 Oracle Identity Management – Value Proposition
An enterprise infrastructure that leverages Oracle’s “unbreakable” technology reliability, scalability, security, performance Enables deployment of all Oracle products out of the box AS, DB, OCS, eBiz A single point of integration for customer’s existing identity management solutions Transparent 3rd party integration for OIM enabled products An open, standards-based infrastructure to accommodate variety of partner solutions and customer deployments Accommodate a wide variety of deployments and partner solutions.

15 Specific Problems and Solutions

16 New Student Enrollment
Create user in OID - creates user in Enterprise Oracle products recognize identity Third party (e.g., AD) provisioning via PIS Improved provisioning support through OIM Single user in OID Student System-based provisioning though PIS Windows (and other third party) integration via DSS Automated certificate provisioning with OCA

17 User’s organizational role changes
Change role and/or remove user from OID Directly via DAS or indirectly via PIS Immediately changes user in OIM-aware applications Other applications can be synchronized via DSS, PIS Dynamic group support in OID

18 Manage User Authentication Securely
Single Sign On OracleAS SSO for web single sign on Enterprise User Security for client-server SSO to database Multilevel authentication in OracleAS SSO 10g Windows Native Authentication Proxy authentication for multi-tier database access Advanced password management policies in OID Password history, Password hints and reset upon expiry IP address based lockout policies Centralizes password management for OIM-based applications

19 Manage User Authentication Securely, cont.
External authentication plug-ins for 3rd party LDAP DAS management of account lockout status DAS Self Service password hint and password reset Standalone database continues to support customizable password management

20 Deploy New Application
OID/SSO provide authentication and authorization services which are shared across enterprise Many hooks to leverage OID/SSO mod_osso JAZN Partner application toolkit Enterprise users (for database applications) PIS provides automated account provisioning DSS, PIS supports synch with existing directories

21 Deploy New Application, cont.
Direct JAAS integration with 3rd party directory via Loginmodule API DAS supports delegated administrative model Can delegate admin authority to components of overall directory tree Can delegate admin authority down to the attribute level New install/admin model in OracleAS ensures least privilege for instance administration

22 Windows Integration Windows Directory Connector for Oracle Internet Directory Pre-packaged solution for Windows directories Built on Oracle Directory Integration Platform Windows Native Authentication “Automatic logon” to AS based on Windows logon Improves Windows user experience Windows Authentication and Password Plug-ins “Referral” of authentication to Windows O/S; password synchronization not required Update of Windows passwords from Oracle administration tools

23 User Provisioning from Windows
Oracle Portal Oracle9iAS Single Sign-On Windows Environment 4 - User provisioned in Oracle environment Oracle E-Business Suite Release 11i 3- User synchronized with OID 1 - “Add user” 2 - User created in ADS Microsoft ADS Delegated Administration Console Oracle Internet Directory

24 Improved Admin Privilege Model
Least privilege for install/admin Separation of install and runtime admin privileges Privilege to administer one 9iAS instance doesn’t imply privilege to administer every instance Allows multiple 9iAS instances to share an infrastructure securely Greatly improves security for real world deployments

25 Case Study: Golden Gate University’s Legacy Environment
Operating systems: Solaris, Windows, MPE/ix, Netware, Mac OS, Digital Unix Hardware platforms: SUN (Sparc), Dell (Intel), HP 3000, Macintosh, DEC Alpha Databases: Oracle, SQL Server, Access, FoxPro, HP Image Development: Coldfusion, HTML, Javascript, UniBasic No common code, data, OS, management process, customer experience

26 GGU’s new Web Architecture

27 Summary Key Business Problem Address security threats
Manage users efficiently, intelligently Key Solution Features Complete security for real world deployments Pervasive High Assurance Common across Oracle Components Supports wide range of deployment options Identity Management Suite Integrated solution for Oracle products Enterprise scalability, reliability, performance

28 Summary, cont. Key Oracle Differentiators
Reputation for reliability, scalability, availabity, assurance Oracle offers nearly all the enterprise pieces App Server, database, apps, collab suite Security and Identity Management is pervasive, integrated

29

Download ppt "OracleAS Identity Management"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.

Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.
Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.

Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Similar presentations

Ads by Google