Solving Identity Fragmentation with Oracle Unified Directory

Size: px

Start display at page:

Download "Solving Identity Fragmentation with Oracle Unified Directory"

Patrick Mason
5 years ago
Views:

1 Solving with Peter Abrahamsson Technology Sales Consultant InfoSec Oracle Sales Consulting Centers 17 November, 2016

2 Silos Solving

3 stores seen as Silos Solving Apps Databases Enterprise Apps Servers Mobile Apps Databases HR departments Marketing Services

4 stores seen as Silos Solving Databases HR departments Marketing Services

5 Why consolidate identity fragmentation? Silos Solving Consolidation Single authoritative source of trust for: Applications Database Unix-Linux servers and on-premise Synchronization as a Meta-directory Better compliance and audit-ability Reduced application complexity Virtualization Unify multiple directories without data copy Unify hybrid data cloud and onpremise Accelerated application deployment No changes in data ownership No more data out of sync

6 Silos Solving worldwide spending on public cloud services will grow at a 19.4% compound annual growth rate -- from nearly $70 billion in 2015 to more than $141 billion in Worldwide Semiannual Public Services Spending Guide from ICD

7 Silos Solving Service Provider or Service Provider SAML 2.0 OAuth v2.0 and/or OpenID connect On premise SAML

8 Silos Solving Service Provider or Service Provider SAML 2.0 OAuth v2.0 and/or OpenID connect On premise SAML Legacy DSEE Dir Active

9 Service (IDCS) and hybrid Silos Solving 12% Public 71% Hybrid Public & Private 17% Private /Onpremise Source: Gartner

10 Service (IDCS) Silos Solving Oracle Management Hub ORACLE IDENTITY MANAGEMENT Standards and APIs Oracle Governance Oracle Access Management Oracle Services Oracle API Platform Service Oracle Service Management & Lifecycle

11 - all in one Solution Silos Solving Apps Databases Enterprise Apps Servers Mobile Apps Storage Virtualization Synchronization DSEE Active

12 and Virtualization Silos Solving Network Group Workflow Workflow Elements source/server Extension DSEE Active

13 Solving Silos Solving Business Case Single point of Access: Provide a single point of access for all applications in the cloud and on premise, hybrid. This will allow compatibility in the product set. /data Integration: the multiple fragmented that also have complex identity relations and overlaps that is inhibiting any quick solution. Integration with non-ldap sources: Integrate Fragments are residing in a database is also needed.

$pages App Federation SSO \$ $Legacy \ Workflow C Database$

14 Protected Resource IDCS configured as Provider White pages App Federation SSO \ Unified User OAM as Proxy Workflow A Active Workflow B Legacy \ Workflow C Database Workflow D Join(A+B+C) Active

15 Solving Workflow A Network group Workflow: ad-wf Silos Federation SSO OAM Trust Provider IDCS Unified User Solving Network Group as Proxy Proxy-WE: ad-we Server-EX: ad-ex Protected Resource Workflow Workflow Elements Whitepages App source/server Extension Active Active

received from the user as defined in the configured mode.

16 Solving Workflow A Silos Solving as Proxy Network group Workflow: ad-wf Proxy-WE: ad-we Server-EX: ad-ex How does it work? Proxy LDAP Workflow Element: This element retrieves connections from the LDAP server extension element and executes operations received from the user as defined in the configured mode. LDAP Server Extension: This element manages connectivity with a remote server by periodically checking the response from the remote peer and providing valid connections maintained by the connection pool. Active

17 Solving Workflow B Silos Solving Network group as Proxy Workflow: ad-wf Workflow: workflow1 Proxy-WE: ad-we Proxy-WE: load-bal-we Server-EX: ad-ex Server-EX: ds11 Server-EX: ds12 AD Acting as legacy

18 Solving Workflow C Silos Solving Workflow: ad-wf Network group Workflow: workflow1 Workflow: db1 How does it work? Configure a connection to most RDBMS databases that support JDBC. Map LDAP object classes and attributes to SQL tables and columns in the RDBMS to create virtual views of the RDBMS data. Does not required to make any modifications to the RDBMS. as Proxy Proxy-WE: ad-we Server-EX: ad-ex Proxy-WE: load-bal-we Server-EX: ds11 Server-EX: ds12 DB-Proxy-WE: orcl1 DB-Server-EX: orcl1 These operations are translated to the equivalent SQL queries to access data stored in the RDBMS: obind, ADD, DELETE, MODIFY, MODIFYDN, SEARCH AD Acting as legacy

19 Solving Workflow D Silos Solving Network group as Proxy Workflow: ad-wf Workflow: workflow1 Workflow: db1 Proxy-WE: ad-we Proxy-WE: load-bal-we DB-Proxy-WE: orcl1 Server-EX: ad-ex Server-EX: ds11 Server-EX: ds12 DB-Server-EX: orcl1 AD Acting as legacy

20 Solving Workflow D Silos Solving Network group Workflow: joined How does it work? Join participants and join rules. Define a dn or attr-based relationship between an entry in one source and an entry in another source, for example: (&(P1.userId = P2.uid)( (P1.deptNumber = P2.department)(P1.empNum = P2.empId))) as Proxy Join-WE: join-we Proxy-WE: ad-we Proxy-WE: load-bal-we DB-Proxy-WE: orcl1 Server-EX: ad-ex Server-EX: ds11 Server-EX: ds12 DB-Server-EX: orcl1 AD Acting as legacy

21 Protected Resource IDCS configured as Provider White pages App Federation SSO \ Unified User OAM as Proxy Workflow A Active Workflow B Legacy \ Workflow C Database Workflow D Join(A+B+C) Active

Solving Workflow D-2 Silos Solving Network group Workflow: joined Transformation-WE: trans-we How does it work? Create an instance of a workflow element of type transformations.

22 Solving Workflow D-2 Silos Solving Network group Workflow: joined Transformation-WE: trans-we How does it work? Create an instance of a workflow element of type transformations. Insert the transformation workflow element in the desired workflow elements list. as Proxy Join-WE: join-we Proxy-WE: ad-we Proxy-WE: load-bal-we DB-Proxy-WE: orcl1 Server-EX: ad-ex Server-EX: ds11 Server-EX: ds12 DB-Server-EX: orcl1 AD Acting as legacy

23 Solving Workflow D-2 Silos Solving There are plenty more! DNrenaming and RDNrenaming Pass through Authentication HideByfilter GetRidofDuplicate Kerberos Authentication Provider

24 Solving - Conclusion Protected Resource Federation SSO IDCS configured as Provider Unify multiple directories and data Identify sources without data copy Unify hybrid data cloud and on-premise Accelerated application deployment No changes in data ownership OAM No more data out of sync \ White pages App Unified User as Proxy Workflow A Active Workflow B Legacy \ Workflow C Database Workflow D Join(A+B+C) Active