Oracle Identity und Access Management

Similar documents
Neues von der Oracle Identity Governance Suite. Dr. Stephan Hausmann

Oracle Identity & Access Management

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Oracle Identity Governance 11g R2: Essentials

An Introduction to Oracle Identity Management. An Oracle White Paper June 2008

Managing Large-Scale Identity Management Deployments - CON8045

Identity Management Solutions for Oracle E-Business Suite. An Oracle White Paper January 2008

The Benefits of Running JD Edwards EnterpriseOne on the Oracle Technology Stack. A.J. Schifano Principal Product Manager Oracle

Utilizing Oracle Standard Functionality and other Oracle tools to comply with Sarbanes- Oxley By Olga Johnson City of Detroit

Buyer s Guide for a User Provisioning Solution. An Oracle White Paper April 2007

Cisco Enterprise Mobility Services Platform (EMSP)

An Oracle White Paper May The Oracle Identity Management Platform: Identity Services at Internet Scale

PeopleSoft Enterprise and Oracle Fusion MiddleWare. Adam J. Laine Innowave Technology

Oracle WebCenter Interaction Statement of Direction. February 2009

Oracle Identity Manager 11g: Essentials

Primavera Analytics and Primavera Data Warehouse Security Overview

Translate Integration Imperative into a solution Framework. A Solution Framework. August 1 st, Mumbai By Dharanibalan Gurunathan

Extending Identity and Access Management to ios Mobile Devices

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Amol Bhandarkar Technology Specialist Identity & Access Microsoft

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

RSA Identity Management & Governance

ORACLE DATA INTEGRATOR ENTERPRISE EDITION

Extending Oracle Applications on Mobile Using Oracle MAF and Oracle Mobile Security

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Identity & Access Management Unlocking the Business Value

SAVVION PROGRESS BPM SERVER PROGRESS SAVVION BPM SERVER OVERVIEW

Oracle Identity Governance 11g R2 PS3

INTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES

Oracle Fusion Middleware 10g R2 Oracle Enterprise Messaging Service. An Oracle White Paper October 2006

HOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE

Accelerating Business Execution The Value of Fusion Middleware for Oracle Applications Customers. Leon Chen Sr. Sales Consultant Oracle

CHOOSE THE RIGHT IDENTITY & ACCESS MANAGEMENT SOLUTION

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

SAP Identity Management Overview

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

White paper June IBM Tivoli Identity and Access Assurance for healthcare

OPN Only Oracle SOA Suite 11g Implementation Boot Camp

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

IBM Fundamentals of Ent Solutions Using IBM Tivoli Security Download Full Version :

Oracle s Integration Strategy

Oracle Cloud for the Enterprise John Mishriky Director, NAS Strategy & Business Development

OIC LLC is our Oracle Partner name. It stands for Oracle Independent Consultants (OIC) LLC.

e-business on demand Competitive Technical Briefing Brought to You by the IBM Competitive Technical Laboratory

Oracle Identity Management: Making the Most of your Oracle HR Data

MOBILIZING ORACLE APPLICATIONS ERP. An Approach for Building Scalable Mobility Solutions. A RapidValue Solutions Whitepaper

<Insert Picture Here> Externalizing Identity

Employee Lifecycle Management in an R12 World

Oracle Identity Analytics 11gR1: Administration

ITSMA Release Release Readiness for Customers

<Insert Picture Here> Service Oriented Architecture

Understanding Your Enterprise API Requirements

Compliance Management Solutions from Novell Insert Presenter's Name (16pt)

Key Benefits of Novell ZENworks 10 Configuration Management. Enterprise Edition

Solving Identity Fragmentation with Oracle Unified Directory

Management Pack Plus for Identity Management

How Oracle Uses Fusion Middleware: SOA, BPEL, BI, Identity Management, and ECM Inside Oracle

Application Architecture: Reusing Existing Applications in SOA-Based Business Processes

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Cloud Computing & On Demand Services

The Data Opportunity: Using data for economic and social benefit reaping the

APIs for the I. The Role of APIs and Web Services in the Era of Digital Business Transformation

Anywhere Access to ERP Applications with Parallels RAS. White Paper Parallels Remote Application Server 2018

ORACLE ADAPTIVE ACCESS MANAGER

SCA Services, Cloud & Architecture

Workspace ONE. Insert Presenter Name. Empowering a Digital Workspace. Insert Presenter Title

Integrated Application-to-Disk Management

OSS TENDER PORTAL MANAGEMENT SYSTEM (ASP.NET)

Identity and Access Management

HP OpenView Select Identity software

Faizer Feroz Director Enterprise Applications Herbalife. Scott Haaland Product Strategy Director Service Integration Product Management

SAP Product Road Map SAP Identity Management

January Oracle Real Time Decisions Statement of Direction

Session ID: NW105 SAP NetWeaver Landscape Strategies

Security solutions White paper. Effectively manage access to systems and information to help optimize integrity and facilitate compliance.

IBM FileNet P8 Architecture Overview

SAP HANA Cloud Connector Solution Brief

IBM Cognos BI Server Distribution Options - How to Manage Distributed Servers Session Number Dean Browne, IBM Corp.

Sean P. McDonough National Office 365 Solution Manager Cardinal Solutions Group

OSS ENTERPRISE E-PRODUCUREMENT MANANGEMENT SYSTEM (ASP.NET) Version: ASP.NET (3) Updated: 4Q/2007, v:g/1 Reference: Core Application 0103/88

A New Era of Hybrid Computing Jim Porell IBM Distinguished Engineer - retired Consultant and Business Partner

Thru. Secure File Sync And Share - For The Enterprise

Service oriented Security, Trends bei I&AM und Roadmap. Christian Patrascu Principal Product Manager, Product Management, Oracle Corporation

HP TRIM and Microsoft SharePoint Optimizing Secure Information Flow and Compliance

Oracle Watchlist Screening Product Roadmap and Statement of Direction

Oracle s Cloud Computing Strategy

AN EMM CHECKLIST FOR CIOs. Factors to Consider When Choosing an EMM Solution. Whitepaper

MAXIMIZING THE ENHANCED CAPABILITIES OF PTC SOLUTIONS IN THE SUN ENVIRONMENT Now s the time to make the move to Pro/INTRALINK 8.

Whitepaper Enterprise Mobile Manager

Get Started on SOA. Process Entry Point Business Process Management (BPM) Business Problem

Fulfilling CDM Phase II with Identity Governance and Provisioning

Agenda. Identity & Access management About company midpoint Clients & partners Conclusion

<Insert Picture Here> JD Edwards Roadmap Overview

Real Time Enterprise

Oracle Application Integration Architecture

Oracle Application Integration Architecture

Amsterdam. (technical) Updates & demonstration. Robert Voermans Governance architect

<Insert Picture Here> Business-Driven IT Management with Oracle Enterprise Manager

Next-Generation Directory Services: The Future is Here.

Transcription:

Oracle Identity und Access Management Überblick Klaus Scherbach Principal Sales Consultant BU Identity Management

This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. 2

Agenda Functional Overview Oracle Access Management Oracle Identity Governance Oracle Directory Services 3

Functional Overview 4

Identity und Access Management 11gR2 Modern, Innovative & Integrated Governance Privileged Accounts Access Request Roles Based Provisioning Password Reset Attestation Segregation of Duties Role Mining Access Web Single Sign-on Federation Mobile, Social & Cloud Integrated ESSO External Authorization WebServices Security Token Services Fraud Detection Directory LDAP Storage Virtual Directory Meta Directory Platform Security Services 5

Oracle Access Management 6

Oracle Access Management 11gR2 Functional Blocks (excl. ESSO) Complete Innovative Simplified Scalable Open 7

Oracle Access Management 11gR2 Integration with Identity Governance Internet Corporate DMZ Registration Self Service Corporate Network Attestation Lifecycles Oracle Identity Governance Optional Redirects depending on AuthN Events OAM WebGates Identity Context Directory Services Authentication Authorization Single Sign-On Oracle Access Management 8

Oracle Access Management 11gR2 Available Services 9

Oracle Access Management 11gR2 Identity Context Enterprise/ Work Social/ Life Mobile/ Presence Device Tier Web Tier Application Tier Service Tier Smartphone WEB SSO Application Web Services 1. Collect Attributes Context Tablet Laptop Server Identity Federation Risk / Adaptive Authentication Portal SOA Service Bus Container EJBs Databases Directories 2. Publish, Propagate & Evaluate attributes across Oracle s Fusion Middleware stack 10

Oracle Access Management 11gR2 Sample Identity Context Attributes Category Attributes (Sample) Publisher Client Is Firewall Enabled Is Anti Virus Enabled Device Fingerprint Location Risk Is Known Device Is Trusted Device Risk Score Federation Partner ID Partner Attributes Session Level of Assurance Session ID Any attribute in the current session Identity Any attribute in the user s ID Store profile True/False result of a search OESSO OAM/ MS OAAM OAM/ OIF OAM OAM OVD 11

Oracle Access Management 11gR2 Enterprise Single Sign-On (OESSO) Architecture ESSO Admin Console ESSO Authentication Manager ESSO Kiosk Manager ESSO Password Reset ESSO Provisioning Gateway Provisioning System Client PC ESSO Logon Manager Only one password to remember For non-web applications Integrated with Oracle Web Access Management More secure and quick compliance 12

Oracle Access Management 11gR2 Entitlement Service Motivation Better Business Agility Enhanced Security and Compliance Increased IT Efficiency An adaptable security service infrastructure that more closely models your business Respond faster to changing corporate, regulatory, market requirements Reduce time-to-market Manage security from a single place Provides finer control over the protection of all resources Separates security decisions from application logic Offers robust auditing of events Centralizes security policy management Enables reuse and sharing of security services Frees developers up to focus on value-added business logic Integrates easily with identity and access management 13

Oracle Access Management 11gR2 Entitlement Service Deployment PEP PDP PEP PDP PEP PDP OES Admin Server PIPs Iden(ty Store Policy Store PEP PEP PDP 14

Oracle Access Management 11gR2 Mobile & Social Deployment Scenario Internet Corporate DMZ Corporate Network Authentication, Authorization, SSO Oracle Access Manager LDAP OAM Agent OES PDP Mobile and Social Secondary Authentication Directory Services Oracle Enterprise Gateway OES PDP Oracle Adaptive Access Manager HTTP HTML/ REST Clients Context Aware Authorization and Data Redaction Web Services Manager Service Bus SOAP/REST and Legacy Web Services 15

Oracle Access Management 11gR2 Mobile & Social Web Service Deployment Scenario OWSM Agent HTTP, SOAP, REST, XML, JMS First Line Of Defense Shared Services Layer HTTP, SOAP, REST, XML, JMS End Point Security OWSM Agent* OWSM Agent Service Bus OWSM Agent OWSM Agent* WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt OWSM Agent* Extranet Counter External Threat DMZ Intranet Counter Internal Threats * - Planned Capabilities Common Policy Model 16

Oracle Access Management 11gR2 Sample Security Token Service Scenario Trust 17

Oracle Identity Governance 18

Oracle Identity Governance 11gR2 Overview Provision Grant User Access Connectors De-Provision Monitor User Access Access Request Privileged Account Request Role Lifecycle Management Check-in/ Checkout Identity Certifications IT Audit Monitoring Rogue Detection & Reconciliation Reporting & Privileged Access Monitoring Roles Entitlements Access Catalog Ownership, Risk & Audit Objectives Accounts Glossaries Catalog Management 19

Oracle Identity Governance 11gR2 Shopping Cart Simplicity Browse Compare & Select Track Receipt Confirmation 20

Oracle Identity Governance 11gR2 Role Lifecycle Management Role Definition Role Modeling Role Mining Top-Down Approach Bottom-Up Approach Role Governance Role Audit, Analytics Change Mgmt Role Change Approvals Role Versioning Rollbacks & Comparison Role Change Impact Analysis Rule Management Role Audit Role Entitlement Mapping History Role Membership History Approvals History Role Ownership History Governance Role Definition Attestation Role Membership Attestation Role Consolidation Role Mining 21

Oracle Identity Governance 11gR2 Risk Based Certification Applications Identity Warehouse Risk Factors Identity Data Sources DB Mainframe Roles Certification History Entitlements Provisioning Events Resources Policy Violations Risk Aggregation Low Risk User High Risk User Bulk Certify Cert360 Approve Reject Focused Sign-off Oracle Confidential 22

Oracle Identity Governance 11gR2 Connectors Common Connectors for all Governance needs Cloud Applications Supports multiple target versions and multiple instances of a target simultaneously Flexible deployment options local and remote deployment Access Request Access Certification Privileged Access Identity Connector Framework Identity Connectors Enterprise Applications Directories Extensible Administrators can extend the capabilities without coding Databases Custom Applications and Mainframes 23

Oracle Identity Governance 11gR2 Privileged Account Management (OPAM) Threats Increased Online Threat Costly Insider Fraud Compliance Tougher Regulations Greater Focus on Risk Stronger Governance Motivation 76% Data Stolen From Servers 86% Hacking Involve Stolen Credentials 48% Caused by Insiders 17% Involved Privilege Misuse Social Media Cloud Computing Mobile Access 2011 Data Breach Investigations Report 24

Oracle Identity Governance 11gR2 Privileged Account Management (OPAM) Functions Secure vault to centrally manage passwords for privileged and shared accounts Targets include Databases Operating Systems LDAP Directories Oracle FMW applications GUI, REST Services and CLI for users and administrators Automatic password change using Identity Connector Framework (ICF) Policy based password check-out and check-in Customizable audit reports through BI Publisher and real time status Extension to Identity Governance OIM and OIA integration for complete governance 25

Oracle Identity Governance 11gR2 Privileged Account Management Checkout Password Screen 26

Oracle Identity Governance 11gR2 DB User Management, DB Vault und OPAM Service Description Supported by Use Existing Enterprise LDAP Passwords for End-User Passwords Map Database Roles to Enterprise Roles Privileged user access control to limit access to application data Multi-factor authorization for enforcing enterprise security policies Manage SYS/SYSTEM and other DB Privileged Accounts Passwords Manage DB Vault Privileged Accounts Passwords like user_manager, sec_admin Manage non-oracle database passwords EUS EUS DB Vault DB Vault OPAM OPAM OPAM 27

Oracle Directory Services 28

Directory Server EE (ODSEE) Former Sun Microsystems Enterprise Directory Directory Proxy Load-balancing, High-availability, Data Distribution Evaluate performance Tune performance Namefinder white pages Deployment Tooling Directory Server Scalable Secure Replication 4+ Billion Identities Managed Identity Synchronization for Windows Identity data, password, and group synchronization between Microsoft Active Directory and Directory Server Provisioning Manage multiple instances from central location Web Based Service Management 29

Directory Server EE Components and Deployment 50 250 Applications Access Layer Proxy Load-balancing Distribution Security Data Management DSRK Directory Server Resource Kit ISW Identity Synchronization for Windows 30

Oracle Internet Directory (OID) Oracle Enterprise Directory HA Options OID Cluster OID Cluster + RAC Single Node OID Cluster + RAC + Replication 31

Oracle Internet Directory Directory Integration Platform (DIP) Oracle Internet Directory Central repository for identities & support for external authentication Directory Integration Platform Executes a set of connectors for synchronization Connector support for: MS AD, AD LDS, ODSEE, OUD, Novell edirectory, IBM Tivoli, OpenLDAP and custom agents DIP Profiles Templates for data mapping / transformation 32

Oracle Virtual Directory (OVD) Working Principle 33

Oracle Unified Directory (OUD) Introduction Extreme Scale Next Generation Integrated and Interoperable Scale to 10 s of Billions Convergence of directories Integrated with ODSM for configuration and Enterprise Manager Inter-operable with all certified ODSEE ISV software Integrated with ODS+ Optimized for cloud, mobile and social 34

Oracle Unified Directory Components and HA Options 35

36

37

38

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback