Oracle Identity and Access Management Suite

Rafael Torres

Sr. Solutions Architect

rafael.torres@oracle.com

Identity ManagementBusiness Value

“Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling

regulatory compliance.”

Business Challenges

• Trusted and Reliable Security

• Efficient Adherence to Compliance

• Lower Administrative and Development Costs

• Enable Online Business Networks

• Better End-User Experience

Regulatory Compliance• Privacy & Security Regulations

• Safe Harbor laws (EU & others)• Gramm Leach Bliley Act (GLB-Act)• US Patriot Act • HIPAA• US Homeland Security Policy Directive (HSPD-12)

• Financial & Market Regulations• SOX (Sarbanes-Oxley or SarbOx)• Japanese SOX (expected in 2008)• Basel II• UK Companies Act

Oracle Differentiators

Most Comprehensive, Best-In-Class Suite

Hot-pluggable and Open

Application Centric Identity Management

Oracle Identity ManagementBest-of-breed, Complete & Differentiated Portfolio

Area Oracle Sun CA HP IBM NOVL BMC

Federation Oracle Identity Federation P Web Access Mgmt Oracle Access Manager Web Svcs Security Oracle Web Services Manager ESSO Oracle Enterprise Single Sign-

On P

Del Admin Oracle Access Manager Pwd. Mgmt. Oracle Identity Manager Provisioning Oracle Identity Manager Ent. Role Mgmt Oracle SmartRoles (TBA) P P P

Meta Directory Integration Platform AuthN/PKI Oracle Certificate Authority Virtual Dir Oracle Virtual Directory P

Directory Oracle Internet Directory P

Faster ROI Higher Quality Lower Risk

•P = Partnership

Hot-pluggable, Heterogeneous Support

Applications

Directories

Application/Web Servers

Operating Systems

Groupware

ACF-2 & TSS

Portals

RACF

Application-Centric Identity Management

• Comprehensive, loosely coupled, out-of-the-box integrations with business applications

• An integral component of a wider application development and deployment framework

• Architected for future SOA application environment

• Identity management as a re-usable service for all applications

Oracle Identity and Access Management Suite

Overview

Key Areas of Identity Management

• Access Control• Single Sign-On• Identity Federation• Web Access Control• Web Services Security*

• Identity Administration• User, Role Management• User Provisioning

• Identity Infrastructure• Virtual Directory• Directory

*Oracle Web Services Manager licensed separately from the Identity and Access

Management Suite

Enterprise Identity Management

NOS/DirectoriesOS (Unix)

Systems & RepositoriesApplications

ERP CRM HR Mainframe

Auditingand

ReportingPolicy and Workflow

EmployeesIT Staff SOA Applications

Partners

External

Delegated Admin

SOA Applications

Customers

Internal

Identity Management Service

Access Management•Authentication & SSO•Authorization & RBAC• Identity Federation

Identity Administration•Delegated Administration•Self-Registration & Self-Service•User & Group Management

Directory Services•LDAP Directory•Meta-Directory•Virtual Directory

Identity Provisioning•Agent-based•Agentless•Password Synchronization

Monitoringand

Management

Oracle Identity Manager

• Features• Automated user provisioning and

de-provisioning• Rich, flexible connector framework • User-friendly request & policy wizards• Sophisticated workflow & reconciliation engines• Unique compliance automation & reporting

• Benefits• Reduced administration cost• Improved end user experience• Critical for regulatory compliance• Improved security

• Differentiators

• Enables compliance via comprehensive audit history and periodic attestation framework

• Powers largest global provisioning implementation by number of targets

• Adapter Factory significantly lowers the TCO of customers’ solutions over time

HRMSUser

created or removed in HR system

Business Applications

Workflow;Assign or

revoke roles,

privileges

Application Driven Identity

SystemProvision

accounts and access rights

Oracle Identity Federation

• Features• Identity and trust sharing across business

partners, both as Service Provider (Hub) or Identity Provider (Spoke)

• Lightweight, multi-protocol gateway – SAML, Liberty, WS-Federation

• Integrates with leading Identity Management platforms

• Benefits• Reduced cost of interaction between business

partners• Reduce administration cost• Deliver improved end user experience

• Differentiators• Self-contained, easy to deploy solution• Flexible deployment configurations• Rich, 100% web-based configuration interfaces

for improved administrator and end user experience

• Proven scalability - large production deployments

Oracle Internet Directory

• Features• Full feature LDAP server with a

RDBMS data-store• Industry leading scalability and

HA capabilities• Strong Oracle Platform integration• VSLDAP certified and EAL4 compliant

• Benefits• Reduced operational cost with

Oracle Grid support• Seamless integration with Oracle Applications and

Products

• Differentiators• RDBMS backend provides proven scalability &

performance• Rich, built in auditing of all events and operations• Flexible data replication and redundancy features• Ships with built-in directory integration functionality

Oracle Virtual Directory

• Features• Virtualization, Proxy, Join &

Routing capabilities• Modern Java & Web Services technology• Superior extensibility• Scalable multi-site administration• Direct data access

• Benefits• Perform Real-time directory integration• Accelerate application deployment• Lower development costs

• Differentiators• Lightweight & flexible architecture• Supports true virtualization without local

cache, enabling stringent policy or privacy requirements

• Modular architecture supports the addition of connectors to a wide array of identity stores

LDAP

VDE DIRECTORY ENGINE

WEB GATEWAYWEB SERVICES WEB GATEWAY

JOIN VIEW

LocalStore

LDAP DB NTCustom

Oracle Access Manager

• Features• Multi-level, multi-factor authentication• Web and App server level authorization• Workflow driven Self-service & Delegated

administration• Services-based architecture eases integration

with existing IT infrastructure• Benefits

• Policy-based access management• Centralized and consistent security

across heterogeneous environments• Reduced administration cost• Increased IT governance and compliance

readiness

• Differentiators• Administrative scalability via workflow and

delegation• Access control leverages up to date identity

information• Comprehensive auditing to a common database

Authentication

Authorization

Identity Admin

Oracle Enterprise Single Sign-on (ESSO) Suite

• Oracle ESSO Logon Manager is an event-driven single sign-on solution that eliminates the need for end users to remember and manage their sign-on credentials

• Oracle ESSO Password Reset enables end users to reset their Windows password from a locked workstation (note: also available stand-alone)

• Oracle ESSO Authentication Manager enables end users to authenticate with forms of strong authentication and grant specific levels of access based on the form of authentication

• Oracle ESSO Provisioning Gateway enables OIM to add, edit and delete credentials within an end user’s Oracle ESSO credential store

• Oracle ESSO Kiosk Manager provides fast user switching and sign-on/sign-off support for kiosk users

Oracle Identity and Access Management Suite

Case Studies

Case Study – Manitoba Telecom Services

• Initial deployment for Internet, TV, and Mobile customers

• Planned to include VOIP Users and MTS supported ISP subscribers

• Enables MTS to be competitive in a very competitive marketplace for telecom and multi-media content services

BUSINESS CHALLENGE

• Needed to integrate and rapidly deploy new and old services (Internet, mobile, TV, content, local phone, and long distance phone)

• Needed to provide head of household ability to manage accounts and privileges for self and other members of household

• Wanted to base new services on telecommunication standards-based framework: IP Multi-media Subsystem (IMS)

• Wanted comprehensive technology to address in internal users, external households, and both providers and consumers of MTS services

RESULTS

ORACLE SOLUTION

• Oracle Identity and Access Management Suite

• Oracle Access Manager for Single Sign-On and Delegated Administration to head of household

• Oracle Identity Federation for providing system access to providers and consumers of MTS services

• Oracle Internet Directory to provide robust directory solution built on top of Oracle database

• Oracle Identity Manager (with 11 connectors) to provision employees to internal systems

Case Study – Scottish Government

• IAM will authenticate Citizens and Govt. employees when they access the system either via the Council Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal site where the Citizen Account will be running

• Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M Citizens of Scotland where they can change personal details only once across multiple agencies as well as enroll for entitlements

BUSINESS CHALLENGE

• Fragmented customer records and no single source of Citizen info across Scottish Govt.

• Need to integrate to the UK Government Gateway so that users can access the Citizen Account (single, electronic customer record)

RESULTS

ORACLE SOLUTION

• The Scottish Govt., National Infrastructure Project selected Oracle Identity and Access Management Suite beating out Software AG

• Suite will integrate UK Govt. Gateway

• Working with Sopra, Newell and Budge as the prime contract provider

Problem: • Number one identified problem by USPS employees: too many

passwords• Very large scale environment: 3 million users with over 155,000

knowledge workers• Thousands of known applications, many beyond central IT

reach• Very limited IT staff to implement and maintain• CTO wanted a solution that could be fully deployed in less than

a year

Solution:• Evaluated 7 different SSO vendors selected v-GO SSO• 155,000 users deployed in less than 8 months• Over 7,000 applications enabled • Helpdesk password calls dropped from >1,000 per day to an

average of 10 per day• Saved over $4 million per year

“Passlogix was

instrumental in

helping the USPS

solve its most

critical end user

problem –

forgotten

passwords – and

solve it

quickly.”

Bob OttoCTO

Analyst Endorsements

Leader in User Provisioning! Gartner, April 2006

“[Oracle] has amassed a very strong management team and IAM technology portfolio … Its IAM road map looks the best of all vendors.”

“Oracle’s offering of IAM products now pushes ahead of other IAM competitors such as BMC, Computer Associates International,

Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems”- Roberta Witty, Gartner (Nov 2005)

“Oracle's acquisition of Thor and OctetString is a good move. These acquisitions coupled with Oracle's unique application top down approach to Identity Management will send ripples through the

industry.”- Mike Neuenschwander, Burton Group (Nov 2005)

“Oracle has an advantage and early lead with its top down application strategy that is aligned with customer needs.”

- Chris Christiansen, IDC (Nov 2005)

More Analyst Endorsements

Learn the Technology• Visit: oracle.com/identity

View whitepapers, buyer’s guides, and webinars

Try the Software• Visit OTN: otn.oracle.com

Download software, get technical information

Ask Our Experts• Call: 1-800-438-0626

Speak with an Identity Management specialist

Learn More

AQ&