Oracle Identity and Access

Management Suite

Rafael Torres
Sr. Solutions Architect
rafael.torres@oracle.com
 Identity Management
Business Value

Identity management projects are much more

than technology implementations they drive
real business value by reducing direct costs,
improving operational efficiency and enabling
regulatory compliance.
 Business Challenges

Trusted and Reliable Security

Efficient Adherence to Compliance

Lower Administrative
and Development Costs

Enable Online Business Networks

Better End-User Experience

 Regulatory Compliance
Privacy & Security Regulations
Safe Harbor laws (EU & others)
Gramm Leach Bliley Act (GLB-Act)
US Patriot Act
HIPAA
US Homeland Security Policy Directive (HSPD-12)
Financial & Market Regulations
SOX (Sarbanes-Oxley or SarbOx)
Japanese SOX (expected in 2008)
Basel II
UK Companies Act
 Oracle Differentiators

Most Comprehensive, Best-In-Class Suite

Hot-pluggable and Open

Application Centric Identity Management

Oracle Identity Management
Best-of-breed, Complete & Differentiated Portfolio

Area Oracle Sun CA HP IBM NOVL BMC

Federation Oracle Identity Federation P
Web Access Mgmt Oracle Access Manager
Web Svcs Security Oracle Web Services Manager
ESSO Oracle Enterprise Single Sign-On P
Del Admin Oracle Access Manager
Pwd. Mgmt. Oracle Identity Manager
Provisioning Oracle Identity Manager
Ent. Role Mgmt Oracle SmartRoles (TBA) P P P

Meta Directory Integration Platform

AuthN/PKI Oracle Certificate Authority
Virtual Dir Oracle Virtual Directory P

Directory Oracle Internet Directory P

P = Partnership

Faster ROI Higher Quality Lower Risk

Hot-pluggable, Heterogeneous Support
Portals Application/Web Servers

Applications Groupware

Directories Operating Systems

ACF-2 & TSS RACF

Application-Centric Identity Management
Comprehensive, loosely coupled, out-of-the-box
integrations with business applications

An integral component of a wider application

development and deployment framework

Architected for future SOA application environment

Identity management as a re-usable service for all

applications
Oracle Identity and Access Management
Suite
Overview
 Key Areas of Identity Management

Access Control
Single Sign-On
Identity Federation
Web Access Control
Web Services Security*
Identity Administration
User, Role Management
User Provisioning
Identity Infrastructure
Virtual Directory
Directory
*Oracle Web Services Manager licensed separately from the Identity
and Access Management Suite
Enterprise Identity Management
External Internal

SOA Delegated Customers Partners IT Staff Employees SOA

Applications Admin
Identity Management Service
Access Management
Authentication & SSO
Authorization & RBAC
Identity Federation
Applications
Identity Administration
Delegated Administration
Self-Registration & Self-Service
User & Group Management

Auditing Monitoring
and and
Policy and Workflow
Reporting Management

Directory Services Identity Provisioning

LDAP Directory Agent-based
Meta-Directory Agentless
Virtual Directory Password Synchronization

Applications Systems & Repositories

ERP CRM OS (Unix) HR Mainframe NOS/Directories

 Oracle Identity Manager

Features
Automated user provisioning and
de-provisioning
Rich, flexible connector framework
User-friendly request & policy wizards
Sophisticated workflow & reconciliation engines HRMS Workflow; Application
Unique compliance automation & reporting User Assign or Driven Identity
Business
Benefits created or revoke System
Applications
removed in roles, Provision
Reduced administration cost
HR system privileges accounts and
Improved end user experience access rights
Critical for regulatory compliance
Improved security
Differentiators
Enables compliance via comprehensive audit history
and periodic attestation framework
Powers largest global provisioning implementation by
number of targets
Adapter Factory significantly lowers the TCO of
customers solutions over time
 Oracle Identity Federation
Features
Identity and trust sharing across business
partners, both as Service Provider (Hub) or
Identity Provider (Spoke)
Lightweight, multi-protocol gateway SAML,
Liberty, WS-Federation
Integrates with leading Identity Management
platforms
Benefits
Reduced cost of interaction between business
partners
Reduce administration cost
Deliver improved end user experience
Differentiators
Self-contained, easy to deploy solution
Flexible deployment configurations
Rich, 100% web-based configuration interfaces
for improved administrator and end user
experience
Proven scalability - large production
deployments
 Oracle Internet Directory
Features
Full feature LDAP server with a
RDBMS data-store
Industry leading scalability and
HA capabilities
Strong Oracle Platform integration
VSLDAP certified and EAL4 compliant
Benefits
Reduced operational cost with
Oracle Grid support
Seamless integration with Oracle Applications
and Products
Differentiators
RDBMS backend provides proven scalability &
performance
Rich, built in auditing of all events and operations
Flexible data replication and redundancy features
Ships with built-in directory integration
functionality
 Oracle Virtual Directory

Features
Virtualization, Proxy, Join &
Routing capabilities LDAP WEB SERVICES WEB GATEWAY

Modern Java & Web Services technology

Superior extensibility VDE DIRECTORY ENGINE
Scalable multi-site administration
Direct data access JOIN VIEW
Benefits Local
LDAP DB NT
Custom
Perform Real-time directory integration Store

Accelerate application deployment

Lower development costs
Differentiators
Lightweight & flexible architecture
Supports true virtualization without local
cache, enabling stringent policy or privacy
requirements
Modular architecture supports the addition
of connectors to a wide array of identity
stores
 Oracle Access Manager
Features
Multi-level, multi-factor authentication
Web and App server level authorization
Workflow driven Self-service & Delegated
administration Authentication
Services-based architecture eases integration with
existing IT infrastructure
Benefits
Policy-based access management
Centralized and consistent security
across heterogeneous environments Authorization
Reduced administration cost
Increased IT governance and compliance
readiness
Differentiators
Administrative scalability via workflow and Identity Admin
delegation
Access control leverages up to date identity
information
Comprehensive auditing to a common database
 Oracle Enterprise
Single Sign-on (ESSO) Suite
Oracle ESSO Logon Manager is an event-driven single sign-on
solution that eliminates the need for end users to remember and
manage their sign-on credentials
Oracle ESSO Password Reset enables end users to reset their
Windows password from a locked workstation (note: also
available stand-alone)
Oracle ESSO Authentication Manager enables end users to
authenticate with forms of strong authentication and grant
specific levels of access based on the form of authentication
Oracle ESSO Provisioning Gateway enables OIM to add, edit
and delete credentials within an end users Oracle ESSO
credential store
Oracle ESSO Kiosk Manager provides fast user switching and
sign-on/sign-off support for kiosk users
Oracle Identity and Access Management
Suite
Case Studies
Case Study Manitoba Telecom Services
BUSINESS CHALLENGE ORACLE SOLUTION

Needed to integrate and rapidly deploy new and
old services (Internet, mobile, TV, content, local
phone, and long distance phone)
Needed to provide head of household ability to
manage accounts and privileges for self and
other members of household
Wanted to base new services on
telecommunication standards-based framework:
IP Multi-media Subsystem (IMS)
Wanted comprehensive technology to address in
internal users, external households, and both
providers and consumers of MTS services
Oracle Identity and Access Management Suite
Oracle Access Manager for Single Sign-
On and Delegated Administration to head
of household
Oracle Identity Federation for providing
system access to providers and consumers
of MTS services
Oracle Internet Directory to provide robust
directory solution built on top of Oracle
database
Oracle Identity Manager (with 11
connectors) to provision employees to
internal systems

RESULTS

Initial deployment for Internet, TV, and Mobile customers

Planned to include VOIP Users and MTS supported ISP subscribers
Enables MTS to be competitive in a very competitive marketplace for telecom and multi-media content services
 Case Study Scottish Government

BUSINESS CHALLENGE ORACLE SOLUTION

Fragmented customer records and no single
source of Citizen info across Scottish Govt.
Need to integrate to the UK Government
Gateway so that users can access the Citizen
Account (single, electronic customer record)
The Scottish Govt., National Infrastructure
Project selected Oracle Identity and Access
Management Suite beating out Software AG
Suite will integrate UK Govt. Gateway
Working with Sopra, Newell and Budge as the
prime contract provider

RESULTS
IAM will authenticate Citizens and Govt. employees when they access the system either via the Council
Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal
site where the Citizen Account will be running
Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M
Citizens of Scotland where they can change personal details only once across multiple agencies as well as
enroll for entitlements
Problem: Passlogix was
Number one identified problem by USPS employees: too many instrumental in
passwords
Very large scale environment: 3 million users with over 155,000 helping the USPS
knowledge workers
Thousands of known applications, many beyond central IT reach solve its most
Very limited IT staff to implement and maintain
CTO wanted a solution that could be fully deployed in less than critical end user
a year
problem
Solution: forgotten
Evaluated 7 different SSO vendors selected v-GO SSO passwords and
155,000 users deployed in less than 8 months
Over 7,000 applications enabled solve it quickly.
Helpdesk password calls dropped from >1,000 per day to an
average of 10 per day
Saved over $4 million per year
Bob Otto
CTO
Analyst Endorsements

Leader in User Provisioning!

Gartner, April 2006
[Oracle] has amassed a very strong
management team and IAM technology
portfolio
Its IAM road map looks the best of all
vendors.
 More Analyst Endorsements
Oracles offering of IAM products now pushes ahead of other IAM
competitors such as BMC, Computer Associates International,
Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems
- Roberta Witty, Gartner (Nov 2005)

Oracle's acquisition of Thor and OctetString is a good move. These

acquisitions coupled with Oracle's unique application top down
approach to Identity Management will send ripples through the
industry.
- Mike Neuenschwander, Burton Group (Nov 2005)

Oracle has an advantage and early lead with its top down application
strategy that is aligned with customer needs.
- Chris Christiansen, IDC (Nov 2005)
 Learn More
Learn the Technology
Visit: oracle.com/identity
View whitepapers, buyers guides, and webinars

Try the Software

Visit OTN: otn.oracle.com
Download software, get technical information

Ask Our Experts

Call: 1-800-438-0626
Speak with an Identity Management specialist