Upload
mohamed-omar-sileem
View
66
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Oracle Access Manager
Citation preview
5/22/2018 Oracle Access Manager
1/22
Copyright 2006, Oracle. All rights reserved.
Introduction to
Oracle Identity and Access Management
5/22/2018 Oracle Access Manager
2/22
Copyright 2006, Oracle. All rights reserved.1 - 2
Objectives
After completing this lesson, you should be able to
describe the following:
Benefits of identity management
Identity management concepts and terminology
Oracle Identity and Access Management Suite
components
5/22/2018 Oracle Access Manager
3/22
Copyright 2006, Oracle. All rights reserved.1 - 3
Enterprise Identity Management
Supply chain
Security
administrators
Directory
Access control
Provisioning
User admin
Employees
Service provider
Customers
Auditing
compliance
Self-service
Federation
Web Services Security
5/22/2018 Oracle Access Manager
4/22
Copyright 2006, Oracle. All rights reserved.1 - 4
What Is Identity Management?
Identity management (IM) is a system of business
processes, policies, and technologies that:
Facilitate and control user access to online applications
and resources
Protect confidential and personal information fromunauthorized users
Identity management solutions represent a category of
interrelated solutions that are used to administer:
User authentication, account profiles, and passwords
Access rights and restrictions
Other attributes that support user roles and profiles on
one or more applications or systems
5/22/2018 Oracle Access Manager
5/22
Copyright 2006, Oracle. All rights reserved.1 - 5
Benefits of Identity Management
Identity management technologies can provide benefits
in the following areas:
Reduction of security risks
Improved end-user experience
Regulatory compliance
Business agility
Cost containment
5/22/2018 Oracle Access Manager
6/22
Copyright 2006, Oracle. All rights reserved.1 - 6
Identity Management: Terminology
Identity management
policies
Authorization policies
Policy decision services Identity management
realms
Centralized assertion
services
Identity policy assertion
services
Identity
Entitlements
Authentication
Authorization Identity database
Security principals
Identity provisioning
Account provisioning Identity administration
5/22/2018 Oracle Access Manager
7/22Copyright 2006, Oracle. All rights reserved.1 - 8
Identity Management Functionality
Identity management products provide the following types
of functionality:
Web Services
Security
DirectoryServices
Federation
Provisioning
Access
Management
IdentityAdministration
5/22/2018 Oracle Access Manager
8/22Copyright 2006, Oracle. All rights reserved.1 - 9
Overview of Oracle Identity
and Access Management Suite
Oracle InternetDirectory
Oracle
Virtual
DirectoryOracle Access
Manager
Oracle IdentityFederation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
5/22/2018 Oracle Access Manager
9/22Copyright 2006, Oracle. All rights reserved.1 - 10
Oracle Product Functionality Matrix
This table summarizes the identity management functions
that are provided by Oracle Identity and Access
Management components.
Functionality Component
Directory Services Oracle Internet Directory
Oracle Virtual Directory
Identity Administration
and Provisioning
Oracle Access Manager
Oracle Identity Manager
Access Management Oracle Access Manager
OracleAS Single Sign-On
Federation Oracle Identity Federation
Oracle Web Services Manager
Web Service Security Oracle Web Services Manager
5/22/2018 Oracle Access Manager
10/22Copyright 2006, Oracle. All rights reserved.1 - 11
Directory Services
The directory services are provided by:
Oracle Internet Directory and
Oracle Directory Integration
Platform
Oracle Virtual Directory
Oracle Internet
Directory
Oracle
Virtual
DirectoryOracle Access
Manager
Oracle
Identity
Federation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
5/22/2018 Oracle Access Manager
11/22Copyright 2006, Oracle. All rights reserved.1 - 12
Oracle Internet Directory
Oracle Internet Directory:
Is an LDAP directory that is implemented in an Oracle
database
Serves as the central repository for identity and
access management
Is a key component of:
OracleAS Portal
Oracle E-Business Suite
Oracle Collaboration Suite
Oracle Internet Directory
5/22/2018 Oracle Access Manager
12/22Copyright 2006, Oracle. All rights reserved.1 - 13
Oracle Directory Integration Platform
Oracle Directory Integration Platform is designed to
synchronize identity data across compatible Oracle
products.
It can be used for synchronizing data between Oracle
Internet Directory and other LDAP directories.
The application integration feature enables automatic
notification of identity entry changes to the target
applications.
5/22/2018 Oracle Access Manager
13/22Copyright 2006, Oracle. All rights reserved.1 - 14
Oracle Virtual Directory
Oracle Virtual Directory:
Enables real-time data joins from multiple locations
and presents data as a single logical directory (known
as the metadata directo ry)
Can provide an application-specific view of identity
data
Enables integration of identity
data without:
Changes to existing directories
Need for synchronizing data
between directories
Oracle Virtual Directory
5/22/2018 Oracle Access Manager
14/22Copyright 2006, Oracle. All rights reserved.1 - 15
Identity Administration and Provisioning
The Oracle Identity
Management product set
comprises Oracle
Identity Manager and
Oracle DelegatedAdministration Services.
This set addresses
automation of identity
provisioning,
compliance, and
enforcement of policies.
Oracle Internet
Directory
Oracle
Virtual
DirectoryOracle Access
Manager
Oracle Identity
Federation
Oracle Identity
Manager
OracleApplication Server
Single Sign-On
Oracle Web
ServicesManager
5/22/2018 Oracle Access Manager
15/22Copyright 2006, Oracle. All rights reserved.1 - 16
Oracle Identity Manager
Oracle Identity Manager enables you to automate user
identity provisioning and deprovisioning.
Identity provisioning also helps reduce administration
costs.
Oracle Identity Manager provides attestation support.
Attestation also enables automation
of delegation, tracking, archiving,
and auditing of access.
Oracle Identity Manager
5/22/2018 Oracle Access Manager
16/22Copyright 2006, Oracle. All rights reserved.1 - 17
Oracle Delegated Administration Services
Oracle Delegated Administration Services are part of
Oracle Internet Directory.
It has administrative interfaces for Oracle products
such as OracleAS Portal, Oracle Collaboration Suite,
Oracle Database Security Manager, and OracleE-Business Suite.
It has a self-service console that enables end users and
application administrators to search and manage data
in Oracle Internet Directory.
5/22/2018 Oracle Access Manager
17/22Copyright 2006, Oracle. All rights reserved.1 - 18
Access Management
Access management enables enterprises to design and
implement authentication
and authorization.
Access management
products include: Oracle Access Manager
Oracle Identity Federation
OracleAS Single Sign-On
Oracle Internet
Directory
Oracle
Virtual
DirectoryOracle Access
Manager
Oracle Identity
Federation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
5/22/2018 Oracle Access Manager
18/22Copyright 2006, Oracle. All rights reserved.1 - 19
Oracle Access Manager
Oracle Access Manager:
Provides Web-based identity and access administration
Can be used to administer user identities in a number
of directory repositories
Supports popular authentication methods
Oracle Access Manager
5/22/2018 Oracle Access Manager
19/22Copyright 2006, Oracle. All rights reserved.1 - 20
Oracle Application Server Single Sign-On
OracleAS Single Sign-On:
Provides a single sign-on and sign-off facility for
Oracle and third-party Web applications
Provides a lightweight authentication solution
for Oracle products such as Oracle Portal and OracleCollaboration Suite
Can also be used to authenticate identities in other
repositories, such as Active Directory
5/22/2018 Oracle Access Manager
20/22Copyright 2006, Oracle. All rights reserved.1 - 21
Oracle Identity Federation
Oracle Identity Federation:
Combines the ease of a stand-alone application with a
scalable, standards-based interoperable architecture
Helps corporations securely link their operations with
partners
Oracle Identity Federation
5/22/2018 Oracle Access Manager
21/22Copyright 2006, Oracle. All rights reserved.1 - 22
Oracle Application Server Infrastructure:
Components
Oracle Application Server Infrastructure comprises the
identity and access management products:
Oracle Internet Directory
Oracle Directory Integration
Platform
Oracle Application Server
Single Sign-On
Oracle Delegated
Administration Services
5/22/2018 Oracle Access Manager
22/22
Summary
In this lesson, you should have learned to describe the
following:
Benefits of identity management
Identity management concepts and terminology
Oracle Identity and Access Management Suite
components