Oracle Access Manager

5/22/2018 Oracle Access Manager

1/22

Copyright 2006, Oracle. All rights reserved.

Introduction to

Oracle Identity and Access Management


2/22

Copyright 2006, Oracle. All rights reserved.1 - 2

Objectives

After completing this lesson, you should be able to

describe the following:

Benefits of identity management

Identity management concepts and terminology

Oracle Identity and Access Management Suite

components


3/22


Enterprise Identity Management

Supply chain

Security

administrators

Directory

Access control

Provisioning

User admin

Employees

Service provider

Customers

Auditing

compliance

Self-service

Federation

Web Services Security


4/22


What Is Identity Management?

Identity management (IM) is a system of business

processes, policies, and technologies that:

Facilitate and control user access to online applications

and resources

Protect confidential and personal information fromunauthorized users

Identity management solutions represent a category of

interrelated solutions that are used to administer:

User authentication, account profiles, and passwords

Access rights and restrictions

Other attributes that support user roles and profiles on

one or more applications or systems


5/22


Benefits of Identity Management

Identity management technologies can provide benefits

in the following areas:

Reduction of security risks

Improved end-user experience

Regulatory compliance

Business agility

Cost containment


6/22


Identity Management: Terminology

Identity management

policies

Authorization policies

Policy decision services Identity management

realms

Centralized assertion

services

Identity policy assertion

services

Identity

Entitlements

Authentication

Authorization Identity database

Security principals

Identity provisioning

Account provisioning Identity administration


7/22Copyright 2006, Oracle. All rights reserved.1 - 8

Identity Management Functionality

Identity management products provide the following types

of functionality:

Web Services

Security

DirectoryServices

Federation

Provisioning

Access

Management

IdentityAdministration



Overview of Oracle Identity

and Access Management Suite

Oracle InternetDirectory

Oracle

Virtual

DirectoryOracle Access

Manager

Oracle IdentityFederation

Oracle Identity

Manager

Oracle

Application Server

Single Sign-On

Oracle Web

Services

Manager



Oracle Product Functionality Matrix

This table summarizes the identity management functions

that are provided by Oracle Identity and Access

Management components.

Functionality Component

Directory Services Oracle Internet Directory

Oracle Virtual Directory

Identity Administration

and Provisioning

Oracle Access Manager

Oracle Identity Manager

Access Management Oracle Access Manager

OracleAS Single Sign-On

Federation Oracle Identity Federation

Oracle Web Services Manager

Web Service Security Oracle Web Services Manager



Directory Services

The directory services are provided by:

Oracle Internet Directory and

Oracle Directory Integration

Platform


Oracle Internet

Directory

Oracle

Virtual


Manager

Oracle

Identity

Federation

Oracle Identity

Manager

Oracle

Application Server

Single Sign-On

Oracle Web

Services

Manager



Oracle Internet Directory

Oracle Internet Directory:

Is an LDAP directory that is implemented in an Oracle

database

Serves as the central repository for identity and

access management

Is a key component of:

OracleAS Portal

Oracle E-Business Suite

Oracle Collaboration Suite




Oracle Directory Integration Platform

Oracle Directory Integration Platform is designed to

synchronize identity data across compatible Oracle

products.

It can be used for synchronizing data between Oracle

Internet Directory and other LDAP directories.

The application integration feature enables automatic

notification of identity entry changes to the target

applications.




Oracle Virtual Directory:

Enables real-time data joins from multiple locations

and presents data as a single logical directory (known

as the metadata directo ry)

Can provide an application-specific view of identity

data

Enables integration of identity

data without:

Changes to existing directories

Need for synchronizing data

between directories




Identity Administration and Provisioning

The Oracle Identity

Management product set

comprises Oracle

Identity Manager and

Oracle DelegatedAdministration Services.

This set addresses

automation of identity

provisioning,

compliance, and

enforcement of policies.

Oracle Internet

Directory

Oracle

Virtual


Manager

Oracle Identity

Federation

Oracle Identity

Manager

OracleApplication Server

Single Sign-On

Oracle Web

ServicesManager




Oracle Identity Manager enables you to automate user

identity provisioning and deprovisioning.

Identity provisioning also helps reduce administration

costs.

Oracle Identity Manager provides attestation support.

Attestation also enables automation

of delegation, tracking, archiving,

and auditing of access.




Oracle Delegated Administration Services

Oracle Delegated Administration Services are part of

Oracle Internet Directory.

It has administrative interfaces for Oracle products

such as OracleAS Portal, Oracle Collaboration Suite,

Oracle Database Security Manager, and OracleE-Business Suite.

It has a self-service console that enables end users and

application administrators to search and manage data

in Oracle Internet Directory.



Access Management

Access management enables enterprises to design and

implement authentication

and authorization.

Access management

products include: Oracle Access Manager

Oracle Identity Federation

OracleAS Single Sign-On

Oracle Internet

Directory

Oracle

Virtual


Manager

Oracle Identity

Federation

Oracle Identity

Manager

Oracle

Application Server

Single Sign-On

Oracle Web

Services

Manager




Oracle Access Manager:

Provides Web-based identity and access administration

Can be used to administer user identities in a number

of directory repositories

Supports popular authentication methods




Oracle Application Server Single Sign-On

OracleAS Single Sign-On:

Provides a single sign-on and sign-off facility for

Oracle and third-party Web applications

Provides a lightweight authentication solution

for Oracle products such as Oracle Portal and OracleCollaboration Suite

Can also be used to authenticate identities in other

repositories, such as Active Directory




Oracle Identity Federation:

Combines the ease of a stand-alone application with a

scalable, standards-based interoperable architecture

Helps corporations securely link their operations with

partners




Oracle Application Server Infrastructure:

Components

Oracle Application Server Infrastructure comprises the

identity and access management products:


Oracle Directory Integration

Platform

Oracle Application Server

Single Sign-On

Oracle Delegated

Administration Services


22/22

Summary

In this lesson, you should have learned to describe the

following:

Benefits of identity management

Identity management concepts and terminology

Oracle Identity and Access Management Suite

components

Documents

Oracle Access Manager