Fusion IdM
Committed to delivering Oracle's state
of the art Identity & Access solutions
to enterprises across Europe,
Middle East and Africa
August 2012
2
IntroductionFusion IdM is one of the fastest growing consultancies which
specialises in the development and delivery of Identity
Management solutions within the EMEA region.
Fusion IdM delivers technology solutions that help companies
solve complex business problems, gain competitive advantage
and meet compliance requirements.
We understand that a successful IAM project requires not just
outstanding technical expertise, but effective governance,
robust executive sponsorship and organizational discipline.
We believe that developing a deep understanding of our
customers’ business processes and culture is just as important
as developing the right technical solution.
Our architectural philosophy emphasises simplicity and
elegance. We are firm proponents of loosely coupled
architectures that promote agility by embracing open standards
and minimal customization.
We believe that highly customised and over-engineered IAM
solutions have a tendency to become unmanageable over time,
as business processes and organizational needs can be
extremely fluid.
A successful IAM architecture must be elegant, scalable and
adaptable enough to respond to evolving business and
regulatory demands.
Furthermore, Fusion IdM understands the political and
organizational challenges that are inherent to most large IAM
projects.
To ensure the success of our customers in this notoriously
challenging field, we have developed a unique set of best
practices and guidelines for IAM implementations, based on our
vast experience of delivering complex enterprise IAM solutions
across a wide range of industry verticals.
Fusion IdM
3
More Than Just Identity ManagementThe first step along the IdM path is to build Oracle's powerful Identity management system to
manage users and their roles.
Once Identity Management system in place, you can easily get a better return on your investment
by including additional applications and managing user access to systems by using IdM's Self-
Service and approval workflows to enable users to directly request access to these services.
Automating your business processes by making full use of your IdM system, by speeding up the
approval life-cycle and provisioning of your IT systems. This will keep your users happy by
making the IT experience pleasant and, as a bonus, it reduces costs by freeing up Applications
administrators to concentrate on developing their systems.
ConsultantRecommendation
Oracle IAM Project Manager(Principal Consultant) at RBS (UK)
“Fusion IdM team memberworked well as a member ofthe Oracle project team. Hisstrong knowledge andexperience in Oracle IdentityManager and the requisitetechnical skills are impressive.The consultant was friendly andtook a practical approach towork and always willing to pickup new areas and complexpieces of work.”
Fusion IdM
IDENTITY & ACCESS
Business Workflows
Microsoft Sharepoint
User Self-Request
LDAP Applications
Portal Applications
Consultant Recommendation – Service Delivery Manager – Oracle ACS (UAE)
“An outright domain expert in the IAM arena with great in-depth knowledge of Oracle's IdM portfolio of solutions, The consultant is a great ally to have
in your team. He was constantly able to think and evaluate strategies to enable him to tackle most problems head on and be nimble and adaptable to
most situations. No matter how varied questions are, the consultant always managed to find time to answer each question in a useful and
comprehensive way.
He was a highly qualified consultant in Oracle Identity Management and has now earned reputation in the Middle East for his delivery capabilities. He
consistently delivered solutions necessary to achieve the highest level of quality for the End Client. He had the drive and energy to see complex
obstacles through to completion, guiding teams and clients through the entire lifecycle process, on time and within budget.”
Fusion IdM 4
Company EthosAt Fusion IdM, we take pride in building strategic long-term relationships with our
customers, partners and employees.
Our success so far has been built on a number of core company values that we strongly
believe in. �
QUALITY - Delivering excellent standards consistently.��
COLLABORATIVE – We work closely with you at all stages as a team and trusted
advisor to meet the business objectives.��
COMMITTED - An open and honest engagement with the client is crucial to Fusion
IdM, whilst emphasising application of best effort to meet timescales as well as high
quality standards.��
INNOVATION – Fusion IdM is constantly seeking out new technologies, tools and
products in order to maintain high technical standards �
ASSURANCE – With the experience gained from our engagements in many enterprise
projects, you can be sure of getting competent and knowledgeable consultants.
5Fusion IdM
Protecting Company InformationProtecting Com
pany Inform
ation
Self-Request, Business Process Automation, Approval Workflow
s & A
ccess Co
ntrols
Identity AdministrationSingle-Sign-On (SSO)
Directo
ry Services
compan
y assets & applications
Consultant Recommendation – Head of Architecture at William Hill (UK)
“I hired this consultant for the first time as we were starting a huge, complex Java based project at William Hill. We had a need of a Consultant of
architect calibre and he fitted the bill perfectly. Part of the project compromised of security issues, Authentication and Authorisation aspect and the
end-to-end project was delivered on time. The Quality and Skills involved in this project was to a very high standard thanks to this consultant. Even
though he was an external consultant, I was surprised by his level of dedication, commitment and effort put by him to get the job done! I have hired
this consultant on numerous occasions as he was my first choice every time I had a need on one of our projects. The consultant excelled both in
client facing as well as a fine technical architectural roles and I have no reservation whatsoever to recommend.”
6 Fusion IdM
A Specialist Company Fusion IdM is focused solely only on Oracle Identity Solutions.
But that's ok, because Oracle’s Identity and Access
Management product set is the market leader.
The Oracle suite is a comprehensive and complex set of
enterprise products – you need experts to guide you and help
you build your security solution.
The company founders are seasoned Identity and Access
Management experts with over 20 years of Oracle Identity
management experience between them.
Our consultants have worked on various very large scale and
complex national and international IdM engagements.
Identity Manager Access Manager Directory Services
Fusion IdM’s head office is based in London (UK), with plans for a second office in Dubai (UAE) in 2013.
Ente
rpris
e Security and Business Autom
ation
7Fusion IdM
Consultant Recommendation - IDAM Team Leader at Logica for NPIA project (UK)
“I have worked with a consultant from the Fusion IdM Team on an Identity management piece of a large, complex public sector project. We worked
closely with the requirements team to generate a working solution for user provision, work groups and certificate imports. He used diligence to ensure
a good understanding of the detailed requirements and was able to negotiate with the requirements team on areas which needed to be aligned with
the capabilities of the IdM product. He was able to deliver his tasks without any faults and in a timely manner. He works well in a large team and was
able to help/guide other members of the team. I found that he has wide and deep experience of Identity management systems and general computer
technologies. He has a very pragmatic approach while defining business solutions as this helped us define the short and long term road-map for the
implementation. I would be happy to work with him again.”
Our PeopleOver many years, our people have successfully implemented
some of the world’s largest and most complex IAM projects.
On some projects, where the technical scope is very wide
and IAM forms part of the solution, we are strategic
partners to some of the world’s largest and well known
systems integrators
The company comprises of well referenced and what are
considered to be some of the best consultants in the IdM field.
To extend our ability to engage in all areas of Government, many
of our consultants currently hold UK Security Clearance including
some with Enhanced Security Clearance, to enable them to work
on some of the most sensitive IAM projects.
Our AimTo become the preferred IdM partner for most of the world's largest IT companies.
Achieve Oracle Specialist Identity Partner status by 2013 to recognise our excellence
and quality of delivery for Oracle IAM solution delivery.
To be recognised as the one of the best IAM consultancies in the world.
To attain a 300% growth by the end of 2013 to allow us to easily handle multiple
enterprise assignments in this rapidly growing market.
Consulting Excellence
ConsultantRecommendation
Head of Oracle IAMDevelopment – OracleEMEA
“I represent Oracle's Identity &
Access Management
Development Organization in
EMEA region. I was involved in a
project with the consultant on
one big Telco client in EMEA.
This consultant came with
fantastic references from their
previous contract that increased
his credentials. The Oracle
Identity Management assignment
was a very complex one as it
meant dealing with more than 8
million users. The consultants
worked very closely with both the
external and internal teams and
in my experience, this was one of
the fastest project delivered, that
had this many users. The quality
of the delivery was to a very high
standard, and the Systems
Integrator wouldn't have
delivered this project without
these consultants which they
subcontracted. This consultant
was very knowledgeable, quick
learner and always thinking
“outside the box" for solution.”
Fusion IdM 8
9
Why Fusion IdM?With the experience of many implementations, we can minimise financial
risk as well as project delivery risks to client.
You will get a team with some of the most experienced and accomplished
consultants in the IAM marketplace. We focus solely on Identity and Access
Management to maintain our lead.
We have business advisors as well technical delivery specialists.
Working as a specialist team, we are able to cut through the large
overheads of major consulting practices.
We are please to engage in fixed price assignments.
ConsultantRecommendation
Oracle IdM ProjectManager at Lloyds TSB(UK)
“This consultant mpresses the
most with his diligent and
organized approach of
gathering the requirements and
moving forward in designing
the solution. I found the
consultant very well versed with
the ID and Access
Management and related
technologies. I had an
opportunity of successfully
implementing OIM and would
give Fusion IdM my highest
endorsement.”
Fusion IdM
Our Mission Statement
Fusion IdM was founded with a vision to deliver high qualityidentity solutions through a combination of commitment,knowledge and experience.
Consultant Recommendation - Head of Oracle IdM Team at KPN (Netherlands)
“The consultants has excellent development skills coupled with a very good knowledge of Oracle Identity Management. He worked autonomously to
complete his assignment and did not required and help or guidance at any stage of the engagement. Whilst on the KPN project, he were involved with
OIM, OIM API Libraries and the development of Web Services. He integrated very well with the team culture and did not have the 9 to 5 mentality. I was
very impressed by his level of commitment, his level of IdM expertise and documentation skills. He was a very personable and dedicated consultant
who was not afraid to deal with new challenges involved in different projects. In my experience, I would rate this consultant to be one of the Top 5% of
the IdM consultants I know and I would not hesitate to recommend his services to any clients.”
Fusion IdM 10
Industry Experiencezx Financial Institutions zx Public Services zx Mobile Network Providers zx Governmental Bodies zx Educational Institutions
Fusion IdM 11
Consultant Recommendation - Managing Consultant at IBM Global Business Services (Netherlands)
“I hired this consultant when I was the Program Manager for the Oracle Identity Management implementation, which is still considered the
biggest Oracle Identity implementation (8 Million customers). He was hired to build the Identity Management and the Access Management
part and the team was very keen on his configuration management skills. Even while being an expert in IdM, Access Management and Java
technology, he was always very open to discuss different ways to improve things. I would say that he is very knowledgeable with very good
experience on the conceptual and architectural level. The consultant was flying home (UK) on a weekly basis for 2 years and that didn't at
any moment diminish his commitment on the project.”
12 Fusion IdM
Company Capabilities Specialist Testing
Service management
Infrastructure designAssessment andfeasibility study
Proof of Concept
Governance, Riskand ComplianceStrategy
Project management
Development
Oracl
e I
dent
ity & Access M
anagem
ent
Oracle Identity ManagerOracle
Identity Analytics
Oracle Access Manager
Oracle Enterprise
Directory EE
Oracle ESSO
Oracle Internet Directory
13Fusion IdM
IdM SpecialitiesOur consultant's engagement in various enterprise IAM
projects, ensures that we have a broad range of experience
in Oracle Identity products. At the heart of Oracle's Identity
product set, is Oracle Identity Manager, and we have
extensive experience with this product.
The Business Requirement
The large company in this study, used Microsoft Sharepoint to
create many enterprise-wide business applications, for example,
time keeping, holiday requests, etc. The user scope of these
applications was varied - some applications were company-wide,
whilst other applications were owned and visible only to users
within their respective business areas.
The generic applications were provided to all users by default, but
for specialised applications, the users had to manually request
access. The process of obtaining access to these applications
was kick-started by request from the employees manager.
The administrators would have to confirm that the user was entitled
use the application by making enquiries about the users job title
and business area. Then the administrator granted the user
access to the specified Sharepoint application. This manual
process was time consuming for both administrators and
users as it involved lengthy investigative tasks, followed
by a manual task of adding the users membership to
the Sharepoint application.
Extending the Oracle IdM System
The Company had recently installed an Oracle IdM system. The
companies users (and their managers) were already uswing the
IdM system on a daily basis. The company wanted to enhance
their IdM syswtem and introduce further business efficiency - one
such area was the automation of user access to Sharepoint
applications. The answer was to introduce this automation by
making use of OIM's Self-Service facility, which was already
avilable to all users.
14 Fusion IdM
The Solution
The solution
involved identifying
groups of users by
business areas. Custom
OIM Request-Templates were created
using OIM's powerful APIs. This allowed
users new capability to request Sharepoint
applications relevant to their business area.
OIM Access policies were designed and
developed to support the provisioning user
memberships of AD security groups - this in turn
enabled/disables the user's access the applications. A
bulk load tool was developed to automatically build the
required OIM Request-Template framework to support
the self-request mechanism. The Self-Service Request
Template included group controls to filter applications by
business area.
A user submitting a Self-Request resulted in the generation of an approval
workflow process which was submitted to the users managers account.
Subsequently, the manager gets a notification of a new approval task.
Once the manager approves the request, the AD security group
membership is provisioned for the user and the user is then able to access
the Sharepoint application from his/her desktop. This whole process is
automated and operates without the involvement of the Sharepoint
administrators, who are now free from this mundane task.
Case Study Oracle IdM Customised to Manage User Membership for Sharepoint Applications
15Fusion IdM
Case Study Oracle IdM Customised for Automated Obsolete Entitlement RemovalThe Problem
After the Companies IdM system is developed, users are imported in to
the IdM system and then their roles and entitlements are imported from
the various target systems. For many of these users, their access
entitlements are the cumulative sum of access granted to them over
many years of service. Some of this access will still be required for their
current role, but other access will now be obsolete and redundant - this
is a security risk.
One solution to this problem is to use the IdM system to enforce
regimented business roles which provide specific access based on their
role in the company. However, in complex enterprise environments, the
introdiuction of such a strict approach would be an unacceptable,
drastic change - this sudden loss of access across the board, would be
reject by the business divisions.
There is a security requirement to automatically correct the users
entitlements to business roles by, gradually and automatically removing
redundant access entitlements.
The Solution
The solution is to use OIM's flexible and comprehensive customisation
capabilities. The OIM core capability for user roles was extended to
incorporate a new role "lifetime" capability. When a user is granted a role,
the role would valid for a limited life (for example 6 months). Just before
the end of this lifetime, the IdM system would detect an approaching
expiry date and send a reminder to the user, that his/her role is about to
expire in a few weeks.
If the user needs that role entitlement, the user has the option to re-arm
the role using OIM's Self-Request facility. This would move the expiry
date for this role further into the future. As part of the solution, the Self-
Request mechanism was extended to build a custom
Request-Templates framework to support this functionality. In addition,
custom schedule tasks were built to warn and expire for ageing roles.
The Result
The introduction of role lifetime mechanism, over time, automatically
removes redundant roles from users. Gradually the IdM system fulfills
its purpose of limiting access to only those entitlements which are
required for the employees to perform their assigned tasks. This role
cleansing process come into effect gently, gradually and with minimal
disruption to the Companies business divsions.
AUTOMATED EXPIRYOF
REDUNDANTROLES
Fusion IdMExcellence Securely Delivered
ContactRai Chadee ([email protected])
Fusion IdM Limited88-90 Hatton Garden, London,
EC1N 8PN, UK
T: +44 (0)207 993 6392 | M: +44 (0)7730 869 724