Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Oracle Identity Management.docx

Oracle Identity Management.docx

Ratings: (0)|Views: 7|Likes:
Published by SamaraTech
Consider this - You are the CIO/IT Director of a Small/Medium but fast growing business enterprise. You are the owner of many different small & large applications (custom software, mail, COTS applications, etc.) and systems (Windows/Unix systems, LDAP directories, etc.) that support your business. All of these applications and systems have their own authentication and authorization mechanisms that have to be maintained. Elaborate manual business processes have to be designed and implemented that control how users get access to different systems and options within those systems. All that effort and manual labor just to ensure that important information is secure and compartmentalized. And this does not even include the effort required to protect systems against deliberate malicious access.
Consider this - You are the CIO/IT Director of a Small/Medium but fast growing business enterprise. You are the owner of many different small & large applications (custom software, mail, COTS applications, etc.) and systems (Windows/Unix systems, LDAP directories, etc.) that support your business. All of these applications and systems have their own authentication and authorization mechanisms that have to be maintained. Elaborate manual business processes have to be designed and implemented that control how users get access to different systems and options within those systems. All that effort and manual labor just to ensure that important information is secure and compartmentalized. And this does not even include the effort required to protect systems against deliberate malicious access.

More info:

Categories:Types, Reviews
Published by: SamaraTech on May 14, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less

05/14/2014

pdf

text

original

 
Identity Management on a Budget
Consider this - You are the CIO/IT Director of a Small/Medium but fast growing businessenterprise. You are the owner of many different small & large applications (custom software,mail, COTS applications, etc.) and systems (Windows/Unix systems, LDAP directories, etc.) thatsupport your business. All of these applications and systems have their own authentication andauthorization mechanisms that have to be maintained. Elaborate manual business processeshave to be designed and implemented that control how users get access to different systemsand options within those systems. All that effort and manual labor just to ensure that importantinformation is secure and compartmentalized. And this does not even include the effort requiredto protect systems against deliberate malicious access.The options range from products by the big vendors (like Oracle & IBM) to various open sourceproducts. The problem is that each of these options are expensive to buy and complicated toimplement - requiring many man-years. Very often, this cost tends to run into 6-figures and mostCIOs balk at this and the effort required for implementing such solutions. Quite obviously,custom development of such a solution is also not very simple. So does that mean thatcentralized Identity Management is an unattainable dream? No at all. What is required is acertain amount of creativity in the implementation and the right partner to help bring that creativevision to life and Identity management on a BudgetTake the case of a particular large school district in the US east coast. They have a diverse andcomplex IT environment consisting of the Oracle E-Business Suite HRMS system, variouscustom applications built in Application Express, desktop & web-based COTS applications,desktop computers based on a variety of platforms, Google Apps cloud-based email services,iRecruitment (EBS again) system for external access and of course, a Microsoft Active Directorybased domain. Along with this, a very dynamic user environment where every employee in theorganization has access to some or the other IT services (maybe some only with email and theability to view and download their payslips) and where every year at the start of the school year,there is a massive change in the user base as contracted teachers leave who may or may notbe re-hired and other new teachers/employees are brought on board. The sheer managementand logistical problems are unimaginable -* IT needed to know when a new employee was brought on board and then go in and createuser accounts in a multitude of systems* Needed to design and enforce a standard user account generation methodology* Needed to know if the employee is new or was part of the district before* Promptly needed to disable all user accounts when someone's employment ended* Needed to know what level of access should be granted* Needed to implement self registration capabilities for external users and to control access for those user * Provided IT support for password resets, locked accounts and the likeTo top it all off, their processes and workflows were extremely complex and included things likecandidate hires, name changes, terminations, reverse terminations, etc. The need for an IdentityManagement solution was quite apparent. However, the problem again came down to the cost.Purchasing and implementing any such solution would have meant a huge outlay of funds that
 
were simply not available. This was because based upon their understanding at the very least,the following components would be required -* Directory Server that would act as the single repository of truth for user accounts* Identity Management solution that would handle all the workflows* Access Management solution that would provide single sign-on and policy enforcementcapabilitiesWith over 5000 employees and a much higher number of external users, the cost of licensesalone was prohibitive. As one of their trusted partners, we were asked to help. We started by mapping andunderstanding their business processes and also understanding the areas that were using upthe bulk of IT's time in administering. What we found was astounding:* The source of truth for all employee data was the EBS HRMS system* Source of truth for all external user data was the EBS iRecruitment system* Over 95% of the employees required access only to the email and online payslip services* There were only 4 repositories of user data - HRMS, iRecruitment, AD and Google Apps. All of them needed to stay in sync.* The bulk of the time that IT was spending was being done in creating new user accounts andproviding support for them - password resets, etc.* While true single sign-on (including email access) would be nice to have, that was *not* all thatimportant Armed with this information, we were able to work with the customer and provide a solutiondesign that was both cost effective and met most (but not all) of their automation needs.The solution we proposed included the following -* Oracle Internet Directory* Oracle Access Manager * Oracle Directory Integration PlatformDirectory Integration Platform (DIP) is an OID component that has traditionally handled the user provisioning & synchronization tasks between OID and other directories. However, it is verylimited in functionality and does not handle what-if scenarios very well. The complexity of thecustomer's business processes required that an extremely flexible component be utilized for theimplementation of the integration processes between EBS, OID, AD & Google. Oracle IdentityManager was the perfect choice for such a requirement - however, the cost was an obviousinhibiting factor. Additionally, OIM in itself is a very heavy application that requires significanteffort in daily maintenance and administration. Therefore, it was decided that the integrationwould be handled via a combination of DIP and custom processes (extensions to EBS) thatwould be responsible for the synchronization.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->