You are on page 1of 25

Oracle Identity and Access

Management Suite

Rafael Torres
Sr. Solutions Architect
Identity Management
Business Value

Identity management projects are much more

than technology implementations they drive
real business value by reducing direct costs,
improving operational efficiency and enabling
regulatory compliance.
Business Challenges

Trusted and Reliable Security

Efficient Adherence to Compliance

Lower Administrative
and Development Costs

Enable Online Business Networks

Better End-User Experience

Regulatory Compliance
Privacy & Security Regulations
Safe Harbor laws (EU & others)
Gramm Leach Bliley Act (GLB-Act)
US Patriot Act
US Homeland Security Policy Directive (HSPD-12)
Financial & Market Regulations
SOX (Sarbanes-Oxley or SarbOx)
Japanese SOX (expected in 2008)
Basel II
UK Companies Act
Oracle Differentiators

Most Comprehensive, Best-In-Class Suite

Hot-pluggable and Open

Application Centric Identity Management

Oracle Identity Management
Best-of-breed, Complete & Differentiated Portfolio

Area Oracle Sun CA HP IBM NOVL BMC

Federation Oracle Identity Federation P
Web Access Mgmt Oracle Access Manager
Web Svcs Security Oracle Web Services Manager
ESSO Oracle Enterprise Single Sign-On P
Del Admin Oracle Access Manager
Pwd. Mgmt. Oracle Identity Manager
Provisioning Oracle Identity Manager
Ent. Role Mgmt Oracle SmartRoles (TBA) P P P

Meta Directory Integration Platform

AuthN/PKI Oracle Certificate Authority
Virtual Dir Oracle Virtual Directory P

Directory Oracle Internet Directory P

P = Partnership

Faster ROI Higher Quality Lower Risk

Hot-pluggable, Heterogeneous Support
Portals Application/Web Servers

Applications Groupware

Directories Operating Systems


Application-Centric Identity Management
Comprehensive, loosely coupled, out-of-the-box
integrations with business applications

An integral component of a wider application

development and deployment framework

Architected for future SOA application environment

Identity management as a re-usable service for all

Oracle Identity and Access Management
Key Areas of Identity Management

Access Control
Single Sign-On
Identity Federation
Web Access Control
Web Services Security*
Identity Administration
User, Role Management
User Provisioning
Identity Infrastructure
Virtual Directory
*Oracle Web Services Manager licensed separately from the Identity
and Access Management Suite
Enterprise Identity Management
External Internal

SOA Delegated Customers Partners IT Staff Employees SOA

Applications Admin Applications
Identity Management Service
Access Management Identity Administration
Authentication & SSO Delegated Administration
Authorization & RBAC Self-Registration & Self-Service
Identity Federation User & Group Management

Auditing Monitoring
and and
Policy and Workflow
Reporting Management

Directory Services Identity Provisioning

LDAP Directory Agent-based
Meta-Directory Agentless
Virtual Directory Password Synchronization

Applications Systems & Repositories

ERP CRM OS (Unix) HR Mainframe NOS/Directories

Oracle Identity Manager

Automated user provisioning and
Rich, flexible connector framework
User-friendly request & policy wizards
Sophisticated workflow & reconciliation engines HRMS Workflow; Application
Unique compliance automation & reporting User Assign or Driven Identity
Benefits created or revoke System
removed in roles, Provision
Reduced administration cost
HR system privileges accounts and
Improved end user experience access rights
Critical for regulatory compliance
Improved security
Enables compliance via comprehensive audit history
and periodic attestation framework
Powers largest global provisioning implementation by
number of targets
Adapter Factory significantly lowers the TCO of
customers solutions over time
Oracle Identity Federation
Identity and trust sharing across business
partners, both as Service Provider (Hub) or
Identity Provider (Spoke)
Lightweight, multi-protocol gateway SAML,
Liberty, WS-Federation
Integrates with leading Identity Management
Reduced cost of interaction between business
Reduce administration cost
Deliver improved end user experience
Self-contained, easy to deploy solution
Flexible deployment configurations
Rich, 100% web-based configuration interfaces
for improved administrator and end user
Proven scalability - large production
Oracle Internet Directory
Full feature LDAP server with a
RDBMS data-store
Industry leading scalability and
HA capabilities
Strong Oracle Platform integration
VSLDAP certified and EAL4 compliant
Reduced operational cost with
Oracle Grid support
Seamless integration with Oracle Applications
and Products
RDBMS backend provides proven scalability &
Rich, built in auditing of all events and operations
Flexible data replication and redundancy features
Ships with built-in directory integration
Oracle Virtual Directory

Virtualization, Proxy, Join &

Modern Java & Web Services technology

Superior extensibility VDE DIRECTORY ENGINE
Scalable multi-site administration
Direct data access JOIN VIEW
Benefits Local
Perform Real-time directory integration Store

Accelerate application deployment

Lower development costs
Lightweight & flexible architecture
Supports true virtualization without local
cache, enabling stringent policy or privacy
Modular architecture supports the addition
of connectors to a wide array of identity
Oracle Access Manager
Multi-level, multi-factor authentication
Web and App server level authorization
Workflow driven Self-service & Delegated
administration Authentication
Services-based architecture eases integration with
existing IT infrastructure
Policy-based access management
Centralized and consistent security
across heterogeneous environments Authorization
Reduced administration cost
Increased IT governance and compliance
Administrative scalability via workflow and Identity Admin
Access control leverages up to date identity
Comprehensive auditing to a common database
Oracle Enterprise
Single Sign-on (ESSO) Suite
Oracle ESSO Logon Manager is an event-driven single sign-on
solution that eliminates the need for end users to remember and
manage their sign-on credentials
Oracle ESSO Password Reset enables end users to reset their
Windows password from a locked workstation (note: also
available stand-alone)
Oracle ESSO Authentication Manager enables end users to
authenticate with forms of strong authentication and grant
specific levels of access based on the form of authentication
Oracle ESSO Provisioning Gateway enables OIM to add, edit
and delete credentials within an end users Oracle ESSO
credential store
Oracle ESSO Kiosk Manager provides fast user switching and
sign-on/sign-off support for kiosk users
Oracle Identity and Access Management
Case Studies
Case Study Manitoba Telecom Services

Needed to integrate and rapidly deploy new and Oracle Identity and Access Management Suite
old services (Internet, mobile, TV, content, local Oracle Access Manager for Single Sign-
phone, and long distance phone)
On and Delegated Administration to head
Needed to provide head of household ability to of household
manage accounts and privileges for self and
other members of household Oracle Identity Federation for providing
system access to providers and consumers
Wanted to base new services on
telecommunication standards-based framework: of MTS services
IP Multi-media Subsystem (IMS) Oracle Internet Directory to provide robust
Wanted comprehensive technology to address in directory solution built on top of Oracle
internal users, external households, and both database
providers and consumers of MTS services Oracle Identity Manager (with 11
connectors) to provision employees to
internal systems


Initial deployment for Internet, TV, and Mobile customers

Planned to include VOIP Users and MTS supported ISP subscribers
Enables MTS to be competitive in a very competitive marketplace for telecom and multi-media content services
Case Study Scottish Government


Fragmented customer records and no single The Scottish Govt., National Infrastructure
source of Citizen info across Scottish Govt. Project selected Oracle Identity and Access
Need to integrate to the UK Government Management Suite beating out Software AG
Gateway so that users can access the Citizen Suite will integrate UK Govt. Gateway
Account (single, electronic customer record)
Working with Sopra, Newell and Budge as the
prime contract provider

IAM will authenticate Citizens and Govt. employees when they access the system either via the Council
Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal
site where the Citizen Account will be running
Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M
Citizens of Scotland where they can change personal details only once across multiple agencies as well as
enroll for entitlements
Problem: Passlogix was
Number one identified problem by USPS employees: too many instrumental in
Very large scale environment: 3 million users with over 155,000 helping the USPS
knowledge workers
Thousands of known applications, many beyond central IT reach solve its most
Very limited IT staff to implement and maintain
CTO wanted a solution that could be fully deployed in less than critical end user
a year
Solution: forgotten
Evaluated 7 different SSO vendors selected v-GO SSO passwords and
155,000 users deployed in less than 8 months
Over 7,000 applications enabled solve it quickly.
Helpdesk password calls dropped from >1,000 per day to an
average of 10 per day
Saved over $4 million per year
Bob Otto
Analyst Endorsements

Leader in User Provisioning!

Gartner, April 2006
[Oracle] has amassed a very strong
management team and IAM technology
Its IAM road map looks the best of all
More Analyst Endorsements
Oracles offering of IAM products now pushes ahead of other IAM
competitors such as BMC, Computer Associates International,
Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems
- Roberta Witty, Gartner (Nov 2005)

Oracle's acquisition of Thor and OctetString is a good move. These

acquisitions coupled with Oracle's unique application top down
approach to Identity Management will send ripples through the
- Mike Neuenschwander, Burton Group (Nov 2005)

Oracle has an advantage and early lead with its top down application
strategy that is aligned with customer needs.
- Chris Christiansen, IDC (Nov 2005)
Learn More
Learn the Technology
View whitepapers, buyers guides, and webinars

Try the Software

Visit OTN:
Download software, get technical information

Ask Our Experts

Call: 1-800-438-0626
Speak with an Identity Management specialist