identity cloud service (idcs) cloud idcs overviewidcs/mod… · add yourself in whatsapp group...
TRANSCRIPT
/company/k21academy /k21academy /k21academy /k21academy [email protected]
Identity Cloud Service (IDCS)
Cloud IDCS Overview
Kirti Oracle IDCS Expert
Atul Kumar Oracle ACE & Author
Atul Kumar
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
2
Get Support: [email protected] (New Mail for Different Issue)
Add Yourself in WhatsApp Group
Unlimited Retake for Next 1 Years
Before Coming to Class: View Presentation & Look at Activity Guide
Ask as Many Questions as you can & make session interactive
Remind Us to Record the Session
Feedback Good/Bad to Trainer for improvement
Making Best of Your Training
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
3
Getting Help
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
4
Cloud Overview & Concepts
Cloud Service Model
Cloud Deployment Model
OCI VS OCI-C
Overview Identity & Access Management
IDCS Offerings & Pricing
IDCS Components & Entities
IDCS Login & Console
IDCS Admin Common Tasks
IDCS Integration
Summary
Agenda: Module
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
5
Cloud
Overview & Concepts
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
6
Multi-Tenant
Self Service
Elastic: Scale-Up | Scale-Down
Web Based
Automated
Pay As You Go Model
Modern Web Based Integration
Secure
Cloud Computing
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
7
Cloud Service Model
SaaS | PaaS | IaaS
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
8
Cloud Service Model
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
9
IaaS: Storage | Compute | Network
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
10
PaaS Platform as a Service
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
11
SaaS Software as a Service
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
12
Oracle SaaS| PaaS| SaaS
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
13
Cloud Deployment Model
Private (C@C) | Public | Hybrid
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
14
Cloud Deployment Model
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
15
Private Cloud C@C
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
16
Cloud Reference Architecture
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
17
Oracle IaaS
OCI VS OCI-C
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
18
OCI Classic is based on Nimbula (Xen based Hypervisor)
OCI have option to Bare Metal or VM (KVM based Hypervisor)
OCI has concept of Availability Domain, Compartment, Virtual Cloud Network (VCN)
OCI is currently limited to selected Regions but more in pipeline
You can deploy Database or EBS on both OCI as well as OCI Classic
OCI VS OCI-C
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
19
Overview
Identity & Access Management
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
20
IDCS Overview
Identity Cloud Service (IDCS) provides
Identity Management
Single Sign-On (SSO)
Identity Governance For
On-Premise
On Cloud
Mobile & Web Applications
IDCS integrates with existing directories & Identity management systems
Provides security for Oracle & Non Oracle Cloud or On-Premise Applications
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
21
IDCS Overview
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
22
Oracle IDM Solution
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
23
Oracle IDM On-Premise
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
24
IDM Functionality
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
25
IDM Product Suite
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
26
IDCS Cloud & On-Premise
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
27
IDCS
Offerings & Pricing
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
28
Feature Foundation Basic Standard
User, Group and Application Management Yes Yes Yes
Self Service Profile Update Yes Yes Yes
Account Provisioning for OPC Apps Yes Yes Yes
User Authentication Basic Yes Yes Yes
Number of Identities No limit No limit No limit
Company Branding and customization Yes Yes Yes
SSO to OPC apps (including federation and form fill) Yes Yes Yes
App Dev SDK Yes Yes Yes
Self User Registration Yes Yes
Self-Service Password Resets Yes Yes
Identity Sync from on-premises AD/OIM Connector Yes Yes
EBS Asserter Yes
Account Provisioning for non-OPC Apps Yes
Access Requests Yes
Social Identity Authentication Yes
Multi-Factor Authentication Yes
SSO to 3rd party Apps (including federation and form fill) Yes
Adaptive Security Yes
App Gate Yes
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
29
IDCS Features and License Tiers (March 2018)
Unit = Active User per Hour
License SKU PAYG MONTHLY FLEX
Identity Cloud Service – Basic
$0.0125 $0.0083
Identity Cloud Service – Standard
$0.06 $0.0400
Identity Cloud Service – Standard – Consumer User
$0.0075 $0.0050
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
30
IDCS UCC Rate Card
Available licenses
Identity Cloud Service – Basic
Identity Cloud Service – Standard
Identity Cloud Service – Standard – Consumer User
Enterprise Users only
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
31
Identity Cloud Service UCC Rate Card and Metric
Metric: Active User Per Hour
Active User per Hour: Is defined as a unique active user that interacts with the service through a specific
channel (website, mobile app, API, SMS) during a 1-hour period. Active users are tracked through the use of
audit logs, cookies, user id, tokens, device id, IP or session id. Access across multiple channels will be counted
as multiple active users on an hourly basis. An active user is tracked for each instance of the cloud service.
For the purpose of Oracle Identity Cloud Service, the interaction with the service consists of, but is not limited to
specific actions or events performed within the service (authentication, Single Sign On, user provisioning, step-
up authentication, password management, etc.).
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
32
Identity Cloud Service UCC Rate Card and Metric
A unique active user that consumes functionality of the service, per given device form factor (e.g.
Web/Mobile/API)
Number of billable events per active user does not matter within a given hour
E.g. User Joe can generate 1 billable event during the 9:00 hour, or 100 events. In either case, he is
counted as 1 Active User for the 9:00 hour.
Counted hourly (resets at the top of each hour)
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
33
IDCS Metric: Active User Per hour
Billing increments hourly, burning through available credits
Each User’s activity is billed per their consumed functionality
Billable events are tiered at Foundation/Basic/Standard rates; in any given hour, a user is billed at the
highest tier that events were generated in
E.g. if a user resets their password during a particular hour, we’ll count that under the Basic tier. Then,
during the same hour, if the user authenticates using MFA, we’ll bump up their tier for that hour to
Standard.
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
34
IDCS Metric: Active User Per hour
Start with estimated Active Usage per month
Then ask for 2 additional data points:
Estimated daily usage pattern (get sporadic usage patterns, if any)
Estimated usage pattern within a day
Use Pricing Calculator posted on IDCS Intranet
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
35
How does a customer estimate Active Usage per hour?
Billable Functionality Billed at License Rate
Self User Registration Basic / B2C Standard
Self-Service Password Resets Basic / B2C Standard
Identity Sync from AD/OIM Basic / B2C Standard
Account Provisioning/De-provisioning/Sync from non-OPC apps (manual or automated based on policy)
Standard / B2C Standard
Self-Service Access Requests Standard / B2C Standard
User Login via Social Auth Standard / B2C Standard
Multi-Factor Authentication Standard / B2C Standard
SSO to 3rd Party Apps (incl. Federation and Form Fill) Standard / B2C Standard
Adaptive Security Standard / B2C Standard
Note: Some of the above events are system-triggered, not user-triggered. For example, if a user’s group in AD changed, resulting in an AD sync event, then the user is counted as an active user during that particular hour – without having done any manual interaction with IDCS.
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
36
What user activity generates billing activity?
Functionality License Rate
User Bulk Creation or Management (e.g. Update, Delete, Lock, Change PW)
Foundation (free)
Group Management (e.g. Create, Update, Assign Users, Delete)
Foundation (free)
App Management (Add, Update, Delete apps from App Catalog)
Foundation (free)
Self-Service Profile Updates (incl. Change Password) Foundation (free)
Account Provisioning/De-provisioning/Sync to OPC apps (manual or automated based on policy)
Foundation (free)
User Login (User-Password) via Web/API/Mobile Foundation (free)
SSO to OPC apps (incl. Federation and Form Fill) Foundation (free)
What user activity is NOT billed?
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
37
IDCS Components & Entities
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
38
IDCS Components
Identity Domain
Construct to manage Users, Roles, and application integration through SSO & OAuth
Single Sign-On (SSO)
Process of login once and access multiple applications without re-authentication.
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
39
IDCS Components
Federation
Exchange of Identity Information between two parties SP & IdP
System for Cross-Domain Identity Management (SCIM)
open standard for automating exchange of identity information, based on REST+JSON. REST based
API for Create, Search, Update, Delete Identity (User/Group)
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
40
IDCS Components
Security Assertion Markup Language (SAML):
Protocol to exchange Authentication (ATN) & Authorization (ATZ) data (SAML Token) between
two parties one acting as Service Provider (SP) and another as Identity Provider (IdP)
OAuth 2.0:
provides clients, secure delegated access to resources on behalf of resource owner without sharing
password
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
41
IDCS Components
OpenID Connect (OIDC):
Identity Layer built on top of OAuth 2.0 that provides who is user that got authenticated, where,
when & How was user authenticated, what attributes user allowed to give, and why is user
providing.
Provides Federated SSO by using REST & JSON
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
42
IDCS Entities
Users:
User account to which resources are assigned
Groups
collection of users, assign application to user account
Applications
Enterprise Application that you want to protect via IDCS
Administrator Roles
administrative Functions to IDCS
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
43
IDCS
Login & Console
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
44
Login Cloud Account
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
45
User ATN Cloud Services
Two Methods to Login
Cloud Account with IDCS (Account Name)
Traditional Cloud Account (Identity Domain)
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
46
ATN Traditional Account
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
47
ATN Traditional Account
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
48
ATN IDCS
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
49
Cloud Dashboard
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
50
IDCS Console
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
51
IDCS
Common Tasks
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
52
Identity Domain Admin Tasks
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
53
Identity Domain Admin Tasks
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
54
Create Users on IDCS
Manual
Bulk using CSV
Synchronize from On-Premise AD or IDM
Identity Bridge for MS-AD
OIM Connector for IDCS
Federation: SAML 2.0 compliant
Identity Provider (IdP)
Service Provider (SP)
Manage Users
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
55
Cloud User IDCS
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
56
IDCS Customizations
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
57
IDCS Delegate Admin
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
58
Delegate Admin Roles
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
59
Delegate Admin Roles
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
60
Application Management
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
61
Password Policy
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
62
MFA
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
63
IDCS Integration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
64
EBS (R12) IDM Typical Integration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
65
EBS (R12) IDCS Integration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
66
OIM IDCS Integration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
67
WebLogic App & IDCS Integration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
68
Fusion Apps & IDCS Integration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
69
Module: Summary
Cloud Overview & Concepts
Cloud Service Model
Cloud Deployment Model
OCI VS OCI-C
Overview Identity & Access Management
IDCS Offerings & Pricing
IDCS Components & Entities
IDCS Login & Console
IDCS Admin Common Tasks
IDCS Integeration
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
70
http://facebook.com/k21Academy
http://twitter.com/k21Academy
https://www.linkedin.com/company/k21academy
https://www.youtube.com/k21academy
Find Us
www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved
71