identity cloud service (idcs) cloud idcs overviewidcs/mod… · add yourself in whatsapp group...

/company/k21academy /k21academy /k21academy /k21academy [email protected]

Identity Cloud Service (IDCS)

Cloud IDCS Overview

Kirti Oracle IDCS Expert

Atul Kumar Oracle ACE & Author

Atul Kumar

www.k21academy.com/community © Copyright 2019 | K21 Academy | All Rights Reserved

2

Get Support: [email protected] (New Mail for Different Issue)

Add Yourself in WhatsApp Group

Unlimited Retake for Next 1 Years

Before Coming to Class: View Presentation & Look at Activity Guide

Ask as Many Questions as you can & make session interactive

Remind Us to Record the Session

Feedback Good/Bad to Trainer for improvement

Making Best of Your Training


3

mailto:[email protected]





[email protected]

Getting Help


4


Cloud Overview & Concepts

Cloud Service Model

Cloud Deployment Model

OCI VS OCI-C

Overview Identity & Access Management

IDCS Offerings & Pricing

IDCS Components & Entities

IDCS Login & Console

IDCS Admin Common Tasks

IDCS Integration

Summary

Agenda: Module


5

Cloud

Overview & Concepts


6

Multi-Tenant

Self Service

Elastic: Scale-Up | Scale-Down

Web Based

Automated

Pay As You Go Model

Modern Web Based Integration

Secure

Cloud Computing


7

Cloud Service Model

SaaS | PaaS | IaaS


8

Cloud Service Model


9

IaaS: Storage | Compute | Network


10

PaaS Platform as a Service


11

SaaS Software as a Service


12

Oracle SaaS| PaaS| SaaS


13


Private (C@C) | Public | Hybrid


14



15

Private Cloud C@C


16

Cloud Reference Architecture


17

Oracle IaaS

OCI VS OCI-C


18

OCI Classic is based on Nimbula (Xen based Hypervisor)

OCI have option to Bare Metal or VM (KVM based Hypervisor)

OCI has concept of Availability Domain, Compartment, Virtual Cloud Network (VCN)

OCI is currently limited to selected Regions but more in pipeline

You can deploy Database or EBS on both OCI as well as OCI Classic

OCI VS OCI-C


19

Overview

Identity & Access Management


20

IDCS Overview

Identity Cloud Service (IDCS) provides

Identity Management

Single Sign-On (SSO)

Identity Governance For

On-Premise

On Cloud

Mobile & Web Applications

IDCS integrates with existing directories & Identity management systems

Provides security for Oracle & Non Oracle Cloud or On-Premise Applications


21

IDCS Overview


22

Oracle IDM Solution


23

Oracle IDM On-Premise


24

IDM Functionality


25

IDM Product Suite


26

IDCS Cloud & On-Premise


27

IDCS

Offerings & Pricing


28

Feature Foundation Basic Standard

User, Group and Application Management Yes Yes Yes

Self Service Profile Update Yes Yes Yes

Account Provisioning for OPC Apps Yes Yes Yes

User Authentication Basic Yes Yes Yes

Number of Identities No limit No limit No limit

Company Branding and customization Yes Yes Yes

SSO to OPC apps (including federation and form fill) Yes Yes Yes

App Dev SDK Yes Yes Yes

Self User Registration Yes Yes

Self-Service Password Resets Yes Yes

Identity Sync from on-premises AD/OIM Connector Yes Yes

EBS Asserter Yes

Account Provisioning for non-OPC Apps Yes

Access Requests Yes

Social Identity Authentication Yes

Multi-Factor Authentication Yes

SSO to 3rd party Apps (including federation and form fill) Yes

Adaptive Security Yes

App Gate Yes


29

IDCS Features and License Tiers (March 2018)

Unit = Active User per Hour

License SKU PAYG MONTHLY FLEX

Identity Cloud Service – Basic

$0.0125 $0.0083

Identity Cloud Service – Standard

$0.06 $0.0400

Identity Cloud Service – Standard – Consumer User

$0.0075 $0.0050


30

IDCS UCC Rate Card

Available licenses

Identity Cloud Service – Basic

Identity Cloud Service – Standard

Identity Cloud Service – Standard – Consumer User

Enterprise Users only


31

Identity Cloud Service UCC Rate Card and Metric

Metric: Active User Per Hour

Active User per Hour: Is defined as a unique active user that interacts with the service through a specific

channel (website, mobile app, API, SMS) during a 1-hour period. Active users are tracked through the use of

audit logs, cookies, user id, tokens, device id, IP or session id. Access across multiple channels will be counted

as multiple active users on an hourly basis. An active user is tracked for each instance of the cloud service.

For the purpose of Oracle Identity Cloud Service, the interaction with the service consists of, but is not limited to

specific actions or events performed within the service (authentication, Single Sign On, user provisioning, step-

up authentication, password management, etc.).


32

Identity Cloud Service UCC Rate Card and Metric

A unique active user that consumes functionality of the service, per given device form factor (e.g.

Web/Mobile/API)

Number of billable events per active user does not matter within a given hour

E.g. User Joe can generate 1 billable event during the 9:00 hour, or 100 events. In either case, he is

counted as 1 Active User for the 9:00 hour.

Counted hourly (resets at the top of each hour)


33

IDCS Metric: Active User Per hour

Billing increments hourly, burning through available credits

Each User’s activity is billed per their consumed functionality

Billable events are tiered at Foundation/Basic/Standard rates; in any given hour, a user is billed at the

highest tier that events were generated in

E.g. if a user resets their password during a particular hour, we’ll count that under the Basic tier. Then,

during the same hour, if the user authenticates using MFA, we’ll bump up their tier for that hour to

Standard.


34

IDCS Metric: Active User Per hour

Start with estimated Active Usage per month

Then ask for 2 additional data points:

Estimated daily usage pattern (get sporadic usage patterns, if any)

Estimated usage pattern within a day

Use Pricing Calculator posted on IDCS Intranet


35

How does a customer estimate Active Usage per hour?

Billable Functionality Billed at License Rate

Self User Registration Basic / B2C Standard

Self-Service Password Resets Basic / B2C Standard

Identity Sync from AD/OIM Basic / B2C Standard

Account Provisioning/De-provisioning/Sync from non-OPC apps (manual or automated based on policy)

Standard / B2C Standard

Self-Service Access Requests Standard / B2C Standard

User Login via Social Auth Standard / B2C Standard

Multi-Factor Authentication Standard / B2C Standard

SSO to 3rd Party Apps (incl. Federation and Form Fill) Standard / B2C Standard

Adaptive Security Standard / B2C Standard

Note: Some of the above events are system-triggered, not user-triggered. For example, if a user’s group in AD changed, resulting in an AD sync event, then the user is counted as an active user during that particular hour – without having done any manual interaction with IDCS.


36

What user activity generates billing activity?

Functionality License Rate

User Bulk Creation or Management (e.g. Update, Delete, Lock, Change PW)

Foundation (free)

Group Management (e.g. Create, Update, Assign Users, Delete)

Foundation (free)

App Management (Add, Update, Delete apps from App Catalog)

Foundation (free)

Self-Service Profile Updates (incl. Change Password) Foundation (free)

Account Provisioning/De-provisioning/Sync to OPC apps (manual or automated based on policy)

Foundation (free)

User Login (User-Password) via Web/API/Mobile Foundation (free)

SSO to OPC apps (incl. Federation and Form Fill) Foundation (free)

What user activity is NOT billed?


37



38

IDCS Components

Identity Domain

Construct to manage Users, Roles, and application integration through SSO & OAuth

Single Sign-On (SSO)

Process of login once and access multiple applications without re-authentication.


39

IDCS Components

Federation

Exchange of Identity Information between two parties SP & IdP

System for Cross-Domain Identity Management (SCIM)

open standard for automating exchange of identity information, based on REST+JSON. REST based

API for Create, Search, Update, Delete Identity (User/Group)


40

IDCS Components

Security Assertion Markup Language (SAML):

Protocol to exchange Authentication (ATN) & Authorization (ATZ) data (SAML Token) between

two parties one acting as Service Provider (SP) and another as Identity Provider (IdP)

OAuth 2.0:

provides clients, secure delegated access to resources on behalf of resource owner without sharing

password


41

IDCS Components

OpenID Connect (OIDC):

Identity Layer built on top of OAuth 2.0 that provides who is user that got authenticated, where,

when & How was user authenticated, what attributes user allowed to give, and why is user

providing.

Provides Federated SSO by using REST & JSON


42

IDCS Entities

Users:

User account to which resources are assigned

Groups

collection of users, assign application to user account

Applications

Enterprise Application that you want to protect via IDCS

Administrator Roles

administrative Functions to IDCS


43

IDCS

Login & Console


44

Login Cloud Account


45

User ATN Cloud Services

Two Methods to Login

Cloud Account with IDCS (Account Name)

Traditional Cloud Account (Identity Domain)


46

ATN Traditional Account


47

ATN Traditional Account


48

ATN IDCS


49

Cloud Dashboard


50

IDCS Console


51

IDCS

Common Tasks


52

Identity Domain Admin Tasks


53

Identity Domain Admin Tasks


54

Create Users on IDCS

Manual

Bulk using CSV

Synchronize from On-Premise AD or IDM

Identity Bridge for MS-AD

OIM Connector for IDCS

Federation: SAML 2.0 compliant

Identity Provider (IdP)

Service Provider (SP)

Manage Users


55

Cloud User IDCS


56

IDCS Customizations


57

IDCS Delegate Admin


58

Delegate Admin Roles


59

Delegate Admin Roles


60

Application Management


61

Password Policy


62

MFA


63

IDCS Integration


64

EBS (R12) IDM Typical Integration


65

EBS (R12) IDCS Integration


66

OIM IDCS Integration


67

WebLogic App & IDCS Integration


68

Fusion Apps & IDCS Integration


69

Module: Summary

Cloud Overview & Concepts

Cloud Service Model


OCI VS OCI-C

Overview Identity & Access Management

IDCS Offerings & Pricing


IDCS Login & Console

IDCS Admin Common Tasks

IDCS Integeration


70

http://facebook.com/k21Academy

http://twitter.com/k21Academy

https://www.linkedin.com/company/k21academy

https://www.youtube.com/k21academy

Find Us


71

http://facebook.com/k21technologies

http://facebook.com/k21technologies

http://twitter.com/k21technologies

http://twitter.com/k21technologies

https://www.linkedin.com/company/k21technologies

https://www.linkedin.com/company/k21technologies

https://www.youtube.com/user/k21technologies

https://www.youtube.com/k21academy

identity cloud service (idcs) cloud idcs overviewidcs/mod… · add yourself in whatsapp group...

Documents