oim poc1.0

Phase 1.0 POCMar 2010

Mohamed AtefMW Administrator

AGENDAAGENDA

• Why Oracle Identity Management• Etisalat Architecture for Identity Managment.• What is Oracle Identity Manager• Oracle Identity Manager Architecture• Identity Manager reconciliation and provisioning • Identity Manager Connector• Identity Manager certifies • POC

WHY ORACLE IDENTITY MANAGEMENTWHY ORACLE IDENTITY MANAGEMENT

Oracle Identity Management allows enterprises to manage end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more.

Oracle Identity Management is a member of the Oracle Fusion Middleware family of products, which brings greater agility, better decision-making, and reduced cost and risk to diverse IT environments today.

Oracle Identity Management SolutionsSingle Sign-On and Web Access Control:

Oracle Access Manager (Protecting resources at a point of access and delegating authentication and authorization decisions to a central authority, help secure web, J2EE and enterprise applications).

Oracle Enterprise Single Sign-On Suite Plus (Enterprise users can enjoy the benefits of single sign-on to all of their applications, whether they are connected to the corporate network, traveling away from the office, roaming between computers or working at a shared workstation).

Directory Services:

Oracle Internet Directory (Is an LDAP v3 compliant directory with meta-directory capabilities. It is built on the industry leading Oracle database and is fully integrated into Oracle Fusion Middleware and Oracle Applications).

Oracle Virtual Directory (Creating a secure application environment requires integration of existing user identity information. For some companies, that information is contained in databases. Others use LDAP directories or Windows Domains. For most, this information is scattered across multiple locations and multiple services, provides Internet and industry-standard LDAP and XML views of existing enterprise identity information, without synchronizing or moving data from its native locations).

Oracle Directory Server Enterprise Edition (Formerly “SUN Directory Server Enterprise Edition” is the best known directory server with proven large deployments in carrier and enterprise environments. It is also the most supported directory by ISVs, so it is ideal for heterogeneous environments. ODSEE provides a core directory service with embedded database, directory proxy, Active Directory (AD) synchronization and a Web administration console).

Oracle Authentication Services for Operating Systems (Oracle Authentication Services for Operating Systems provides centralized authentication and account management for Unix and Linux platforms. This page contains information to get you started with Oracle Authentication Services for Operating Systems.).

Oracle Identity Management SolutionsContent Access Control:

Oracle Information Rights Management (Formerly “SealedMedia” is a new form of information security technology that secures and tracks sensitive digital information everywhere it is stored and used, such as encrypting ("sealing") and classifying documents, emails and web pages, and the requirement to install Oracle IRM Desktop agent software on every end user device on which sealed information is created or used).

Strong Authentication:

Extended Identity Management Ecosystem (Organizations commonly have multiple security systems in place—one technology to secure physical access, another to secure legacy applications, and yet another to secure network access. To cope with these "silo'd" solutions, Oracle has partnered with best-of-breed ISVs to offer a central and effective means to enforce security policy across all enterprise resources. As part of the Oracle Identity Management Ecosystem, partner solutions seamlessly integrate into Oracle Identity Management solutions extend a common security and identity management framework across all enterprise applications).

Oracle Adaptive Access Manager (Oracle Adaptive Access Manager consists of two primary components that together create one of the most powerful and flexible weapons in the war against fraud. Adaptive Strong Authenticator provides multifactor authentication and protection mechanisms for sensitive information such as passwords, PINs, security questions, account numbers and other credentials).

Identity Administration:

Oracle Identity Manager (Formerly known as “Oracle Xellerate Identity Provisioning”, is a powerful and flexible enterprise identity management system that automatically manages users' access privileges within enterprise IT resources).

Oracle Role Manager (Previously known as “Bridgestream SmartRoles”, is an enterprise-class application for managing business and organizational role lifecycle management).

Oracle Identity Management SolutionsFederated Identity:

Oracle Identity Federation (Significantly reduces the need to create unnecessary identity in an enterprise directory and lowers the ongoing costs of partner integrations through support of industry federation standards, protects existing IT investments by integrating with a wide variety of data stores, user directories, authentication providers and applications)

Fine Grained Entitlements:

Oracle Entitlements Server (Secures access to application resources and software components (such as URLs, EJBs, and JSPs) as well as arbitrary business objects (such as customer accounts or patient records). Oracle Entitlements Server policies specify which users, groups, and/or roles can access application resources, allowing those roles to be dynamically resolved at runtime).

Oracle – Sun:

Oracle Waveset (Providesoperational and business efficiency by providing complete automation of user accounts and entitlements provisioning into a variety of enterprise business applications. Oracle Waveset integrates automated identity lifecycle management with identity auditing capabilities, and makes it possible to manage these processes at the business role level).

Oracle OpenSSO (Is a complete solution that provides Web access management, federated single sign-on and Web services security in a single, self-contained application).

ETISALAT IDENTITY MANAGEMENT ETISALAT IDENTITY MANAGEMENT ARCHITECTURE PHASE 1ARCHITECTURE PHASE 1

Oracle HRMS Administrator

Oracle Identity Manager Oracle HRMS

Active Directory

Users

Temp & Vendors Accounts

Self Registration

WHAT IS ORACLE IDENTITY MANAGERWHAT IS ORACLE IDENTITY MANAGER

Oracle Identity Manager is an application that handles and selectively automates tasks that manage a user’s access privileges. Such tasks include:

• Creating access privileges to resources for users.

• Modifying these privileges dynamically based on changes to user and business requirements.

• Removing these access privileges from users.

ORACLE IDENTITY MANAGER ORACLE IDENTITY MANAGER ARCHITECTUREARCHITECTURE

The architecture for Oracle Identity Manager:

• Is based on a Java 2 Enterprise Edition (J2EE) environment.

• Separates the platform’s Presentation, Server, and Data & Enterprise Integration tiers.

• Enables the creation of n levels of layers.

ORACLE IDENTITY MANAGER ORACLE IDENTITY MANAGER ARCHITECTUREARCHITECTURE

The Oracle Identity Manager architecture has three tiers:

Presentation tier Server tier Data & Enterprise Integration tier

TIER1: PRESENTATION TIERTIER1: PRESENTATION TIER

The Presentation tier of Oracle Identity Manager has two layers:

Presentation layer Two consoles for Oracle

Identity Manager: Administrative Console and Design Console

Dynamic Presentation Logic layer Logic for generating dynamic

pages for the Administrative Console by using JSPs, Java Servlets, XML, and JavaBeans

TIER2: SERVER TIERTIER2: SERVER TIER

The Server tier of Oracle Identity Manager is the interface between the Presentation and Data & Enterprise Integration tiers.

The application server for Oracle Identity Manager:

Resides in the Server tier. Provides the life-cycle management,

security, deployment, and run-time services to the logical components that support Oracle Identity Manager.

TIER2: SERVER TIERTIER2: SERVER TIER

The Server tier of Oracle Identity Manager supports:

Clustering Load balancing Security management Scheduling

TIER3: DATA & ENTERPRISE INTEGRATION TIER3: DATA & ENTERPRISE INTEGRATION TIERTIER

The Data & Enterprise Integration tier of Oracle Identity Manager has two layers:

Data Access layer Layer that has components, which Oracle

Identity Manager needs to communicate with its database.

Back-end Database layer Layer where the database resides.

TIER3: DATA & ENTERPRISE INTEGRATION TIER3: DATA & ENTERPRISE INTEGRATION TIERTIER The Back-end Database layer leverages the

following capabilities:

Clustering Standby database Replication

RECONCILIATION & PROVISIONING: RECONCILIATION & PROVISIONING: OVERVIEWOVERVIEW

Reconciliation is the process by which Oracle Identity Manager receives information from an external resource.

Provisioning is the process by which Oracle Identity Manager sends information to a target resource.

By using reconciliation and provisioning, Oracle Identity Manager can perform the following actions: Create a user record in a resource Modify the privileges that the user has with the resource Remove the user record from the resource

RECONCILIATION: TYPESRECONCILIATION: TYPES

There are two types of reconciliation that Oracle Identity Manager performs:

Trusted source reconciliation.

Targeted resource reconciliation.

RECONCILIATION: EVENTSRECONCILIATION: EVENTS

Oracle Identity Manager can perform three types of reconciliation events with an external resource:

Reconciliation Insert.

Reconciliation Update.

Reconciliation Delete.

PROVISIONING: TYPESPROVISIONING: TYPES

There are two types of provisioning that Oracle Identity Manager performs:

Day-one provisioning Initial creation of access privileges to resources for users. Removal of these privileges from users.

Day-two provisioning Dynamic modification of user privileges with resources, based on

changes to user and business requirements.

TRUSTED SOURCE RECONCILIATION: TRUSTED SOURCE RECONCILIATION: CONCEPTUAL DIAGRAMCONCEPTUAL DIAGRAM

Via provisioning and reconciliation, Oracle Identity Manager can build an accurate picture of the user identities that it manages in both a trusted source and a target resource.

1

Reconciliation flow

Provisioning flow

Targetresource

(for example, an Oracle HRMS)

Administrator End userTrustedsource

(for example, Active Directory)

TARGET RESOURCE RECONCILIATION: TARGET RESOURCE RECONCILIATION: CONCEPTUAL DIAGRAMCONCEPTUAL DIAGRAM

Via provisioning and reconciliation, Oracle Identity Manager can build an accurate picture of the user identities it manages in both a trusted source and a target resource.

Reconciliation flow

Provisioning flow

2End user AdministratorTrustedsource

(for example, a Active Directory)

Targetresource

(for example, an Oracle HRMS)

ORACLE IDENTITY MANAGER CONNECTOR: ORACLE IDENTITY MANAGER CONNECTOR: OVERVIEWOVERVIEW

An Oracle Identity Manager connector is a container that holds all of the information that Oracle Identity Manager needs to:

Reconcile with an external resource.

Provision a user with a target resource.

ORACLE IDENTITY MANAGER CONNECTOR: ORACLE IDENTITY MANAGER CONNECTOR: COMPONENTSCOMPONENTS

A connector must have the following seven components:

IT resource type. IT resource. Process form. Process task adapter. Resource object. Provisioning process. Process task.

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP1MANAGER CONNECTOR: STEP1

Create an IT resource type. This record represents the classification type, parameter fields, and encryption settings that are associated with a resource.

IT resource type 1


This screenshot illustrates an IT resource type for an Oracle HRMS. There is a one-to-one relationship between the IT resource type and the connector. That is, each connector should have only one IT resource type.


Define an IT resource. This record contains the values that Oracle Identity Manager needs to communicate with a resource and access it as a system administrator (for provisioning or reconciliation purposes).

IT resource

IT resource type

2

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP2MANAGER CONNECTOR: STEP2 This screenshot illustrates an IT resource for an Oracle HRMS. There is a

one-to-one relationship between the IT resource and the system, service, or application that it represents. If you have four resources, you would thus have four IT resources.


Create a custom process form. This record is a central housing mechanism that holds everything that Oracle Identity Manager needs to either provision a user to a target resource or reconcile a user with an external resource.

IT resource type

Customprocess

form3

IT resource


This screenshot illustrates a custom process form for an Oracle HRMS.

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP4MANAGER CONNECTOR: STEP4 Build a process task adapter. This piece of Java code is used by Oracle

Identity Manager to automate the completion of a provisioning process task.

IT resource

IT resource type

Customprocess

formProcess task adapter4

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP4MANAGER CONNECTOR: STEP4 A process task adapter automates the creation of a user’s account in an

Oracle HRMS. There is a one-to-one relationship between the adapter and a process task: each task can be associated with only one adapter.

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP5MANAGER CONNECTOR: STEP5 Define a resource object. This record is a virtual representation of a

resource and contains everything needed to either provision a user to that resource or reconcile a user with it.

IT resource

IT resource type

Resource object

Customprocess

formProcess task adapter

5

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP5MANAGER CONNECTOR: STEP5 Example of a resource object for an Oracle HRMS

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP6MANAGER CONNECTOR: STEP6 Create a provisioning process. This record contains the steps that Oracle Identity

Manager must complete to perform provisioning or reconciliation with a particular resource.

IT resource

IT resource type

Resource object

Provisioning processCustomprocess

formProcess task adapter

6


There is a 1-to-1 relationship between a provisioning process and the workflow that it represents. If you have two resource-related workflows, you should have two processes.

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP7MANAGER CONNECTOR: STEP7 Create a process task.

IT resource

IT resource type

Resource object


form

Process task adapterProcess task 7


Example of a process task that Oracle Identity Manager uses to create a user’s account in an Oracle HRMS

CONSTRUCTING AN ORACLE IDENTITY CONSTRUCTING AN ORACLE IDENTITY MANAGER CONNECTOR: STEP8MANAGER CONNECTOR: STEP8 Attach the process task adapter to the process task.

IT resource

IT resource type

Resource object


form

Process task adapterProcess task

8


Example of a process task adapter being connected to a process task to create a user’s account in an Oracle HRMS

ORACLE IDENTITY MANAGER CONNECTORS ORACLE IDENTITY MANAGER CONNECTORS LISTLIST Collaboration and Messaging Applications:

IBM Lotus Notes/Domino Microsoft Exchange Novell GroupWise

Database: IBM DB2/UDB Database Microsoft SQL Server Database Oracle Database Sybase ASE Database

Directory Services: Microsoft Active Directory Microsoft Active Directory Password Synchronization Novell e-Directory Oracle Internet Directory Sun Java System Directory

ORACLE IDENTITY MANAGER CONNECTORS ORACLE IDENTITY MANAGER CONNECTORS LISTLIST Enterprise Business Applications:

JD Edwards Enterprise One Oracle e-Business User Management Oracle e-Business Employee Reconciliation Oracle Retail Warehouse Management System PeopleSoft Employee Reconciliation PeopleSoft User Management SAP User Management SAP Employee Reconciliation SAP CUA SAP Enterprise Portal Siebel User Management

Help Desk: BMC Remedy User Management BMC Remedy Ticket Management

ORACLE IDENTITY MANAGER CONNECTORS ORACLE IDENTITY MANAGER CONNECTORS LISTLIST Security Applications:

CA ACF2 Advanced CA Top Secret Advanced IBM RACF Standard IBM RACF Advanced RSA Authentication Manager

Web Access Control: RSA ClearTrust

ORACLE IDENTITY MANAGER CERTIFIED ORACLE IDENTITY MANAGER CERTIFIED OPERATING SYSTEMSOPERATING SYSTEMSOracle Identity Manager release 9.1.0.2 is certified for the following operating systems:

■ AIX 5L Version 5.3 (pSeries 64-bit)

■ Microsoft Windows Server 2003 R2 (Intel x86 32-bit and EM64T/AMD 64-bit)

■ Microsoft Windows Server 2003 R2 (Itanium 64-bit)

■ Microsoft Windows Vista Ultimate

■ Oracle Enterprise Linux 4 and 5 (Intel x86 32-bit and EM64T/AMD 64-bit)

■ Oracle Virtualization Machine - OEL4

■ Red Hat Enterprise Linux AS Release 4 and 5 (Intel x86 32-bit and EM64T/AMD

64-bit)

■ Red Hat Enterprise Linux AS Release 4 (Itanium 64-bit)

■ Solaris Operating System 10 (UltraSparc 64-bit)

■ HP-UX 11.23 (PA-RISC/Itanium 64-bit)

■ SUSE Linux Enterprise 10 (Intel x86 32-bit and EM64T/AMD 64-bit)

■ SUSE Linux Enterprise Server 10 (Itanium 64-bit)

ORACLE IDENTITY MANAGER CERTIFIED ORACLE IDENTITY MANAGER CERTIFIED APPLICATION SERVERSAPPLICATION SERVERSOracle Identity Manager release 9.1.0.1 is certified for the following application servers:

■ Oracle WebLogic Server 10.3

■ IBM WebSphere Application Server 6.1.0.19 and later fix packs (that is, 6.1.0.19 and later)

■ JBoss Application Server 4.2.3 GA

■ Oracle Application Server 10.1.3.3 and later (Upgrade patch 10.1.3.3 applied on top of the base package bundled in Oracle SOA Suite 10g Release 10.1.3.1)

ORACLE IDENTITY MANAGER CERTIFIED ORACLE IDENTITY MANAGER CERTIFIED DATABASESDATABASESOracle Identity Manager release 9.1.0 is certified for the following databases:

■ Oracle Database Deployment

- Oracle9i Database Enterprise Edition release 9.2.0.8

- Oracle Database 10g Enterprise Edition release 10.1.0.5 and later patch sets

(that is, 10.1.0.6 and later)

- Oracle Database 10g Standard Edition and Enterprise Edition release 10.2.0.1and later

- Oracle Database 11g Standard Edition and Enterprise Edition release 11.1.0.6

and later patch sets

■ Oracle RAC Deployment



POC: SCOPEPOC: SCOPE Oracle Identity Manager work in two flows automatically

Reconciliation employees from Oracle HRMS Provisioning records to Active Directory.

Reconciliation flow

Provisioning flow

Active Director Oracle HRMS

POC: DEMOPOC: DEMO Add new employee record in Oracle HRMS..

POC: DEMOPOC: DEMO Add generic responsibility to employee staff ..

POC: DEMOPOC: DEMO Employees data recorded from Oracle HRMS to Oracle Identity Manager.

POC: DEMOPOC: DEMO Synchronized employee data with Oracle Identity Manager user fields.

POC: DEMOPOC: DEMO Provisioned employee record to Active Directory through Oracle Identity Manager.

POC: DEMOPOC: DEMO Employee data at Active Directory.

oim poc1.0

Documents

oracle identity managementis

oracle applications

identity administration

unnecessary identity

identity managment

identity management

enterprise directory

oracle enterprise single