Monday Nov 24, 2014

Gartner Identity & Access Management Summit, Dec 2-4, 2014 w. Amit Jasuja

Register Now for Gartner Identity and Access Management Summit, Dec 2-4, 2014


Join Platinum Sponsor Oracle in at Caesar's Palace Las Vegas
Oracle Session
: Revolution or Evolution: Unlocking The Potential of The New Digital Economy
Speaker: Amit Jasuja, Senior Vice President, Development Java & Identity Management Products, Oracle
Oracle Session Schedule: Tuesday, December 2, 2014 - 10:45 a.m. – 11:30 a.m - Octavius 22

Abstract: As organizations consume an increasing number of mobile and cloud apps, identity management becomes fragmented. Organizations have inconsistent access policies and lose visibility into who has access to what. To avoid these risks and costs, they are increasingly adopting a strategy of extending enterprise identity services to the cloud. This presentation explores how organizations are using Identity Management to give users access to all their data from any device while providing an intelligent centralized view into user access rights across mobile, cloud and enterprise environments. See how Oracle Identity Management can securely accelerate your adoption of mobile and cloud applications.

Visit the Oracle Platinum Sponsor Booth
Attendees can meet with Oracle Solution experts and discuss how Oracle Identity Management can securely accelerate your adoption of mobile and cloud applications.

Oracle Demos will Showcase:

Identity Governance
Given the state of our economy these days, with high number of data breaches and unauthorized access to sensitive information assets, it is no wonder this is one of the biggest threats an organization is concerned with these days. Ensuring proper vetted access and visibility into highly privileged accounts and entitlements is critical to ensuring a sound security practice.

This demo showcases Oracle’s Identity Management Solution, highlighting the differentiated value proposition of an integrated and converged Identity Governance, Access Management and Privileged Accounts Management approach.

We will show the following capabilities:

  • Self Service Access Request
  • Integrated OIM Catalog with OPAM entitlements
  • Multi approval workflow with temporal grants and authorizations
  • 2-Factor authentication with Oracle Mobile Authenticator
  • Recording of a privileged access (Windows session recording)
  • Execution of a certification campaign with both normal and privileged entitlements
Mobile & Cloud Access Management
  • Unified Self Service Console and Delegated Admin Console (OIG) extended to Mobile
    • App and device level policies, app inventory
    • View user, request for roles and invite user to register device
    • Automated device configuration and Secure Workspace app installation
    • Data leakage prevention policies
  • Application access via Secure Workspace
    • Show applications being provisioned as part of the role assignment above. This would also include link to the IdaaS portal in the secure workspace.
    • Click on the link and you are Single Sign on to the IdaaS portal.
  • Cloud Application access scenarios in IdaaS:
    • Access Document Cloud Service – Simple Federated SSO.
    • Access Fusion HCM and be prompted for a 2 factor auth using OMA.

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and follow the Identity Management blog.

Thursday Nov 20, 2014

Advanced Registration Now Open for new Oracle Mobile Security Primer eBook

Today, just as organizations are starting to understand the first wave of the mobile revolution, there are now numerous demands being placed on IT to support the second wave as new generation devices and applications are coming online to take advantage of these new capabilities in today’s corporate environment.


Register now to gain access to the new eBook: Oracle Mobile Security Primer as soon as it is published.


The Oracle Mobile Security Primer will provide a deeper understanding of not only the fundamentals, but also the complex issues related to mobile security in today’s corporate mobility environment. If you maintain the role of a mobility planner, security architect, CISO, security director, IT director, operations manager or just simply want to stay up on the latest trends around mobile security, then pre-register for this new eBook: Oracle Mobile Security Primer.


Some of the areas covered in this eBook:

  • A look at the changing mobile and business requirements
  • Deep dive in the technologies used to secure the mobile platform today
  • Containerization and application management
  • The role Identity Management plays on the mobile device
  • The broader view of securing the mobile stack

Registration will allow Oracle to provide notification to you upon its availability in both eBook and printed form by McGraw-Hill.

www.mhprofessional.com/mobsec

Tuesday Nov 18, 2014

Oracle Partner AmerIndia is now Avancer

Oracle Partner and Identity Management solution provider AmerIndia is now Avancer!


(read about the change here)

In a previous guest blog post supporting a webinar (see below) with Avancer, "Embracing Mobility in the Workspace using Oracle API Gateway", we explained how Oracle API Gateway (OAG), Oracle Access Management (OAM) and Oracle Entitlement Server (OES) can be managed to effectively support mobile devices.

"By 2015, over 80% of handsets in mature markets will be smart phones.” - Gartner Research



While mobile devices have evolved to better suit the needs of consumers they've also traded away security to ensure usability. These trade-offs increasingly contribute to security risks when such devices connect to the enterprise resources.

These security risks can be addressed in an effective manner to protect precious company resources and comply with increasingly strict regulations. Mobile Access management solution using Oracle API Gateway technology unifies enterprise resources and cloud-based resources across network boundaries to mobile devices. This solution assures enhanced security, regulatory compliance, improved governance, and increased productivity.

Watch the webinar replay as experts from Avancer and Oracle discuss Mobility in the Enterprise and the implications that BYOD have on the security postures of the organization along with the steps that can be taken to reduce risk.


Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and right here in the Identity Management blog.

Friday Nov 14, 2014

IDM in the Enterprise: Best Practices Blog Series with Infosys

Last week we finished up with the four-part series of must read-read articles for anyone working with Oracle Identity Management in large enterprise environments.

Thanks to the authors, Abhishek Nair, Rajesh Gaddam, and Vikesh Parmar, Senior Technology Architects with the Enterprise Security and Risk Management (ESRM) practice at Infosys Limited*, the response has been outstanding and marked some of the highest readerships ever in the OracleIDM blog.

To read or re-read the series:

Part 1: Design Considerations:
Implementing Oracle Identity Management for Large Enterprises
by Abhishek Nair - Building an abstraction layer to allow for consolidation of identity, account and access information from OIM and other enterprise sources.

Part 2: Disconnected Application Framework in OIM 11g R2 PS1
by Rajesh Gaddam - Exploring further on theme of how organizations can earn an accelerated ROI from the new IDM infrastructure by adopting the Disconnected Application framework.

Part 3: Best Practices: Implementing SSL in Oracle Identity Manager
by Rajesh Gaddam - A practical approach to enabling SSL between Oracle Identity Manager (OIM), a load balancer and Service-Oriented Architecture (SOA).

Part 4: Enterprise Role Definition: Best Practices and Approach
by Vikesh Parmar - Role definition is a critical step in deploying any RBAC system. This article presents the details of a hybrid approach to implementation.

*Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner


Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and right here in the Identity Management blog.

Sunday Nov 09, 2014

Oracle at Gartner Identity and Access Management Summit - Dec 2nd - 4th, 2014 in Las Vegas

Join Amit Jasuja, Senior Vice President, Development Java & Identity Management Products, Oracle, at the Gartner Identity and Access Management Summit running from December 2nd to 4th, 2014, at which Oracle is proud to be a Platinum sponsor.

Oracle Session: Revolution or Evolution: Unlocking The Potential of The New Digital Economy
Speaker: Amit Jasuja, Senior Vice President, Development Java & Identity Management Products, Oracle
Oracle Session Schedule: Tuesday, December 2, 2014 - 10:45 a.m. – 11:30 a.m - Octavius 22
Abstract: As organizations consume an increasing number of mobile and cloud apps, identity management becomes fragmented. Organizations have inconsistent access policies and lose visibility into who has access to what. To avoid these risks and costs, they are increasingly adopting a strategy of extending enterprise identity services to the cloud. This presentation explores how organizations are using Identity Management to give users access to all their data from any device while providing an intelligent centralized view into user access rights across mobile, cloud and enterprise environments. See how Oracle Identity Management can securely accelerate your adoption of mobile and cloud applications.

Oracle Booth
Attendees can meet with Oracle Solution experts and discuss how Oracle Identity Management can securely accelerate your adoption of mobile and cloud applications.

Oracle Demos will Showcase:

Identity Governance
Given the state of our economy these days, with high number of data breaches and unauthorized access to sensitive information assets, it is no wonder this is one of the biggest threats an organization is concerned with these days. Ensuring proper vetted access and visibility into highly privileged accounts and entitlements is critical to ensuring a sound security practice.

This demo showcases Oracle’s Identity Management Solution, highlighting the differentiated value proposition of an integrated and converged Identity Governance, Access Management and Privileged Accounts Management approach.

We will show the following capabilities:

  • Self Service Access Request
  • Integrated OIM Catalog with OPAM entitlements
  • Multi approval workflow with temporal grants and authorizations
  • 2-Factor authentication with Oracle Mobile Authenticator
  • Recording of a privileged access (Windows session recording)
  • Execution of a certification campaign with both normal and privileged entitlements
Mobile & Cloud Access Management
  • Unified Self Service Console and Delegated Admin Console (OIG) extended to Mobile
    • App and device level policies, app inventory
    • View user, request for roles and invite user to register device
    • Automated device configuration and Secure Workspace app installation
    • Data leakage prevention policies
  • Application access via Secure Workspace
    • Show applications being provisioned as part of the role assignment above. This would also include link to the IdaaS portal in the secure workspace.
    • Click on the link and you are Single Sign on to the IdaaS portal.
  • Cloud Application access scenarios in IdaaS:
    • Access Document Cloud Service – Simple Federated SSO.
    • Access Fusion HCM and be prompted for a 2 factor auth using OMA.

Register Now for Gartner Identity and Access Management Summit 2014. We hope to see you there!

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and follow the Identity Management blog.

Wednesday Nov 05, 2014

Enterprise Role Definition: Best Practices and Approach

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner that has graciously agreed to present on best practices garnered from experience working on Large Enterprise IDM deployments in a four part series hosted here in the Identity Management Blog.

Role Engineering

Today a number of organizations are considering or are in the process of moving to a Role Based Access Control (RBAC) model. Role Engineering is the process by which an organization develops, defines, enforces, and maintains role-based access control. RBAC is often seen as a way to improve security controls for access and authorization, as well as to enforce access policies such as segregation of duties (SoD) to meet regulatory compliance. It establishes effective controls and insight into “Who has access to What”.

RBAC Basic

The concept of roles is defined in the ANSI RBAC standard that was first proposed by the National Institute for Standards and Technology (NIST). The model for RBAC illustrates the mapping between users, roles, and privileges (permissions) in base RBAC. Privileges are collections of system-specific operations on objects that can be mapped to roles.


Infosysblogpost4_image1
Image 1: ANSI RBAC Model

Role

A Role is described as a collection or group of users who share same position or perform the same function. Roles can be defined at Business level and Information Technology (IT) level.

Business Roles: these represent  job functions and related set of responsibilities. These responsibilities are influenced by the relationship of the role to the organization. Business roles can be associated with specific conditions or events, such as hiring and internal transfer for particular job function. Example: supervisor, program manager, customer service representative, and bank teller. Business Roles can be defined by using a Top-down approach by reviewing organizational business and job functions and mapping the permissions for each job function. This approach is more business-driven and provides alignment of roles with business functions.

IT System Roles: these represent technical responsibilities as a collection of privileges across multiple systems that are required to perform a job function. These can be identified as application roles which are application specific, such as a controller permission to an ERP system. Application-specific roles are frequently associated with events like transactions which are configured within application. Examples include: sourcing user, buyer privileges in an ERP application or administrator, domain user permissions in Active Directory. IT Roles can be defined in a Bottom-up approach by analyzing user access and permissions on existing applications and systems. Once user permissions are explored, the next step is to perform role normalization and rationalization. In this approach, roles are defined to meet application or system specific access requirements.


Image 2: Enterprise Role Definition

Challenge

Organizations face various challenges with regard to role engineering such as: how to define and establish a role-based model on a large scale, how to associate user to roles and roles to application/target resources, how to associate business rules and policies to roles, and how to maintain enterprise roles over time.
Role definition is a critical step in deploying any RBAC system. Roles can be defined at an abstract level from a business perspective (Top-down), or context-specific to an application or system from a technology perspective (Bottom-up). Both Top-down and Bottom-up approaches have their own challenges. For instance, Top-down approach does not provide easy enforcement capabilities. Abstracting roles may not be possible without understanding the entire context. Whereas, Bottom-up approach lacks the perspective of or input from business owners.

Best Practices

Infosys recommends a Hybrid approach that combines both Bottom-up and Top-down approach. This approach defines role as an association between user’s functional responsibilities and their IT access privileges.  The Hybrid approach leverages normalized roles derived from bottom-up role mining and aligns them to job functions derived from top-down analysis.  For example, when an employee joins an organization in the customer service department and that person's user account is created the enterprise role management system will determine the user’s attributes such as organization unit, department code, job title. User rules will then translate entitlements to a given customer service representative role in order to provide access rights to applications such a CRM system, call center application, email system or expense tracking system in order for the user to perform his/her job duties.


Image 3: Hybrid Approach to Role Engineering

Infosys has successfully leveraged Oracle Identity Analytics (OIA) to perform bottom-up role mining, role definition, segregation of duties (SoD) reporting, access certification and role governance. Apart from OIA, Infosys has also leveraged homegrown analytics scripts and tools to analyze and associate top-down functional role definition. The process of defining roles should be based on a thorough analysis of how an organization operates and should be an integrated effort with representation from both Business and IT. Role definition and management requires alignment between business owners, business analysts, IT managers and IT administrators. IT representatives provide expertise in evaluating entitlement, authorization data and knowledge of IT control systems, and application owners provide the perspective on how the business operates.

RBAC Methodology

Embarking upon enterprise wide Role Based Access Control initiative requires strategic planning and an organized methodology to achieve the expected business benefits. RBAC initiatives should start with a small scope which can be expanded gradually to define and manage role on an ongoing basis.
RBAC can be achieved enterprise wide by conducting iterative role design cycle with define set of business units in terms of users and number of in-scope applications. It is important to define boundaries for user population, applications, and the number of business units to be included in the project.
The following diagram describes the RBAC Methodology


RBAC Methodology

RBAC Methodology


RBAC Phases

Brief Description

Identity Warehouse

  • Assess existing system privileges information. Application/ system access data is the foundation to build Identity Warehouse for defining roles in the organization.
  • Identify and prioritize logical sets of users based on Business Units, Departments and Reporting Hierarchy.

Role Definition

  • Perform Role Mining on selected sets of logical groupings of user privileges and access rights that map to a department, geographical location, job function, reporting relationship or other organizational attributes.
  • Conduct workshops to refine and finalize Roles and SoD.
  • Role Mining can become a continuous process of refinement as organizations become more mature in their understanding of roles.

Role Governance

  • Establish Role Governance model and framework to maintain roles on an ongoing basis.
  • Role governance should address role life cycle management, role membership and role definition, creation and maintenance of additional data elements that impact the assignment and management of roles.
  • Develop Role Entitlement Certification Workflow. An enterprise that adopts role-based access control also needs to define processes for ensuring that roles are kept up-to-date, old roles are retired and new roles defined to meet new business needs.

Enforce Role

  • Once a role model has been defined, next move is to leverage that model in the user-provisioning process.
  • To assign roles to users, enterprises can choose manual, automated, or request-based systems. Provisioning systems are often used to facilitate user-to-role assignment through internal rule processing.
  • Effective RBAC reduces the risks of users having inappropriate access. As users change their job function, new roles are assigned and old roles are removed. This results in user’s access and privileges matching their job functions.

Conclusion

For a Role Based Access Control model to be successful, it is imperative to have a detailed understanding of how an organization functions and should have participation from both business and IT stakeholders.  Roles should be defined with an eye towards lifecycle management. The optimal approach is to have Hybrid approach with combination of top-down and bottom-up role discovery.

Enterprise role management involves ongoing design, creation, change, and management of roles and the periodic certification of users to their roles.  Leverage enterprise role management tools such as OIA to include role mining, role definition and access recertification. A holistic approach to RBAC and role governance framework will help enterprises in maintaining segregation of duties, keeping up with regulatory compliance requirements, and automating role-based provisioning to enterprise applications.

We hope our experiences and thoughts will help organizations with their security solution planning and implementation. Please reach out to our team and the writers for any queries, feedback and suggestions and be sure to read the previous blog entries in this series:

Design Considerations: Implementing Oracle Identity Management for large enterprises
Disconnected Application Framework in OIM 11g R2 PS1
Best Practices: Implementing SSL in Oracle Identity Manager

Visit the Oracle Technology Network for more information about Oracle Identity Manager including downloads, documentation and samples.

About the Author


Vikesh Parmar is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. . He has over 14 years of experience providing security services to clients. He has been primarily involved in engaging multiple organization to establish or improve security posture to support business critical processes; define strategy, roadmap, & architecture and manage large scale Identity & Access Management implementation programs.
Vikesh can be reached via LinkedIn

Friday Oct 31, 2014

Best Practices: Implementing SSL in Oracle Identity Manager

Implementing SSL in OIM 11g R2 PS1

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner that has graciously agreed to present on best practices garnered from experience working on Large Enterprise IDM deployments in a four part series hosted here in the Identity Management Blog.

In this blog post, part three of the four part series, Infosys shares its experience with enabling SSL between Oracle Identity Manager (OIM), a load balancer and Service-Oriented Architecture (SOA) in one of their recent implementations of OIM 11g R2 PS1.

Why secure an OIM solution?

The majority of the IDM/OIM implementations are used for managing internal users with the IDM implementations being deployed within the intranet and inside the physical boundaries of the enterprise. In such scenarios, it is not uncharacteristic of security engineers and administrators to think that the OIM solution is secure within the intranet and does require any additional measures.
All enterprise OIM solutions integrate with multiple applications and systems. OIM solutions are often used as password management solutions along with the application access request systems. End users change and reset their passwords using the OIM web interface, which then are synchronized to the target applications. The users can also approve access requests for mission critical / top secret applications from the OIM interface.
In such scenarios, regardless of whether the OIM solution is an internal or external implementation, it becomes vital to secure OIM since it holds the passwords and approvals to critical applications. Securing an OIM implementation using SSL provides an additional layer of security by way of securing the communication channel between end users and OIM.
In a typical OIM implementation, OIM is deployed on an Application Server (e.g. Weblogic) and is front-ended by a Web Server / Load Balancer configuration. While it is a common practice to secure the communication channel between end user browsers to a load balancer using SSL, it is equally important to secure the communication between the Web Server / Load Balancer and OIM. Below we will discuss the various aspects of implementing SSL in a reference OIM 11g R2 PS1 implementation.

SSL implementation in OIM 11g R2 PS1

Let us consider a sample reference OIM architecture as shown in Figure-1 for discussing the different aspects related to SSL.


Figure 1 represents a clustered environment with two members in the cluster, both hosting OIM and SOA. In Figure 1 we can see that there are three channels where SSL communication is depicted, while Figure 2 describes those communication channels. In our discussion we will primarily focus on channels 2 and 3. 



Enabling SSL on OIM and SOA

Below are the steps that need to be followed for enabling SSL on OIM and SOA:

  • Create an Identity Keystore
    • This is the custom Identity Keystore. It holds the server certificates of oim_host1 and oim_host2
  • Create a Trust Keystore
    • This is the custom Trust Keystore. It holds the root CA certificate.
    • Alternatively, instead of creating a fresh Trust Keystore, copy the existing enterprise Trust Keystore and rename it as custom Trust Keystore. 
  • Create a Certificate Signing Request for both the servers in the cluster (oim_host1 and oim_host2)
  • Send the Certificate Signing Requests to CA for signing
  • Procure and import signed certificates from CA for both the hosts into your custom Identity Keystore
  • Get the root CA certificate and import into your custom Trust Keystore
  • Login into the Weblogic admin console and perform the below steps for each of the servers in the cluster
    • Click on Environment à Servers to display the servers
    • Click on the server name and select SSL Listen Port Enabled and click on Save
    • Next go to KeyStores Menu and change the Keystores option to ‘Custom Identity and Custom Trust’
    • Enter the absolute path for the custom Identity Keystore, Keystore Type as ‘JKS’, Keystore Passphrase and confirm the Keystore Passphrase
    • Enter the absolute path for the custom Trust Keystore, Keystore Type as ‘JKS’, Keystore Passphrase and confirm the Keystore Passphrase and Save the configurations
    • Go to SSL menu and enter the Private Key Alias, Private Key Passphrase and Confirm Private Key Passphrase and save the configurations
  • Test the SSL URL from your browser  (E.g. https://oim_host1.mycompany.com:7114/identity)
  • Send the server certificates signed by CA for oim_host1 and oim_host2 to administrator of the load balancer for importing into load balancer.

Once the certificates are successfully imported into load balancer, the communication channel is secured from end user browser all the way to OIM/SOA server using SSL.

Additional configuration for SSL communication between OIM and SOA

When SSL is configured for OIM and SOA, without the following additional configurations OIM and SOA will not function as expected. Approvers will not see the approval task details when they open the approval task.

  • Setting OimFrontEndURL Attribute
  • Login to Enterprise Manager (EM)
  • Navigate to Identity and Access -> OIM -> oim(11.1.2.0.0)
  • From Oracle Identity Manager dropdown select System MBean Browser
  • Under Application Defined MBeans, navigate to
oracle.iam ->  Server:IDM-Internal-AppServer1 -> XMLConfig -> Config ->  XMLConfig.DiscoveryConfig -> Discovery
  • Set OimFrontEndURL - https://idm.mycompany.com:443

(Load Balancer URL for OIM on https)

  • Setting Rmiurl and Soapurl
  • Login to Enterprise Manager (EM)
  • Navigate to Identity and Access -> OIM -> oim(11.1.2.0.0)
  • From Oracle Identity Manager dropdown select System MBean Browser
  • Under Application Defined MBeans, navigate to
oracle.iam ->  Server:IDM-Internal-AppServer1 -> XMLConfig -> Config ->  XMLConfig.SOAConfig -> SOAConfig
  • Set Rmiurl - t3s://oim_host1.mycompany.com:7114,oim_host2.mycompany.com:7114

(All SOA servers in the cluster with SSL port and here 7114 is a sample port for SSL communication)

  • Set Soapurl - https://idm.mycompany.com:444

(Load Balancer URL for SOA on https)

  • Setting ServerURL
  • Login to Enterprise Manager (EM)
  • Navigate to Identity and Access -> OIM -> oim(11.1.2.0.0)
  • From Oracle Identity Manager dropdown select System MBean Browser
  • Under Application Defined MBeans, navigate to
oracle.as.soainfra.config  -> Server: SOA-Internal-AppServer1 -> SoaInfraConfig -> soa-infra
  • Set ServerURL – https://idm.mycompany.com:444

(Load Balancer URL for SOA on https)

  • Setting Worklist Task Details Application URI

This needs to be done for each SOA composite that you might be using in your deployment

  • Expand SOA -> soa-infra -> default -> Manager Approval [1.0] [1.0]

This is as a sample SOA composite

  • Scroll down to Component Metrics and click on the Human Task 
  • Click on Administration tab
  • Specify following values and apply the changes:

Host Name: idm.mycompany.com (virtual hostname)
HTTP Port: 0
HTTPS Port: 443 (load balancer SSL port for OIM)

In Conclusion

Although most OIM implementations inherently feel secure from an internal enterprise setup, there are wide variety of reasons why OIM solutions in an enterprise fall in the critical category leading to a pressing need to secure the communication channels between various layers of the solution. In this article, we have documented the settings and configurations that need to be updated to secure the communication between Load Balancer and OIM/SOA as well as communication between OIM and SOA using SSL in an OIM deployment. Administrators and integrators will be able to follow these guidelines to implement/configure SSL in OIM 11g R2 PS1 deployments.

Coming in the next post:

The introduction of roles in an enterprise, whether small or large, has its own challenges.  There is always reluctance for change in existing processes, confusion about what to request for and how it is configured, push back for taking away access that was never intended to be there, etc. Detailed planning and communication are required before the introduction of roles. It is very important that the end users are aware of the roadmap and the important milestones that impact them. Therein, our next post will talk about proven approaches for introducing or updating the role management processes for an enterprise.

Visit the Oracle Technology Network for more information about Oracle Identity Manager including downloads, documentation and samples.

About the Author


Rajesh Gaddam is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. He has over 10 years of experience in architecting, designing and implementing IAM solutions for multiple clients from different verticals.
Rajesh can be reached via LinkedIn

Thursday Oct 30, 2014

Oracle Virtual Technology Summit Kicks Off November 18

The Oracle Technology Network (OTN) invites you to the next Virtual Technology Summit, on November 18th. Learn first hand from Oracle and community experts about Oracle Middleware, Mobile Architectures and more. Participate in hands-on labs and technical presentations, and chat with other developers. Register here!


Featured at the Summit:  Securing Mobile apps and data in a BYOD world

By Indus Khaitan, Senior Director, Product Management, Oracle

Mobile apps are changing how employees interact with their organizations. Productivity now requires far more than 24x7 email, including unfettered access to corporate data, files, and email from anywhere and on any device. Mobile apps are the new endpoint security concern. This session will focus on measures that can be taken to achieve mobile security without compromising productivity and user-experience.


North America – November 18th / 10am PT to 12:30pm PT - Register Now

APAC English – November 19th / 10am IST to 1:30pm IST - Register Now

EMEA – November 26th / 9am-12:30pm GMT / 10:00am CET / 1:00pm GST - Register Now

Thursday Oct 23, 2014

UL Secures Customers’ Access to Certification Status While Protecting Intellectual Property

Equipped with requirements to provide customers with access to information on product-testing and certification status, as well as additional information on the company’s services, UL needed to ensure that it could provide this information without exposing confidential intellectual property information to the wrong parties. In pursuit of these goals, UL initiated a three-year security and identity-management evolution process relying on Oracle Identity and Access Management Suite to authenticate users and provide an access-control framework built on the company’s business taxonomy.

Using Oracle API Gateway, UL can provide its customers with a user interface giving them control over defining their own identities and providing specific employees within their organizations with access to the UL information stores associated with them. This federation capability enables UL’s customers to manage their own user provisioning and make adjustments as needed, while freeing UL from needing to provision or deprovision customer users - boosting security as any user who leaves a customer organization is automatically deprovisioned and denied access.

Click here for more about the UL deployment of  Oracle Identity and Access Management Suite and Oracle API Gateway.

For more information about Oracle API Gateway, read these previous OracleIDM blog entries:
What Can Oracle API Gateway Do for You?
Embracing Mobility in the Workspace: Oracle API Gateway

Wednesday Oct 22, 2014

Disconnected Application Framework in OIM 11g R2 PS1

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner that has graciously agreed to present on best practices garnered from experience working on large enterprise Identity Management (IDM) deployments in a four part series hosted here in the Identity Management Blog. In this part-2 of the four part series Infosys shares its experience with disconnected application framework for implementing manual provisioning for a large set of applications in Oracle Identity Manager 11g R2 PS1.

In our first blog, we discussed the need to build an abstraction layer to allow for consolidation of identity, account and access information from Oracle Identity Manager (OIM) and other enterprise sources. In the second edition, we will continue exploring further on theme of how organizations can earn an accelerated ROI from the new IDM infrastructure by adopting “Disconnected Application framework”.

Introduction to Disconnected Application Framework in OIM

The first step of introducing an enterprise IDM solution is to build an identity warehouse by reconciling identity sources and key target systems. This is followed by use case deployments like password management, automated provisioning/de-provisioning to platforms, access certifications, etc. These features allow the organizations to make big strides and provide much needed relief to the administration side of identity management operations and compliance teams.
For the lines of business though, automating the access provisioning/de-provisioning of applications holds the key to achieve the desired efficiency of identity management as well as reduction in costs associated with manual provisioning. However, it takes time and effort to fully automate provisioning/de-provisioning to the hundreds of applications in the enterprise ecosystem. Although this might sound a little discouraging for enterprise leaders and architects, there is a middle way to handle the above scenario.

In order to achieve the desired ROI of implementing an integrated IDM solution, Infosys recommends a hybrid model for implementing application provisioning. In our approach, we ask architects and business owners to participate in an application profiling exercise that involves rating of applications across a range of criteria. The questionnaire includes parameters around application criticality, compliance needs, required speed and complexity of provisioning & de-provisioning, complexity of approval workflow, availability of out-of-box integrations etc. The profiling exercise provides the team with a list of potential automation candidates as well as a list of applications that can be onboarded for manual provisioning. Nonetheless, as an IDM integrator, we maintain the focus on providing the key benefits of the IDM solution to the organization for both automated and manual application provisioning.

Key Benefits of Application Integration with an IDM Solution:

  • Speedy/efficient, centralized and secure provisioning processes
  • Scalable provisioning model
  • Compliance adherent application model

In this blog we will focus on the ‘Disconnected Application Framework’ in OIM which can be leveraged by enterprises to easily integrate large number of applications for manual provisioning. We will also present the high level process that should be followed while using the framework. This process was evolved from our recent experience of integrating hundreds of applications in OIM 11g R2 PS1 for manual provisioning at a large enterprise.

In the earlier versions of OIM, one had to explicitly create a custom resource object and associated connector artifacts and use manual tasks for each of the application to assign tasks to application administrators for manual provisioning. It was effort intensive and had its own limitations. OIM 11g R2 offers the concept of disconnected resource/application for easier integration of applications for manual provisioning. This feature leverages existing OIM provisioning components like resource object, provisioning process, provisioning form etc. while providing a seamless integration with SOA engine for manual provisioning workflow. The ‘disconnected application framework’ in OIM provides a browser based creation, configuration and administration of application instances to integrate applications that do not have connectors for automated provisioning.
Here is a list of advantages of the ‘Disconnected Application Framework’:

  • Easy creation, configuration and administration of application instances
  • Browser based application form UI customizations
  • Automated backend creation of underlying connector objects

How to create a single disconnected application?

In one of our recent large scale IDM implementations we had to integrate 150+ applications for manual provisioning with OIM 11g R2 PS1 in a short span of time. During the integration, we noticed that the process of creating and configuring one disconnected application is simple.
High Level process of creating a disconnected application instance:
Steps on OIM Admin Interface

  • Create a Sandbox
  • Create an application instance by selecting the “Disconnected” checkbox in the application instance form
  • Create the application instance form
  • Export the Sandbox as zip file for backup
  • Publish the Sandbox

Steps on OIM End User Interface

  • Create a Sandbox
  • Search and select the application in the catalog
  • Perform any UI level customizations required for the application instance form

A Sandbox in OIM provides a mechanism to isolate the customizations by analysts at runtime enabling the analysts to work on the customizations without affecting the experience of other analysts until the Sandbox is published.
As shown in Figure 1. Application Instance Artifacts below, at the surface we are dealing only with Sandbox to create disconnected application instances. In the background OIM automatically creates the relevant connector objects that are needed for the application. These connector objects are directly created in database even without publishing the Sandbox and are not stored in the Sandbox zip file that is exported.


Figure 1. Application Instance Artifacts

How does the sandbox feature work in OIM 11g?

Sandbox feature in OIM 11g works similar to a typical versioning system but with a distinction. Every time a Sandbox is created a separate copy of the underlying artifact(s) is created from the mainline and all customizations performed within the Sandbox are contained within the ‘copy’ artifact(s) created for that Sandbox.
The distinction of Sandbox from a versioning system is that whenever a Sandbox is published, the artifact(s) in the mainline are overwritten with the ‘copy’ artifacts from the Sandbox instead of merging the changes. This behavior of the Sandbox poses a challenge if you want to create application instances in parallel.
A typical thought process to accelerate creation of disconnect application instances can be to distribute applications among a team of analysts creating applications in parallel in the development environment of OIM 11g.
However in this scenario, where analysts create their own Sandboxes to work in parallel, when an analyst publishes the Sandbox they have created it will overwrite all customizations published by previous analysts. This results in errors related to missing view objects in UI while requesting the applications in Catalog.

How to scale the framework for integrating large number applications?

To resolve the issues that can arise from concurrent application instance creations as explained above, we have come up with best practices that can be followed:

  • In single development environment, create and publish applications in sequence. The issue with overwriting of files will not allow you to gain any efficiency of scales. Slow and steady wins the race here.
  • If you have the luxury of multiple development environments, then create applications in parallel on these separate environments and combine them while migrating to higher environments. Utmost care is needed when combining the applications.
  • Instead of create application in one sandbox, it is a good practice to create separate sandboxes for each of the applications
  • Once a sandbox is published, it cannot be exported. As a best practice export and save the sandbox with a naming convention capturing the application name, time stamp and version before publishing it

Migrating disconnected applications between environments

Once disconnected applications are created and tested in a lower environment, the next step is to migrate these applications to a higher environment. Migrating an application from one environment to another involves exporting and importing of Sandbox and connector objects.


Note: While migrating the application instances when you import the Sandbox from one environment
to another environment, the files in the Sandbox (BizEditorBundle.xlf and CatalogAM.xml)
from source environment will be overwritten on the files in the target/destination environment.
It is necessary to merge the changes from source environment Sandbox files with the destination environment Sandbox files.

Process for migration of applications from source to destination environment:

Step 1: Export application artifacts from source environment

We recommend that the steps be repeated for each of the application to be migrated.

  1. Using Deployment Manager export Application instance corresponding to an application along with dependencies and save as a file (e.g. App1_instance_source.xml)
  2. E.g. of dependencies: Resource, Process Form, Process, IT Resource Definition, IT Resource, Lookup

  3. Using Deployment Manager export Request Dataset corresponding to the application and save it to a file (e.g.  App1_Req_Dataset_source.xml)
  4. Get the Sandbox zip file that was exported before publishing in the source environment (e.g. App1_Sandbox_source.zip)

Step 2: Extracting and preparing destination artifacts

The following steps will be completed in destination environment in preparation for merging the sandbox artifact changes from lower environment.

  1. Backup the complete Metadata Services (MDS)
  2. Get latest version of BizEditorBundle.xlf and CatalogAM.xml files form destination
    1. Method 1: Create a dummy Sandbox and create a dummy application
    2. Method 2: Create a dummy Sandbox and edit an existing application instance with a very minor change

    The above 2 methods will get you the latest version of BizEditorBundle.xlf and CatalogAM.xml files from destination into your dummy sandbox.

  3. Export the Sandbox (e.g. Destination_DummyApp_Sandbox.zip)
  4. Publish the Sandbox created above
  5. Copy and extract the Sandbox zip file (Destination_DummyApp_Sandbox.zip) to a folder on a machine from which you can access OIM admin interface of the destination environment

Let us call it Master_Sandbox_Destination folder.

Step 3: Importing Applications in the destination environment

Repeat the below steps to migrate each application exported from source
environment in Step 1

i. Using Deployment Manager import the application instance xml file (App1_instance_source.xml) followed by import of the request dataset xml file (App1_Req_Dataset_source.xml) exported from the source environment in Step 1
ii. Extract the application Sandbox zip from the source environment of Step 1 (App1_Sandbox_source.zip)


a. Open xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf and copy the elements corresponding to the application being migrated and merge them with the BizEditorBundle.xml in the extracted Sandbox zip file from destination environment (i.e Master_Sandbox_Destination folder). You can look for the ‘trans-unit’ elements with the application instance form name of the application that is being migrated. The first element always corresponds to ITResource. Below is an example


b. Open persdef\oracle\iam\ui\catalog\model\am\mdssys\cust\site\site\CatalogAM.xml file and copy the elements corresponding to the application being migrated and merge them with the CatalogAM.xml in the extracted Sandbox zip file from destination environment (i.e Master_Sandbox_Destination folder). You can look for <mds:insert> elements with the app instance form name of the application being migrated


iii. Zip the Sandbox folder Master_Sandbox_Destination folder and import it to the destination environment using Sandbox manager in OIM sysadmin console
iv. Publish the Sandbox imported in the above sub-step

The above process represents the steps to be followed for one application and can be easily replicated for large set of applications. To expedite the process, we have created custom accelerators to automate the integration of applications in batches.

To Conclude

The ‘Disconnected Application Framework’ in OIM 11g can be leveraged to quickly integrate applications for manual provisioning. However with large number of applications to be integrated in a short span of time, without forethought and planning it can become a challenge to create and migrate the applications between environments. Following the process described above allowed us to avert most of the challenges and achieve a smooth application integration.

Coming in the next post:

While we all understand that OIM solution holds the keys to the kingdom of security in an enterprise, there is a growing need to ensure your OIM deployment is secure due to ever increasing rate of insider threats. One of the ways to secure all communication channels to/from OIM is via SSL. It's a common practice that in enterprise class deployments OIM is front-ended by a web server/load balancer. While typically the communication between the end users and web server/load balancer is secured via SSL sometimes securing the channel between and OIM and web server/load balancer or SOA is overlooked.
In our next post we share our experience with implementing SSL between OIM and load balancer & SOA in one of our recent implementations of OIM 11g R2 PS1, challenges to expect and relevant resolutions.

About the Author


Rajesh Gaddam is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. He has over 10 years of experience in architecting, designing and implementing IAM solutions for multiple clients from different verticals.
Rajesh can be reached via LinkedIn

Wednesday Oct 15, 2014

Design Considerations: Implementing Oracle Identity Management for large enterprises

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle Diamond Partner that has graciously agreed to present on best practices garnered from experience working on Large Enterprise Identity Management deployments in a four part series hosted here in the Oracle Identity Management Blog.

Large Enterprises: Large Challenges

During the course of deploying Oracle Identity Management suite for various large enterprises, the Infosys Enterprise Security & Risk Management (ESRM) technology team has identified a few typical organizational scenarios:

  • Oracle Identity Manager (OIM) version upgrades
  • OIM deployments for Organizations with existing custom user request Interfaces
  • Migration from other Identity Management products to OIM
  • Coexistence of OIM with another Identity Management product
  • Upgrades to request interface of OIM

While some organizations implement the end-to-end product suite of OIM, others replace specific parts of the Identity Management solution of the enterprise with matching modules of OIM suite.

Provided by security engineers from the Infosys ESRM team, this four part blog series will serve as an overview on design consideration on following topics:

  • The importance of an abstraction layer
  • Disconnected application framework
  • Implementing SSL within layers of Oracle Identity Manager
  • Introducing Roles in an Enterprise

In this first of the four part series, we will discuss the need to build an intermediate or abstraction layer to allow for consolidation of identity, account and access information from OIM and other enterprise sources.

The importance of an abstraction layer

Infosys follows its proven “Accelerated Integration Methodology” (AIM) for rolling out Identity Management components. It consists of four phases –

  • Envision” phase: Strategy of deploying the Identity Management capabilities are finalized
  • Enable” phase: Core Identity Management components are deployed
  • Empower” phase: Additional capabilities like Single Sign On, Fine Grained Authorization and Role Based Access are enabled
  • Extend” phase: Extending the identities across organizational barriers using federation

The “envision” state of an Identity and Access Management program is the initial phase where the Enterprise Security team finalizes the approach to consolidate the identities and accounts across the enterprise and provide the lifecycle flow of identities to various target platforms and applications. The detailed analysis of the existing Identity Management practices sometimes reveals patterns of applications and interfaces accessing the enterprise identity sources directly and business validations and decisions embedded in the applications. This leads to duplication of logic and usage of outdated identity and account information across enterprise systems.

After introducing OIM to consolidate the identities and accounts, the process to update the existing applications to use the identity and account data provided by OIM is time consuming. To ease the situation, the organization can plan for a “co-existence phase” during which the older IDM processes exists side by side with the new IDM infrastructure. But the co-existence phase leads to some interesting challenges. Viz. in some cases organizations maintain multiple request and provisioning systems due to legacy issues, thus triggering a need to track the status of one access request across multiple provisioning engines beyond the migration project. After reaching steady state, the organization will have only OIM as the one identity management tool.

These scenarios require an abstraction layer to be created on top of OIM for both provisioning and data services. This layer can then expose the OIM identity and account data and even data from outside OIM (which doesn’t need to be consolidated in OIM) in a consistent and faster way to all interfacing applications. This can also provide an interface where any new access can be added or modified on the connected targets using OIM.

An “Abstraction Layer” by definition hides the details of implementation while exposing secure and simple interface for identity and account data to outside systems or even to OIM forms. It also provides an interface to manage request submission and status retrieval use cases across multiple request and provisioning system. It provides a platform to consolidate the business decisions and a common interface that can be consumed by many applications. Even if there are standards and specifications available in market, we suggest analyzing the possibility of building a service that is consistent with the long term strategy of the enterprise.

So, how this can be achieved and how does this help?

Creating an additional layer can be a challenging process. We have to build an “Enterprise Identity and Account Services" layer that can receive requests from multiple systems and query OIM data and other system data for applications and platforms.
It should be simple and scalable to service requests in a faster and secure way. It should also provide different types of interfaces (Web services, database tables etc.) for a wide variety of systems that needs to be serviced. It needs careful analysis of what data is available in OIM and what needs to be fetched from outside OIM and how frequent these updates should be made. And, it should also pave the way for creating a single source of Identity, Account and Governance Data.

There can be multiple methods and interfaces created as part of this exercise. Drawing from the Infosys ESRM team's experience, we recommended having these services grouped under the following four categories.

  • User and Account data services: Services to expose the user, account and attribute information
  • Provisioning Services: Services to create/update/delete/enable/disable the accounts and users
  • Audit Services: Account and User Request / Entitlement history services
  • Governance Services: Access certification data services

Although provisioning systems like OIM and user repositories like LDAP provide native APIs to access all the information, the key in large enterprise Identity Management implementations is to provide usage-agnostic consolidated data services without compromising the security aspects of such data access and usage. Simple but critical requests like “get all service accounts owned by a user” or “get all access which were not assigned through a role” etc. can be easily exposed by building the right interfaces.

In addition to the above use cases, we have also come across enterprises that use OIM along with other IDM tools. In such cases, the user access requests have to be split across multiple provisioning systems but the status has to be tracked by a single request key in OIM. We’ve implemented such requirements by consolidating the provisioning services provided by underlying provisioning engines in the abstraction layer. The request system remains completely agnostic to the provisioning process and the systems involved in granting the access.

Reference Architecture: Abstraction Layer Implementation for Enterprise IDM
There are also access certification use cases where the closed loop compliance can be achieved using the services provided by abstraction layer. It can be used to submit access request, manage the access provisioning, track the request lifecycle, retrieve certification data and revoke unwanted access. The layer can service audit needs by exposing access history information to disparate enterprise audit tools.

In Conclusion

While embarking on an ambitious Identity & Access Management strategy, enterprises have to continue using the investments made in the past. A well-built abstraction layer allows the organization to build on top of the existing infrastructure and processes. The simplicity of the solution also hides the complexities involved in marching large enterprises forward on the journey of unified identity & access management processes. The layer allows applications and provisioning engines to reuse business logic while keeping them agnostic to the implementation. The investments made in ‘Abstraction Layer’ also open up opportunities for new applications to reuse business logic and processes that would otherwise have to be written again.

Coming Up Next …

Automated application access provisioning/de-provisioning is one way to secure the benefits of IDM solution. But the time and effort it takes to achieve this level of automation is prohibitive. Another approach to win a quick ROI on IDM solution is to enable manual application provisioning. ‘Disconnected Application Framework’ in OIM 11g R2 provides a fast and easy way of integrating applications for manual provisioning.
In the next blog, we will share the recent Infosys experience with integrating 150+ applications in OIM 11g R2 using ‘Disconnected Application Framework’ along with the challenges we faced and the steps to avoid common pitfalls.

About the Author


Abhishek Nair is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. He has over 13 years of experience in Identity and Access Management domain. He has played key role in designing and architecting large IAM solution for Infosys customers with a prime focus on Oracle IAM products.
Abhishek may be reach via LinkedIn

Wednesday Oct 08, 2014

Seamlessly & Securely Managing 360k+ User Identities While Reducing IT Complexity: the Seneca College IdM Success Story

Following the 2013 decision to choose Oracle’s PeopleSoft applications running on  Oracle Exadata database machines as its new enterprise resource planning (ERP) and campus-solutions platform in 2013, Seneca College of Applied Arts and Technology was also faced with another critical decision prompted by the impending end-of-life scenario of its legacy identity management solution. 

Spurred with the overarching goal to provide secure and role-based access to all of the school’s applications and online services for a growing and increasingly remote student body, Seneca chose Oracle Identity and Access Management Suite as its new platform for managing identity and access rights. 

Engaging with Oracle partner ICSynergy, Seneca and ICSynergy designed a solution to meet the college's needs for high availability across multiple campuses and a very diverse user base of 26,500 full-time students and 70,000 part-time registrants. The solution provides streamline control of student access to Seneca College's digital services while securing student privacy and addressing the compliance requirements of Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA).

The full success story can be read here.

Wednesday Oct 01, 2014

Thursday October 2nd: Identity Management at Oracle OpenWorld '14

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Thursday, October 2nd, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Managing Telenet’s Identities in Practice
Bart Cools, Partner, Cronos NV
Mark Van Tiggel, Team Manager ERP, Telenet NV
9:30 AM - 10:15 AM Moscone West - 3020 CON3995

There and Back Again: Journey to a Successful Deployment
Alex Bolante, Managing Director, Accenture
Viresh Garg, Director, PwC
Andrew Morrison, Partner / Principal, Deloitte & Touche LLP
Aaron Perry, President, Aptec LLC
Matthew Berzinski, Principle Product Manager, Oracle
12:00 PM - 12:45 PM Moscone West - 3020 CON8025

Self-Service Access Control: Help Yourself to More Productivity
Patrick Landry, IT Technical Director, USAA
David Mathias, Information Security Manager - Product Management, US Bank
Atul Goyal, Product Manager, Oracle
Volker Scheuber, Principal Sales Engineer, Oracle
1:15 PM - 2:00 PM Moscone West - 3018 CON8007

Architecting a Complete Access Solution for the Cloud Economy
Bernard Diwakar, Security & IAM Architect, Intuit
Marc Chanliau, Director, Product Management, Oracle
1:15 PM - 2:00 PM Moscone West - 3020 CON7975

Shake, Rattle, and Roll: Managing Large-Scale Identity Management Deployments
Gebhard Herget, Architect, Bundesagentur für Arbeit
Perren Walker, Senior Principal Product Manager, Oracle
2:30 PM - 3:15 PM Moscone West - 3020 CON8045


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Tuesday Sep 30, 2014

Wednesday October 1st: Identity Management at Oracle OpenWorld 2014

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Wednesday, October 1st, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk
Angelo Cascio, SVP, Head of Identity and Access Management, Jefferies
Rich Flees, Staff Manager IT, Qualcomm, inc
Bob Jamieson Jamieson, Information Security Director, UL LLC
Neil Gandhi, Principal Product Manager, Oracle
10:15 AM - 11:00 AM Moscone West - 3020 CON7991

Modern Identity Management: Upgrading to Meet Requirements of the Digital Economy
Sherry Gray, Identity & Access Functional Analyst, ICBC
Judy Hatchett, Best Buy
Stacy Knoup, Asst Dir-IT, Principal Financial Group
Matthew Berzinski, Principle Product Manager, Oracle
11:30 AM - 12:15 PM Moscone West - 3020 CON8023

Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture
Dawn Johnson, Director, IDM, First National of Omaha
RAKESH Meena, Security Architect, Aurionpro Solutions, Inc.
Kanishk Mahajan, Principal Product Manager, Oracle
12:45 PM - 1:30 PM Moscone West - 3020 CON7994

Beyond Brute Force: Strategies for Securely Leveraging Mobile Devices
Bob Beach, Security Technologies Strategist, Chevron Information Technology
Rajesh Pakkath, Senior Principal Product Manager, Oracle
Andy Smith, Sr Dir of Product Management, Oracle
3:30 PM - 4:15 PM Moscone West - 3020 CON7973

Trust but Verify: Best Practices for Monitoring Privileged Users
Chirag Andani, VP, Identity Access Management PDIT, Oracle
Olaf Stullich, Principal Product Manager, Oracle
Arun Theebaprakasam, PMTS, Oracle
4:45 PM - 5:30 PM Moscone West - 3020 CON8005

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Monday Sep 29, 2014

Tuesday: Identity Management at Oracle OpenWorld '14

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Tuesday, September 30th, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Securing the New Perimeter: Strategies for Mobile Application Security
Josh Bregman, VP Solutions, Aurionpro Solutions, Inc
Thai Thai, Infrastructure Solution Architect, Safeway Inc
Andy Smith, Sr Dir of Product Management, Oracle
10:45 AM - 11:30 AM Moscone West - 3020 CON7993

Identity as a Service: Extend Enterprise Controls and Identity to the Cloud
Sanjeev Topiwala, Group Manager, Intuit
Roger Wigenstam, Sr. Director, Product Management, Oracle Identity & Access Management, Oracle
3:45 PM - 4:30 PM Moscone West - 3020 CON8040

The Age of Megavolume: Oracle’s Next-Generation Directory and Future Strategy
Rafik Alsawalhy, Manager, City of Los Angeles
Jerome Cartagena, Staff IT Engineer, Qualcomm, Inc.
Etienne Remillon, Senior Principal Product Manager, Oracle
5:00 PM - 5:45 PM Moscone West - 3018 CON8043

Identity Services in the New GM
Andrew Cameron, Enterprise Architect, Identity Management, GENERAL MOTORS
Susie Godfrey, Directory & Platform Services Manager, GM
5:00 PM - 5:45 PM Moscone West - 3020 CON2007


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Sunday Sep 28, 2014

Monday: Identity Management at Oracle OpenWorld 2014


Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Monday, September 29th, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


MONDAY, SEP 29, 2014

General Sessions


General Session: The Cloud Platform for Digital Business—Presented by Thomas Kurian
Steve Holland, Chief Technology & Digital Officer, 7-Eleven, Inc.
Thomas Kurian, EVP, Oracle
1:15 PM - 2:15 PM Marriott Marquis - Salon 7/8/9 GEN8589

Conference Sessions


Ready for the Digital Economy? Oracle’s Vision of How Identity Helps
Sanjeev Topiwala, Group Manager, Intuit
colin anderson, VP-IT & CISO, safeway
Amit Jasuja, Senior Vice President, Oracle
10:15 AM - 11:00 AM Moscone West - 3020 CON7989

Identity Governance Across the Extended Enterprise
Dominic Fedronic, Senior Business Leader, VISA
Chris Guttridge, IS Architect, AAA - The Auto Club Group
Bernhard Hübl, Teamleader Middleware, SPAR AG
Jim Taylor, Snr. Director of Product Management, Oracle
11:45 AM - 12:30 PM Moscone West - 3020 CON7968

Access Without Fear: Delivering an Optimal Multichannel User Experience
Thai Thai, Infrastructure Solution Architect, Safeway Inc
Paul Van Nieuwenhuyze, Service Manager, GDF Suez
Jie Yin, Senior Director, Product Management, Oracle
2:45 PM - 3:30 PM Moscone West - 3020 CON7995

Oracle Management Pack Plus for Identity Management Best Practices and Lessons Learned
Byron Amstutz, Executive Principle, Technical Architecture, Accenture-CalHEERS
Andrew Cameron, Enterprise Architect, Identity Management, GENERAL MOTORS
Perren Walker, Senior Principal Product Manager, Oracle
4:00 PM - 4:45 PM Moscone South - 200 CON8212

Securing Oracle Applications and the Extended Enterprise with Identity Management
Naynesh Patel, Sr. Partner, SIMEIO SOLUTIONS
Vaidyanathan Sree, Senior Director Business Application, Sony Computer Entertainment Amercia
Matthew Berzinski, Principle Product Manager, Oracle
5:15 PM - 6:00 PM Moscone West - 3018 CON8874

Architecting Appiications with Intelligent Authentication and Authorization
Ranjan Jain, Enterprise IT Architect, Cisco Systems Inc
Roger Westman, Prin IA Engineer, MITRE Corporation
Svetlana Kolomeyskaya, Group Product Manager, Oracle
5:15 PM - 6:00 PM Moscone West - 3020 CON7978


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Focus On: Access Management at Oracle OpenWorld '14

Oracle Access Management (OAM): Comprehensive Access Management.  

OAM delivers risk-aware end-to-end user authentication, single sign-on, and authorization protection, enabling enterprises to secure access from mobile devices and seamlessly integrate social identities with applications.

Join Oracle, our partners and customers at Oracle Open World 2014 and learn about Oracle Access Management, the industry’s most advanced solution for securing applications, data, Web services, and cloud-based services.

The following is a list of Access related Identity Management Sessions and HandsOn Labs at OOW14, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Monday / Tuesday / Wednesday / Thursday
Identity Governance: Reduce Cost, Increase Productivity, and Improve Compliance [HOL9408]This hands-on lab focuses on how Oracle provides a complete identity governance solution that enables organizations to efficiently balance the objectives of access, security, ... View More
  • Monday, Sep 29, 10:15 AM - 11:15 AM - Hotel Nikko - Nikko Ballroom III
Ready for the Digital Economy? Oracle’s Vision of How Identity Helps[CON7989]As organizations consume an increasing number of cloud services and apps, identity management becomes fragmented. Organizations have inconsistent access policies and lose ... View More
  • Monday, Sep 29, 10:15 AM - 11:00 AM - Moscone West - 3020
Access Management: Secure Web, Mobile, and Cloud Access [HOL9449]The Oracle access management solution provides an optimal user experience for end users while reducing risks and costs through a common infrastructure. It provides a ... View More
  • Monday, Sep 29, 11:45 AM - 12:45 PM - Hotel Nikko - Nikko Ballroom III
Identity Governance Across the Extended Enterprise [CON7968]As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when ...View More
  • Monday, Sep 29, 11:45 AM - 12:30 PM - Moscone West - 3020
Access Without Fear: Delivering an Optimal Multichannel User Experience[CON7995]During today’s application explosion, organizations are dealing with an identity fragmentation issue that is creating a disjointed user experience and costing them ... View More
  • Monday, Sep 29, 2:45 PM - 3:30 PM - Moscone West - 3020
Identify Bottlenecks and Tune Oracle Identity Management to Maximize Performance [CON8383]The Oracle Identity Management suite enables enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources to control access to their ... View More
  • Monday, Sep 29, 4:00 PM - 4:45 PM - Moscone West - 3020
Oracle Management Pack Plus for Identity Management Best Practices and Lessons Learned [CON8212]This session presents best practices and lessons learned from real-world Oracle Management Pack Plus for Identity Management implementations. Although Oracle Identity and ... View More
  • Monday, Sep 29, 4:00 PM - 4:45 PM - Moscone South - 200
Architecting Appiications with Intelligent Authentication and Authorization[CON7978]With the increased opportunities of the mobile explosion and cloud applications comes an increase in security threats. To combat these threats while still providing a ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3020
Securing Oracle Applications and the Extended Enterprise with Identity Management [CON8874]All Oracle applications are shipped with Oracle Identity Management components to provide the security services they need. These services can be extended to enable not only ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3018
Mobile Security: Enabling Secure Consumer Mobility [HOL9398]Oracle Mobile Security Suite and Oracle API Gateway enable developers to secure consumer-facing mobile apps and the APIs they connect to. In this hands-on lab, learn how to ... View More
  • Tuesday, Sep 30, 10:15 AM - 11:15 AM - Hotel Nikko - Nikko Ballroom III
Mobile Security: BYOD to Securely Access Corporate Resources [HOL9399]Oracle Mobile Security Suite delivers a secure workspace where employees can access corporate resources from personal devices without locking them down. It offers the most ...View More
  • Tuesday, Sep 30, 11:45 AM - 12:45 PM - Hotel Nikko - Nikko Ballroom III
CyberSecurity in Higher Education [CON7734]Information access is very important in higher education, where data sharing and collaboration are mission-critical. This session discusses ways to improve information ... View More
  • Tuesday, Sep 30, 12:30 PM - 1:15 PM - Marriott Marquis - Golden Gate C3
Identity as a Service: Extend Enterprise Controls and Identity to the Cloud[CON8040]As organizations continue to adopt software as a service (SaaS) applications to provide various business services such as CRM, office, HR, and collaboration, it is critical ... View More
  • Tuesday, Sep 30, 3:45 PM - 4:30 PM - Moscone West - 3020
Identity Services in the New GM [CON2007]The speaker's team at General Motors started with what seemed to be a straightforward mandate: “The New GM IT organization should be in-sourced and delivering internally ... View More
  • Tuesday, Sep 30, 5:00 PM - 5:45 PM - Moscone West - 3020
Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk[CON7991]Three customers, three unique stories. This session focuses solely on understanding how these customers were able to automate their identity governance requirements by using ... View More
  • Wednesday, Oct 1, 10:15 AM - 11:00 AM - Moscone West - 3020
Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture [CON7994]As smartphones and tablets become the dominant form of consumer computing, customers are demanding access to services through native mobile applications that two years ago ... View More
  • Wednesday, Oct 1, 12:45 PM - 1:30 PM - Moscone West - 3020
Beyond Brute Force: Strategies for Securely Leveraging Mobile Devices[CON7973]With today’s always-connected workforce, employees are demanding access to corporate assets from mobile devices. Although this enables employees to be more productive, ... View More
  • Wednesday, Oct 1, 3:30 PM - 4:15 PM - Moscone West - 3020
Trust but Verify: Best Practices for Monitoring Privileged Users [CON8005]Privileged accounts provide administrators with root-level access to systems and applications. As these accounts are frequently shared, providing secure controls to prevent ... View More
  • Wednesday, Oct 1, 4:45 PM - 5:30 PM - Moscone West - 3020
Managing Telenet’s Identities in Practice [CON3995]After confronting a security audit, Telenet kicked off the implementation of its security roadmap. First up was the proper management of internal identity access rights in ... View More
  • Thursday, Oct 2, 9:30 AM - 10:15 AM - Moscone West - 3020

Self-Service Access Control: Help Yourself to More Productivity [CON8007]
As the pace of business increases, it has become impossible for the IT team to manage all the access requests and certifications in an efficient and secure manner. It is ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3018
Architecting a Complete Access Solution for the Cloud Economy [CON7975]To be able to conduct business in the digital economy, it is essential that users have consistent access to all their applications from any access channel. This session ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3020


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Saturday Sep 27, 2014

Focus On: Cloud & Identity at Oracle Open World 2014

As organizations consume an increasing number of cloud services and apps, identity management becomes fragmented. Private, public or hybrid, all cloud solutions warrant strict security and identity management policies and the solutions to implement them within the ever-expanding perimeter of devices and access points.

Join Oracle, our partners and customers at Oracle Open World 2014 and find out how Oracle Identity Management can securely accelerate your adoption of cloud services in the new digital economy.

The following is a list of Cloud related Identity Management Sessions and HandsOn Labs at OOW14, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Ready for the Digital Economy? Oracle’s Vision of How Identity Helps [CON7989] As organizations consume an increasing number of cloud services and apps, identity management becomes fragmented. Organizations have inconsistent access policies and lose ... View More
  • Monday, Sep 29, 10:15 AM - 11:00 AM - Moscone West - 3020
Access Management: Secure Web, Mobile, and Cloud Access [HOL9449] The Oracle access management solution provides an optimal user experience for end users while reducing risks and costs through a common infrastructure. It provides a ... View More
  • Monday, Sep 29, 11:45 AM - 12:45 PM - Hotel Nikko - Nikko Ballroom III
Identity Governance Across the Extended Enterprise [CON7968] As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when ... View More
  • Monday, Sep 29, 11:45 AM - 12:30 PM - Moscone West - 3020
Access Without Fear: Delivering an Optimal Multichannel User Experience [CON7995] During today’s application explosion, organizations are dealing with an identity fragmentation issue that is creating a disjointed user experience and costing them ... View More
  • Monday, Sep 29, 2:45 PM - 3:30 PM - Moscone West - 3020
Securing Oracle Applications and the Extended Enterprise with Identity Management [CON8874] All Oracle applications are shipped with Oracle Identity Management components to provide the security services they need. These services can be extended to enable not only ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3018
Architecting Applications with Intelligent Authentication and Authorization [CON7978] With the increased opportunities of the mobile explosion and cloud applications comes an increase in security threats. To combat these threats while still providing a ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3020
Identity as a Service: Extend Enterprise Controls and Identity to the Cloud [CON8040] As organizations continue to adopt software as a service (SaaS) applications to provide various business services such as CRM, office, HR, and collaboration, it is critical ... View More
  • Tuesday, Sep 30, 3:45 PM - 4:30 PM - Moscone West - 3020
The Age of Megavolume: Oracle’s Next-Generation Directory and Future Strategy [CON8043] With the rapid expansion of identities through cloud and mobile applications, it is becoming essential that you have a directory that is capable of handling them. In addition ... View More
  • Tuesday, Sep 30, 5:00 PM - 5:45 PM - Moscone West - 3018
Trust but Verify: Best Practices for Monitoring Privileged Users [CON8005] Privileged accounts provide administrators with root-level access to systems and applications. As these accounts are frequently shared, providing secure controls to prevent ... View More
  • Wednesday, Oct 1, 4:45 PM - 5:30 PM - Moscone West - 3020
Managing Telenet’s Identities in Practice [CON3995] After confronting a security audit, Telenet kicked off the implementation of its security roadmap. First up was the proper management of internal identity access rights in ... View More
  • Thursday, Oct 2, 9:30 AM - 10:15 AM - Moscone West - 3020
Architecting a Complete Access Solution for the Cloud Economy [CON7975] To be able to conduct business in the digital economy, it is essential that users have consistent access to all their applications from any access channel. This session ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3020

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Friday Sep 26, 2014

Focus on: Mobile Security at Oracle Open World 2014

Oracle Mobile Security with the Oracle Mobile Security Suite (OMSS)

Join Oracle, our partners and customers at Oracle Open World 2014 and learn about comprehensive Mobile Identity and Application Management for provisioning of Trusted Access. See how Oracle Identity Management Solutions and the Oracle Mobile Security Suite deliver authentication and authorization for applications and services, application signing and wrapping, enterprise application store, device wipe, device enrollment, and provisioning - all in a simplified management framework.

The following is a list of Mobile Security related Identity Management Sessions and HandsOn Labs at OOW14, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Identity Governance Across the Extended Enterprise [CON7968] As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when ... View More
  • Monday, Sep 29, 11:45 AM - 12:30 PM - Moscone West - 3020
Access Management: Secure Web, Mobile, and Cloud Access [HOL9449] The Oracle access management solution provides an optimal user experience for end users while reducing risks and costs through a common infrastructure. It provides a ... View More
  • Monday, Sep 29, 11:45 AM - 12:45 PM - Hotel Nikko - Nikko Ballroom III
Access Without Fear: Delivering an Optimal Multichannel User Experience [CON7995] During today’s application explosion, organizations are dealing with an identity fragmentation issue that is creating a disjointed user experience and costing them ... View More
  • Monday, Sep 29, 2:45 PM - 3:30 PM - Moscone West - 3020
Architecting Appiications with Intelligent Authentication and Authorization [CON7978] With the increased opportunities of the mobile explosion and cloud applications comes an increase in security threats. To combat these threats while still providing a ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3020
Mobile Security: Enabling Secure Consumer Mobility [HOL9398] Oracle Mobile Security Suite and Oracle API Gateway enable developers to secure consumer-facing mobile apps and the APIs they connect to. In this hands-on lab, learn how to ... View More
  • Tuesday, Sep 30, 10:15 AM - 11:15 AM - Hotel Nikko - Nikko Ballroom III
Securing the New Perimeter: Strategies for Mobile Application Security [CON7993] As the mobile security market consolidates, identity management platform benefits are enabling customers to move deployments to the next level of sophistication. Solutions ... View More
  • Tuesday, Sep 30, 10:45 AM - 11:30 AM - Moscone West - 3020
Mobile Security: BYOD to Securely Access Corporate Resources [HOL9399] Oracle Mobile Security Suite delivers a secure workspace where employees can access corporate resources from personal devices without locking them down. It offers the most ... View More
  • Tuesday, Sep 30, 11:45 AM - 12:45 PM - Hotel Nikko - Nikko Ballroom III
The Age of Megavolume: Oracle’s Next-Generation Directory and Future Strategy [CON8043] With the rapid expansion of identities through cloud and mobile applications, it is becoming essential that you have a directory that is capable of handling them. In addition ... View More
  • Tuesday, Sep 30, 5:00 PM - 5:45 PM - Moscone West - 3018
Modern Identity Management: Upgrading to Meet Requirements of the Digital Economy [CON8023] Most enterprise organizations have some form of identity management solution deployed. Whether what they have is provisioning for a small number of core system, single ... View More
  • Wednesday, Oct 1, 11:30 AM - 12:15 PM - Moscone West - 3020
Bulletproof the Oracle Mobile Platform with Integrated Security [CON6983] A common pitfall for many mobile application implementations is the fact that enterprise security, mobile security, and mobile application platforms are frequently based on ... View More
  • Wednesday, Oct 1, 12:45 PM - 1:30 PM - Moscone West - 3022
Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture [CON7994] As smartphones and tablets become the dominant form of consumer computing, customers are demanding access to services through native mobile applications that two years ago ... View More
  • Wednesday, Oct 1, 12:45 PM - 1:30 PM - Moscone West - 3020
Beyond Brute Force: Strategies for Securely Leveraging Mobile Devices [CON7973] With today’s always-connected workforce, employees are demanding access to corporate assets from mobile devices. Although this enables employees to be more productive, ... View More
  • Wednesday, Oct 1, 3:30 PM - 4:15 PM - Moscone West - 3020
Architecting a Complete Access Solution for the Cloud Economy [CON7975] To be able to conduct business in the digital economy, it is essential that users have consistent access to all their applications from any access channel. This session ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3020

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Oracle Identity Management: Customers, Partners & OpenWorld 2014

Join Oracle, our partners and customers at Oracle OpenWorld 2014 as we relate experiences with and demonstrate how Oracle's Identity Management solutions increase security and allow companies to homogenize and defragment identity information and services, which can result in faster deployment times, faster upgrades, and lower cost of ownership by providing consistent access controls and an optimized user experience across the extended enterprise. To help organizations offer more digital services, Oracle Identity Management provides the foundation to connect to the internet value chain and economies of scale to manage users across all channels of interaction including cloud, mobile, and social.

Listen in customer led sessions and hear about real world implementations of Oracle Identity Management solutions across multiple markets in these and more sessions with Oracle partners and customers.

Session
Partner/Customer
Ready for the Digital Economy? Oracle’s Vision of How Identity Helps
Intuit, Safeway
Identity as a Service:
Extend Enterprise Controls and Identity to the Cloud
Intuit
Securing the New Perimeter: Strategies for Mobile Application Security
AurionPro
Customer Success Stories:
How to Eliminate the Blind Spots in Enterprise Risk
Qualcomm, UL, Jeffries
Identity Governance Across the Extended Enterprise
Visa, SPAR, Dewpoint Inc.
The Age of Megavolume:
Oracle’s Next-Generation Directory and Future Strategy
Qualcomm, City of Los Angeles
There and Back Again: Journey to a Successful Deployment
Deloitte & Touche LLP, Aptec LLC
Securing Oracle Applications and the Extended Enterprise with IdM
Simeio Solutions, Sony Computer Entertainment Amercia

Learn from the expert as they demonstrate the Identity Management solutions that can help reduce complexity and risk while lowering costs and providing improved user experiences. See all the Identity Management demos at OOW14 here.

Demo
Location
Identity Management for the Cloud
Moscone South, Left - SLM-123
Identity Management Monitoring with Enterprise Manager 12c
Moscone South, Left - SLM-141
Oracle Mobile Security Suite: Secure Enterprise Applications
Moscone South, Left - SLM-136
Oracle Mobile Security Suite: Enable Secure Access to B2C Applications
Moscone South, Left - SLM-134
Access Management: Complete, Intelligent, and Scalable
Moscone South, Left - SLM-121
Access Management: External Fine-Grained Authorization
Moscone South, Left - SLM-122
Identity Governance: Increased Productivity with Business-Friendly Self-Service
Moscone South, Left - SLM-143

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos. The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Management blog. We hope to see you there!

Thursday Sep 25, 2014

Focus On: Identity Governance at Oracle OpenWorld 2014

Oracle Identity Governance provides comprehensive Identity and Access Governance for rapid, actionable compliance.

Join us at Oracle Open World 2014 and see how the industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.

The following is a list of Governance related Identity Management sessions at OOW14, by order of date and time. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Identity Governance: Reduce Cost, Increase Productivity, and Improve Compliance [HOL9408] This hands-on lab focuses on how Oracle provides a complete identity governance solution that enables organizations to efficiently balance the objectives of access, security, ... View More

  • Monday, Sep 29, 10:15 AM - 11:15 AM - Hotel Nikko - Nikko Ballroom III
Identity Governance Across the Extended Enterprise [CON7968] As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when ... View More
  • Monday, Sep 29, 11:45 AM - 12:30 PM - Moscone West - 3020
Identify Bottlenecks and Tune Oracle Identity Management to Maximize Performance [CON8383] The Oracle Identity Management suite enables enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources to control access to their ... View More
  • Monday, Sep 29, 4:00 PM - 4:45 PM - Moscone West - 3020
Securing Oracle Applications and the Extended Enterprise with Identity Management [CON8874] All Oracle applications are shipped with Oracle Identity Management components to provide the security services they need. These services can be extended to enable not only ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3018
Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk [CON7991] Three customers, three unique stories. This session focuses solely on understanding how these customers were able to automate their identity governance requirements by using ... View More
  • Wednesday, Oct 1, 10:15 AM - 11:00 AM - Moscone West - 3020
Trust but Verify: Best Practices for Monitoring Privileged Users [CON8005] Privileged accounts provide administrators with root-level access to systems and applications. As these accounts are frequently shared, providing secure controls to prevent ... View More
  • Wednesday, Oct 1, 4:45 PM - 5:30 PM - Moscone West - 3020
Self-Service Access Control: Help Yourself to More Productivity [CON8007] As the pace of business increases, it has become impossible for the IT team to manage all the access requests and certifications in an efficient and secure manner. It is ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3018

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Tuesday Sep 23, 2014

Pre-Registration Now Open for eBook: Oracle Mobile Security Primer

Today, just as organizations are starting   to understand the first wave of the mobile revolution, there are now numerous demands being placed on IT to support the second wave as new generation devices and applications are coming online to take advantage of these new capabilities in today’s corporate environment.

Pre-Registration has just opened for the new eBook: Oracle Mobile Security Primer which provides a deeper understanding of not only the fundamentals, but also the complex issues related to mobile security in today’s corporate mobility environment. If you maintain the role of a mobility planner, security architect, CISO, security director, IT director, operations manager or just simply want to stay up on the latest trends around mobile security, then pre-register for this new eBook: Oracle Mobile Security Primer.

Some of the areas covered in this eBook:

  • A look at the changing mobile and business requirements
  • Deep dive in the technologies used to secure the mobile platform today
  • Containerization and application management
  • The role Identity Management plays on the mobile device
  • The broader view of securing the mobile stack

Registration will allow Oracle to provide notification to you upon its availability in both eBook and printed form by McGraw-Hill.

www.mhprofessional.com/mobsec

Friday Sep 19, 2014

Are you ready to take on the Digital Economy securely?

As organizations consume an increasing number of cloud services and applications, identity management becomes fragmented. Organizations have inconsistent access policies and lose visibility into who has access to what. To avoid these risks and costs, they are increasingly adopting a strategy of extending enterprise identity services to the cloud.

Join Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle, and representatives from Intuit and Safeway at Oracle OpenWorld 2014 as they explore how customers are using Oracle Identity Management to deliver a unified identity management solution that provides users with access to all their data from any device while giving administrators an intelligent, centralized view into user access rights. See more detail here and don't forget to register for this session [CON7989] taking place at OOW14 on Monday, Sep 29, 10:15 AM - 11:00 AM PT.

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Wednesday Sep 10, 2014

Managing, Monitoring & Auditing Privileged Users

The greatest threat of a data breach, intentional or not,unfortunately continues to be from the people you are supposed to be able to trust:  Employees, contractors and partners. This presentation explores policies, technology and best practices to manage, monitor and audit the use of high risk privileged accounts as part of a larger Identity Management strategy.

Join us in watching the replay of this popular webinar presented by Lee Howarth*, originally seen live by over 1.9k viewers.

(Click on the image above to be directed to the YouTube video
https://www.youtube.com/watch?v=jpFEoJ6pnmI )

To learn more about Oracle Identity Management solutions join us at Oracle Open World 2014 (OOW14) where experts from Oracle, along with Oracle partners and customers, will relate their experiences with these technologies in depth during sessions like ‘Identity Governance Across the Extended Enterprise’ and ‘Trust but Verify: Best Practices for Monitoring Privileged Users’.

To view all OOW14 conference sessions for Identity Management click here.

To register for OOW14 go to https://www.oracle.com/openworld/register/index.html

*Lee Howarth is a Senior Principal Product Manager at Oracle. With over 25 years experience in the computing industry, he has spent the past decade focused on delivering market leading Identity and Access Management solutions.

Wednesday Aug 27, 2014

A Journey from Customization to Standardization - Umer Aziz

It was a cold evening back in fall 2010 when a succinct but impressive cake cutting ceremony was held at Oslo’s massive indoor stadium, Telenor Arena. The ceremony progressed with some speeches and presentations, leading to a delicious cake and refreshments.  The gathering also comprised of brilliant IT Security and Identity & Access Management professionals, who were accompanied by personnel from other IT disciplines. Most of the audience showed great enthusiasm and pitched very interesting questions which were responded with great passion and confidence by those energetic professionals.

It was the launching ceremony of an application that received OracleFusion Middleware Innovation award at Oracle Open World, in the same year. The application was built on the concept of ‘Identity as a service’ for group companies and proved to be a great addition in application portfolio of our Shared Services organization.

Customized GUI over top of Oracle Identity Manager
The application was built as a customized layer upon Oracle Identity Manager 10g and offered user friendly Certification audits and Access Request Management, powered by a multi-tenant architecture. The features were a bit early of their time in IdM world and were key reasons to build customized layer over top of standard solution of Oracle. Though it was not the first time that we built customized application using APIs of standard identity manager, we had already done that in the form of “user creation management GUI” on top of Oracle Identity Manager 9i.

Shortcomings of Customized solution
Though customization results a product according to customer’s desire and fulfills requirements more precisely, but we shall have to believe that technology has somewhat matured recently and companies are offering off-the shelf solutions, better than the traditional tailored products.

Following are the major shortcomings of Customized solution that were faced.

  • A tailored solution is always more expensive than using an off-the shelf product. The logic is simple – customized product are made for a single customer and consequently all development expenses are borne by one entity.
  • Upgrade to newer version is always a big challenge when using a customized solution, but it becomes even bigger when customization is heavily dependent upon the application interfaces (APIs and WebServices). I still remember the mayhem while upgrading from OIM 10g to OIM 11gR1 :)
  • Maintenance and development of a customized solution (application) requires considerable time and resources as compared to the standard solution. A dedicated team of programming geeks is a must, for successfully running a tailored solution. Another relevant challenge is training and coaching of newly hired resources. Every time a new resource is hired to fulfill a vacant position, a hands-on training will be required for him to understand the architecture and approach used for customization.
  • The product support community does not offer any support for a customized product, so if you get a bug or challenge in your customized solution, you will be the only one to resolve that.
  • It is admitted by many of the solution providers, that customization has resulted in slow performance of their application instances. Allowed customization approaches use standard APIs or related interfaces to interact with core application, which have always been considered performance degraders due to the formalities of applications towards external interfaces. This challenge is not only true for Identity Management but similar feedback has been reported by experts of other products i.e. Oracle E-business suite and Oracle SOA suite.


Oracle’s Beta testing program
The Beta Testing Program is a joint venture featuring Oracle and its customers. This initiative provides a structured approach to include users of Oracle applications from selective organizations in the Beta Testing Programs. The overall goal is to allow selected users to perform in depth testing and analysis of Oracle's new products and releases in order to help Oracle deliver better products to market. As a beta testing participant, testers perform in-depth testing of the next generation of Oracle products. This also helps to build personal knowledge base, become an industry recognized technology leader, and help influence Oracle's future product direction.

Our organization, as a Shared Services Solution Provider of Identity and Access Management, was also involved in the beta testing for patch set 2 (PS2) of Identity and Access Management suite 11gR2. The focus area from our side was limited to Identity Governance – more specifically, features of Multi-Tenancy and Access Request Management.

Decommissioning of Tailored layer and rollout of Off-The-Shelf Solution
It's a common misunderstanding that boundaries limit creativity. It may sounds unreasonable, but boundaries can actually boost creativity. Instead, we need to impose boundaries by tightening our processes and one way to achieve this effectively is with Off-The-Shelf solutions.

As involvement in beta testing program resulted in the confidence on much awaited functionalities, last week we have decided to decommission the customized layer by moving functionalities in OIM 11gR2 PS2. The work has actually been started and intention is to complete before summer vocation of 2014. We're crossing our fingers and hoping that the rollout of Off-The-Shelf solution stays fine.

Umer Aziz is an ITIL Specialist Change Manager with Telenor Global Shared Services and has an extensive consulting background in Identity and Access Management in real world deployments. 

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today