Wednesday Oct 10, 2012

Webcast Replay : SANS Institute Product Review of Oracle Identity Manager

Thanks to everyone who attended the SANS Institute webinar covering the product review of Oracle Identity Manager. And a special thanks to our guest speakers from SuperValu - Phillip Black and Patrick Abreo.

If you missed the webcast, you can catch a replay here 

And here are the slides that were used in the webcast. 

There were many questions that we could not answer as we ran out of time. We have captured some of the questions with responses below.

Is Oracle Identity Analytics still offered as a separate product or is it part of Oracle Identity Manager?

Oracle Identity Manager and Oracle Identity Analytics are now offered as part of Oracle Identity Governance Suite. OIA and OIM share a common UI architecture, common data model and common support for connected and disconnected resources. 

When requesting new access/entitlements is there an approval process?

Yes. We leverage SOA BPEL-based workflows for approvals 

Are the identity self service capabilities based on Oracle ADF?

Yes they are completely based on Oracle ADF 

Can you give some examples of personalization and customization with Oracle Identity Manager 11gR2?

With the new UI config framework we can enable different levels of UI customization. Customers now have the ability to Point & click to customize; or drag and drop customization without any need for coding. So users can easily personalize the interface of their application within the browser. For example, they can change the logo, Rearrange, hide Home Page regions; regularly searched items can be saved and re-used; Searchable & search results columns can be configured; Sorting preferences are remembered and so on. For more sophisticated customization, Customers can also edit the standard JSF within the page to alter business rules, modify page flows, page layouts and other items.

Can you explain the role of sandboxes in customization?

Customers can make their custom changes within a sandbox so that it doesn’t impact their production environment. They can make their changes, validate those changes, stage and then commit those changes without affecting production users. This is similar to how source code control systems like perforce work

To watch a replay of the webcast, click here

Tuesday Oct 02, 2012

News from OpenWorld: Oracle Announces Identity Governance Suite


At OpenWorld, Oracle today announced the release of Oracle Identity Governance Suite. An end-to-end access governance solution, Oracle Identity Governance Suite addresses compliance, governance and identity administration requirements.

Built on Oracle’s unique platform approach to Identity Management, the suite offers a single, comprehensive platform for access request, provisioning, role lifecycle management, access certification, closed loop remediation and privileged account management. The suite offers benefits like dramatic reduction in administration (and help desk) overhead, cost-effective compliance enforcement and reporting, enhanced user experience and analytics driven insight.

More details available in the announcement and on our website.

Additional Resources:

·         Oracle Identity Governance Datasheet

·         Oracle Privileged Account Manager

·         Integrated Identity Governance Whitepaper

·         Gartner Magic Quadrant for User Provisioning

·         Join the Oracle Identity Management online communities: Blog, Facebook and Twitter

Monday Sep 24, 2012

Webcast Reminder: SANS Institute Product Review of Oracle Identity Manager 11R2 September 27th @ 9am PT

Join the SANS Institute and Oracle this Thursday (September 27th) for a product review of Oracle Identity Manager 11gR2. Recently, Dave Shackleford from the SANS Institute conducted a review of the 11g R2 release of Oracle's industry leading user provisioning solution, Oracle Identity Manager. On  this webcast, Dave will present his findings and experiences using the product. 

Attendees will also get an opportunity to hear about the latest trends driving the user provisioning market, learn from real world deployment scenarios and get all their Identity Management questions answered.

If you haven't already registered - register here.

Thursday Sep 06, 2012

Webcast: SANS Institute Product Review of Oracle Identity Manager 11gR2

Translating the IT-centric, directory based view of access and authorization into the process-driven concerns of business users inevitably creates unique challenges. Enterprises struggle to determine which users have access to what resources and what they are doing with that access. Enforcing governance controls is critical to reduce the risk that an employee or malicious third party with excessive access will take advantage of that access.

Dave Shackleford, SANS analyst, recently reviewed the User Provisioning capabilities of Oracle Identity Manager 11gR2. In this webcast, attendees will hear from Dave and other Oracle and customer experts on:

  • The key challenges associated with implementing self-service user provisioning
  • Oracle’s unique online “shopping cart” model for self-service access request
  • Real world case study of user provisioning
  • Best practices for deployment

Register today, for this complimentary webcast, hosted by The SANS Institute. Attendees will be among the first to receive a new SANS Analyst Whitepaper on this subject.

When: Thur Sep 27  9am PT/12p ET

Where: Register here

Friday Aug 24, 2012

Browser based UI Customization with Oracle Identity Management 11gR2

Business users need user interfaces that are not only friendly but also easily customizable. However the downside of any customization project is the cost and complexity involved in developing, testing, deploying, and managing custom code. And equally critical is the challenge of ensuring customizations stay intact through product upgrades.To overcome these challenges, Oracle Identity Management 11gR2 now includes a Durable UI Configuration Framework which lets customers make complex UI customizations all from with the confines of a web browser.

I recently sat down with Clayton Donley, Senior Director of Development for Oracle Identity and Access Management products. In this podcast, we examine how this new capability in Oracle Identity Management around browser based UI customization can reduce costs and complexity of customization while simplifying self service integration with corporate portal strategies. Click here to listen.

Monday Aug 20, 2012

Webcast: A Platform Approach to Privileged Account Management

Privileged accounts are critical accounts to secure and manage since they provide broad access to systems and sensitive corporate information. Failure to manage privileged accounts can result in data breaches, theft, compliance violations, and service outages. The challenge customers have is that multiple people know the passwords to these high risk accounts  hence making it impossible to be able to audit and trace the usage to a single person. Because privileged accounts are not tied to specific people, they cannot be readily centralized in an enterprise user directory. Detecting inappropriate access to privileged accounts and determining which individuals in a team of administrators participated in unauthorized activities is extremely challenging. Another challenge facing organizations is management of a large number of administrative accounts in a secure, efficient, and scalable way.

Today managing privileged access is not well defined. Organizations are relying on solutions that either don't scale, introduce risk or are expensive. Manual solutions like spreadsheets are error-prone and do not scale and they lead to lack of accountability. The impact is reduced productivity and an approach that does not scale beyond a department level. Some organizations overlook the problem. In some cases, sensitive systems and root account passwords are not changed. Using Default passwords is risky and prone to abuse. Others deploy point solutions for specific systems. A patchwork of point solutions can result in higher integration costs. There is no visibility across all privileged access. There is no way to monitor and report on access. There is no way to centralize policy control across departments or multiple systems.

To overcome these challenges, Oracle recently introduced Oracle Privileged Account Manager as part of our Identity Governance solution set. Oracle Privileged Account Manager relies on a unique platform approach to reduce costs and risk while enabling organizations to scale shared account management to thousands of users across a myriad number of systems. By combining advanced policy-based and automated password management capabilities with comprehensive auditing and reporting features, Oracle Privileged Account Manager delivers highly-secure and simplified password administration to shared accounts, while further streamlining identity compliance reporting. Oracle Privileged Account Manager can also significantly reduce identity management costs, deployment times and audit deficiencies.

To learn more about Oracle's platform approach to Privileged Account Management and how it can help organizations manage risk access and compliance, join us for a live webcast Thu Aug 23 at 9am PT/12pm ET by clicking here.

Register here for the webcast.

When: Aug 23 9am PT/12pm ET 

Friday Aug 10, 2012

Webcast: Managing Compliance with Privileged Account Management

Privileged accounts are the most powerful accounts in an organization. But they are also the most difficult to regulate and control. So organizations are faced with a tough tradeoff between balancing productivity and security. Failure to manage privileged accounts can result in data breaches, theft, compliance violations, and service outages. The challenge organizations have is that multiple people know the passwords to these high risk accounts making it impossible to be able to audit and trace the usage to a single person.  As people move into cloud environments, this problem gets worse. 

Privileged account management in most organizations today happens to be fragmented and many of the tools used to manage privileged accounts lack the automation to re-mediate and change privileged access in a timely fashion. Join us for a live webcast on Aug 23 at 9am PT/12pm ET where we will discuss how taking a platform approach can help organizations reduce risk, improve compliance and unlock the complete potential of privileged accounts.

This webcast will cover:

· Challenges associated with managing high risk access

· Benefits of a Platform approach to privileged account management

· Privileged account management use case scenarios and best practices

Attendees will also get a chance to interact and get their questions answered live by an Oracle expert.

Register here for the webcast.

When: Aug 23 9am PT/12pm ET 

Thursday Aug 09, 2012

Unified Inbox for Pending Tasks with Oracle Identity Management 11gR2

[Guest post by Rajesh Pakkath] 

In a typical Identity Management deployment, users are required to perform certain tasks like acting on requests pending approval, flagging a manual fulfillment as complete or certifying user access on a periodic basis. These critical tasks need to be acted upon in a timely fashion, but can easily get out of control by the volume of tasks generated for various identity and governance functions. Oracle Identity Governance solution offers a feature rich email folder style inbox for request approvals and manual fulfillment tasks where all pending tasks can be easily viewed, prioritized and acted upon. This solution is based on Oracle’s SOA Task List and offers the following benefits to business users.

  • Simplified Request Tracking:
  • A request tracking feature provides customers an end-to-end visibility on the request from its initiation to fulfillment. Detailed information of the request along with a visual representation of the workflow provides the requester to see the status of their request and approvers to view all required details before taking a decision.
  • Enhanced Approval Management:
  • With a single and unified inbox of all pending tasks, business users can now make use of priority queues and user defined views to filter and take decisions on tasks based on priority. This greatly increases usability to business users and reduces rubber stamping of approvals and certifications. Within the same console, requesters can withdraw their request and Approvers can reassign, escalate or request for additional information.
  • Streamlined business usage:
  • Requesters and approvers can further enrich requests by adding comments and attachments. Mobile users can approve or reject requests directly from their email without logging into the self service console.

These features simplify the day to day tasks of business users’ thereby increasing user productivity and overall operational efficiency of an enterprise.

To learn more about this and other Oracle Identity Governance solutions, click here

Friday May 18, 2012

Demo: Intelligent Role Discovery with Oracle Identity Analytics

In a growing enterprise where employee roles constantly evolve, Certifying access to thousands of systems and millions of entitlements is challenging. As users change job roles changing access rights can be a nightmare.

Role management can effectively address this challenge and make access control consistent and manageable for a large and constantly changing universe of users. But organizations must first define roles as the basis for access control – a monumental task especially in organizations that have large numbers of users spread across multiple applications.The traditional method for defining roles is to use spreadsheets which is ineffective, time-consuming, and expensive.

To address this challenge, Oracle Identity Analytics offers the industry’s most advanced role governance solution that allows organizations to logically bucket users on the basis of their entitlements. Watch this demo to learn how Oracle Identity Analytics offers an advanced role governance solution to map users into roles allowing organizations to simplify user provisioning and reduce audit exposure.

Wednesday May 16, 2012

Demo of Access Certification with Oracle Identity Analytics

Certifying employee access on a recurring basis can be a time consuming and complex process for business managers. Navigating access spreadsheets can take weeks and is error-prone. And certifiers can delegate reviews which breaches accountability To address this challenge, Oracle Identity Analytics offers the industry’s most advanced automated access governance solution. Watch this demo to learn how Oracle Identity Analytics accelerates access certification to improve productivity and streamline the audit process

Friday Dec 02, 2011

Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics – Q&A Follow-Up

Thanks to all who attended the live webcast event hosted by Healthcare IT News. Hope you find the discussion and the presentations useful; we look forward to a continued conversation.

Compliance in healthcare has always been an active discussion in the identity management industry and here at Oracle too. So, we were very pleased when Jason W. Zellmer, Director, Strategy and Information Management at Kaiser Permanente Information Security agreed to be on a live panel discussion with us to share his experiences and insights with his peers. Especially after having had a similar role in a financial services organization in the past, his commentary on how acute identity management and compliance needs are in a healthcare organization like Kaiser Permanente was particularly insightful. The live event also allowed us to bring in experts from Kaiser’s identity management implementation partner, PricewaterhouseCoopers as well as Oracle’s own solution expert to provide a 360-degrees perspective on healthcare compliance solution design and implementation for healthcare organizations.

The on-demand webcast replay is now available and so are the slides for download. And, since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Could you brief about the OOTB component in ERP for managing SOD checks and how this is effective in the context of integrating with OIM and OIA?

A. Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA) work seamlessly with OOTB ERP SOD engines like Oracle Applications Access Control Governor (OAACG) to enable both preventative SOD (and IT policy monitoring) checks during the user provisioning process as well as detective and remedial SOD actions.

Q. How are Oracle IDM products flexible with the changing compliance requirements if any?

A. As compliance regulations continue to evolve, standards-based, open Oracle Identity Management solutions allow you to easily configure your workflows in accordance with the changing requirements. And since Oracle Identity Management solutions allow you to externalize security from applications and provide a centralized security platform, organizations can easily adapt to the changing regulatory and compliance landscape without having to rip and replace existing solutions.

Q. Where did you get the 48% IAM cost reduction and 80% productivity boost from?

A. Recently Aberdeen Research conducted a survey comparing cost savings from Platform vs. Point solutions in identity Management and found that organizations choosing products from an integrated stack can save up to 48% long term and achieve better automation and lower administrative costs. Please refer to the Aberdeen paper available for download. The 80% user productivity boost was determined based on the benchmark study conducted for the latest release of Oracle Identity Analytics 11g. Please refer to the recent announcement of availability of enhanced Oracle Identity Analytics.

Q. You referred to an ROI study on Identity Analytics and a model for computing compliance cost savings. Where can I find more information?

A. Forrester Consulting recently conducted a study where they interviewed 4 organizations that had deployed Oracle Identity Analytics to understand the various use cases, cost implications and the results from their respective implementations. Based on these actual studies, Forrester then built an ROI model and calculated aggregated savings for a typical organization. We recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Tuesday Nov 15, 2011

Limiting Audit Exposure and Managing Risk – Q&A and Follow-Up Conversation

Thanks to all who attended the live ISACA webcast on Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics. We were really fortunate to have Don Sparks from ISACA moderate the webcast featuring Stuart Lincoln, Vice President, IT P&L Client Services, BNP Paribas, North America and Neil Gandhi, Principal Product Manager, Oracle Identity Analytics. Stuart’s insights given the team’s role in providing IT for P&L Client Services and his tremendous experience in identity management and establishing sustainable compliance programs were true value-add at yesterday’s webcast.

And if you are a healthcare organization looking to solve your compliance and security challenges, we recommend you join us for a live webcast on Tuesday, November 29 at 10 am PT. The webcast will feature experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle and the focus of the discussion will be around the compliance challenges a healthcare organization faces and best practices for tackling those. Here are the details:

Healthcare IT News Webcast: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics

Tuesday, November 29, 2011
10:00 a.m. PT / 1:00 p.m. ET

Register Today

The ISACA webcast replay is now available on-demand and the slides are also available for download. Since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Can you please clarify the mechanism utilized to populate the Identity Warehouse from each individual application's access management function / files?

A. Oracle Identity Analytics (OIA) supports direct imports from applications. Data collection is based on Extract, Transform and Load (ETL) that eliminates the need to write connectors to different applications. Oracle Identity Analytics’ import engine supports complex entitlement feeds saved as either text files or XML. The imports can be scheduled on a periodic basis or triggered as needed. If the applications are synchronized with a user provisioning solution like Oracle Identity Manager, Oracle Identity Analytics has a seamless integration to pull in data from Oracle Identity Manager.

Q.  Can you provide a short summary of the new features in your latest release of Oracle Identity Analytics?

A. Oracle recently announced availability of enhanced Oracle Identity Analytics. This release focused on easing the certification process by offering risk analytics driven certification, advanced certification screens, business centric views and significant improvement in performance including 3X faster data imports, 3X faster certification campaign generation and advanced auto-certification features, that  will allow organizations to improve user productivity by up to 80%. Closed-loop risk feedback and IT policy monitoring with Oracle Identity Manager, a leading user provisioning solution, allows for more accurate certification reviews. And, OIA's improved performance enables customers to scale compliance initiatives supporting millions of user entitlements across thousands of applications, whether on premise or in the cloud, without compromising speed or integrity.

Q. Will ISACA grant a CPE credit for attending this ISACA-sponsored webinar today?

A. From ISACA: Hello and thank you for your interest in the 2011 ISACA Webinar Program!  Unfortunately, there are no CPEs offered for this program, archived or live.  We will be looking into the feasibility of offering them in the future. 

Q. Would you be able to use this to help manage licenses for software? That is to say - could it track software that is not used by a user, thus eliminating the software license?

A. OIA’s integration with Oracle Identity Manager, a leading user provisioning solution, allows organizations to detect ghost accounts or unused accounts via account reconciliation. Based on company’s policies, this could trigger an automated workflow for account deletion or asking for further investigation. Closed-loop feedback between the two solutions would then allow visibility into the complete audit trail of when the account was detected, the action taken, by whom, when and the current status.

Q. We have quarterly attestations and .xls mechanisms are not working. Once the identity data is correlated in Identity Analytics, do you then automate access certification?

A. OIA’s identity warehouse analyzes and correlates identity data across various resources that allows OIA to determine a user’s risk profile, who the access review request should go to, along with all the relevant access details of the user. The access certification manager gets notification on what to review, when and the relevant data is presented in a business friendly screen. Based on the result of the access certification process, actions are triggered and results recorded and archived. Access review managers have visual risk indicators that also allow them to prioritize access certification tasks and efforts.

Q. How does Oracle Identity Analytics work with Cloud Security?

A. For enterprises looking to build their own cloud(s), Oracle offers a set of security services that cloud developers can leverage including Oracle Identity Analytics.  For enterprises looking to manage their compliance requirements but without hosting those in-house and instead having a hosting provider offer managed Identity Management services to the organizations, Oracle Identity Analytics can be leveraged much the same way as you’d in an on-premise (within the enterprise) environment. In fact, organizations today are leveraging Oracle Identity Analytics to manage identity compliance in both these ways.

Q. Would you recommend this as a cost effective solution for a smaller organization with @ 2,500 users?

A. The key return-on-investment (ROI) on Oracle Identity Analytics is derived from automating compliance processes thereby eliminating administrative overhead, minimizing errors, maintaining cost- and time-effective sustainable compliance processes and minimizing audit exposures and penalties.  Of course, there are other tangible benefits that are derived from an Oracle Identity Analytics implementation as outlined in the webcast. For a quantitative analysis of your requirements and potential ROI calculation, we recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Thursday Oct 27, 2011

Limting Audit Exposure and Managing Risk: A BNP Paribas, North America Success Story

Audits are not something we look forward to typically. Because audits mean we have to prepare for the exercise in addition to doing our daily jobs. Compliance mandates and company policies, however, have made access certification audits a necessary job function. In a large enterprise, that would mean, reviewing access for thousands of users across hundreds of applications in a dynamic environment i.e., where users change jobs, locations, move to and from projects, join or leave the company. The traditional spreadsheet model clearly can't work here. And even if you are somehow able to enforce access policies, how do you prove to your auditors the same? And hence, Audit Eye! If you haven't seen the video, you should check it out now.


BNP Paribas, North America took the access certification challenge head-on and triumphed. Are you looking at solving your complex access certification (attestation) challenges? Looking to make the the access certification process simpler, quicker and more reliable? Then, we invite you to come listen to Stuart Lincoln's presentation on a live ISACA webcast on how BNP Paribas, North America implemented well thought-out strategy and solution to make access certification review processes sustainable, convenient and streamlined and audits - a lot less painful. We look forward to a good conversation.

Live ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics
Thursday, November 10, 2011
9 a.m. PDT / 12 p.m. EDT
Register Here

Tuesday Aug 30, 2011

Got Audit Eye?

Are you at a loss come audit time? Still trying to figure out how you can realistically confirm for ALL your employees and across ALL your enterprise systems who has access to what and when? You are not alone; just check out this video and remember Oracle Identity Analytics can help.

 Audit Eye


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« April 2014