Wednesday Feb 04, 2015

Security and the User Experience: A Balancing Act

Author: Forest Yin

Security is a key business consideration to protect customer data and transactions, business secrets and intellectual property (IP) as well as ensure compliance with regulations. On the other hand, better user experience is critical as it attracts more customers with more transactions or enables employees to be more productive.

But how can you provide better user experience while at the same time enhance security?

Let’s take a look at a real-world example. A large bank used to provide mobile online banking through their browser applications. However, their customer rating of mobile online banking experience was well below the bank’s competitors. As mobile banking is becoming the most important channel of customer interaction, in order to better compete, the bank decided to provide a native mobile application for online banking.

However, mobile banking has inherently higher risk than traditional channels. For example, the device can be easily lost or stolen, and the password can be easily obtained through shoulder surfing. Given these challenges, stronger security is required for mobile access. But due to user experience considerations, the bank cannot require customers to register their devices or require customers to always use one-time-password (OTP) or other types of multi-factor-authentication (MFA), which may turn customers away.

Even the typical web username and password based login is inconvenient for mobile access.

To ensure tight security while providing excellent user experience, the bank implemented a solution with the following capabilities:

1. Initial setup process

a. When the customer first downloads and installs the native mobile banking application on a mobile device, the user registers the application with the backend server through user name and password authentication.

b. As this is the first time the device with the application is trying to connect to the backend, a one-time-password through email or SMS is sent to the user to further validate the user.

c. Once the user is validated upon application registration, the device fingerprint is taken automatically to register the device for the user.

d. The user can then set up a 4- to 6-digit pin for their future online banking access.

2. Online banking experience after initial setup

a. The user launches the mobile app on the mobile device with a pin.

b. To look up an account balance, no further user authentication is needed if the device fingerprint is validated (automatically in the background).

c. Banking transactions such as money transfers require a pin-based authentication without the need for username-password authentication.

3. Risk control and adaptive authentication. Although the banking experience above is a typical user experience for majority of customers most of the time, the solution is monitoring and analyzing risk based on real-time context such as device, location, transaction amount, frequency, etc., based on defined policies and access patterns. If the risk is deemed high, the user may be required to further authenticate using OTP or Knowledge Based Authentication (KBA) or in some cases the user may be denied access altogether.

With the launch of native-application-based online banking and the excellent user experience provided, the bank’s new mobile online banking service gained wide adoption and the bank’s service rating increased substantially.

The key to balancing security with user experience is an intelligent Access Management solution that understands real-time risk and context and accordingly takes adaptive actions. For example, we all know that passwords are not safe enough. However, it is not practical to require all consumers or even all employees to use MFA all the time due to experience and adoption issues. Security and user experience can be balanced through an intelligent security system.

Users appreciate the fact that they can continue to use passwords as they
always have and will only be challenged further with MFA when risk is high.

In future blogs, we will talk about how Oracle Access Management can intelligently provide context-aware, content-aware and risk-aware access to simplify user experience, so please stay tuned.

About the Author

Forest Yin is the Senior Director of Product Management for Oracle Access Management and Directory Services product lines. Forest has been in the identity management industry for almost 15 years starting with Netegrity.
THE AUTHOR can be reached via LinkedIn

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and follow us here in the Identity Management blog.

Thursday Jan 22, 2015

Why Customers Should Upgrade Directory Server Enterprise Edition (DSEE) to Oracle Unified Directory (OUD)

Author: Forest Yin

Lightweight Directory Access Protocol (LDAP) is the foundation of Identity Management. LDAP directories are designed to store identity and policy information and provide runtime access to that information. Oracle’s Directory Server Enterprise Edition (DSEE) is the most widely deployed directory in the industry with thousands of production deployments. Some customer deployments include hundreds of millions of entries and even over a billion entries for a single deployment. 

However, as business and technology evolve, a modern directory not only needs to be scalable for large scale directory consolidation but also needs to be able to virtualize identity from multiple data sources. In addition, a directory not only has to provide extremely high search performance but also write performance. A modern directory has to support on-premise applications and deployments as well as cloud applications and deployments. To address these new requirements, Oracle has introduced Oracle Unified Directory (OUD), the next generation, all-in-one directory for LDAP storage, synchronization, and virtualization.

OUD is Oracle’s strategic directory and the upgrade path for DSEE. Oracle strongly encourages DSEE customers to upgrade to OUD to take advantage of the following benefits:

  1. OUD is technically superior resulting in lower total cost of ownership (TCO), stronger security, and better user experience.
    1. OUD is a converged directory service providing storage, synchronization, and virtualization capabilities. Full convergence is in progress and the convergence provides richer functionality while simplifying deployment and ongoing maintenance. 
    2. OUD performance and scalability far exceed DSEE’s. For example, OUD 11gR2 can deliver more than 5 times DSEE’s write performance and more than 3 times DSEE’s search performance.
    3. OUD is designed to address current and future on-premise, mobile, and cloud needs. OUD enables enterprises to consolidate identity management for applications, databases, and servers. It can synchronize and virtualize identities from on-premise and cloud data sources to enable on-premise and cloud applications to work side by side. Its performance can handle dynamic mobile data and its scalability can support the requirements of extremely large social networks.  
  2. Free DSEE-to-OUD upgrade license. Existing DSEE customers are offered a one-to-one free upgrade license to OUD. In other words, no license cost for upgrading to OUD.
  3. DSEE 11gR1 Premier Support is extended while DSEE 5.2 and 6.3 are in Sustaining Support.
    1. DSEE 5.2 and DSEE 6.3 are in infinite Sustaining Support, i.e., no new fixes will be created. These customers should upgrade to OUD (or to the latest DSEE 11gR1) to ensure up-to-date security and take advantage of more functionality and better quality.
    2. In order to ease customer migration, Oracle has extended DSEE 11gR1 Premier Support from June 2015 to December 2016 to provide customers with more time for planning and implementation.    
  4. Upgrade is technically straightforward and easy
    1. OUD is designed to be fully compatible with DSEE, so any applications working with DSEE should work with OUD.
    2. Co-existence is provided between OUD and DSEE in that OUD can run just like a DSEE with bi-directional replication capabilities. This co-existence enables zero down-time and gradual migration for large scale deployments.
  5. OUD is proven with over a hundred production deployments. Most of them are upgrade from DSEE 5.2, 6.3 or 11gR1 while some are a replacement for Novell, OpenLDAP, etc. Some have up to hundreds of millions of users (consumers) while others have tens of thousands of employees.

In summary, OUD is Oracle’s strategic, next-generation directory and the upgrade path for DSEE. Oracle encourages DSEE customers to upgrade to OUD to take advantage of the latest functionality in order to support on-premise, cloud, and mobile applications while benefiting from a lower TCO, improved user experience, and enhanced security.

We will continue to share upgrade best practices and case studies in future blogs, so please stay tuned.    

About the Author

Forest Yin is the Senior Director of Product Management for Oracle Access Management and Directory Services product lines. Forest has been in the identity management industry for almost 15 years starting with Netegrity.
THE AUTHOR can be reached via LinkedIn

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and follow us here in the Identity Management blog.

Wednesday Jan 14, 2015

The Future of User Authentication

Author: Prateek Mishra

As business and citizen services, entertainment and social life all become digitized and virtualized, passwords emerge as a key piece of data to be used for stealing information and online resources. In the past, this was a possibility and an occasional occurrence but in recent years the Apple Celebrity Photo breach [1], JPMorgan [2] and Pharmaceutical Company [3] data breaches have demonstrated the increasing scale and range of password-based threats to businesses. It is interesting to observe that each of these three breaches demonstrates a *different aspect* of the "password problem": ability to guess or reset passwords, password re-use and subsequent discovery from a website with weak security controls, and last, phishing attacks targeted at executives or administrators.

Pundits, bloggers, security gurus and journalists have all declared passwords "dead".
The Motorola login pill [4], the heartbeat monitor [5] and device hardware [6] are just a few of the many claimants jostling for a tryout as password replacements. So are we finally at a point where passwords will no longer be used to login to your employer or at your online medical portal?

To get some perspective, it helps to step back and review the overall context in which passwords are used and the different parties involved. For the business or service provider, passwords are a *scalable* and *low-cost* way to control access to services. For the user, there is a familiarity and ease with the *ceremony* of password use and the overall *user-experience*. Finally, both businesses and users share a conceptual and visual understanding of login page, user registration, forgotten password service and so on.

A successful new model for authentication must address these issues. While business costs and administrative overhead are important, a predictable and easily learnt user-experience is critical and for obvious reasons. The best authentication model is useless if customers or employees find it difficult to use. This is the key reason why it has proven so difficult to transition away from passwords - even after many years of effort - Bill Gates [7] had called for their removal almost a decade ago!

As we are all aware, one significant technological change in the past five years has been the worldwide availability of phones - smart phones (now widespread in the developed world) and wireless feature phones (in the developing world). And perhaps herein lies the future of authentication. We all know how to use a phone and its services, and we are being trained to download and install applications. Phone features are constantly being improved and a foundation for innovative ways to authenticate.

The popularity of a phone-based "authenticator app" which provides TOTP (Time-Based One-Time Passwords) to augment existing password systems is a great example. The technology is well-known and was standardized in RFC 6238 [8] by IETF (the folks who helped define most of the protocols for the internet such as HTTP and SMTP). As an open standard, it has been reviewed by leading experts in the field and so we can have some reasonable expectations of its robustness and quality.

Many websites and vendors now provide such an app: for example, the Oracle Mobile Authenticator can be installed on Android [9] devices or an iPhone [10] and works in concert with the Oracle Access Manager. Once a user has installed the authenticator app, they are guided through a registration process which connects the app to their online account. Notice that a password is still required for this step. The app generates six digit (pseudo) random numbers, in a sequence specific to the user, typically changing to a new number every 30 seconds.

At subsequent logons, in addition to their password, the user is prompted to enter the current random number displayed by the app. Even if the password has been compromised and is known to an attacker, the attacker will be unable to login to the user account.

Clearly this "password+otp" model has its limitations. An attacker could "phish" both the password and the code and within a few seconds login into the user account. A more sophisticated attacker could extract information about the random number generator from the app or the target website and simulate the random number sequence used by the app.

Nevertheless, this model protects against a common attack - where the password was guessed or discovered at a previous time. The level of security sought by a business should be based on the value of the resource and types of attacks against which it is trying to protect itself. The goal is to *impose costs* on an anticipated class of attacks, versus achieving some security ideal. The password+otp user-experience remains a familiar one, though individuals do have to learn the extra step of viewing the app on their phones to retrieve the current number, and entering into a login screen.

Passwords aren't dead but they are going to be less important in the future. They will provide only one component of user authentication, though the conceptual and visual model of the login page will be retained. There are going to be lots of experiments, some profound and some silly (authentication tattoos anyone?), that companies and researchers will bring forward. The recent iPhone 6 [11] fingerprint scanner and Keychain integration is an intriguing sample: how can it be integrated with the familiar login experience and might it become a universal feature of smart phones in the future?


About the Author

Prateek Mishra is Technical Director at the Identity Management Division, Oracle. His group participates in standards and open source activities, including OAuth and OpenAz. He is best known for his pioneering role in conceptualizing and creating the SAML identity standard.
Prateek can be reached via LinkedIn

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and follow us here in the Identity Management blog.

Monday Nov 24, 2014

Gartner Identity & Access Management Summit, Dec 2-4, 2014 w. Amit Jasuja

Register Now for Gartner Identity and Access Management Summit, Dec 2-4, 2014

Join Platinum Sponsor Oracle in at Caesar's Palace Las Vegas
Oracle Session
: Revolution or Evolution: Unlocking The Potential of The New Digital Economy
Speaker: Amit Jasuja, Senior Vice President, Development Java & Identity Management Products, Oracle
Oracle Session Schedule: Tuesday, December 2, 2014 - 10:45 a.m. – 11:30 a.m - Octavius 22

Abstract: As organizations consume an increasing number of mobile and cloud apps, identity management becomes fragmented. Organizations have inconsistent access policies and lose visibility into who has access to what. To avoid these risks and costs, they are increasingly adopting a strategy of extending enterprise identity services to the cloud. This presentation explores how organizations are using Identity Management to give users access to all their data from any device while providing an intelligent centralized view into user access rights across mobile, cloud and enterprise environments. See how Oracle Identity Management can securely accelerate your adoption of mobile and cloud applications.

Visit the Oracle Platinum Sponsor Booth
Attendees can meet with Oracle Solution experts and discuss how Oracle Identity Management can securely accelerate your adoption of mobile and cloud applications.

Oracle Demos will Showcase:

Identity Governance
Given the state of our economy these days, with high number of data breaches and unauthorized access to sensitive information assets, it is no wonder this is one of the biggest threats an organization is concerned with these days. Ensuring proper vetted access and visibility into highly privileged accounts and entitlements is critical to ensuring a sound security practice.

This demo showcases Oracle’s Identity Management Solution, highlighting the differentiated value proposition of an integrated and converged Identity Governance, Access Management and Privileged Accounts Management approach.

We will show the following capabilities:

  • Self Service Access Request
  • Integrated OIM Catalog with OPAM entitlements
  • Multi approval workflow with temporal grants and authorizations
  • 2-Factor authentication with Oracle Mobile Authenticator
  • Recording of a privileged access (Windows session recording)
  • Execution of a certification campaign with both normal and privileged entitlements
Mobile & Cloud Access Management
  • Unified Self Service Console and Delegated Admin Console (OIG) extended to Mobile
    • App and device level policies, app inventory
    • View user, request for roles and invite user to register device
    • Automated device configuration and Secure Workspace app installation
    • Data leakage prevention policies
  • Application access via Secure Workspace
    • Show applications being provisioned as part of the role assignment above. This would also include link to the IdaaS portal in the secure workspace.
    • Click on the link and you are Single Sign on to the IdaaS portal.
  • Cloud Application access scenarios in IdaaS:
    • Access Document Cloud Service – Simple Federated SSO.
    • Access Fusion HCM and be prompted for a 2 factor auth using OMA.

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and follow the Identity Management blog.

Tuesday Nov 18, 2014

Oracle Partner AmerIndia is now Avancer

Oracle Partner and Identity Management solution provider AmerIndia is now Avancer!

(read about the change here)

In a previous guest blog post supporting a webinar (see below) with Avancer, "Embracing Mobility in the Workspace using Oracle API Gateway", we explained how Oracle API Gateway (OAG), Oracle Access Management (OAM) and Oracle Entitlement Server (OES) can be managed to effectively support mobile devices.

"By 2015, over 80% of handsets in mature markets will be smart phones.” - Gartner Research

While mobile devices have evolved to better suit the needs of consumers they've also traded away security to ensure usability. These trade-offs increasingly contribute to security risks when such devices connect to the enterprise resources.

These security risks can be addressed in an effective manner to protect precious company resources and comply with increasingly strict regulations. Mobile Access management solution using Oracle API Gateway technology unifies enterprise resources and cloud-based resources across network boundaries to mobile devices. This solution assures enhanced security, regulatory compliance, improved governance, and increased productivity.

Watch the webinar replay as experts from Avancer and Oracle discuss Mobility in the Enterprise and the implications that BYOD have on the security postures of the organization along with the steps that can be taken to reduce risk.

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and right here in the Identity Management blog.

Friday Nov 14, 2014

IDM in the Enterprise: Best Practices Blog Series with Infosys

Last week we finished up with the four-part series of must read-read articles for anyone working with Oracle Identity Management in large enterprise environments.

Thanks to the authors, Abhishek Nair, Rajesh Gaddam, and Vikesh Parmar, Senior Technology Architects with the Enterprise Security and Risk Management (ESRM) practice at Infosys Limited*, the response has been outstanding and marked some of the highest readerships ever in the OracleIDM blog.

To read or re-read the series:

Part 1: Design Considerations:
Implementing Oracle Identity Management for Large Enterprises
by Abhishek Nair - Building an abstraction layer to allow for consolidation of identity, account and access information from OIM and other enterprise sources.

Part 2: Disconnected Application Framework in OIM 11g R2 PS1
by Rajesh Gaddam - Exploring further on theme of how organizations can earn an accelerated ROI from the new IDM infrastructure by adopting the Disconnected Application framework.

Part 3: Best Practices: Implementing SSL in Oracle Identity Manager
by Rajesh Gaddam - A practical approach to enabling SSL between Oracle Identity Manager (OIM), a load balancer and Service-Oriented Architecture (SOA).

Part 4: Enterprise Role Definition: Best Practices and Approach
by Vikesh Parmar - Role definition is a critical step in deploying any RBAC system. This article presents the details of a hybrid approach to implementation.

*Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner

Visit the Oracle Technology Network for more information about Oracle Identity Management Products including downloads, documentation and samples

Engage with us on Twitter @oracleidm and right here in the Identity Management blog.

Friday Oct 31, 2014

Best Practices: Implementing SSL in Oracle Identity Manager

Implementing SSL in OIM 11g R2 PS1

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner that has graciously agreed to present on best practices garnered from experience working on Large Enterprise IDM deployments in a four part series hosted here in the Identity Management Blog.

In this blog post, part three of the four part series, Infosys shares its experience with enabling SSL between Oracle Identity Manager (OIM), a load balancer and Service-Oriented Architecture (SOA) in one of their recent implementations of OIM 11g R2 PS1.

Why secure an OIM solution?

The majority of the IDM/OIM implementations are used for managing internal users with the IDM implementations being deployed within the intranet and inside the physical boundaries of the enterprise. In such scenarios, it is not uncharacteristic of security engineers and administrators to think that the OIM solution is secure within the intranet and does require any additional measures.
All enterprise OIM solutions integrate with multiple applications and systems. OIM solutions are often used as password management solutions along with the application access request systems. End users change and reset their passwords using the OIM web interface, which then are synchronized to the target applications. The users can also approve access requests for mission critical / top secret applications from the OIM interface.
In such scenarios, regardless of whether the OIM solution is an internal or external implementation, it becomes vital to secure OIM since it holds the passwords and approvals to critical applications. Securing an OIM implementation using SSL provides an additional layer of security by way of securing the communication channel between end users and OIM.
In a typical OIM implementation, OIM is deployed on an Application Server (e.g. Weblogic) and is front-ended by a Web Server / Load Balancer configuration. While it is a common practice to secure the communication channel between end user browsers to a load balancer using SSL, it is equally important to secure the communication between the Web Server / Load Balancer and OIM. Below we will discuss the various aspects of implementing SSL in a reference OIM 11g R2 PS1 implementation.

SSL implementation in OIM 11g R2 PS1

Let us consider a sample reference OIM architecture as shown in Figure-1 for discussing the different aspects related to SSL.

Figure 1 represents a clustered environment with two members in the cluster, both hosting OIM and SOA. In Figure 1 we can see that there are three channels where SSL communication is depicted, while Figure 2 describes those communication channels. In our discussion we will primarily focus on channels 2 and 3. 

Enabling SSL on OIM and SOA

Below are the steps that need to be followed for enabling SSL on OIM and SOA:

  • Create an Identity Keystore
    • This is the custom Identity Keystore. It holds the server certificates of oim_host1 and oim_host2
  • Create a Trust Keystore
    • This is the custom Trust Keystore. It holds the root CA certificate.
    • Alternatively, instead of creating a fresh Trust Keystore, copy the existing enterprise Trust Keystore and rename it as custom Trust Keystore. 
  • Create a Certificate Signing Request for both the servers in the cluster (oim_host1 and oim_host2)
  • Send the Certificate Signing Requests to CA for signing
  • Procure and import signed certificates from CA for both the hosts into your custom Identity Keystore
  • Get the root CA certificate and import into your custom Trust Keystore
  • Login into the Weblogic admin console and perform the below steps for each of the servers in the cluster
    • Click on Environment à Servers to display the servers
    • Click on the server name and select SSL Listen Port Enabled and click on Save
    • Next go to KeyStores Menu and change the Keystores option to ‘Custom Identity and Custom Trust’
    • Enter the absolute path for the custom Identity Keystore, Keystore Type as ‘JKS’, Keystore Passphrase and confirm the Keystore Passphrase
    • Enter the absolute path for the custom Trust Keystore, Keystore Type as ‘JKS’, Keystore Passphrase and confirm the Keystore Passphrase and Save the configurations
    • Go to SSL menu and enter the Private Key Alias, Private Key Passphrase and Confirm Private Key Passphrase and save the configurations
  • Test the SSL URL from your browser  (E.g.
  • Send the server certificates signed by CA for oim_host1 and oim_host2 to administrator of the load balancer for importing into load balancer.

Once the certificates are successfully imported into load balancer, the communication channel is secured from end user browser all the way to OIM/SOA server using SSL.

Additional configuration for SSL communication between OIM and SOA

When SSL is configured for OIM and SOA, without the following additional configurations OIM and SOA will not function as expected. Approvers will not see the approval task details when they open the approval task.

  • Setting OimFrontEndURL Attribute
  • Login to Enterprise Manager (EM)
  • Navigate to Identity and Access -> OIM -> oim(
  • From Oracle Identity Manager dropdown select System MBean Browser
  • Under Application Defined MBeans, navigate to
oracle.iam ->  Server:IDM-Internal-AppServer1 -> XMLConfig -> Config ->  XMLConfig.DiscoveryConfig -> Discovery
  • Set OimFrontEndURL -

(Load Balancer URL for OIM on https)

  • Setting Rmiurl and Soapurl
  • Login to Enterprise Manager (EM)
  • Navigate to Identity and Access -> OIM -> oim(
  • From Oracle Identity Manager dropdown select System MBean Browser
  • Under Application Defined MBeans, navigate to
oracle.iam ->  Server:IDM-Internal-AppServer1 -> XMLConfig -> Config ->  XMLConfig.SOAConfig -> SOAConfig
  • Set Rmiurl - t3s://,

(All SOA servers in the cluster with SSL port and here 7114 is a sample port for SSL communication)

  • Set Soapurl -

(Load Balancer URL for SOA on https)

  • Setting ServerURL
  • Login to Enterprise Manager (EM)
  • Navigate to Identity and Access -> OIM -> oim(
  • From Oracle Identity Manager dropdown select System MBean Browser
  • Under Application Defined MBeans, navigate to  -> Server: SOA-Internal-AppServer1 -> SoaInfraConfig -> soa-infra
  • Set ServerURL –

(Load Balancer URL for SOA on https)

  • Setting Worklist Task Details Application URI

This needs to be done for each SOA composite that you might be using in your deployment

  • Expand SOA -> soa-infra -> default -> Manager Approval [1.0] [1.0]

This is as a sample SOA composite

  • Scroll down to Component Metrics and click on the Human Task 
  • Click on Administration tab
  • Specify following values and apply the changes:

Host Name: (virtual hostname)
HTTP Port: 0
HTTPS Port: 443 (load balancer SSL port for OIM)

In Conclusion

Although most OIM implementations inherently feel secure from an internal enterprise setup, there are wide variety of reasons why OIM solutions in an enterprise fall in the critical category leading to a pressing need to secure the communication channels between various layers of the solution. In this article, we have documented the settings and configurations that need to be updated to secure the communication between Load Balancer and OIM/SOA as well as communication between OIM and SOA using SSL in an OIM deployment. Administrators and integrators will be able to follow these guidelines to implement/configure SSL in OIM 11g R2 PS1 deployments.

Coming in the next post:

The introduction of roles in an enterprise, whether small or large, has its own challenges.  There is always reluctance for change in existing processes, confusion about what to request for and how it is configured, push back for taking away access that was never intended to be there, etc. Detailed planning and communication are required before the introduction of roles. It is very important that the end users are aware of the roadmap and the important milestones that impact them. Therein, our next post will talk about proven approaches for introducing or updating the role management processes for an enterprise.

Visit the Oracle Technology Network for more information about Oracle Identity Manager including downloads, documentation and samples.

About the Author

Rajesh Gaddam is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. He has over 10 years of experience in architecting, designing and implementing IAM solutions for multiple clients from different verticals.
Rajesh can be reached via LinkedIn

Thursday Sep 25, 2014

Focus On: Identity Governance at Oracle OpenWorld 2014

Oracle Identity Governance provides comprehensive Identity and Access Governance for rapid, actionable compliance.

Join us at Oracle Open World 2014 and see how the industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.

The following is a list of Governance related Identity Management sessions at OOW14, by order of date and time. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.

Identity Governance: Reduce Cost, Increase Productivity, and Improve Compliance [HOL9408] This hands-on lab focuses on how Oracle provides a complete identity governance solution that enables organizations to efficiently balance the objectives of access, security, ... View More

  • Monday, Sep 29, 10:15 AM - 11:15 AM - Hotel Nikko - Nikko Ballroom III
Identity Governance Across the Extended Enterprise [CON7968] As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when ... View More
  • Monday, Sep 29, 11:45 AM - 12:30 PM - Moscone West - 3020
Identify Bottlenecks and Tune Oracle Identity Management to Maximize Performance [CON8383] The Oracle Identity Management suite enables enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources to control access to their ... View More
  • Monday, Sep 29, 4:00 PM - 4:45 PM - Moscone West - 3020
Securing Oracle Applications and the Extended Enterprise with Identity Management [CON8874] All Oracle applications are shipped with Oracle Identity Management components to provide the security services they need. These services can be extended to enable not only ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3018
Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk [CON7991] Three customers, three unique stories. This session focuses solely on understanding how these customers were able to automate their identity governance requirements by using ... View More
  • Wednesday, Oct 1, 10:15 AM - 11:00 AM - Moscone West - 3020
Trust but Verify: Best Practices for Monitoring Privileged Users [CON8005] Privileged accounts provide administrators with root-level access to systems and applications. As these accounts are frequently shared, providing secure controls to prevent ... View More
  • Wednesday, Oct 1, 4:45 PM - 5:30 PM - Moscone West - 3020
Self-Service Access Control: Help Yourself to More Productivity [CON8007] As the pace of business increases, it has become impossible for the IT team to manage all the access requests and certifications in an efficient and secure manner. It is ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3018

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Wednesday Sep 10, 2014

Managing, Monitoring & Auditing Privileged Users

The greatest threat of a data breach, intentional or not,unfortunately continues to be from the people you are supposed to be able to trust:  Employees, contractors and partners. This presentation explores policies, technology and best practices to manage, monitor and audit the use of high risk privileged accounts as part of a larger Identity Management strategy.

Join us in watching the replay of this popular webinar presented by Lee Howarth*, originally seen live by over 1.9k viewers.

(Click on the image above to be directed to the YouTube video )

To learn more about Oracle Identity Management solutions join us at Oracle Open World 2014 (OOW14) where experts from Oracle, along with Oracle partners and customers, will relate their experiences with these technologies in depth during sessions like ‘Identity Governance Across the Extended Enterprise’ and ‘Trust but Verify: Best Practices for Monitoring Privileged Users’.

To view all OOW14 conference sessions for Identity Management click here.

To register for OOW14 go to

*Lee Howarth is a Senior Principal Product Manager at Oracle. With over 25 years experience in the computing industry, he has spent the past decade focused on delivering market leading Identity and Access Management solutions.

Wednesday Oct 10, 2012

Webcast Replay : SANS Institute Product Review of Oracle Identity Manager

Thanks to everyone who attended the SANS Institute webinar covering the product review of Oracle Identity Manager. And a special thanks to our guest speakers from SuperValu - Phillip Black and Patrick Abreo.

If you missed the webcast, you can catch a replay here 

And here are the slides that were used in the webcast. 

There were many questions that we could not answer as we ran out of time. We have captured some of the questions with responses below.

Is Oracle Identity Analytics still offered as a separate product or is it part of Oracle Identity Manager?

Oracle Identity Manager and Oracle Identity Analytics are now offered as part of Oracle Identity Governance Suite. OIA and OIM share a common UI architecture, common data model and common support for connected and disconnected resources. 

When requesting new access/entitlements is there an approval process?

Yes. We leverage SOA BPEL-based workflows for approvals 

Are the identity self service capabilities based on Oracle ADF?

Yes they are completely based on Oracle ADF 

Can you give some examples of personalization and customization with Oracle Identity Manager 11gR2?

With the new UI config framework we can enable different levels of UI customization. Customers now have the ability to Point & click to customize; or drag and drop customization without any need for coding. So users can easily personalize the interface of their application within the browser. For example, they can change the logo, Rearrange, hide Home Page regions; regularly searched items can be saved and re-used; Searchable & search results columns can be configured; Sorting preferences are remembered and so on. For more sophisticated customization, Customers can also edit the standard JSF within the page to alter business rules, modify page flows, page layouts and other items.

Can you explain the role of sandboxes in customization?

Customers can make their custom changes within a sandbox so that it doesn’t impact their production environment. They can make their changes, validate those changes, stage and then commit those changes without affecting production users. This is similar to how source code control systems like perforce work

To watch a replay of the webcast, click here

Tuesday Oct 02, 2012

News from OpenWorld: Oracle Announces Identity Governance Suite


At OpenWorld, Oracle today announced the release of Oracle Identity Governance Suite. An end-to-end access governance solution, Oracle Identity Governance Suite addresses compliance, governance and identity administration requirements.

Built on Oracle’s unique platform approach to Identity Management, the suite offers a single, comprehensive platform for access request, provisioning, role lifecycle management, access certification, closed loop remediation and privileged account management. The suite offers benefits like dramatic reduction in administration (and help desk) overhead, cost-effective compliance enforcement and reporting, enhanced user experience and analytics driven insight.

More details available in the announcement and on our website.

Additional Resources:

·         Oracle Identity Governance Datasheet

·         Oracle Privileged Account Manager

·         Integrated Identity Governance Whitepaper

·         Gartner Magic Quadrant for User Provisioning

·         Join the Oracle Identity Management online communities: Blog, Facebook and Twitter

Monday Sep 24, 2012

Webcast Reminder: SANS Institute Product Review of Oracle Identity Manager 11R2 September 27th @ 9am PT

Join the SANS Institute and Oracle this Thursday (September 27th) for a product review of Oracle Identity Manager 11gR2. Recently, Dave Shackleford from the SANS Institute conducted a review of the 11g R2 release of Oracle's industry leading user provisioning solution, Oracle Identity Manager. On  this webcast, Dave will present his findings and experiences using the product. 

Attendees will also get an opportunity to hear about the latest trends driving the user provisioning market, learn from real world deployment scenarios and get all their Identity Management questions answered.

If you haven't already registered - register here.

Thursday Sep 06, 2012

Webcast: SANS Institute Product Review of Oracle Identity Manager 11gR2

Translating the IT-centric, directory based view of access and authorization into the process-driven concerns of business users inevitably creates unique challenges. Enterprises struggle to determine which users have access to what resources and what they are doing with that access. Enforcing governance controls is critical to reduce the risk that an employee or malicious third party with excessive access will take advantage of that access.

Dave Shackleford, SANS analyst, recently reviewed the User Provisioning capabilities of Oracle Identity Manager 11gR2. In this webcast, attendees will hear from Dave and other Oracle and customer experts on:

  • The key challenges associated with implementing self-service user provisioning
  • Oracle’s unique online “shopping cart” model for self-service access request
  • Real world case study of user provisioning
  • Best practices for deployment

Register today, for this complimentary webcast, hosted by The SANS Institute. Attendees will be among the first to receive a new SANS Analyst Whitepaper on this subject.

When: Thur Sep 27  9am PT/12p ET

Where: Register here

Friday Aug 24, 2012

Browser based UI Customization with Oracle Identity Management 11gR2

Business users need user interfaces that are not only friendly but also easily customizable. However the downside of any customization project is the cost and complexity involved in developing, testing, deploying, and managing custom code. And equally critical is the challenge of ensuring customizations stay intact through product upgrades.To overcome these challenges, Oracle Identity Management 11gR2 now includes a Durable UI Configuration Framework which lets customers make complex UI customizations all from with the confines of a web browser.

I recently sat down with Clayton Donley, Senior Director of Development for Oracle Identity and Access Management products. In this podcast, we examine how this new capability in Oracle Identity Management around browser based UI customization can reduce costs and complexity of customization while simplifying self service integration with corporate portal strategies. Click here to listen.

Monday Aug 20, 2012

Webcast: A Platform Approach to Privileged Account Management

Privileged accounts are critical accounts to secure and manage since they provide broad access to systems and sensitive corporate information. Failure to manage privileged accounts can result in data breaches, theft, compliance violations, and service outages. The challenge customers have is that multiple people know the passwords to these high risk accounts  hence making it impossible to be able to audit and trace the usage to a single person. Because privileged accounts are not tied to specific people, they cannot be readily centralized in an enterprise user directory. Detecting inappropriate access to privileged accounts and determining which individuals in a team of administrators participated in unauthorized activities is extremely challenging. Another challenge facing organizations is management of a large number of administrative accounts in a secure, efficient, and scalable way.

Today managing privileged access is not well defined. Organizations are relying on solutions that either don't scale, introduce risk or are expensive. Manual solutions like spreadsheets are error-prone and do not scale and they lead to lack of accountability. The impact is reduced productivity and an approach that does not scale beyond a department level. Some organizations overlook the problem. In some cases, sensitive systems and root account passwords are not changed. Using Default passwords is risky and prone to abuse. Others deploy point solutions for specific systems. A patchwork of point solutions can result in higher integration costs. There is no visibility across all privileged access. There is no way to monitor and report on access. There is no way to centralize policy control across departments or multiple systems.

To overcome these challenges, Oracle recently introduced Oracle Privileged Account Manager as part of our Identity Governance solution set. Oracle Privileged Account Manager relies on a unique platform approach to reduce costs and risk while enabling organizations to scale shared account management to thousands of users across a myriad number of systems. By combining advanced policy-based and automated password management capabilities with comprehensive auditing and reporting features, Oracle Privileged Account Manager delivers highly-secure and simplified password administration to shared accounts, while further streamlining identity compliance reporting. Oracle Privileged Account Manager can also significantly reduce identity management costs, deployment times and audit deficiencies.

To learn more about Oracle's platform approach to Privileged Account Management and how it can help organizations manage risk access and compliance, join us for a live webcast Thu Aug 23 at 9am PT/12pm ET by clicking here.

Register here for the webcast.

When: Aug 23 9am PT/12pm ET 

Friday Aug 10, 2012

Webcast: Managing Compliance with Privileged Account Management

Privileged accounts are the most powerful accounts in an organization. But they are also the most difficult to regulate and control. So organizations are faced with a tough tradeoff between balancing productivity and security. Failure to manage privileged accounts can result in data breaches, theft, compliance violations, and service outages. The challenge organizations have is that multiple people know the passwords to these high risk accounts making it impossible to be able to audit and trace the usage to a single person.  As people move into cloud environments, this problem gets worse. 

Privileged account management in most organizations today happens to be fragmented and many of the tools used to manage privileged accounts lack the automation to re-mediate and change privileged access in a timely fashion. Join us for a live webcast on Aug 23 at 9am PT/12pm ET where we will discuss how taking a platform approach can help organizations reduce risk, improve compliance and unlock the complete potential of privileged accounts.

This webcast will cover:

· Challenges associated with managing high risk access

· Benefits of a Platform approach to privileged account management

· Privileged account management use case scenarios and best practices

Attendees will also get a chance to interact and get their questions answered live by an Oracle expert.

Register here for the webcast.

When: Aug 23 9am PT/12pm ET 

Thursday Aug 09, 2012

Unified Inbox for Pending Tasks with Oracle Identity Management 11gR2

[Guest post by Rajesh Pakkath] 

In a typical Identity Management deployment, users are required to perform certain tasks like acting on requests pending approval, flagging a manual fulfillment as complete or certifying user access on a periodic basis. These critical tasks need to be acted upon in a timely fashion, but can easily get out of control by the volume of tasks generated for various identity and governance functions. Oracle Identity Governance solution offers a feature rich email folder style inbox for request approvals and manual fulfillment tasks where all pending tasks can be easily viewed, prioritized and acted upon. This solution is based on Oracle’s SOA Task List and offers the following benefits to business users.

  • Simplified Request Tracking:
  • A request tracking feature provides customers an end-to-end visibility on the request from its initiation to fulfillment. Detailed information of the request along with a visual representation of the workflow provides the requester to see the status of their request and approvers to view all required details before taking a decision.
  • Enhanced Approval Management:
  • With a single and unified inbox of all pending tasks, business users can now make use of priority queues and user defined views to filter and take decisions on tasks based on priority. This greatly increases usability to business users and reduces rubber stamping of approvals and certifications. Within the same console, requesters can withdraw their request and Approvers can reassign, escalate or request for additional information.
  • Streamlined business usage:
  • Requesters and approvers can further enrich requests by adding comments and attachments. Mobile users can approve or reject requests directly from their email without logging into the self service console.

These features simplify the day to day tasks of business users’ thereby increasing user productivity and overall operational efficiency of an enterprise.

To learn more about this and other Oracle Identity Governance solutions, click here

Friday May 18, 2012

Demo: Intelligent Role Discovery with Oracle Identity Analytics

In a growing enterprise where employee roles constantly evolve, Certifying access to thousands of systems and millions of entitlements is challenging. As users change job roles changing access rights can be a nightmare.

Role management can effectively address this challenge and make access control consistent and manageable for a large and constantly changing universe of users. But organizations must first define roles as the basis for access control – a monumental task especially in organizations that have large numbers of users spread across multiple applications.The traditional method for defining roles is to use spreadsheets which is ineffective, time-consuming, and expensive.

To address this challenge, Oracle Identity Analytics offers the industry’s most advanced role governance solution that allows organizations to logically bucket users on the basis of their entitlements. Watch this demo to learn how Oracle Identity Analytics offers an advanced role governance solution to map users into roles allowing organizations to simplify user provisioning and reduce audit exposure.

Wednesday May 16, 2012

Demo of Access Certification with Oracle Identity Analytics

Certifying employee access on a recurring basis can be a time consuming and complex process for business managers. Navigating access spreadsheets can take weeks and is error-prone. And certifiers can delegate reviews which breaches accountability To address this challenge, Oracle Identity Analytics offers the industry’s most advanced automated access governance solution. Watch this demo to learn how Oracle Identity Analytics accelerates access certification to improve productivity and streamline the audit process

Friday Dec 02, 2011

Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics – Q&A Follow-Up

Thanks to all who attended the live webcast event hosted by Healthcare IT News. Hope you find the discussion and the presentations useful; we look forward to a continued conversation.

Compliance in healthcare has always been an active discussion in the identity management industry and here at Oracle too. So, we were very pleased when Jason W. Zellmer, Director, Strategy and Information Management at Kaiser Permanente Information Security agreed to be on a live panel discussion with us to share his experiences and insights with his peers. Especially after having had a similar role in a financial services organization in the past, his commentary on how acute identity management and compliance needs are in a healthcare organization like Kaiser Permanente was particularly insightful. The live event also allowed us to bring in experts from Kaiser’s identity management implementation partner, PricewaterhouseCoopers as well as Oracle’s own solution expert to provide a 360-degrees perspective on healthcare compliance solution design and implementation for healthcare organizations.

The on-demand webcast replay is now available and so are the slides for download. And, since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Could you brief about the OOTB component in ERP for managing SOD checks and how this is effective in the context of integrating with OIM and OIA?

A. Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA) work seamlessly with OOTB ERP SOD engines like Oracle Applications Access Control Governor (OAACG) to enable both preventative SOD (and IT policy monitoring) checks during the user provisioning process as well as detective and remedial SOD actions.

Q. How are Oracle IDM products flexible with the changing compliance requirements if any?

A. As compliance regulations continue to evolve, standards-based, open Oracle Identity Management solutions allow you to easily configure your workflows in accordance with the changing requirements. And since Oracle Identity Management solutions allow you to externalize security from applications and provide a centralized security platform, organizations can easily adapt to the changing regulatory and compliance landscape without having to rip and replace existing solutions.

Q. Where did you get the 48% IAM cost reduction and 80% productivity boost from?

A. Recently Aberdeen Research conducted a survey comparing cost savings from Platform vs. Point solutions in identity Management and found that organizations choosing products from an integrated stack can save up to 48% long term and achieve better automation and lower administrative costs. Please refer to the Aberdeen paper available for download. The 80% user productivity boost was determined based on the benchmark study conducted for the latest release of Oracle Identity Analytics 11g. Please refer to the recent announcement of availability of enhanced Oracle Identity Analytics.

Q. You referred to an ROI study on Identity Analytics and a model for computing compliance cost savings. Where can I find more information?

A. Forrester Consulting recently conducted a study where they interviewed 4 organizations that had deployed Oracle Identity Analytics to understand the various use cases, cost implications and the results from their respective implementations. Based on these actual studies, Forrester then built an ROI model and calculated aggregated savings for a typical organization. We recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Tuesday Nov 15, 2011

Limiting Audit Exposure and Managing Risk – Q&A and Follow-Up Conversation

Thanks to all who attended the live ISACA webcast on Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics. We were really fortunate to have Don Sparks from ISACA moderate the webcast featuring Stuart Lincoln, Vice President, IT P&L Client Services, BNP Paribas, North America and Neil Gandhi, Principal Product Manager, Oracle Identity Analytics. Stuart’s insights given the team’s role in providing IT for P&L Client Services and his tremendous experience in identity management and establishing sustainable compliance programs were true value-add at yesterday’s webcast.

And if you are a healthcare organization looking to solve your compliance and security challenges, we recommend you join us for a live webcast on Tuesday, November 29 at 10 am PT. The webcast will feature experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle and the focus of the discussion will be around the compliance challenges a healthcare organization faces and best practices for tackling those. Here are the details:

Healthcare IT News Webcast: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics

Tuesday, November 29, 2011
10:00 a.m. PT / 1:00 p.m. ET

Register Today

The ISACA webcast replay is now available on-demand and the slides are also available for download. Since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Can you please clarify the mechanism utilized to populate the Identity Warehouse from each individual application's access management function / files?

A. Oracle Identity Analytics (OIA) supports direct imports from applications. Data collection is based on Extract, Transform and Load (ETL) that eliminates the need to write connectors to different applications. Oracle Identity Analytics’ import engine supports complex entitlement feeds saved as either text files or XML. The imports can be scheduled on a periodic basis or triggered as needed. If the applications are synchronized with a user provisioning solution like Oracle Identity Manager, Oracle Identity Analytics has a seamless integration to pull in data from Oracle Identity Manager.

Q.  Can you provide a short summary of the new features in your latest release of Oracle Identity Analytics?

A. Oracle recently announced availability of enhanced Oracle Identity Analytics. This release focused on easing the certification process by offering risk analytics driven certification, advanced certification screens, business centric views and significant improvement in performance including 3X faster data imports, 3X faster certification campaign generation and advanced auto-certification features, that  will allow organizations to improve user productivity by up to 80%. Closed-loop risk feedback and IT policy monitoring with Oracle Identity Manager, a leading user provisioning solution, allows for more accurate certification reviews. And, OIA's improved performance enables customers to scale compliance initiatives supporting millions of user entitlements across thousands of applications, whether on premise or in the cloud, without compromising speed or integrity.

Q. Will ISACA grant a CPE credit for attending this ISACA-sponsored webinar today?

A. From ISACA: Hello and thank you for your interest in the 2011 ISACA Webinar Program!  Unfortunately, there are no CPEs offered for this program, archived or live.  We will be looking into the feasibility of offering them in the future. 

Q. Would you be able to use this to help manage licenses for software? That is to say - could it track software that is not used by a user, thus eliminating the software license?

A. OIA’s integration with Oracle Identity Manager, a leading user provisioning solution, allows organizations to detect ghost accounts or unused accounts via account reconciliation. Based on company’s policies, this could trigger an automated workflow for account deletion or asking for further investigation. Closed-loop feedback between the two solutions would then allow visibility into the complete audit trail of when the account was detected, the action taken, by whom, when and the current status.

Q. We have quarterly attestations and .xls mechanisms are not working. Once the identity data is correlated in Identity Analytics, do you then automate access certification?

A. OIA’s identity warehouse analyzes and correlates identity data across various resources that allows OIA to determine a user’s risk profile, who the access review request should go to, along with all the relevant access details of the user. The access certification manager gets notification on what to review, when and the relevant data is presented in a business friendly screen. Based on the result of the access certification process, actions are triggered and results recorded and archived. Access review managers have visual risk indicators that also allow them to prioritize access certification tasks and efforts.

Q. How does Oracle Identity Analytics work with Cloud Security?

A. For enterprises looking to build their own cloud(s), Oracle offers a set of security services that cloud developers can leverage including Oracle Identity Analytics.  For enterprises looking to manage their compliance requirements but without hosting those in-house and instead having a hosting provider offer managed Identity Management services to the organizations, Oracle Identity Analytics can be leveraged much the same way as you’d in an on-premise (within the enterprise) environment. In fact, organizations today are leveraging Oracle Identity Analytics to manage identity compliance in both these ways.

Q. Would you recommend this as a cost effective solution for a smaller organization with @ 2,500 users?

A. The key return-on-investment (ROI) on Oracle Identity Analytics is derived from automating compliance processes thereby eliminating administrative overhead, minimizing errors, maintaining cost- and time-effective sustainable compliance processes and minimizing audit exposures and penalties.  Of course, there are other tangible benefits that are derived from an Oracle Identity Analytics implementation as outlined in the webcast. For a quantitative analysis of your requirements and potential ROI calculation, we recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Thursday Oct 27, 2011

Limting Audit Exposure and Managing Risk: A BNP Paribas, North America Success Story

Audits are not something we look forward to typically. Because audits mean we have to prepare for the exercise in addition to doing our daily jobs. Compliance mandates and company policies, however, have made access certification audits a necessary job function. In a large enterprise, that would mean, reviewing access for thousands of users across hundreds of applications in a dynamic environment i.e., where users change jobs, locations, move to and from projects, join or leave the company. The traditional spreadsheet model clearly can't work here. And even if you are somehow able to enforce access policies, how do you prove to your auditors the same? And hence, Audit Eye! If you haven't seen the video, you should check it out now.


BNP Paribas, North America took the access certification challenge head-on and triumphed. Are you looking at solving your complex access certification (attestation) challenges? Looking to make the the access certification process simpler, quicker and more reliable? Then, we invite you to come listen to Stuart Lincoln's presentation on a live ISACA webcast on how BNP Paribas, North America implemented well thought-out strategy and solution to make access certification review processes sustainable, convenient and streamlined and audits - a lot less painful. We look forward to a good conversation.

Live ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics
Thursday, November 10, 2011
9 a.m. PDT / 12 p.m. EDT
Register Here

Tuesday Aug 30, 2011

Got Audit Eye?

Are you at a loss come audit time? Still trying to figure out how you can realistically confirm for ALL your employees and across ALL your enterprise systems who has access to what and when? You are not alone; just check out this video and remember Oracle Identity Analytics can help.

 Audit Eye


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« October 2015