Monday Jul 30, 2012

Adaptive Access in Oracle Identity Management 11gR2

[Guest Post by Mark Karlstrand] 

Mark Karlstrand is a Senior Manager of Product Management at Oracle focused on innovative security for enterprise web and mobile applications. Over the last sixteen years Mark has served as director in a number of tech startups before joining Oracle in 2007. Working with a team of talented architects and engineers Mark developed Oracle Adaptive Access Manager, a best of breed access security solution.

With the latest release of Oracle Identity Management, Oracle is delivering some dramatic context-aware security enhancements as part of its Access Management solution stack. There are a couple of different market trends driving these enhancements. Firstly, online threats are constantly evolving which results in the need for adaptive access security mechanisms. Secondly, the rapid adoption of mobile computing and migration of fraud attacks to mobile devices is pushing enterprises, banks and e-commerce providers to demand sophisticated fraud prevention capabilities across both web and mobile channels. Recently Gartner put out a research note which estimates that by year end 2013, 12.5% of all ecommerce transactions will be conducted via mobile devices. The latest release of Oracle Access Management includes significant features within Adaptive Access to strengthen web, cloud and mobile access security.

  • Risk-Aware Access Management: Oracle Access Management now provides a seamless experience when users navigate between low risk and high risk resources. Higher risk resources are protected by risk-based adaptive authentication which is transparent to end users unless their behavior is abnormal. For example, if a user accesses a low risk application via their web single sign on password then attempts to access a high risk application while on a trip to a country they rarely visit the user may be asked to enter a one-time password delivered to their cell phone.
  • Adaptive Access for Mobile Computing: Adaptive Access capabilities have been integrated with the new Mobile and Social component of Oracle Access Management. This provides advanced security features including device registration and tracking, location awareness, lost/stolen device control and risk based authentication to secure access via both iOS native applications and mobile browsers. This allows customers to extend their enterprise web access security to cover mobile use cases which maintains manageability and centralized control across channels of access.
  • Auto Learning for Transactions: We have extended our auto-learning functionality to cover application transaction use cases. Our Adaptive Access solution profiles transactional behaviors and detects anomalies in real-time. For instance, an online banking provider can detect transactional anomalies that may occur if a user’s browser is infected with “man-in-the-browser” malware. If for example, malware alters the destination account in a funds transfer transaction, this could be detected. The solution tracks the frequency of data combinations and determines the risk in real-time by taking into account historical behavior.
  • Access Monitoring: With Adaptive Access, we also enable healthcare organizations to meet tough compliance requirements related to tight controls on electronic medical record access. HIPAA/HITECH requires providers to take a more proactive posture and our real-time analytics technology is helping them achieve this goal.
  • Cloud Service Provider Layered Security: Security concerns are still a top item preventing many businesses from taking advantage of cloud service offerings. Now, cloud service providers can easily provide context-aware layered access security even when users authenticate within their own enterprise environment and access cloud services via federation. For example, If a user authenticates to their corporate SSO then navigates to the cloud service risk analysis and identity verification can be applied if the user attempts to access any high risk service or application in the cloud. 
To find out more about Adaptive Access capabilities in Oracle IDM 11gR2, click here

Friday Jul 27, 2012

Identity Management Presentations Scheduled for OpenWorld 2012

The IDM team has been very busy with the IDM 11gR2 launch and now a series of launch events has kicked off worldwide. If you missed our launch webcast, you can view the replay by clicking here.

But even with all that activity, we are already starting to prepare for OpenWorld 2012 in San Francisco.  Here are some of the 18 presentations that we have planned:

  • Trends in Identity Management
  • Mobile Access Management
  • Simplifying your Identity Management Implementation
  • Modernized and Complete Access Management
  • Enhancing End User Experience with Oracle Identity Governance
  • Enabling Access for Hundreds of Millions of Users
  • Next Generation Directory - Oracle Unified Directory
  • Eliminate end-user managed passwords while increasing security with Oracle ESSO
  • Sun2Oracle: Identity Management Platform Transformation
  • Identity Management in the Cloud

There is a lot planned, and more to come.  Don't forget to register for OpenWorld 2012 and to get more details about the IDM presentations above or any of the other planned presentations, use this OpenWorld searchable content link.  There are two steps:

1. Choose the Oracle OpenWorld radio button of the left

2. Choose Identity Management (under Middleware) from the Oracle OpenWorld Tracks drop-down on the left (see below)

That will set the content filters to show all of the IDM presentations.

Thursday Jul 26, 2012

Durable UI Configuration Framework

With Oracle Identity Management 11gR2, Oracle is now delivering a Durable UI Configuration Framework as part of its Identity Governance solution stack. This is a browser based UI customization framework which offers two new powerful capabilities to dramatically simplify UI customization.

  • Sandboxing: Customers can make custom UI changes within a sandbox so that it doesn’t impact their production environment. They can stage and test their changes without affecting production users.
  • 'Declarative model for customization: UI Customizations are encapsulated in a metadata format so customers can implement changes without any coding whatsoever. So as customers upgrade they do not have to worry about major upgrades breaking customizations already in place which could otherwise result in them re-investing or redoing expensive customization projects. So this completely eliminates the ongoing cost of maintenance.

This offers several compelling benefits to organizations:

· Ease of Customization; The Durable UI Config Framework makes it extremely easy to customize the user interface. So things like changing the solution branding become extremely simple - as simple as a user clicking on the logo to change it. Users can select any html element such as a header or an image or a form field or a navigation item and so on to customize it inline within the page without the hassle of writing any custom code.

· Eliminates Custom UI Development Costs: This eliminates the costs and complexity of customization projects. Customers do not have to spend thousands of dollars in writing custom code. Even for advanced customization tasks, customers can edit the standard JSF within the page without having to go through a development program to customize.

· Simplifies Lifecycle Management for Custom UI: This drastically simplifies the lifecycle management problem. With the Durable UI Config the customizations survive patches and upgrades so customers do not have to worry about rewriting, re-testing and redeploying complex customizations.

· Tighter Integration between Governance solutions and Portal Strategies: Finally, we offer tight integration between governance solutions and customer portals. For instance, home page regions can be exposed as portlets that can be embedded in any portal – a lot of customers embed password reset region in a corporate self-service ( not IDM self service) portal). Similarly portlets developed elsewhere can be integrated into the User Provisioning and Self Service UI

For more information about Oracle Identity Governance products, visit our website at

Wednesday Jul 25, 2012

A Platform Approach to Privileged Account Managmenet

Studies have shown that buying point products to solve IDM problems is a short term solution that brings higher cost and complexity later on. A better approach is to buy an integrated, standards based IDM platform that can be expanded as requirements expand.

The recently announced Oracle Privileged Account Manager (OPAM) is an example of how Oracle is taking this integrated platform approach to IDM. OPAM is a password management system for your most privileged Database, Application and Operating System accounts. OPAM provides a self service method for requesting and checking out high level passwords, then automatically changing the passwords after check-in.

The OPAM system is fully integrated with Oracle Identity Manager’s role based provisioning and workflows, and Oracle Identity Analytics for full certification and attestation reporting. OPAM is also fully integrated with Oracle Access Manager and Oracle Adaptive Access Manager for single-sign on, and risk based step up authentication. OPAM has a REST API for mobile application or custom application access.

For more information about Oracle Privilege Account Manager and related Identity Governance products, visit our website at

or download the OPAM data sheet:

Tuesday Jul 24, 2012

Mobile and Social Sign On with Oracle Identity Management 11gR2

The proliferation of mobile devices and competitive reasons are compelling enterprises to offer access to commonly used business applications for customers and employees using personal mobile devices. But many applications don’t have visibility into the security posture of the device making it challenging to enforce audit, compliance, and privacy requirements.  

As part of Oracle Identity Management 11gR2, Oracle is now offering a mobile and social sign on solution as part of its Access Management solution stack.With the innovative Mobile and Social Access Management capability, organizations can extend SSO to mobile applications and secure applications and data regardless of which device is being used. Also organizations can consume identities from popular social networks (Facebook, Google, Yahoo, Twitter, and LinkedIn) for signing on users to consumer-facing and other low risk applications, providing a seamless user experience for users without the burden of forcing additional registration and logins.

The solution also comes with an SDK with REST APIs that developers can leverage to integrate custom mobile applications with commonly used identity management functions like authentication, credential management, secondary authentication, device fingerprinting, and session management. The SDK supports OAuth and OpenID, two of the most commonly used user-centric identity frameworks in the industry. So developers can use the SDK to enable applications to consume social identities.

This offers several compelling benefits to organizations:

  • Tighter Security for Mobile Enterprise: Organizations can now secure applications and data regardless of which device is being used to access those applications.
  • Easier Identity Integration for Mobile Apps: This provides a programmatic and flexible way to integrate native mobile apps and web apps with identity services offered by enterprises such as authentication and SSO.
  • Sign On from Social Networks: Organizations can consume internet identities for signing on users to low value applications like blogs, community forums, etc. This capability can also be leveraged by consumer facing applications to provide a seamless user experience for users without the burden of forcing additional registration and logins.

You can get more information about our new Mobile and Social Access Management solution here

Monday Jul 23, 2012

Introducing the Optimized Solution for Oracle Unified Directory

The announcement of Oracle 11g R2 brings with it some really interesting new features. One of those new features focused on optimizing performance is the Oracle Optimized Solution for Oracle Unified Directory (OOS4OUD). OOS4OUD is a pairing of SPARC T4-1 hardware with dedicated storage and Oracle Unified Directory software in a redundant and highly scalable configuration.

Oracle engineers conducted a series of load tests to determine the optimum configuration for LDAP directory performance on this hardware and documented the configuration in an Implementation Guide.

The hardware consists of 3 x T4-1 SPARC servers, each with dedicated Sun Storage 2500 FC array, linked with 10GbE networking. All servers are running Solaris 11, and one server is configured to use the integrated load balancer. The Java Keystore and the Solaris Cryptographic Framework were installed and configured. Oracle Unified Directory software was then installed on all 3 machines.

The performance of the Optimized Solution was impressive. During testing the system was able to scale up to 180,000 simultaneous directory searches/second using a 15M record LDAP directory.

Because the OOS4OUD implementation guide takes most of the guesswork out of configuration and tuning, customers can expect a 1 – 2 week implementation and testing cycle, rather than a traditional 5 - 6 week project.

For more information about the Oracle Optimized Solution for Oracle Unified Directory go to our website at

Sunday Jul 22, 2012

Launch Webcast Q & A Identity Management 11g R2

[Read More]

Thursday Jul 19, 2012

Announcing Oracle Identity Management 11gR2: New features for mobile, social & cloud, and new Privileged Account Management.

Today Oracle announces a major new release of its Identity Management offering, and with it comes some very cool new features.

A lot of features in this release are focused on extending Oracle’s expertise in security and IDM to mobile applications, social identities, and cloud applications. New features support native mobile security and single sign-on, social sign-on: to allow customers to log into a website with their social identities, and improved security and integration for cloud applications.

Big improvements have also been made to the self service access request UI to make it more business user friendly, including plain English searching to request application access and roles, and shopping cart style check-out. Automated confirmations and workflows allow business users to get updates and check the status of their requests. In addition, extensive customization is now possible to allow companies to completely control the look and feel of these pages.

More details on the new release here:

Also introduced in this release: Oracle Privileged Account Manager (OPAM) is a whole new set of functionality focused on managing administrative passwords for applications, databases and operating systems. Although it can operate as a stand-alone application, the real value comes from its integration with other IDM components: such as self service password request UI and automated workflow approvals via Oracle Identity Manager, and detailed historical reporting via Oracle’s BI tools.

More details on OPAM here:

Listen to the launch webcast and hear Amit Jasuja and Hassan Rizvi talk about the new features and business value here:

Tuesday Jul 17, 2012

Webcast: Introducing Oracle Identity Management 11g R2

The next big step in Identity Management platform evolution is only days away. Join us on July 19th for a live webcast where we will introduce some of the dramatic new capabilities in Oracle Identity Management 11gR2. We call our latest release of Oracle Identity Management 11g the “Evolved Platform.”  It simplifies the user experience, enhances security, and allows businesses to expand the reach of identity management to the cloud, social and mobile environments like never before.

This live webcast will provide a unique opportunity to hear from existing Oracle customers and get your questions answered directly by Oracle product experts. Join us for the launch webcast and learn more about the evolution of this exceptional business solution. Attendees will hear about:

  • Overview of capabilities in Oracle Identity Management 11g R2
  • Customer presentation
  • Live Q&A with Oracle experts. 

Don't leave your identity at the office. Take it with you on your phone, in the cloud, and across the social world.

Register now for the interactive launch Webcast and don’t miss this chance to have your questions answered by Oracle product experts.

Date: Thursday, July 19, 2012
Time: 10am Pacific / 1pm Eastern

Friday Jul 13, 2012

Videotron Slashes Helpdesk Costs with Oracle Enterprise Single Sign On

Videotron, a Canadian integrated communications company has deployed Oracle Enterprise Single Sign-On Suite Plus across its entire enterprise including its remote and mobile users. Prior to deploying Oracle, Videotron struggled with heavy helpdesk call volumes due to forgotten passwords which resulted in diminished service levels and end user frustration. By integrating Oracle Enterprise Single Sign On Suite with its enterprise applications, Videotron enabled its users to access any application with a single login and reset forgotten passwords through a self service interface, slashing helpdesk costs and improving IT operational efficiency.

Click here for the complete press release.


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« July 2012 »