Partner Perspective: aurionPro SENA Discusses: OIM 11gR2 - IAM Implementation Simplified
By Tanu Sood on Feb 06, 2013
Authored By: Kunwar Nitesh, aurionPro SENA
Oracle Identity Manager Release 11gR2, released in summer last year, is a great leap forward in terms of providing the platform to build world class Identity and Access Management infrastructure. The next generation of Oracle Identity Manager i.e. 11gR2 has been developed with primary focus on allowing the end user and platform support team to develop and fulfill the needs of business friendly interface. This process in the past was complex with significant dependency on engineers, resulting in longer implementation time span and herculean efforts.
Oracle has taken a big step forward with their Oracle Identity Manager 11gR2, providing customers with highly desirable features like catalog, personalization and extensible UI, to mention a few.
In this post we would cover some of the new features that aim at helping our customer base simplify IAM implementation and improve efficiencies across the board.
My users need shopping cart experience
Customers looking to rollout provisioning solution are often met with the challenges of providing user friendly interface that fits into their existing landscape and processes. Most of the products use very IT centric terminologies like Resource objects, IT Resources and a rigid request UI framework that can result in lower acceptance from end business users. Today the end business user is looking for simple shopping cart like experience with the ability and capability to provide intuitive end user experience without much iteration.
With OIM 11gR2, a centralized catalog framework of access rights, including enterprise and application roles, application accounts, and entitlements is available out of the box. OIM 11gR2 can now automatically synchronize privileges into request catalog when new entitlement is added into target system. Application instance or roles defined in OIM 11gR2 environment are automatically harvested into catalog by OOTB backend task. These Catalog items can be enriched by providing user-friendly information like display name, risks, audit levels and search tags. An easy wizard request submission process with shopping cart like experience is a leap forward in simplifying implementation and cost saving on implementation and maintenance
Less cost to implement and maintain interface customization
In almost all the IDM implementation customers go from easy to complex interface customization to enhance end users experience and meet organizations interface standards. Due to the limited out of box customization capability in the previous generations of OIM, dedicated development and engineering skills was needed to develop more business aware user interface.
By decoupling UI and Functional layer in OIM 11gR2, Oracle has given strong tool to the customer to design and develop a business friendly user interface with limited knowledge of the development technologies like ADF. OIM 11gR2 supports out of the box customization ranging from simple branding to customization existing task flows or adding new task flows. Most of the customizations like inter-dependent fields, hiding or showing fields logically and changing label, help text, search criteria, search results which required non-trivial time and effort can now be performed using simple web interface. This helps customers to extend the OIM functionality and make it more user friendly for their organizations in a short time. In addition, the support for personalization of home page and search results allows end users to perform task quickly without adding significant cost to the implementation. The next generation of OIM is built on an advanced web UI framework using ADF and Webcenter. The concept of “Sandbox” allows for easy customization and packaging of skins and stylesheet without impacting existing deployment. This centralizes and simplifies the management of the stylesheet changes. The Sandbox allows you to isolate and experiment with customizations without affecting the environment of others, any changes made to a sandbox is visible only to the user for whom the sandbox is active. The sandbox can be published once the customization is complete. This process makes the customizations available to other users. The capability to export and import the sandbox makes the process of change migration easier than before. The UI customizations done using the sandbox are stored separately from the out of box code/UI metadata. This allows customizations to be patch/upgrade safe and reduces the impact analysis and post upgrade retrofitting effort thereby reducing maintenance effort and cost.
The next generation of Oracle Identity Manager is primarily focused on simplifying the process of setting up basic customizations like UDF creation, workflow registration, and resource form creation, plug-in, new application on boarding by reducing the number of steps. This equates to reduced dependence on the technical team to effect minor changes. Enhanced features of web based form designer, disconnected resource, application instance and out of box Service Oriented Architect (Workflow) integration reduces the dependency on technical team after implementation during the application on-boarding process. This not only results in reducing implementation and deployment efforts but also helps customer to continually enhance end user experience and support more applications without significant dependency on technical team. The OIM 11gR2 interface allows customers to onboard new applications without the need to write code or having significant dependency on the technical team. Using application instance concepts, new application instance can be created from UI and easily harvested into catalog. The policy administrator can use the UI to change the approval routing logic to answer ever-changing approval processes. This makes application on-boarding process quick and simple.
Enhancement to existing product features
In the older versions, for some of the features like intuitive request tracking, fine grained authorization policy, better delegated administrations, target accounts password reset,at times, an organization would have had to develop a customized implementation process to fulfill the business requirements resulting in increased cost and duration of implementation.
With the introduction of standard ADF security model for functional security and Oracle Entitlement Server (OES) for transactional and data security, OIM 11gR2 can support sophisticated delegated administration and data visibility requirements. Introduction of workflow visualization, help desk and password reset are minor yet very desirable features that help to reduce the complexity of implementation and organization costs.
With the new release, Oracle Identity Manager provides flexible and scalable enterprise identity administration and user provisioning solution. The significant focus towards developing a more business user friendly user model and customizable interface allows enterprise reduce the time and cost of long term support and enhancement of the solution once developed.
About the Writer:
Kunwar Nitesh is a Sr. Architect and Member of Center of Excellence Team within AurionPro SENA. Kunwar has been designing and implementing medium to large scale Identity Management solutions across multiple industries. Kunwar has more than 7 years of experience, specializing in Oracle's Identity and Access Management products stack.