Wednesday Aug 29, 2012

Sun2Oracle: Upgrading from DSEE to the next generation Oracle Unified Directory

OUD is part of Directory Services

Mark your calendars and register to join this webcast featuring Steve Giovanetti from Hub City Media, Albert Wu from UCLA and our own Scott Bonnell as they discuss a directory upgrade project from Sun DSEE to Oracle Unified Directory.

Date: Thursday, September 13, 2012
Time: 10:00 AM Pacific

Join us for this webcast and you will:

  • Learn from one customer that has successfully upgraded to the new platform
  • See what technology and business drivers influenced the upgrade
  • Hear about the benefits of OUD’s elastic scalability and unparalleled performance
  • Get additional information and resources for planning an upgrade

Register Now!

Friday Aug 24, 2012

Oracle Magazine Sept/Oct 2012 - Security on the Move

Oracle Magazine

This month's Oracle Magazine cover story is Security on the Move.  In it, two Oracle IDM customers discuss their impressions of the latest IDM release.  Kurt Lieber from Kaiser Permanente and Peter Boyle from BT discuss how they are using Oracle IDM to enable their business.

Click this link to see the latest issue:

In addition to the cover article, the Analyst’s Corner features an interview with Sally Hudson from IDC focusing on IDM issues :

And the Partner Perspectives contains information from our IDM partners Hub City Media, aurionPro SENA, and ICSynergy

Tuesday Aug 14, 2012

Identity Management at Oracle OpenWorld 2012

Are you registered for Oracle OpenWorld 2012 to be held in San Francisco from September 30 to October 4? Visit the Oracle OpenWorld 2012 site today for registration and more information. And, if you need further convincing, here’s a preview of the planned sessions and forums on Identity Management.

Identity Management General Sessions*

Monday October 1, 2012




10:45 am – 11:45 am

CON9405: Trends in Identity Management

Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle

Moscone West, L3      Room 3003

1:45 pm – 2:45 pm

CON9437: Mobile Access Management

Daniel Killmer, Principal Product Manager, Oracle

Moscone West, L3       Room 3008

1:45 pm – 2:45 pm

CON3568: Unified User Provisioning & Management using Oracle Identity Management 11g

Sada Rajagopalan, Solution Architect, Collegeboard

Moscone West, L3       Room 3011

3:15 pm – 4:15 pm

CON9492: Simplifying your identity management implementation

Viresh Garg, Director, Product Management, Oracle

Moscone West, L3      Room 3008

4:45 pm – 5:45 pm

CON9444: Modernized and Complete Access Management

Forest Yin, Director, Product Management, Oracle

Moscone West, L3       Room 3008

Tuesday October 2, 2012




11:45 am – 12:45 pm

CON9491: Enhancing End User Experience with Oracle Identity Governance

Sanjay Rallapalli, Principal Product Manager, Oracle

Moscone West, L3        Room 3008

1:15 pm – 2:15 pm

CON9447: Enabling Access for Hundreds of Millions of Users

Vamsi Motukuru, CMTS, Oracle

Moscone West, L3       Room 3008

5:00 pm – 6:00 pm

CON9465: Next Generation Directory - Oracle Unified Directory

Etienne Remillon, Principal Product Manager, Oracle

Moscone West, L3

Room 3008

Wednesday October 3, 2012




10:15 am – 11:15 am

CON9458: Eliminate end-user managed passwords while increasing security with Oracle ESSO

Daniel Killmer, Principal Product Manager, Oracle

Moscone West, L3        Room 3008

11:45 am – 12:45 pm

CON9494: Sun2Oracle: Identity Management platform transformation

Scott Bonnell, Senior Director, Oracle

Moscone West, L3        Room 3003

11:45 am – 12:45 pm

CON9631: Entitlement-centric access to SOA and cloud services – Development Track

Sreenivasa Chitturi, Senior Software Development Manager, Oracle

Moscone West, L3        Room 3008

11:45 am – 12:45 pm

CON3957: Delivering secure WiFi on the Tube as an Olympic legacy from London 2012

Ben Bulpett, Director, Enline plc Ben Bulpett, Director, Enline plc


1:15 pm – 2:15 pm

CON9493: Identity Management and the Cloud

Melody Liu, Senior Principal Product Manager, Oracle

Moscone West, L3

Room 3008

3:30 pm – 4:30 pm

CON9624: Real-time External Authorization for Middleware, Applications and Databases

Sid Mishra, Principal Product Manager, Oracle

Moscone West, L3        Room 3008

5:00 pm – 6:00 pm

CON9625: Taking Control of Oracle WebCenter Security

Ganesh Kirti, Senior Director, Platform Security, Oracle

Moscone West, L3       Room 3008

Thursday October 4, 2012




11:15 am – 12:15 pm

CON5794: Solutions for Migration of Oracle Waveset to Oracle Identity Manager

Steve Giovannetti, CTO, Hub City Media

Moscone West, L3        Room 3008

12:45 pm – 1:45 pm

CON9640: Evolving Identity Management

 Michael Neuenschwander, Senior Director, Oracle

Moscone West, L3      Room 3008

2:15 pm – 3:15 pm

CON9662: Securing Oracle Applications with Oracle Enterprise Identity Management Platform

Roger Wigenstam, Senior Director, Oracle

Moscone West, L3        Room 3008

* Schedule subject to change

In addition, there are Identity Management hands-on-labs sessions planned, including:

  •  Complete Access Management, and
  •  Integrated Identity Governance

Identity Management executives and experts will also be at hand for discussions and follow ups. And don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Follow the conversation on Oracle OpenWorld 2012 on twitter with #OOW12 and as always, engage with us @oracleidm.

We recommend the use of the Schedule Builder tool to plan your visit to the conference and for pre-enrollment in sessions of your interest. You can search identity management sessions using the term “identity management” in the Content Catalog. We hope to see you there!

Thursday May 31, 2012

The Business Case for a Platform Approach

Most customers have assembled a collection of Identity Management products over time, as they have reacted to industry regulations, compliance mandates and security threats, typically selecting best of breed products.  The resulting infrastructure is a patchwork of systems that has served the short term IDM goals, but is overly complex, hard to manage and cannot scale to meets the needs of the future social/mobile enterprise.

The solution is to rethink Identity Management as a Platform, rather than individual products. Aberdeen Research has shown that taking a vendor integrated platform approach to Identity Management can reduce cost, make your IT organization more responsive to the needs of a changing business environment, and reduce audit deficiencies. 

View the slide show below to see how companies like Agilent, Cisco, ING Bank and Toyota have all built the business case and embraced the Oracle Identity Management Platform approach.

Tuesday Mar 13, 2012

Identity Management at COLLABORATE 12


Getting ready for COLLABORATE 2012? If Security and Identity Management are top of mind for you, then we have some recommendations for you.

Bringing together Oracle Applications and Technology education, COLLABORATE 2012 is a forum designed and delivered by Oracle users. Produced by the three independent user groups, Independent Oracle Users Group (IOUG), Oracle Applications Users Group (OAUG) and Quest International Users Group (Quest), COLLABORATE offers keynotes, deep-dives, workshops and user-driven sessions spanning technology, application and cross solutions. This year the conference is from April 22- 26 at Mandalay Bay Convention Center in Las Vegas.
Oracle Identity Management solutions enable organizations to secure critical data and applications, efficiently enforce regulatory compliance and reduce operational costs. In addition to our conference sessions, as an added value this year, we are offering a half-day deep dive session on Oracle Identity Management: Building a Security and Compliance Framework for Oracle Systems. The session is scheduled for Sunday, April 22nd from 9 am to 3 pm and will cover relevant topics such as:
• A Primer on Identity Management
• Security and Compliance with Oracle Identity Management
• Security for Oracle Applications, Fusion Applications
• Managing Identities in The Cloud and Mobile World
• Best Practices: Building an Identity Roadmap and Getting Started

To get a head start on your compliance and security program, pre-register for this session today.

The Identity Management sessions are supported by subject matter experts on technology, consulting and implementation so you are sure to get the complete perspective on what it takes to design and implement a successful program to meet your security and compliance objectives.

To find out more about Identity Management at COLLABORATE 12, here’s our recommended roadmap:
1. If you haven’t done so, do browse through COLLABORATE 12 website and register with the user group for information and events most tailored to your needs.
2. Click on “My Show Planner” and enter “Identity Management” in the keyword search box.
3. Pre-register for the sessions by clicking on “Add to Planner”


Look forward to seeing you at COLLABORATE 12 in Las Vegas next month.

Thursday Mar 01, 2012

Platform Approach Series in Asia

The Aberdeen report results are not specific to North America alone - the results were global. Fourteen percent of the participants were companies based in Asia. In addition, the results covered companies of different sizes in terms of annual revenue:

  • 32% Small  < $50M
  • 36% Mid-size  $50M - $1B
  • 32% Large >$1B 

The platform approach series will continue in 16 cities in Asia.

Taipei, March 22nd

Beijing, April 17th  

New Delhi, April 18th

Shanghai, April 19th

Bangalore, April 19th 

Singapore, April 19th

Hanoi, April 19th

Bankok, April 24th

Chennai, April 24th

Taiwan, April 25th

Mumbai, April 26th  

Jakarta, April 26th

Melbourne, May 1st

Canberra, May 2nd

Sydney, May 3rd  

Kuala Lumpur, May 15th  

Tuesday Feb 07, 2012

Oracle Named a Leader in both User Provisioning and Identity and Access Governance

Oracle Identity Management solutions were positioned in the Leaders quadrants, in the two recently published Gartner Magic Quadrant reports. This post is the first in a series of multi-part blog discussion, and over the course of next few weeks, we’d be covering details on what we believe make Oracle’s User Provisioning (Identity Administration) solution, Oracle Identity Manager and our Identity and Access Governance solution, Oracle Identity Analytics truly unique and industry leading.

Gartner published their first-ever Magic Quadrant for Identity and Access Governance and Oracle is a leader.

Source: Gartner Magic Quadrant for Identity and Access Management, Dec. 15, 2011. Doc ID#223606. Authors: Earl Perkins and Perry Carpenter. Page 3

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available by clicking on the note title. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any of warranties of merchantability or fitness for a particular purpose.

Identity and Access Governance solutions offer business users identity analytics and reports to address governance, audit and compliance challenges. According to Gartner, leaders in Identity and Access Governance (IAG) are “composed of vendors that provide products with a good functional match to client requirements for establishing a governance system for access. These vendors have been successful in building an installed base and revenue stream within the IAG market, and have a relatively high viability rating (because of IAG revenue). Leaders also show evidence of superior vision and execution for anticipated requirements, as they relate to technology, methodology or means of delivery. Leaders typically have significant market share, strong revenue growth, and demonstrated early customer satisfaction with IAG capabilities and/or related service and support.”

Oracle Identity Analytics is an advanced Identity and Access Governance solution from Oracle offering rich analytics, prioritized risk scoring, business-friendly dashboards, and advanced compliance features that monitor, analyze, review, and govern user access to mitigate risk, build transparency and satisfy compliance mandates.

The key challenge we often hear organizations talk about is scaling the compliance processes. Performing access certifications across not a handful but 100s of applications requires not just an automated solution but a powerful (but business friendly) process engine solution powered by analytics to make sense of all the data. To make it a real world discussion rather than a theoretical one, join ING and Oracle on a live webcast:  Scaling Role Management and Access Certification to Thousands of Applications on Wednesday, April 11, 2012 10:00 AM PDT where ING discusses how they successfully tackled the scale challenge.

Close on its heels, Gartner also published its 2011 Magic Quadrant for User Provisioning and Oracle is a Leader.

Source: Gartner Magic Quadrant for User Administration/Provisioning, Dec. 22, 2011. ID# G00219354. Authors: Perry Carpenter and Earl Perkins. Page 4

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available by clicking on the note title. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any of warranties of merchantability or fitness for a particular purpose.

Two things are clear with these reports. Organizations are looking at integrated, platform solutions to meet their audit and compliance needs. Platform approach is the only viable approach to close security and audit gaps, reduce TCO and derive the complete picture. And we believe with Oracle’s positioning in the leaders quadrant for both User Provisioning and Identity and Access Governance, organizations are assured that they are not only getting the complete solution but also best-in-class, backed by a strategic vision and strong executive commitment. Seamless integration with Oracle Identity Manager 11g makes Oracle Identity Analytics 11g industry's only access governance solution to offer an accurate closed-loop remediation solution with risk feedback calculated over a user’s lifecycle as actionable insight for certification reviews. To get customers’ perspectives on the implementation and results from the platform approach, we recommend you look at our monthly webcast series on the subject:

Customers Talk: Identity as a Platform.

If you are looking at user provisioning and/or compliance solutions, we suggest you start by downloading these analyst reports and our recently issued press release on the subject. For more information on Oracle’s platform approach to Identity Management and to learn more about our best-in-class Identity Management solutions, visit us at or contact us via our online communities: Facebook, Blog and Twitter.

You may also find the following resources helpful:

Ongoing Webcast Series: Customers Talks: Oracle Identity Management as a Platform

ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics

Customer stories: Tackling Compliance Challenges with Oracle Identity Analytics

What’s New in Oracle Identity Manager 11g

Saturday Jan 21, 2012

Unified Directory: An Interview with Etienne Remillon

Etienne Remillon is principal Product Manager in charge of Oracle's Unified Directory Server offering. As a veteran directory expert, Etienne was product manager for the Sun IPlanet Directory Server and is now focused on Oracle's next wave of directory innovation. As the web access market has grown, the demands for more scalable authentication and authorization has required greater scale. In this interview Etienne discusses the drivers shaping the directory server market. While many think directory servers are a commodity item, Etienne explains how the demand for write performance and mobile computing are dramatically changing the way we look at directories. Click here to listen to this interview. 

As more organizations create mobile application stores and serve more data to consumers and employees, the corporate and extranet directories need to scale to accomodate the increase demand. In addition, with more mobile applications storing location data and personalization data, the fraction of write transactions in a typical environment is increasing.Click here for info on Oracle Unified Directory 11g.

Tuesday Jan 17, 2012

Followup From Webcast: Preventing Fraud in The Cloud

Thanks to all who joined our webcast today on preventing fraud in the cloud. If you missed the webcast, you can catch the on-demand recording here. If Identity in the cloud is of special interest, you can learn more about the topic on another upcoming webcast we will host on January 25th webcast. You can register for the event here. Here is an embedded copy of the slides.  In addition, there were a few audience questions during todays webcast and I have captured the answers below. 

Od webcast-cloud-fraud final
padding-right: 0px; padding-bottom: 12px; padding-left: 0px; "> View more presentations from OracleIDM

Q: Thinking of fraud and Identity Management - how can Identity help address this ?

A:  In addition to our adaptive access offering which Gail spoke of, there are other things organizations should look at. Organizations should look at Oracle Identity Analytics to provide review of access rights to prevent and detect access that is inappropriate. In addition, organizations should look at automated provisioning to help automatically remediate access violations that are detected.

Q: What cloud based applications does Oracle support today.

A: Today we have connectors that support the big brands: Google, Salesforce, Facebook etc. and we provide the ability to extend our connectors to support OAUTH enabled and standards based access via cloud providers.  Oracle On-demand today deploys the Oracle connectors in house and has the expertise to setup and manage these connectors as well.

Q: How is Oracle's cloud services different or more secure compared toother providers ?

A: Oracle is at the forefront of security services. We have been in the business for a number of years. Oracle as a company is security focused. We look at controls across all of the technologies and employ a consistent operational discipline aligned with the ISO framework. We have been PCI compliant for a long time and we process for the federal government.  This provides the highest level of security assurance. 

If you are feeling frustrated with getting access to your cloud applications, you will probably relate to the video below.

Thursday Dec 08, 2011

Video: Funny Thing, Having Too Much Information :)

As we discuss privacy and securing data, most of the conversation is about regulatory compliance and securing corporate assets. In this advertising for Oracle Entitlements Server below, we explore what happens when access to private personal information is no longer private. Things can get a little out of hand.

 If you enjoyed this one catch the others in the series

Forget your passwords much

Trouble getting access to the cloud

Audit Eye

Wednesday Dec 07, 2011

Moving Java Forward with Identity API - JSR 351

With the momentum toward cloud, mobile and social, many developers realize that Identity Management is critical to the success of these projects. JSR 351 is a community proposal intended to address how Identity Management fits into the Java standard. Driven by a community of customers and vendors, the API would standardize Identity Management objects used in applications. The specification is targeted for compatibility with Java SE and Java EE beginning with version 6. For a complete timeline and details see the slides. In addition, you can read more about the proposal here.

Sunday Dec 04, 2011

Q & A From Webcast to Asia on Platform vs. Point Solutions

Thanks to all who joined our webcast. Here is a link to the Aberdeen paper discussed during the webcast and below we have documented answers to the Q & A from the webcast. If there are any additional questions don't hesitate to give us a call at 1-800-672-2537.

Q: Based on the Aberdeen findings, what are Oracle’s views and positioning towards the results findings?

A: Oracle has always taken a platform approach to Identity and Access Management. In every release of our solutions we continue to rationalize our architecture to provide greater inter-operability so that a customer can have the flexibility to adopt any of our individual solutions and later adopt complimentary products in the stack. The key is that the data across the suite works together. As a reference you can view our end to end solution webcast.

Q: How should a company get start using a platform approach?

A: There is no pre-defined approach to getting started. The platform approach means you can choose the component that addresses your immediate need and later choose other components as your Identity and Access roadmap needs change. If your biggest challenge is audit compliance, then start with Oracle Identity Analytics. If "on-boarding" and "off-boarding" becomes a challenge then adopt Oracle Identity Manager. Regardless of which solution you choose first, the roles, users and workflows across both products will be shared. This simplifies the deployment and solution support. 

Q: Hi Can you please give me a example of Point Solution, Is it AD a Point solution? 

A: By point solution we mean solutions that are not part of an over all suite. AD would be an example of a point solution. By platform approach we mean a set of point solutions from a single vendor that inter-operate. 

Q: With regards to a platform approach to IAM, specifically which components / solutions are we referring to here that make up "IAM" platform e.g. Identity, web access management, role analytics / management, directory etc...?

A: Here we are referring to several components: Access Management, Administration and Governance, Directory Services, Fine Grained Entitlements  and SOA security   

Q: What are the realistic timelines to implement for bigger organizations ?

A: An organization does not have to deploy all of the products in a platform to gain the benefits. Deploying each product can take a few weeks depending on the number of users and the size of the organization.

Q:Is it possible to automate all the "On-board and Leaver(Purge or Account Locking capabilities) ?

A: It is possible to automate most of this activity. Typically organizations will target the most security sensitive applications first. 

Q: What is the cost difference between Platform based on Point solutions

A: Based on the results of the Aberdeen survey organizations can save up to 48% when looking at the cost of deploying a combination of point solutions vs a platform based solution. The cost savings is directly related to the cost of integration between point products that are not part of a suite. On a per solution basis there is not much difference in the license cost. The real cost difference is cost of ownership.

Q: To my knowledge IAM has not matured and didn't cater to several of our requirements when we were looking for a solution, what do you think about its evolution in the last 5 years ? 

A: IAM has transformed drastically in the past five years. It would be good to re-examine your requirements with a fresh look at the solutions on the market.

Q: Is single sign-on supported for non-Oracle applications ?

A: Yes Oracle's Web SSO and Enterprise SSO support single sign-on for many non-Oracle applications to read more click here

Q: Will it support Employee ID and different roles of Oracle and non-Oracle Applications ?

A:  Yes, Oracle Identity Analytics and Oracle Identity Manager both support creating roles for non-Oracle applications. In addition, it can help to active a single id per employee across the organization. To learn more click here.

Q: What kinds of reports are delivered as part of the IAM suite and how can we automate some of the Audit requirements, If some of the users or Hackers Intrude is any way we can get notifications ?

A: There are several different kinds of reports that you will need to address your audit challenges. First most audits are looking for a report of separated user and verification that these users no longer have access to critical systems. Oracle Identity Manager contains reports out of the box that provide this information. You can learn more about this by clicking here for the resource page on OIM. In addition, you will want to conduct certification reviews of entitlements for critical systems. The certification review reports can be found on Oracle Identity Analytics. You can learn more about OIA by clicking here

Q: How do we integrate custom strong authentication devices with the Oracle IAM suite?

A: There are many integration points. It would be good to get in touch with an Oracle rep to understand all of the options. You can call us at  1-800-672-2537.

Q: Is there any way we can create seperate layers of IAM for Internet User Vs Intranet Users but End Users are only Employees, currently we have a challenege and not allowing Employees to login from outside, when i see Internet users, they will access ap via DMZ

A: This is a common challenge and the answer is yes. In most cases you should be able to utilize a single identity solution instance to manage both your external and internal users.

Thanks for all of the questions.  

Monday Nov 21, 2011

Kuppinger Cole Paper on Entitlements Server

Kuppinger Cole recently released a paper discussing external authorization describing how organizations can "future proof" their enterprise security by deploying Oracle Entitlements Server.  By taking a declarative security approach, security policy can be flexible and distributed across multiple applications consistently. You can get a copy of the report here.

In fact Oracle Entitlements Server is being used in many places to secure data and sensitive business transactions. The paper covers the major  use cases for Entitlements Server as well as Kuppinger Cole's assessment of the market. Here are some additional resources that reinforce the cases discussed in the paper.

 To learn more check out the new Oracle U  OES 11g course.

Thursday Nov 03, 2011

2011 Innovation Award Winners - Identity Management

The winners of 2011 Innovation Awards were announced last month during Oracle OpenWorld. The Award recognizes customers for achieving significant business value through innovative uses of Oracle Fusion Middleware.  For Identity Management, that meant deriving and proving exceptional business value, delivering architecture innovation, solving unique challenges and driving industry leadership. With over 20 nominations this year, the panelists had a difficult task ahead of them. One thing was certain though, the winners would be great examples of excepetional use of cutting-edge Identity Management solutions.

This year's winners demonstrated new ways of leveraging cloud and social environments to enhance customer interaction and service levels as well as building business intelligence from IT data to empower business and support management decisions. We congratulate the winners of 2011 Innovation Awards for Identity Management:

ING North America Insurance

Looking to streamline the access certification processes for in-time compliance and manage the complexity of user identity administration, ING North America Insurance implemented Oracle Identity Analytics and Oracle Identity Manager. A combination of detailed planning, close collaboration with Oracle and its implementation partner, and the use of advanced industry solutions allowed ING to achieve its compliance and governance goals. In addition, with business friendly reports and actionable insight, ING's implementation empowered business and offered greater transparency. The team was also able to clearly define, measure and present success metrics to the business.

College Board

With over 50 identity stores and multiple point solutions including some custom technologies, the organization found integrating applications and extending the identity management platform to be complex, time-consuming, costly and unscalable. The approach also left security gaps. To tackle these inefficiencies and unnecessary overhead, College Board started with the implementation of Oracle Identity and Access Management Suite Plus. Not only was the organization looking to seamlessly replace the old, non-standard custom system with a centralized, integrated, standards-based platform, College Board was also looking to leverage social media with the enterprise environment. The innovative integration with Oracle Identity Manager and Oracle Identity Federation allows the organization to reach millions of potential users via social media and offer advanced services to the users using federated login. The use of Oracle Access Manager and Oracle Directory Services enable secure authentication services for College Board's users.


A subsidiary of Turk Telecom, TTNET serves over 6.5 million subscribers across Turkey, providing high technology broadband and other value-added services (VAS). TTNET's VAS are different web applications (each with their own authentication server and user repositories) and technologies coming from 10 different partners. Providing a seamless experience to the customer, thus, became a challenge. Lack of a common authentication platform also left security gaps. With the implementation of Oracle Identity and Access Management Suite Plus, TTNET launched its "Tek Sifre" (One Password) project VAS, providing its subscriber base unified single sign-on with secure and standard authentication and user administration in the background. Now, the customers can use secure single sign-on while the company leverages a standards based user access management and identity adminsitration platform for identity management and compliance, SLA reporting.


Here is a great example of cloud-based Identity-as-a-Service implementation. The company wanted to enforce and streamline user access compliance and automate user provisioning but without having the burden to maintain the infrastructure in-house. So, leveraging Oracle Identity Manager and Oracle Identity Analytics technologies via Simeio Solution's DirectAXS offering, the company was able to achieve its compliance, security and user productivity goals. The implementation benefits included streamlined and automated user provisioning, complete with audit trails and efficient access certification with complete view of user privileges and advanced detection and remediation of ghost accounts.

For information on the winners of the Fusion Middleware Awards for 2011, visit:

Wednesday Oct 19, 2011

Identity Management for a Car ?

Most of the conversations I have about Identity Management emphasize regulatory compliance and security risk. At the same time Identity context is also a critical business enabler. The video below shows a futuristic concept of the Toyota Smart Center. In this video, the car is not only transportation but also a personal assistant scheduling errands, assisting with calendar and navigation. In this case the car perhaps even saves a marriage. Toyota really got it right..what you will notice in this video is that the user authentication is very simple and requires very little effort from the end user. Hope you enjoy. 


Tuesday Oct 04, 2011

Innovation Awards - Identity Management at Oracle OpenWorld on Tuesday

One of the most anticipated events at Oracle OpenWorld for Fusion Middleware customers is the Oracle Fusion Middleware Innovation Awards ceremony. Hundreds of nominations come in every year for various product categories and a panel of judges have the unenviable task of selecting the winners - organizations that demonstrate the most innovative, industry-leading, optimal use of Oracle Fusion Middleware solutions.

Maria Forney, Director, Product Management, Oracle Fusion Middleware, would be hosting the ceremony this year that takes place today at 11:45 am Pacific in Moscone West, Room 3007 at Oracle OpenWorld. As we honor this year's most impressive customer projects, here's a quick look back at last year's Innovation Award winners for Identity Management.


NetApp creates storage systems and software that helps customers store, manage, protect, and retain data. NetApp leverages Identity Management to authenticate systems with Oracle Identity Federation, Oracle Access Manager, and Oracle Virtual Directory, as well as provision to SaaS hosted applications. The Identity Management platform and technology allowed NetApp to reduce ETA and helpdesk tickets related to application access.

Schneider National, Inc

Schneider National, Inc. is a premier provider of truckload, logistics and intermodal services. The integrated Identity Management solution has enabled centralized role based access controls with automated request and approvals. Oracle Identity Management has improved user productivity, business processes, and security. Schneider has doubled the number of systems without increasing their administrative staff. Pricewaterhouse Coopers was the implementation partner. Read the press release for more details.

The State University of New York

The State University of New York has 64 colleges and universities that need to share access and information. Oracle Identity Management allows local campuses to manage access to a central system for their faculty and students. Oracle Identity Federation and Oracle Virtual Directory enables access to a central service, which avoids duplications of security/user information in multiple data stores. For more details on their implementation, check out this Oracle Magazine article: Positive Identification


Telenor is the world's 6th largest mobile operator with 184 million mobile subscribers, offering communication services in 14 countries. Telenor deployed Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Federation to automate 64 SOX applications, SSO, and connect to 3rd party external applications. The Oracle Identity Management platform provides a uniform, standard platform to roll out new applications, and has enhanced the end user experience and security. Skyworth TTG was the implementation partner.

We wish the very best to this year's nominees and look forward to hosting an exciting ceremony today. If you are at OpenWorld, don't miss the Identity Management sessions today where you'll hear from numerous end-users and Oracle's own product management experts. Our specialists are also at hand at Identity Management demogrounds to showcase the very latest solutions and to answer any queries that you may have. For a complete listing of today's sessions and more, please take alook at the Focus On Identity Management document.

Saturday Sep 24, 2011

Smuckers Broke Free from IBM Identity - So Can You

Thank you all for joining the webcast. The replay will be available shortly. From the audience questions and feedback I have received, many found the content useful. You can register to view a replay of the webcast on-demand .  Smuckers made a decision to go with the Oracle Identity stack to drastically simplify their architecture both from a middleware perspective and to simplify their Identity Management architecture. Reducing the number of agent based provisioning connectors and leveraging the integrated platform from Oracle reduced cost and improved their project. 

Many organizations today are in the same position with an IBM Identity Management deployment that has either stalled because of complexity or because IBM's portfolio lacks the integration and solutions to address the changing market needs. From the webcast, Scott pointed out that companies can move directly to the Oracle stack or move incrementally by taking a co-existence approach.

Taking an integrated platform approach can save up to 48% .. see the Aberdeen research. 

Here is a transcript of the Q & A from the webcast.

Q. Is Oracle ESSO integrated with the Oracle Identity Manager offering?

A. Yes - ESSO is integrated with oracle Identity Manager and the other components in the Oracle Stack as well. Oracle Identity manager provides workflow based provisioning, change and de-provisioning to ESSO. In addition, ESSO is integrated with Oracle's Access Management stack for complete single sign on.

Q.  Can we co-exist IBM's provisioning with Oracle's provisioning ?

A. Yes - there are a number of ways to do this depending on the amount of automation. In some cases the account index in IBM can be imported into Oracle Identity Manager and leveraged directly. Oracle Identity Manager can reconcile the data from each target system. The simplification with the Oracle platform drastically improves the manageability. 

Q. Can a customer extend  the Identity Platform in Fusion Applications to secure other applications in enterprise. 

A. Yes. The Identity components in Fusion Applications are full function and fully extendable. The customer would need to extend the license to cover the additional usage in the enterprise.

 Thanks for joining the webcast and we hope you join us again.

Sunday Sep 18, 2011

OOW Session - Manage Database, Solaris and Linux users with Oracle Directory Services

Centralizing and externalizing access control is a trend in Identity management. By centralizing the database and Unix accounts, administrators can divide and conquer with delegated administration and provide a single point of control for data and applications. The CISO and audit group get the benefit of a single point of audit and control. The overall impact to scale and security across the organization is dramatic. Instead of managing multiple instances of Unix systems or database services, administrators can now manage thousands of accounts per administrator. This is particularly urgent for Unix administrators who are still using NIS or NIS+ and need to find an alternative.

Join Mark Wilcox and I for this informative Open World 2011 presentation as we discuss how to centrally manage Oracle database user accounts and credentials, along with Oracle Solaris and Linux user accounts, using Oracle directory services. The session will be held on Thursday, 09:00 AM, Moscone West - room 3022.

For a complete list of Identity Management sessions at Open World 2011 see our Focus On  Document

Tuesday Aug 30, 2011

OOW Session - Achieving Context Aware Security

The DNA of Identity management has been Authentication, Authorization, Administration and Audit – but to really take a risk based approach, address the more complex regulatory pressure and still provide ROI identity management has to become more context aware, provide better analytics and provide increased control. You don't want to miss Vadim Lander - Chief Identity Architect discuss the next step in the evolution of identity management on Wednesday October 5th at 4:45 in Moscone West.

Who you are depends on the context of your activity. In the enterprise we all wear many hats and do many jobs. This makes it difficult to detect when user behavior is out of the ordinary. An integrated context aware approach is the best solution to balance the need for regulatory compliance and reduce risk.

To become risk aware, Identity Management has to become more context aware and integrated. The latency between Identity pillars creates risk. An integrated platform approach helps restore control by providing context. Join us for this session to understand how Oracle is driving innovation and creating the next generation of Identity Management solutions.

For a complete schedule of Identity Management session see the Identity Management Focus On. 

OOW Session A Directory for Enterprise and the Cloud

Earlier this year, Oracle launched Oracle Unified Directory (OUD). OUD is the next generation directory server aimed at providing the scale and performance needed to build mobile applications and cloud applications. In general the landscape for directory services is changing. If you are creating applications that require high scale authentication you won't want to miss this session on Tuesday October 4th at 4pm in Moscone West.

  • Increased demand for write operations - Today mobile applications are storing more personalization data and more location data. This is driving a greater demand for write operations. Approximately 40% of the operations are writes as opposed to 10 years ago when the write operations to the directory were approximately 20-30%. OUD provides 3x the performance on read operations when compared to ODSEE.
  • Increased speed of read operations - despite the increase in demand for write operations, the need for high speed read operations has not diminished. OUD provides a 5x performance enhancement on write operations.
    • Oracle Unified directory is part of the Oracle Directory Services Suite Plus and is an interoperable and integrated part of the directory services suite. For a full schedule of Identity Management sessions see the Identity focus onYou can view the launch webcast on demand.

OOW Session- Access to Oracle Applications

Oracle Applications contain mission critical business data. Securing access to Oracle Application data is critical for regulatory compliance and protecting the reputation of the business. Access to data and business transactions is constantly changing. Administrators need to have a central point of control to manage access policy across all Oracle applications. If you are an Oracle Applications customer, you won't want to miss this session on Monday October 3rd in Moscone West. In addition to the session there will be two hands on labs discussing Identity Management for Oracle E-business applications

 Thursday Oct 4, 10:15 

Securing Oracle Applications with Oracle Identity Management

Marriott Marquis Salon 1/2
Thursday Oct 6, 3:00

Securing Oracle Applications with Oracle Identity Management

Marriott Marquis Salon 1/2

Oracle's Access Management provide a comprehensive solution to centralize access control policy for customers using Oracle Applications and customers planning to adopt Fusion Applications. As organizations deploy Fusion Applications, many are choosing to deploy in a SaaS environment. Using Oracle Access Management users can use a single password to access their enterprise applications and cloud applications.

Whether the applications are in a public cloud or private cloud, Oracle Access Management can provide single sign-on to reduce user frustration and improve security. As a reference read our white paper on Oracle Identity Management for E-business.  To learn more about Oracle Identity Management for Fusion Applications read the white paper describing how Access Management integrated into Fusion Applications.

For a schedule of Identity Management sessions see the Identity Focus On Document

Thursday Aug 11, 2011

Getting IT Right with an End-to-End Access Control - Q&A Follow-Up

Thanks to all who joined us on our last week’s webcast on “Getting IT Right with an End-to-End Access Control Strategy”.  Identity Management is about User Authentication, Authorization, Administration  and Audit (the 4 A’s of Identity Management). But it doesn’t end with task automation. Identity Management needs to be smart (read: intelligent). It needs to ANALYZE the circumstances, understand the CONTEXT and CONTROL or manage the user interaction with the enterprise resources. Marc Boroditsky, Vice President, Oracle Identity Management, did a great job in explaining how end-to-end access control is really about becoming more context-aware with information backed by advanced analytics to offer more control.

The webcast replay is now available and we hope to continue the conversation we started with this webcast. In the meantime, I have captured the responses to the questions asked during the webcast.

Q. Is Identity Management strategic for Oracle?

A. Very much so. Oracle continues to make significant investments in Identity Management across all organizations including product development, customer and sales support, business development, marketing, and more.

Q. Where can I find the Aberdeen Report that Marc mentioned?

A. You can download the Aberdeen Report citing the findings on Platform vs. Point Solution Approach Study for Identity Management here.

Q. I was at one of the major health insurance providers recently. I was told not to bring laptop or any other hardware. I was told not to upload or download a file. Access to servers I was supposed to work on took 3+ weeks. Is that a smart way of doing security?

A. No access or limited access as a policy is detrimental to getting business done. And in fact, it may still not be an effective security measure. A smart approach would be to have layered security whereby only the right people have the right level of access to the right resources at the right time. When a user role or needs change, that change should also trigger user access and administration change. Moreover, all of this should be auditable. An integrated approach to user authentication, access authorization, administration and audit will accomplish this.

Q.  Where can I find product roadmaps for Access and Identity?

A. Technical information for all our Identity Management products is located on Oracle Technology Network. To schedule a roadmap briefing, please request your account manager.

Q. Is Oracle Identity Management part of the Oracle Database binary code?

A. No. Oracle Identity Management solutions are licensed separately.

Q. What differentiates Oracle Identity Management offering from its GRC Suite offering?

A. While GRC deals with standards-based platform for enterprise risk management, regulatory compliance, and controls enforcement, Oracle Identity Management solutions allow enterprises to manage the entire user identity life cycle across all enterprise resources and offer identity audit & compliance capabilities.

Q. How does Oracle Identity Management stack support private/public cloud infrastructure?

A. Oracle’s Identity Management stack plays a critical role in making the cloud environment secure for enterprises.

  • Identity federation is one area where standards such as SAML are quite mature and are being adopted by cloud providers and applications. Oracle Identity Federation (OIF) offers full range of standards-based federation between cloud applications and their customer’s applications.
  • Oracle Identity Manager (OIM) provides standards-based secure provisioning and self service registration of application users to cloud applications via support for SPML services and BPEL workflow definitions.
  • Oracle Enterprise Single Sign-On (ESSO) Suite lets enterprises host ESSO in a private cloud to offer users secure access to heterogeneous enterprise resources from anywhere, anytime.
  • Oracle Access Manager (OAM) provides a robust Single Sign On capability that streamlines identity authentication processes across cloud applications
  • Oracle Adaptive Access Manager (OAAM) provides strong authentication, identity verification, and fraud prevention across service provider’s cloud applications
  • Oracle Web Services Manager (OWSM)  provides policy-based authentication and authorization infrastructure for securing web services

We encourage you to download our Cloud Security Resource Kit for additional detail.

Q. With the layered security approach, are you recommending that there be a specific order of implementation i.e. Directory Services, SSO and Provisioning first and then the remaining pieces?

A. The order of implementation and even the scope of implementation are based on the organization’s needs and the specific issues/business challenges you are trying to solve. Please connect with your account manager to discuss your specific needs and chart out the appropriate implementation plan for the best return-on-investment.

Q. Is Oracle Identity Management a new technology?

A. Oracle has been offering proven, best-of-breed Identity Management solutions for quite some time. With continued investment in technology and resources, Oracle’s Identity Management solutions portfolio has grown significantly over the years. For a complete list of Oracle Identity Management offerings and more information, please visit us at

Q. Can I use Oracle Identity Management to centrally manage access for multiple external clients?

A. Yes. Oracle Identity Management solutions allow you to centrally manage user authentication, authorization, administration and identity audit across all resources and for all users regardless of whether they are within or outside your organization. A good example of external user facilitation is:  Qualcomm Case Study: Supporting User Federation using Oracle Identity Federation.

Q. Can Oracle Identity Management provide the visual graphic metrics of all user activities like the Oracle OEM alert metric?

A. Oracle Identity Analytics provides actionable dashboards, graphs and metrics for user and identity audit at any time.  Oracle Adaptive Access Manager provides strong risk-based authentication features like real-time risk alerts based on behavioral profiling and advanced risk analytics.

Q. How do we integrate the new Oracle Identity product with other large apps e.g. Siemens PLM product?

A. Oracle Identity Manager can integrate with Siemens PLM using the application’s API or if the application supports SPML, then by using SPML calls. Oracle Identity Manager’s Identity Connector Framework makes the integration process quite flexible, scalable and efficient. Most market leading applications and systems are supported out-of-the-box.

Q. How can the tool set transit the identity between the layers, for instance if I have a JBOSS server and a WebLogic server, how can I pass the identity from one to the other so that both can participate in this vision?

A. With Oracle Identity Management, you can externalize identities to a centralized identity platform supported by Oracle Platform Security Services (OPSS). OPSS allows you to abstract security, audit, and identity management functionality from applications so you no longer have to hard code these in individual applications thereby reducing the time and cost for application lifecycle. Read more about this revolutionary approach here.

Q. Would I need Oracle Directory Services if I have Oracle Identity Manager in-house?

A. Oracle Directory Services Plus and Oracle Identity Manager are complementary solutions. Oracle Directory Services Plus is the industry’s only integrated solution that offers identity virtualization, storage, proxy and synchronization services for high-performance enterprise and carrier-grade environments. Oracle Identity Manager is an identity administration and user provisioning solution that automates the process of adding, managing, updating and deleting user accounts on enterprise resources, whether on-premise or in the cloud. While these solutions work very well together and solve unique challenges, the implementation of one does NOT require the implementation of the other.

Hope this is just a start of our conversation on this subject. We look forward to hearing your feedback on the approach Marc alluded to during the webcast and how it applies to the organizations today.

Tuesday Aug 09, 2011

Securing Your Electronic Health Records

Thanks to all those who joined our webcast on securing electronic health information records. According to the survey by healthcare IT News many organizations are depending on the EHR vendors to take care of the security requirements; however, a more systematic approach has to be taken in order to meet the compliance and "meaningful" use requirements .  Mark Ford from Deloitte did a great job of setting the context around the legislation and the changing requirements. Thanks for all of the great questions on the webcast and I want to take the time to make sure we capture the answers. I will post a replay. Mike mentioned the Aberdeen report comparing the platform vs the point solution this may provide some benefit as you think about your road map.

  • Question: Looking at certification review with regard to clinician access - we have lots of cases where clinicians have excessive access - what else can I do with regard to a layered ?
  • Answer: So there are two things that we would recommend - many of the excessive access issues can be prevented in the first place by provisioning ( See Oracle Identity Manager) users based on a pre-defined job role. This model works well and can speed up the audit. The second thing that organizations are doing is complimenting certification review with detective monitoring provided by Oracle Security Governor . To streamline the certification review portion - Oracle Identity Analytics has some easy to use reporting that can make this less cumbersome.
  • Question: We have primary care physicians scheduling appointments through our web interface from different parts of the state - can your solution help us manage their user passwords.
  • Answer: Yes - if you are using a web interface then we could enable self service password management for your connecting physicians. You can provide this capability with Oracle Access Manager - also consider the ability for your connecting physicians to connect directly to your external portal with Federation capabilities 
  • Question: Is there a role life-cycle management capability in the Oracle stack. How would I get started in that process
  • Answer: Yes Oracle Identity Analytics provides this - you can download it from our site
  • Question: SSO is well understood by all, but what about signing off? Multiple apps running over one SSO, how do you manage the signing off of individual apps?
  • Answer: This a great question - there are many circumstances where this is required - so with Oracle ESSO there is an ability for sign of where ESSO cleans up the cache so that someone else can use the terminal - we find this case in healthcare a lot.
  • Question: We are a hospital with lots of VIP celebrity patients - how can we secure access to specific the specific vip patient data .
  • Answer: We get asked this a lot - feel free to reach out to us and we can setup a conversation with a couple of our customers who are solving the same problem. Basically, there are a number of ways to solve this. At a detective level our security governor can detect when the incidence has occurred we can also use the Oracle Entitlements Server to guard the data directly at the application level. Would be happy to schedule a demo.
  • Question: What if we have an existing HR system like Peoplesoft can we use that to drive the access provisioning of our clinicians.
  • Answer: Yes if you have Peoplesoft or any other HR system - we can connect and drive provisioning from this source. There are is a white paper on this on our website.
  • Question: Given that there are lots of offerings in the product stack - where should we get started - can we start with any product in the stack
  • Answer: Because we have integrated the stack - customers can start from any point depending on the need. One paper that might be helpful is the recent Aberdeen report that talks about the tremendous cost saving of going with the platform approach.

Hope these answers provide you what you need. If you have follow up questions you can post them as comments below and we will answer them. Thanks again for joining us and we look forward to chatting again soon.


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« July 2016