Cloud Security Perspectives and Insights
-
Identity and Access Management
November 19, 2020
Modernization of Identity and Access Management
Oracle has been in the IAM business for more than 20 years and we’ve seen it all. We’ve addressed numerous IAM use-cases across the world’s largest, most complex organizations for their most critical systems and applications. We’ve travelled with our customers through various highs and lows. And we’ve experienced and helped drive significant technology and business transformations. But as we close out our second decade of IAM, I’m too distracted to be nostalgic. I’m distracted by our IAM team’s enthusiasm for the future and by the impact we’ll have on our customers’ businesses in the decade to come. Central to that is the focus to respect our customer's identity and access journey and meet them with solutions that fit their individual needs.
Analysts agree1 that Oracle offers best-in-class IAM solutions that serve a variety of functions and use-cases. Oracle now manages hundreds of millions of identities in the cloud making us one of the most popular cloud identity providers with unmatched geographical coverage via Oracle’s 30 (and counting) cloud regions. But our work is not done. In fact, rather than slowing down to close out another decade, we’re rolling into the 2020’s with momentum and we’re picking up speed.
Last year, I talked about our top priorities for IAM and since then, we’ve made tremendous progress. We released numerous impactful features across our IAM portfolio and partnered with many customers on successful IAM upgrades and cloud transformations. Here are a few of the areas where we’ve made significant progress:
- Oracle Identity Cloud Service (IDCS) supports all the common IDaaS use-cases like strong and adaptive authentication, social logon, passwordless logon, bidirectional synchronization to on-prem, and provisioning to on-prem and cloud enterprise applications. It now also supports some not-so-common use-cases like: factor-specific MFA via Sign-on Policies, User-Managed Consent for Terms of Use, rule-based Authorization Policies for enterprise applications, Entitlement Assignments for enterprise applications via application roles, API-based App Management, and allow- and deny-lists via IP-based Network Perimeters.
- Oracle Access Manager (OAM) serves use-cases where customers prefer to fully manage and control their AM deployment (perhaps because they want to deploy it on-prem and avoid having to rely on an Internet service for authentication or maybe because they want heavy customization). OAM is now deployable in containers simplifying operational support. The OAM Snapshot tool now helps move and improve on-premises workloads to cloud environments and with OAM upgrades. OAM has also been updated to support passwordless logon, OAuth consent management, Just-In-Time (JIT) provisioning, multi-data center lifecycle automation, OAP over REST, and password management that supports multiple password policies for different groups.
- Oracle Identity Governance (OIG) provides an Identity Governance and Administration (IGA) solution that’s more robust than the IGA typically delivered via IDaaS solutions. OIG is now deployable via containers and is being transitioned to a microservice architecture that enables quick feature updates without lengthy software upgrades. Enhanced wizard-based application on-boarding, access policy harvesting, and self-service business friendly access catalog empower business owners to take control of entitlement access and minimize IT operational inefficiencies. Focused reviews makes certification more manageable and allows for building campaigns towards specific compliance goals like GDPR and SOX.
- Oracle Unified Directory (OUD) is an all-in-one directory solution with storage, proxy, synchronization and virtualization capabilities that meets carrier-grade scale and performance requirements. OUD is now deployable in containers and the new SCIM Rest API service provides programmatic support for accessing identity information (Users, Groups, etc.), including querying, retrieval, create, update and delete.
Support for container deployment across OAM, OIG, and OUD is an important step. Customers can move from a bare metal or virtual machine-based installation to one better suited for multi-cloud and modern data center deployment. All three IAM images are also available in the Oracle Cloud Infrastructure (OCI) marketplace making it quick and easy to get up and running on the latest versions.
In addition to the significant progress we’ve made on the products and technology, we’re also improving the way we support our customers’ journeys. With the help of several partners globally (Accenture, BIAS, Deloitte, Kapstone, Persistent Systems, and Simeio, to name a few), we’ve launched a world-class upgrade program to simplify the upgrade experience so customers can benefit from the business value and simpler ownership offered by our latest IAM versions with reduced cost and effort. Hundreds of customers are already engaged in the process and we’re seeing early positive results.
Looking forward, I’m extremely confident in Oracle’s ability to address virtually any IAM requirements across functional areas (Identity Governance and Administration, Access Management, Directory), deployment models (SaaS, cloud-hosted, VMs, containers, MSS, self-managed), user types (employees, partners, consumers), targets (IaaS, SaaS, Enterprise Apps, Databases, Legacy Apps), geography and size of business. Our customers deserve choice and we’re confident in our ability to provide the most appropriate solution to address their unique situation.
Try Oracle Identity
To learn more, visit Oracle Identity and Access Management, take a trial of Identity Cloud Service, or sign up for a free test drive of Oracle IAM 12c via Kubernetes images in OCI Marketplace (Oracle Identity Governance, Oracle Access Management, and Oracle Unified Directory).
1. Richard Hill, "Access Governance and Intelligence," KuppingerCole, August 20, 2020