Tuesday Apr 08, 2014

Send Notification With Oracle Identity Manager API

Information about events occurring in Oracle Identity Manager are required to be sent to various users, such as requesters, beneficiaries, or administrators. This information about events is sent by using the notification service in the form of notification e-mail messages. The notification service allows you to perform all notification-related operations in Oracle Identity Manager.

A notification template is used to send notifications. These templates contain variables that refer to available data to provide more context to the notifications. The channel through which a notification is sent is known as the notification provider. Examples of such channels are e-mail, Instant Messaging (IM), Short Message Service (SMS), and voice. To use these notification providers, Oracle Identity Manager uses Oracle User Messaging Service (UMS).

In some case, you need a custom notificaion process such as you can send notification after Active Directory Create User. I want to explain how you can send a notification any time with oim api.

1-) Create a notification template from Oracle Identity Manager Administration Console.

oim notification

2-) Develop send notification adapter code. (Add your classpath: oimclient.jar)

  private NotificationService notificationService;

  public NotificationService getNotificationService()

  {

    if (this.notificationService == null) {

      this.notificationService = ((NotificationService)Platform.getService(NotificationService.class));

    }

    return this.notificationService;

  }

  public void sendNotification(String receiverUserId, String templateName, HashMap<String, Object> templateParams)

    throws EventException, UnresolvedNotificationDataException, TemplateNotFoundException, MultipleTemplateException, NotificationResolverNotFoundException, UserDetailsNotFoundException, NotificationException

  {

    NotificationEvent event = new NotificationEvent();

    event.setUserIds(receiverUserId); // set OIM User Login parameter

    event.setTemplateName(templateName); // set OIM Notification template name. 

    event.setSender(null); 

    event.setParams(templateParams); // it's used for set some parameters in template.

    getNotificationService().notify(event); // send notification

  }

Template params use for send some dynamic variable in notificiation template. if you want to send information such as user login,password etc in notification, first you have to add variable with "$" character in notification template ($userLoginId) then set this variable with a HashMap in code.

3-) Create a process task adapter from design console and assign it after "AD User" Process Form, "Create User" task ,"SUCCESS" response. 

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Wednesday Feb 19, 2014

Management of Oracle Database Authorization with Oracle Identity Manager

Oracle Identity Manager projects usually starts with management of user identity life-cycle from trusted resource to target systems. After completed user's identity management in first step second step is entitlement management of user's. For example role management of user's on Oracle Databases or Windows Servers or any custom applications.

I want to share my experience about management of Oracle Database authorization through Oracle Identity Manager in a project on this post.

We used three component for management of Oracle Database Authorization. These are Oracle Database Enterprise User Security(EUS), Oracle Unified Directory(OUD) and Oracle Identity Manager(OIM).  

Enterprise User Security enables you to centrally manage database users across the enterprise. This is a component of Oracle Database.

Oracle Unified Directory is a comprehensive next generation directory service that is designed to address large deployments, to provide high performance, to be highly extensive and to be easy to deploy, manage, and monitor. Oracle Unified Directory is used to role management integrated with Enterprise User Security.Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.

Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.


Following steps explain integration of these three tools.

1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).

  • Connect to the directory server from ODSM.
  • Select the Home tab.
  • Under the Configuration menu, select Create Base DN.
  • On the Configuration Wizard, enter the details of the new suffix.
  • Select the EUS Enabled check box.
  • Click Create to add the new, EUS-enabled suffix.

2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:

  • Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
  • Edit the modifyRealm.ldif file as follows:

-Replace dc=example,dc=com with the correct naming context for your server instance.

-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.

  • Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:

- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif

3- Complete below configuration on Oracle Database

  • Configure your database for directory usage by using NetCA.
  • Register the database with the directory by using DBCA.
  • Creating a shared schema in the database.
  • Mapping enterprise users to the shared schema.

4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.

When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.

P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Jan 07, 2014

Manage Child Process Forms With Oracle Identity Manager API

Oracle Identity Manager allows you to manage roles, responsibility or group membership as an entitlement. An entitlement granted to an account on a target system enables the account user to a specific task or function.In Oracle Identity Manager, there is one process form for each account (resource) provisioned to an OIM User. Entitlement data is stored in child process forms of the process form.

You can manage child form with Oracle Identity Manager api such as remove and add data. For this operations, you can use tcFormOperationsIntf service.

First,you have process instance key for find the right child table. 

    import Thor.API.Operations.tcFormInstanceOperationsIntf;

    private tcFormInstanceOperationsIntf service;

    /**
     * Default constructor.
     */
    public ProcessFormManagerImpl() {
        service = getClient().getService(tcFormInstanceOperationsIntf.class);
    }

    public void addDataChildProcessForm(long processInstanceKey, String columnName,
                                 String columnValue) throws Exception {
//columnName example UD_ADUSRC_GROUPNAME
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        HashMap addAttr = new HashMap();
        addAttr.put(columnName, columnValue);
        service.addProcessFormChildData(childKey, processInstanceKey, addAttr);
    }

    public void removeDataChildProcessForm(long processInstanceKey,
                                           String childFormKey,
                                           String columnName,
                                           String columnValue) throws Exception {
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        tcResultSet childData =
            service.getProcessFormChildData(childKey, processInstanceKey);
        for (int i = 0; i < childData.getRowCount(); i++) {
            childData.goToRow(i);
            String groupName = childData.getStringValue(columnName);
            if (groupName.equals(columnValue)) {
                long rowKey = childData.getLongValue(childFormKey);
                service.removeProcessFormChildData(childKey, rowKey);
            }
        }
    }

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Dec 17, 2013

Standards Corner: Double-Blind Identity

For several years now, BC has been working on a new identity services project that would enable citizens to securely access government services online. For BC, there is clear motivation: reducing identity management and fraud costs in everything from drivers licenses to health insurance. Find out how BC takes a new approach to identity services using double-blind identity architecture.[Read More]

Monday Dec 09, 2013

Account Provisioning With Oracle Identity Manager API

Oracle Identity Manager allows you to provision account using the OIM api. You can use Oracle Identity Manager to create, maintain, and delete accounts on target systems. Oracle Identity Manager becomes the front-end entry point for managing all the accounts on these systems. After the accounts are provisioned, the users for whom accounts have been provisioned are able to access the target systems without any interaction with Oracle Identity Manager. This is the provisioning configuration of Oracle Identity Manager.

oim provision

Sometimes you will need give account from remote operations (webservice or some remote connector).For this operations , you have to find right application instance for provision account. You can use findApplicationInstanceByName method of oracle.iam.provisioning.api.ApplicationInstanceService service for find application instance. Then,you can provision an application instance with OIM api, using oracle.iam.provisioning.api.ProvisioningService service.


import oracle.iam.provisioning.api.ProvisioningService;

import oracle.iam.provisioning.api.ApplicationInstanceService;


    public void provisionAccount(String userKey) throws ApplicationInstanceNotFoundException,

                                                                        GenericAppInstanceServiceException,

                                                                        UserNotFoundException,

                                                                        GenericProvisioningException {

  ProvisioningService service=getClient().getService(ProvisioningService.class); 

  ApplicationInstance appInstance=findApplicationInstanceByName("Application Instance Name");

                //serverName example : UD_ADUSER_SERVER

        //itResourceName example : Active Directory

        FormInfo formInfo = appInstance.getAccountForm();

        Map parentData = new HashMap();

        parentData.put(serverName, itResourceName);

        String formKey = String.valueOf(formInfo.getFormKey());

        AccountData accountData = new AccountData(formKey, null, parentData);

        Account account = new Account(appInstance, accountData);

        account.setAccountType(Account.ACCOUNT_TYPE.Primary);

        service.provision(userKey, account);

}


    public ApplicationInstance findApplicationInstanceByName(String applicationInstanceName) throws ApplicationInstanceNotFoundException,

                                                                                                GenericAppInstanceServiceException {

 ApplicationInstanceService service=getClient().getService(ApplicationInstanceService.class);

        ApplicationInstance appInstance=service.findApplicationInstanceByName(applicationInstanceName);

        return appInstance;

    }

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Nov 12, 2013

Chalk Talk with John: Business Value of Identity and Access Management


Conveying the business value of Identity and Access Management to non technologists can potentially be challenging, especially considering the breadth capability supplied by these technologies.

In this episode of Chalk Talk with John, Bob at Codeaway Valley asks Jim from Middleware Fields how they are able to manage access to buildings and facilities throughout their community. Bob and his team struggle to keep up with the needs of their community members, while ensuring the community’s safety. Jim shares his creative solution to simplifying the management of access throughout their community in Middleware Fields.

About me:

Hi, I am John Brunswick, an Oracle Enterprise Architect. As an Oracle Enterprise Architect, I focus on the alignment of technical capabilities in support of business vision and objectives, as well as the overall business value of technology.  Before coming to Oracle, I was a Practice Manager within BEA System's Business Interaction Division consulting organization, orchestrating enterprise systems in support of line of business goals.

Follow me on Twitter and visit my site for Oracle Fusion Middleware related tips.

Wednesday Nov 06, 2013

Hello With Oracle Identity Manager Architecture

Hi, my name is Mustafa! I'm a Senior Consultant in Fusion Middleware Team and living in Istanbul,Turkey. I worked many various Java based software development projects such as end-to-end web applications, CRM , Telco VAS and integration projects.I want to share my experiences and research about Fusion Middleware Products in this column.

Customer always wants best solution from software consultants or developers. Solution will be a code snippet or change complete architecture. We faced different requests according to the case of customer. In my posts i want to discuss Fusion Middleware Products Architecture or how can extend usability with apis or UI customization and more and I look forward to engaging with you on your experiences and thoughts on this. 

In my first post, i will be discussing Oracle Identity Manager architecture  and i plan to discuss Oracle Identity Manager 11g features in next posts.

Oracle Identity Manager System Architecture

Oracle Identity Governance includes Oracle Identity Manager,Oracle Identity Analytics and Oracle Privileged Account Manager. I will discuss Oracle Identity Manager architecture in this post. 

In basically, Oracle Identity Manager is a n-tier standard  Java EE application that is deployed on Oracle WebLogic Server and uses  a database . 

oracle identity manager architecture


Oracle Identity Manager presentation tier has three different screen and two different client. Identity Self Service and Identity System Administration are web-based thin client. Design Console is a Java Swing Client that communicates directly with the Business Service Tier.  Identity Self Service provides end-user operations and delegated administration features. System Administration provides system administration functions. And Design Console mostly use for development management operations such as  create and manage adapter and process form,notification , workflow desing, reconciliation rules etc.

Business service tier is implemented as an Enterprise JavaBeans(EJB) application. So you can extense Oracle Identity Manager capabilities. 
-The SMPL and EJB APIs allow develop custom plug-ins such as management roles or identities. 
-Identity Services allow use core business capabilites of Oracle Identity Manager such as The User provisioning or reconciliation service.
-Integration Services allow develop custom connectors or adapters for various deployment needs.
-Platform Services allow use Entitlement Servers, Scheduler or SOA composites.

The Middleware tier allows you using capabilites ADF Faces,SOA Suites, Scheduler, Entitlement Server and BI Publisher Reports. So OIM allows you to configure workflows uses Oracle SOA Suite or define authorization policies use with Oracle Entitlement Server. Also you can customization of OIM UI without need to write code and using ADF Business Editor  you can extend custom attributes to user,role,catalog and other objects.


Data tiers; Oracle Identity Manager is driven by data and metadata which provides flexibility and adaptability to Oracle Identity Manager functionlities. 
-Database has five schemas these are OIM,SOA,MDS,OPSS and OES. Oracle Identity Manager uses database to store runtime and configuration data. And all of entity, transactional and audit datas are stored in database.
-Metadata Store; customizations and personalizations are stored in file-based repository or database-based repository.And Oracle Identity Manager architecture,the metadata is in Oracle Identity Manager database to take advantage of some of the advanced performance and availability features that this mode provides.
-Identity Store; Oracle Identity Manager provides the ability to integrate an LDAP-based identity store into Oracle Identity Manager architecture. 

Oracle Identity Manager

Oracle Identity Manager uses the human workflow module of Oracle Service Oriented Architecture Suite. OIM connects to SOA using the T3 URL which is front-end URL for the SOA server.Oracle Identity Manager uses embedded Oracle Entitlement Server for authorization checks in OIM engine. 

Several Oracle Identity Manager modules use JMS queues. Each queue is processed by a separate Message Driven Bean (MDB), which is also part of the Oracle Identity Manager application. Message producers are also part of the Oracle Identity Manager application.

Oracle Identity Manager uses a scheduled jobs for some activities in the background.Some of scheduled jobs come with Out-Of-Box such as the disable users after the end date of the users or you can define your custom schedule jobs with Oracle Identity Manager APIs.

You can use Oracle BI Publisher for reporting Oracle Identity Manager transactions or audit data which are in database.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Thursday Mar 21, 2013

Managing Security in the SoMoClo World

Identity Management Product Marketing Team Blog

As we look forward in 2013, we look at the key trends driving the IT transformation today. Surely, mobile, social and cloud would top the list. With the proliferation of mobile devices companies are looking to offer access to the most commonly used (or user facing) business applications on users’ personal mobile devices. The spread of social networking is forcing organizations to allow users to access company resources using their social media sign-ons. And regardless of whether it is in a datacenter or in the cloud, the business application needs to be just as secure and reliable.

Customers today are demanding a seamless online experience, one that is geography agnostic. But most applications that are required to support this seamless digital experience were architected 10 or 20 years ago and are not scalable or agile enough. Worse, the applications still keep user experience and security at cross-hairs; you inevitably compromise on one or the other.

The applications for today and tomorrow will need to support the internet scale, offer a seamless user experience across all channels and yet be secure to enable a digital interaction with confidence. Which means, a re-architecture that adopts SOA for flexibility, BPM for collaboration and participation, a scalable user portal and Big Data for better business analytics and Fast data for the massive scale that will be required and a Security Inside Out approach. To learn more about how each of the Fusion Middleware components fit into a social, mobile, cloud strategy, we recommend you peruse all the videos and assets for The New Business Imperative: Social, Mobile, Cloud screencast program here.

In our previous posts, we talked about the essentials for Securing the New Digital Experience and how Oracle has adopted a platform approach to provide a solid foundation to enable a secure, seamless digital experience. If you missed our screencast, you can watch it now.

We wanted to share with you, some customer experiences. Industry leading organizations have adopted the platform approach to Identity management and have started to leverage the capabilities of our latest release, Identity Management 11gR2 to enable secure mobile and social access. Companies, like SaskTel, are offering Identity Management in the cloud to some of the most security-conscious organizations.

SuperValu, for example, is leveraging Identity Management to bolster employee productivity in their stores by delivering secure, simplified sign-on for store managers on iPads.

And Oracle itself is using Oracle Identity Management internally to offer a centralized, single identity system, a simplified identity context to its employees across a myriad of applications the employees have (and need) access to. Managing a dynamic workforce across geographies, folding in M&As, leveraging Identity Management to power the cloud services – Oracle Identity Management within Oracle is another good example of the success of a platform approach to identity management and security. Catch this podcast to get the full Oracle on Oracle story.

Engage with Us

Wednesday Mar 20, 2013

SoMoClo Drives the Next Evolution in Identity Management

Identity Management Product Marketing Team

The world (and hence an enterprise) today is very different from what we had say even 5 years ago. Lines between social and professional worlds are blurring fast. I use my smartphone to connect with friends and colleagues, check in on FourSquare for business meetings, follow my friends’ updates on Facebook, check work email, respond to LinkedIn requests from my professional friends and review the .xls sent by my colleague.

The pace of technology evolution is driving the customer expectations today. User experience is key as noted by Naresh Persaud, Director, Security & Identity Management in this screencast. A user needs to be able to sign on using say, the Google account, and use that across all his/her media experience – a smartphone, an iPad, gaining access to business applications, logging on to social media sites like Facebook, LinkedIn, others.

But so is security. A spate of security incidents in 2012 has, once again, brought the security issues to the fore. Did you know that 76% of mobile applications today store credentials on the device and 10 percent of those store passwords in pain text on the device? With 90% of organizations looking to offer mobile applications by 2014, those are indeed grim statistics. In a world where 62% companies are looking to connect with their customers and build relationships via the social networks, news stories like LinkedIn password hacking definitely make users like you and I pause.

Identity Management is the lynchpin for security and user experience. Breaking away from tradition, the latest release of Oracle Identity Management, 11gR2, marries convenience with security in offering a complete, seamless and secure digital experience to the users.

Focusing on reducing time to deployment and overall Total Cost of Ownership (TCO) and easing the user experience, R2 takes a platform approach to Identity Management bringing innovation, simplification and extreme scale to bear.

Leveraging the innovation in Oracle Fusion Middleware implies Identity R2 utilizes a common, standards-based model for workflow and UI customizations. R2 offers a scalable internet-grade identity platform that leverages ADF for UI customizations and workflow extensibility, SOA for flexibility, on BPM for collaboration and Coherence for extreme performance and WebCenter clustering for scale support.

Learn more about how Oracle Identity Management 11gR2 supports usability and scale requirements and the out-of the-box features that it offers to support the social, cloud and mobile security features. Catch the on-demand R2 launch webcast today and engage with us on OracleIDM to discuss your emerging identity requirements and whether or not you think R2 meets those. We look forward to hearing from you.

Engage with Us

Monday Mar 18, 2013

Do you Trust Social, Mobile, Cloud?

Identity Management Product Marketing Team

The last decade or so there has been a complete transformation in the way we work or how we consume information. Work is no longer about geography, it is an activity. “Company resources” are not just servers and systems in your server room, these could be in a data center, in the cloud or even the employees’ smart phones, iPads, tablets and more. Users of these “company resources” could be employees with physical badges, vendors, partners or customers connecting through the social media channels as Facebook, Twitter or Pinterest. Work can happen anywhere, via any device, through any network (intranet/social media channels/internet) leveraging company resources.

And why are organizations adapting this “work anywhere, anytime” model? The reasons are plenty - to improve efficiency, bring agility, build user productivity, offer seamless user experience to its customers or to simply establish a trust relationship with the customer. Social, Mobile and Cloud (SoMoClo) together is a business opportunity, a competitive advantage that organizations are seeking. And Security is the lynchpin in this new work order. Without a secure, seamless digital experience, it all falls apart.

With each new experience, the security risk increases. Each channel presents its own security points of failure. How can my company enable social trust as a means of connecting to customers & employees? How do I accommodate dynamic workgroups and teams of people around the globe that need to be part of my value chain? Is the Bring Your Own Device (BYOD) threatening the security of my digital and intellectual property? How can I securely connect mobile devices to my enterprise without compromising security? Are my applications secure enough to be cloud ready?

The security solution, thus, needs to scale and span across all the channels, encompass the growing breadth of both the “company resources” and the user population. The solution needs to provide the foundation (a platform) that feeds uniform security policies and extends identity context to the complete digital experience.

Naresh Persaud, Director, Security and Identity Management at Oracle, discusses the IT transformation driven by SoMoClo and underscores the need for a sound security solution. Catch this brief screencast on Securing the New Digital Experience to learn how the latest advances in Oracle Identity Management and Oracle Fusion Middleware solutions are fueling the transformation that is driving innovation in IT today.

Engage with Us

Thursday Jan 03, 2013

LADWP Transformed Customer Experience with Oracle WebCenter & Oracle Identity Management

Los Angeles Department of Water & Power (LADWP) serves 1.6 million residential and commerical customers in the greater Los Angeles area. Hear from Matt Lampe, CIO how LADWP mobile-enabled a customer service portal using Oracle WebCenter and Oracle Identity Management.

Additional Information

Thursday Feb 09, 2012

Oracle Named a Leader in both User Provisioning and Identity and Access Governance

Oracle Identity Management solutions were positioned in the Leaders quadrants, in the two recently published Gartner Magic Quadrant reports. This post is the first in a series of multi-part blog discussion, and over the course of next few weeks, we’d be covering details on what we believe make Oracle’s User Provisioning (Identity Administration) solution, Oracle Identity Manager and our Identity and Access Governance solution, Oracle Identity Analytics truly unique and industry leading.

Gartner published their first-ever Magic Quadrant for Identity and Access Governance and Oracle is a leader.

Source: Gartner Magic Quadrant for Identity and Access Management, Dec. 15, 2011. Doc ID#223606. Authors: Earl Perkins and Perry Carpenter. Page 3

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available by clicking on the note title. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any of warranties of merchantability or fitness for a particular purpose.

Identity and Access Governance solutions offer business users identity analytics and reports to address governance, audit and compliance challenges. According to Gartner, leaders in Identity and Access Governance (IAG) are “composed of vendors that provide products with a good functional match to client requirements for establishing a governance system for access. These vendors have been successful in building an installed base and revenue stream within the IAG market, and have a relatively high viability rating (because of IAG revenue). Leaders also show evidence of superior vision and execution for anticipated requirements, as they relate to technology, methodology or means of delivery. Leaders typically have significant market share, strong revenue growth, and demonstrated early customer satisfaction with IAG capabilities and/or related service and support.”

Oracle Identity Analytics is an advanced Identity and Access Governance solution from Oracle offering rich analytics, prioritized risk scoring, business-friendly dashboards, and advanced compliance features that monitor, analyze, review, and govern user access to mitigate risk, build transparency and satisfy compliance mandates.

The key challenge we often hear organizations talk about is scaling the compliance processes. Performing access certifications across not a handful but 100s of applications requires not just an automated solution but a powerful (but business friendly) process engine solution powered by analytics to make sense of all the data. To make it a real world discussion rather than a theoretical one, join ING and Oracle on a live webcast:  Scaling Role Management and Access Certification to Thousands of Applications on Wednesday, April 11, 2012 10:00 AM PDT where ING discusses how they successfully tackled the scale challenge.

Close on its heels, Gartner also published its 2011 Magic Quadrant for User Provisioning and Oracle is a Leader.

Source: Gartner Magic Quadrant for User Administration/Provisioning, Dec. 22, 2011. ID# G00219354. Authors: Perry Carpenter and Earl Perkins. Page 4

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available by clicking on the note title. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any of warranties of merchantability or fitness for a particular purpose.

Two things are clear with these reports. Organizations are looking at integrated, platform solutions to meet their audit and compliance needs. Platform approach is the only viable approach to close security and audit gaps, reduce TCO and derive the complete picture. And we believe with Oracle’s positioning in the leaders quadrant for both User Provisioning and Identity and Access Governance, organizations are assured that they are not only getting the complete solution but also best-in-class, backed by a strategic vision and strong executive commitment. Seamless integration with Oracle Identity Manager 11g makes Oracle Identity Analytics 11g industry's only access governance solution to offer an accurate closed-loop remediation solution with risk feedback calculated over a user’s lifecycle as actionable insight for certification reviews. To get customers’ perspectives on the implementation and results from the platform approach, we recommend you look at our monthly webcast series on the subject:

Customers Talk: Identity as a Platform.

If you are looking at user provisioning and/or compliance solutions, we suggest you start by downloading these analyst reports and our recently issued press release on the subject. For more information on Oracle’s platform approach to Identity Management and to learn more about our best-in-class Identity Management solutions, visit us at www.oracle.com/identity or contact us via our online communities: Facebook, Blog and Twitter.

You may also find the following resources helpful:

Ongoing Webcast Series: Customers Talks: Oracle Identity Management as a Platform

ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics

Customer stories: Tackling Compliance Challenges with Oracle Identity Analytics

What’s New in Oracle Identity Manager 11g

Monday Sep 19, 2011

Oracle Catches IBM's Identity Management in a Jam

Join us for an upcoming Webcast that explores the gap between Oracle and IBM in Identity Management. The webcast features: Smuckers, one of Oracle’s most innovative Fusion Middleware customers where they’ll be discussing why they chose Oracle over IBM. You’ll also hear directly from Oracle’s Scott Bonnell, Senior Director, Product Management, and Naresh Persaud, Oracle Director of Product Marketing. In a recent interview for the Fusion Middleware Newsletter Persaud discusses the biggest differences between Oracle and IBM.

“We found that the fundamental difference lies in Oracle’s integrated platform approach to identity management, a strategy that pays dividends in both cost savings and ROI,” he says. "The Oracle stack is completely integrated and tested out of the box, compared to IBM's cobbled-together group of solutions. It's not surprising that companies find themselves consistently spending a lot on integration with IBM." For example, a recent white paper from industry researcher Aberdeen Group found that companies using an integrated platform for identity management saved up to 48 percent over companies that tied together a raft of point solutions.

Oracle’s commitment to openness and interoperability also helps customers leverage legacy identity management applications, something that IBM solutions cannot match. “We have invested in standards that allow Oracle Identity Management to connect with other identity solutions, including IBM,” says Persaud. “We want customers to have the ability to easily expand existing identity management deployments with more capabilities from Oracle. It's important that companies have the ability to take advantage of identity management innovations going forward.”

To hear more about the advantages of Oracle over IBM, register now for the webcast, or see more like this on our Oracle site at http://www.oracle.com/goto/OracleOutperformsIBM.

Friday Sep 02, 2011

The Platform Evolution: Analyzing Point Solution vs. Platform Approach

 

Aberdeen recently released a report documenting the trend toward businesses adopting a more platform centric view of Identity and Access Management - noting that companies can save up to 48% by deploying solutions that are part of an integrated platform vs. deploying and integrating point solutions from different vendors.  Get a copy on our website.

Security Is About Latency

In Identity Management, security is a question of how quickly we can adapt and change. When an employee changes job roles or separates from the company, the latency of changing the employee's access to applications is the window of risk exposure. If a hacker is attacking your system, the latency of detecting the hacker and preventing the attack is the window of risk.

Analogy - if I go outside to pick up the mail and leave my front door open for five minutes, the chances are my TV is still in my home when I return. If I go to Aruba on vacation for a week and leave my front door open most likely my TV is gone. The key difference is the latency. The faster I close the door ,when I no longer need it open or when I am no longer monitoring it, the more secure my TV will be.  In Redwood City I can probably keep my door wide open for a day or more without my TV disappearing.  Lets say I am in Manhattan. If I leave my door wide open for one day, I may lose my TV.  The difference between Redwood City and Manhattan is the velocity and volume of the potential threats. In Manhattan I need low latency change. In Redwood City, I can probably go a little longer without closing my door. In Manhattan there is  just a larger volume of traffic that can potentially walk into my place if I leave the door open.

To connect the analogy, organizations today are providing more remote access to partners, customers and employees. At the same time the volume of applications has risen. The business enterprise is now living in Manhattan and leaving lots of doors open. The processes  to change access control via help desks, determine appropriate level of access, enforce separation of duties and monitor user behavior are not integrated enough to keep up with the velocity of the threats.  Here are a few examples:

 

  • Employee Job Change -  Organizations use ticketing systems to have user access changed. The reality is that the help desk is taking these requests by the thousands and it takes days or weeks to make access control changes.
  • Employee Separation -  Organizations depend on application administrators to remove dormant accounts and reconcile which users are no longer with the company before terminating access. The reality is that there are thousands of accounts and the application administrators do not have a way to truly certify a user's access or account. 
  • Re-mediating Employee Certification Reviews - Organizations depend on managers to certify their employee access without providing the context information necessary for managers to make the right decision. The reality is that many managers are blindly certifying user access because the task of verifying user access is too cumbersome.

Bottom Line: Quicker access change control to portal applications and better prevention of SOD conflict to ERP systems makes the enterprise a safer place.

We have to reduce latency of access change as the velocity of the threat increases. An integrated platform minimizes the latency of change across all applications  so enterprises can adapt to the velocity of threats.

Don't miss the  upcoming webcast on Analyzing the Identity "Platform" versus "Point Solution" Approach on Sept 15, 2011, 10 AM PST. Register today. 

 

 

 

 

About

Get the latest on all things Middleware. Join Oracle's Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
5
6
12
13
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today