Access%20and%20Identity%20Management%20for%20Enterprise%20Portals

1
(No Transcript)
2
(No Transcript)
3
Access and Identity Management forEnterprise
Portals
Rohit GuptaDirector, Identity Management Product
Management Oracle Corporation
4
Topics

• Introduction portal identity management issues
• Identity consolidation
• Password and identity administration
• Centralized authorization and authentication
• Automated user identity provisioning
• Federated identity support
• Summary and conclusions

5
(No Transcript)
6
Oracle Fusion Middleware Application Platform
Suite
Develop
Analyze
Deploy
Manage
7
Oracle Portal Aggregates Customers Web
Applications
Packaged Apps
Page Assembly Engine
Portlet Engine
Internet / intranet Users
Personalization Portal
Runtime (User, Session, Management
Any Data Source
Wireless Mobile

• Reduce web sites, simplify searches navigation
• Single sign-on security framework, enterprise
  search
• Assemble portals from pre-built portlets and
  Web Services
• Personalize portals by user / role

Any Web Site
8
Identity Management Challenges for Customers
Deploying Portals
Problem Issue for users Issue for administrators
Lack of centralized user identity management Too many identities and credentials to manage Frequent calls to the helpdesk for password resets
Lack of centralized web authorization and authentication service Multiple log-ins to different applications within the enterprise Inconsistent application security policies
Manual user provisioning process Delays in getting needed access to applications Labor intensive, error prone, and difficult to keep in compliance
Lack of identity federation support Multiple log-ins to applications hosted outside the enterprise Managing authorization credentials for outside users
9
What is Identity Management?Securing your IT
assets from within

• Management of digital user identities through
  their complete lifecycle
• Employee hire -gt promotion -gt departure
• Securing access to applications and information
• Authentication proving you are who you say you
  are
• Authorization what you have access to, when,
  where
• Scalable and available storage of identity
  information
• Profile roles and attributes about you

10
Oracle Identity Management

• Access Control
• Single Sign-On
• Identity Federation
• Web Access Control
• Web Services Security
• Identity Administration
• User, Role Management
• User Provisioning
• Identity Infrastructure
• Virtual Directory
• Directory

11
Identity Consolidation
12
Identity Consolidation Overview

• Oracle Portal includes Oracle Internet Directory
  as a user management repository
• Frequent deployment requirement for integration
  with
• Enterprise directories
• Application directories
• User repositories
• Oracle Virtual Directory and Directory
  Integration Platform facilitate portal
  integration with these environments

13
Oracle Internet Directory

• Features
• Full feature LDAP server with a RDBMS data-store
• Industry leading scalability and HA capabilities
• Strong Oracle Platform integration
• VSLDAP certified and EAL4 compliant
• Benefits
• Reduced operational cost and improved
  availability with Oracle Grid support
• Seamless integration with Oracle Applications and
  Products

14
Directory Integration Platform
External Directories
DirectoryIntegrationService
Sun1(iPlanet)
Active Directory
OracleInternet Directory
Oracle HR
Oracle DB
OpenLDAP
eDirectory
Connectors
15
Oracle Virtual Directory

• Features
• Virtual, real-time LDAP application views of
  directories, databases and other user
  repositories
• Modern Java Web Services technology
• Virtualization, Proxy, Join Routing
  capabilities
• Superior extensibility
• Scalable multi-site administration
• Direct data access
• Benefits
• Rapid application deployment
• Tighter controls on identity data
• Realtime identity informationaccess

16
Directory Deployment Options
-or-
Portal/Access Mgmt System
Portal/Access Mgmt System
Oracle Internet Directory/DIP
Oracle Virtual Directory
Point of Administration
Other Directories and Repositories
Other Directories and Repositories
Points of Administration
17
Benefits for Portal Deployments

• Extremely scalable, highly-available LDAP
  directory option for any portal deployment
• Ready integration with enterprise user
  repositories rapid deployment in any environment
• Flexibility in how and where user information is
  administered

18
Password and Identity Administration
19
Password and Identity Administration - Overview

• Basic user administration is provided in the
  Portal environment
• Oracle COREid Identity provides richer enterprise
  user administration functionality, including
• Self-service
• Delegated administration
• Customized approval workflows
• COREid Identity functionality integrates into
  Oracle Portal applications, providing a unified
  look and feel

20
Oracle COREid Identity

• Features
• Web application for user, group, and organization
  management
• Self Service and Self Registration functionality
• Password Management
• Delegated Administration
• Unified Workflow
• Benefits
• Reduced operational costs through user
  self-service
• Efficient management of large user populations

21
Integrated User Administration
PresentationXML and Portal Inserts allow Portal
customers to customize the look-and-feel of
Oracle COREid and seamlessly integrate its
functionality into portal applications.
LDAPDirectories
22
Self-Service andDelegated Administration
Site 13 End Users

• Self-service
• Change identity profile
• Password changes
• Initiate workflow changes

Site 2 1 Delegated Administrator 6 End Users
Oracle COREid Access or other access manager
Web Server
Site 3 2 Delegated Administrator 8 End Users
Extranet Team
Oracle Internet Directory or other LDAP-based
Directory Server
23
Benefits for Portal Deployments

• Oracle Identity Management reduces administrative
  burden and cost
• Administer Portal and enterprise users with a
  single application
• Support multiple levels of delegated
  administration of Portal user communities
• Self-service ROI by allowing users to perform
  password resets, role requests and manage
  identity information
• Automate approval workflows for user access
  requests

24
Centralized Authorization and Authentication
25
Centralized Authorization and Authentication -
Overview

• Oracle Single Sign-On addresses authentication
  for the Oracle application environment
• COREid Access provides authentication and access
  management for a wide variety of third party
  application environments
• The two components work together to provide a
  seamless application experience for users, and a
  single point of access control for administrators

26
Oracle COREid Access

• Features
• Scalable web access management solution
• Common policy management across applications
• Multi-level, multi-factor authentication
  management
• Web Services interfaces
• Benefits
• Centralized and consistent security across
  heterogeneous environments
• Reduced administration cost
• Improved end user experience
• Better compliance

27
Single Sign-On to Heterogeneous Applications
OracleASSSO
Other Enterprise Applications
Oracle InternetDirectory
App Servers
Single Sign-On
Packaged eBusiness Apps
Oracle COREidAccess
Portals
Sun DirectoryServices
Static HTML content
VirtualDirectory Server
Microsoft ADS
Mainframe Systems
28
Benefits for Portal Customers

• Users have single sign-on to all applications
  accessed through their portal
• Administrators have a single point of control for
  authentication and authorization
• Oracle access management is pre-integrated with
  Portal and other Oracle applications and offers
  out-of-the-box integration with other enterprise
  applications, portals and application servers

29
Automated User Identity Provisioning
30
Automated User Identity Provisioning - Overview

• Provisioning users to an enterprise portal
  typically involves also provisioning them for a
  number of applications
• Oracle, 3rd party, custom developed
• Running on a variety of platforms
• Internal processes for granting/terminating
  application access can be quite complex
• Handling these in a secure, efficient and
  compliant way requires automation
• Oracle Xellerate Identity Provisioning integrates
  with the portal and the backend applications to
  provide these capabilities

31
Xellerate Identity Provisioning

• Features
• Identity life-cycle management for the
  heterogeneous enterprise
• Complete workflow for approvals
• Connectors for OSes, DBs, Directories,
  Groupware, Apps, etc.
• Direct connectivity to HR
• Compliance reporting and account reconciliation
• Benefits
• Reduced administration cost
• Critical for regulatory compliance
• Improved security through centralized
  administration

32
Benefits for Portal Deployments

• Efficient enterprise portal user management
• Rapid on-boarding of new users
• Improved application security
• No old user accounts in the system
• Improved ability to address compliance
  requirements
• No rogue or orphan accounts

33
Federated Identity Support
34
Federated Identity Support - Overview

• Portals often have a need to service users across
  administrative domains
• Inter-agency, partners, customers, etc.
• Emerging, web services standards are addressing
  these requirements
• SAML, Liberty
• Oracle COREid Federation provides portal
  applications the ability to participate as
  federated identity and service providers

35
COREid Federation

• Features
• Seamless SSO and Identity Sharing
• Multi-protocol gateway SAML, Liberty,
  WS-Federation
• Service Provider or Identity Provider
• Flexible deployment configurations
• Standalone for use with pre-existing web-access
  management solution
• Protocol SDK for custom applications
• Benefits
• Secure integration with partners
• Reduce administration cost
• Deliver improved end user experience

36
Example Federated IdentitySingle Sign-On Scenario
401k Benefits Site
Employee Portal
Employee MedicalBenefits Site
Federated SSO
Federated SSO
Identifier Principal ABC Password XXXX
Sign On
37
Benefits for Portal Deployments

• Portal users can transparently access
  applications of federation partners (such as
  travel agencies, employee benefits providers,
  etc.)
• Applications secured by Oracle Identity
  Management can be made accessible to partners
  through federation
• No need to manage these users locally
• No re-engineering of applications required

38
Summary and Conclusions

• Enterprise portal deployments raise a number of
  management and security issues
• Oracle Identity Management enables Portal
  customers to
• Support single sign-on of portal users to
  enterprise applications
• Provide rich user administration and self-service
  seamlessly integrated into the portal environment
• Manage enterprise portal and application users
  centrally
• Automatically provision and de-provision
  enterprise portal users
• Allow their portal users to access federated
  applications
• Make their portals available to partner access

39
Q

A
40
For more information

• Please point your browser to http//www.oracle.com
  /identity

41
(No Transcript)