The name of the base system (platform): | Oracle Identity and Access Management Suite 11g |
Developers: | Oracle |
Date of the premiere of the system: | July, 2010 |
Last Release Date: | 2014/04/15 |
Technology: | Cybersecurity - Authentication |
Content |
Unification of the mechanism of management of accounts (Oracle Identity Manager (OIM))
Oracle Identity Manager (OIM) is a management system for accounts and the privileges of users of information resources of the enterprise. Being a part of a product family of Oracle Identity and Access Management, this system provides management of accounts and the privileges of users during all their lifecycle, from creation before removal, giving an opportunity to adapt business processes of work with credentials to constantly changing business requirements of the enterprise.
System implementation is recommended for the medium-sized or large companies. Infrastructure of such companies, as a rule, represents a set of the diverse systems at a large number of users (external and internal) for whom access to systems and applications of the company is necessary.
Use of OIM allows to cut down expenses on maintaining accounts in corporate systems since creation/change/removal of accounts is carried out once in the central repository and further this information is transferred to direct systems automatically. The architecture of the central repository of OIM in combination with the device of approval allows to have one idea of the user in the different systems and to avoid repeated input, the related errors and a mismatch of accounts in corporate systems.
Key qualitative indexes of the solution:
- Increase in level of information security of the enterprise;
- Accounts of the dismissed employees are eliminated;
- The possibility of receiving unauthorized access is excluded;
- Implementation of uniform password policy;
- Access control on the basis of a role model (RBAC);
- Implementation of uniform point of entry of SSO;
- Implementation of Password Management and management of personal information of the employee;
- Possibility of automation of passing of check on compliance to international standards of security (SOX, HIPAA);
- Implementation of the central trusted repository of the identification information.
2010: Oracle Identity Management 11g
In July, 2010 the Oracle company announced release of the new version of a packet of Oracle Identity Management 11g for management of digital certificates of users with support of "cloud" calculations and service-oriented architecture. The Oracle Identity Management 11g system differs in deep integration into modern business applications and the middleware of the Oracle Fusion Middleware 11g family.
The technology of control of the digital identity certificates Oracle Identity Management 11g provides the most careful management of the rights and the privileges of each user and also automatic observance of regulatory requirements on data protection. The service-oriented architecture implemented in technology allows to create a uniform point of control for all applications – local and provided by external suppliers.
The Oracle Identity Manager 11g component represents the full-function tool for administration of user rights and selection of appropriate authority by it. Besides, the mechanism of universal delegation of administrator functions (Universal Delegated Administration) based on politicians of authorization and instruments of self-service of users is supported.
The Oracle Access Manager 11g component implements uniform registration for access to all corporate web applications (SSO – Single Sign-On) and also offers control of the user sessions without the appeal to hard drives on the basis of Oracle Coherence technology (it provides high processing speed). The technology of safety zones for uniform registration of SSO Security Zones helps to create protective perimeter for applications.
The module Oracle Adaptive Access Manager 11g helps to prevent attempts of fraud using One Time Password Anywhere technology which transfers one-time passwords to any place in the world through Sms, interactive voice service, by e-mail and through an Internet chat.
The module Oracle Identity Analytics 11g provides observance of legislative standards for data protection at the organization of complex storage of digital certificates Identity Warehouse. The structure of this module includes Cert360 technology which provides the exhaustive analysis of a status of security systems and access control to information.
The modules Oracle OpenSSO Fedlet and OpenSSO STS 11g provide a full integration of Sun Fedlet technology for fast connection of the partner systems to internal systems of the customer, and distribution of digital certificates is provided using technology of the protected counters of Sun Open SSO STS (Secure Token Service).
Also the packet includes a set of auxiliary tools of management Oracle Enterprise Manager Grid Control Management Pack for Identity Management 11g containing means for expanded monitoring, diagnostics and serviceability check of all components of the Oracle Identity Management 11g platform.
2012: Oracle Identity Management 11g Release 2
The Oracle corporation announced in the summer of 2012 the new version of the platform for management of identification data — Oracle Identity Management 11g Release 2. Using the functions optimized for modern digital realities, the new release of Oracle Identity Management 11g allows the organizations to use safely cloud, mobile and social infrastructures and to attract new user communities to further expansion and business development, says corporation.
Oracle Identity Management 11g Release 2 provides complete, open and integrated solution for management of identification data with advanced functionality which gives to clients the chance effectively to observe new statutory requirements, to provide protection of crucial applications and vulnerable data, to optimize password management for the accounts subject to the increased risk and also to cut down operating expenses.
"We developed Oracle Identity Management 11g Release 2 to help our clients with the solution of the new tasks resulting from rapid distribution of modern digital technologies. We want to help them to protect better the existing infrastructures and to increase consumer audience — Amit Jasuja, the vice president of Oracle for product development of Security and Identity Management said. — Using Oracle Identity Management 11g Release 2 of the organization will be able to improve and simplify management of lifecycle of identification data on the scale of all enterprise and, at the same time, to provide observance of tough legislative arrangements and requirements of regulators".
The solution Oracle Identity Management 11g of Release 2, being a key component of the Oracle Fusion Middleware complex, it is constructed on the Oracle platform and open standards. Thus, the organizations can use ready technologies together with Oracle Fusion Middleware and also with business applications and binding software of other suppliers.
The new release of Oracle Identity Management 11g consolidates all offers of Oracle on management of identification data to help clients with achievement of optimal balance between performance and operational requirements. The portfolio of the solutions Identity Management is separated into three main categories — Oracle Identity Governance, Oracle Access Management and Oracle Directory Services.
So, administration and optimization of identification data of Oracle Identity Governance supports request processing on access, management of identifiers and periodic confirmation of IT privileges using the simple standard user functionality constructed on a single platform with ample analytical opportunities.
Among new features: the solution Oracle Privileged Account Manager — via the interface, friendly for business users, like "a basket for virtual purchases", allows employees to request access to applications; personalisation of the interface using the only browser; management of identifiers at deployment of applications in a cloud environment; expanded support of the reporting under observance of legislative arrangements with multilevel confirmation of right of access.
In turn, access control of Oracle Access Management offers a comprehensive information protection using means of authorization and authentication of users for all corporate data, applications and web services.
Among new features it is possible to note: built-in mobile security and mechanism of single authentication (Single Sign-On); support of an authentication mechanism of Social Sign-on (for social networks Facebook Google Yahoo Twitter LinkedIn) and the application programming interface of REST API for development of customized and mobile applications; support of several storages of identification data and configurations with several data processing centers; expanded integration into solutions of other suppliers; and the improved functionality for identification of cases of fraud.
At last, directory services of Oracle Directory Services represent the comprehensive and checked solution for a directory service. New features include: the search mechanism based on similarity of search criteria and virtual attributes — allows to perform frequent updates of directories using the services tracing provision of the client for support of mobile and social applications; "the optimized solution for a uniform directory service" Optimized Solution for Oracle Unified Directory — provides scaling and reliability of an operator class that allows to reach high performance for cloud, mobile and social ecosystems; the functionality implemented by the principle "all in one" (All-in-One) — integrates possibilities of data storage, the proxy module, services of synchronization and virtualization for achievement of bigger flexibility at implementation of large-scale deployments on the compact equipment that allows to simplify installation process and managements and to provide functional compatibility with a broad spectrum of hardware and operating systems.
2014: Improvements of Oracle Identity Management 11g of Release 2
On April 15, 2014 the Oracle corporation announced improvements in Oracle Identity Management 11g Release 2.
New opportunities will help to display approved policy and a control facility of access out of limits of corporate business applications and systems, extending them to cloud environments and mobile devices. Providing coordinated management with the identification information for all these Wednesdays, Oracle assists the organizations in reducing costs for management, strengthening of security and decrease in operational risks.
Protection of corporate, cloud and mobile environments
New features and possibilities of Oracle Identity Management 11g R2:
- Oracle Mobile Security Suite: Protects corporate business applications and data on the personal devices used for accomplishment of working tasks (within the concept of BYOD) and provides uniformity of user environment for any channels of access, implementing services of management of the identification information, such as identification of fraudulent activity, registration of users, requests for gaining access, independent password management and management of authorization - in the environment of digital interaction of clients and employees. Helps the organizations with protection of the mobile applications extended through popular app stores.
- CloudAccessPortal: Displays application of corporate assets of single registration (Enterprise Single Sign-On, eSSO) out of limits of the desktop systems running Windows, giving to users an opportunity to get access to the SaaS-applications from idle time, the personalized panel of start available on any device, the tablet or the workstation, including to the applications requiring input of a user name and the password. As a result users do not need to remember difficult passwords for a set of the SaaS systems, and the enterprises can limit access to cloud applicaions to the employees who are outside the enterprise.
- OracleMobileAuthenticator: Represents mobile application which simplifies the procedure of strict authentication, replacing the hardware identifying keys released by the enterprises and providing thereby considerable cost reduction. Oracle application of Mobile Authenticator is available to iOS and Android.
- Expanded support of the OAuth protocol: Support of 2-and 3-step authorization under the OAuth protocol and more difficult scenarios providing receiving consent of the user before the third-party application is able to get an information access on the website of applications of service provider is implemented. It allows the organizations to create more powerful, than it was possible before, the applications connected to cloud environments and to adjust new economic and business relationship for which corporate technologies were required before.
- ContentManagementSecurity: Provides detailed access control to the documents managed by Oracle WebCenter Suite and Microsoft SharePoint using model of providing access based on the politician. As a result management of unstructured data becomes simpler and security on the basis of effective use of such attributes as a role, location and the tolerance level increases.
- The improved management of accounts: New management tools sessions of privileged users and registration of their actions are offered to give to auditors an opportunity to learn, "who that made" and to make investigation in case of incidents of information security. Besides, a number of the improvements allowing to simplify processes of giving by corporate users of requests for access to systems and also processes of recurring inspection by managers of the user privileges is entered.
- Performance improvement: Additional opportunities and means of performance improvement in Oracle Access Management: in the new version performance is increased by 20%, in comparison with the previous version.
The solution Oracle Access Management is certified for work on the hardware and software system Oracle Exalogic Elastic Cloud, providing elastic scaling now.
- The improved management of lifecycle of software: The new master of deployment of the Oracle Identity Management platform and packets of corrections providing automation of installation and configuring allows to accelerate deployment of the multinodal systems of high readiness by 5 times and also to reduce time and to simplify management of cluster environments of high readiness for directory services, access control and management of accounts. The new version also includes the step-by-step instruction allowing to accelerate and simplify large-scale deployments in production working environments.