1 / 33

Simplifying Your Identity Management Implementation

Simplifying Your Identity Management Implementation. Nelson Mak Sales Consulting Director, North Asia Identity Management and Security.

Download Presentation

Simplifying Your Identity Management Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Simplifying Your Identity Management Implementation Nelson Mak Sales Consulting Director, North Asia Identity Management and Security

  2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

  3. Program Agenda • Implementation Challenges • Our Solution • Case Studies • Q&A

  4. Why is Identity Governance hard to Implement? Key Challenges • Multi-vendor, Fragmented Point Solutions • Costly integration with Support challenges • Specialized Knowledge • Expensive Customizations • Expensive to implement, maintain & upgrade • Scalability • 1000s of apps, millions of entitlements • Takes too long to on-board applications

  5. Program Agenda • Implementation Challenges • Our Solution • Case Studies • Q&A

  6. Oracle Identity Governance Cost Effective Deployment • Platform Approach • Integration ->Converged • One Architecture • Modern Tooling • Browser Based • Drag and Drop, Declarative • No XML editing, proprietary scripting or Java coding

  7. Oracle Identity Governance Governance Platform Connectors Provision De-Provision Grant User Access Monitor User Access Check-in/ Checkout Privileged Account Request Role Lifecycle Management Identity Certifications Reporting & Privileged Access Monitoring IT Audit Monitoring Rogue Detection & Reconciliation Access Request Access Catalog Roles IT Ownership Entitlements Accounts Business Attributes Glossaries

  8. Oracle Identity Governance A Platform Approach Improve Compliance Reduce Risk Reduce Cost Common Data Model Common Architecture Closed Loop Remediation Common Connectors

  9. Oracle Identity Governance Privileged Account Management • A new offering integrated with the Governance Platform • Password check-out for shared OS, database, and application accounts • Catalog for regular and break-the-glass access request • Access certification for access review and audit • Same connectors that are used in access request and access certification

  10. Simplified Customizations Browser Based Tooling • Form Designer • Extend User, Role, Organization, Catalog and Application Instance entities • Durable Customizations • Workflow Designer • Request Routing Rules & Notification • Security Policies • Attribute/Data Level Security

  11. Simplified Lifecycle Management Sandbox • Develop and test customizations without impacting other users • Publish to all users after testing • Un-publish in case of accidental errors • Move customizations from one environment to another

  12. Simplified Application On-boarding From “Days” to “Minutes” • Rapid on-boarding of 1000’s of applications • On-boarding steps reduced to • Define forms • Configure associated entitlements • Publish to catalog • Manual Provisioning Workbench • Leverages same powerful SOA based workflow engine for manual provisioning task

  13. Program Agenda • Implementation Challenges • Our Solution • Case Studies • Q&A

  14. Simplifying Your Identity Management ImplementationCase Studies – 1 Group Companies in China 350,000 Employees 20+ Sub Companies

  15. Business Painpoints No centralized access control and security from group to subsidiaries No linking between user information, IT accounts and HR records Security No process, standard and control for user management User has multiple passwords, no user experience Business No standardize integration framework for existing and future business application Lack of group level centralized access control for core business application IT Infra

  16. Business Objectives Starndardization: To drive the integration and starndard based on the user management lifecycle. Standard Platform: Building and Linking the platform for group and companies Platform Integration: Implement Central User Store, SSO, User Management and Data Synchronization.

  17. Deployment Approach Shared Application Group ODS Web Tier ODS Authenticate OIF OIF Web Tier OIM OIM OAM Psoft Employees OAM Company X Portal Portal Apps Apps OA Email

  18. Business Value • Enhance HQ IT control from decentralization to centralization • Cost Savings:  Prevent losses from orphan account, reduce operation and admin cost from shared IDM service • Compliance and Security:  Built up the enterprise wide standard and policy, enforce centralized end-to-end management from group to all SBUs and BUs and reduce security risk • Business Process Automation:  HR driven user identity and organization life cycle management, fill-up the gap among people, business and IT • Client Experience:  Improve and streamlines the user experience through single username password and self-service console for end-user

  19. Simplifying Your Identity Management ImplementationCase Studies – 2 Group Companies in Korea 500,000 Staffs 30+ Sub-Companies

  20. Customer Information • Number of Employee : about 500,000 • Enterprise Portal : Messaging Service, Workflow, Remote Access, Searching Employee Information, One Voice of all Sub-Company • HQ store all Global User Information • Enterprise Portal provide real time employee information to each Sub-Company • Enterprise Portal : Based onEurope,America,Asia • Number of Sub-Company : about 30

  21. Enterprise Portal Flow User Reg Group LDAP Portal Group(Enterprise Portal) Replication Replica LDAP File I/O, Batch Replication Partner e-HR G-ERP Replica LDAP Company A (P/L IF Batch) Sub LDAP AD SSO Client (P/L IF) Dept A Dept B Dept C Department A APP SSO

  22. Objectives Enterprise Portal Case • Identity Management Automation • Btw each group, provide automated identity synchronization process • For each sub-company, standardize the process for employee and contractors identity management • Reduce time and complexity for identity synchronization time • Provisioning / De-provisioning • Identity life cycle management of Global employee including contractors • Identity management for heterogeneousIT environment • Managing unused resource account, reduce security risk • Password Sync • Password sync for heterogeneous IT resources from Global User Directory Server • Controlled Employee Identity Information • Provide limited employee information sync process for each sub-company

  23. Outlook Enterprise Portal Directory Outlook Directory Filtering MetaFrame Servers Active Directory Filtering Sub-Company Sync Directories IBM Directory Sametime Servers Enterprise Portal Applications Architecture – Phase 1 Identity Manager User Database

  24. Master Directory Sync Directory Sync Directory Filtering Filtering WorkFlow Enterprise Portal Identity Manager Identity Manager Identity Manager Master Directory Master Directory Filtering Filtering Temporary Database Sync Directory Temporary Database e-HR e-HR Architecture – Phase 2

  25. Architecture – Phase 3 Enterprise Portal – Phase 3 Admin Self-Service HR HR User/Group User/Group AD AD for VPN User/Group Sync DB(Oracle Database) Employee Portal DB(Oracle Database) North America IM KR IM HQ ODSEE NA ODSEE ODSEE for each Company Continental Identity Sync using LDAP Replication AD AD EU ODSEE CN ODSEE China IM EU IM DB(Oracle Database) DB(Oracle Database)

  26. ERP Security • Identity Access Management for ERP • Requires a centralized Identity Access Management System for all ERP systems • Provisioning / De-provisioning • Identity life cycle management of ERP User including contractors & partners • Using Central Provisioning to manage user and entitlement in ERP • Detect illegal ERP account, reduce security risk • Using multiple approval process, need to mange each single level of entitlements • Auditing • Audit all ERP users entitlement to eliminate security risk regularly • Restrict the access to ERP data based on location • Enforce SOD Check

  27. AS-IS vsTo-Be Update Employee Update Employee HR Enterprise Portal HR Request (CSR/Mail) Login to Self Service ERP User HR Admin HR Admin Approval Req Enterprise Portal Request ID/Entitlement Sub LDAP Approve App. Owner Request to IT Admin Approval/Audit Identity Manager IT System ID/Entitlement Assign ERP User IT Admin Assign Id/Entitlement IT System Real Time Sync App. Owner Sub LDAP System Admin Application Application Batch Database Admin Policy Admin Global ERP Global ERP Biz. App Admin

  28. Q & A

  29. Enter to win a brand new Apple TV • Get an entry form at the IDM demo stations • Visit all 9 IDM demo stations in Moscone South • Get your form signed at each demo station • Submit your form

  30. Join the Oracle IDM Community Twittertwitter.com/OracleIDM Facebookfacebook.com/OracleIDM Blog blogs.oracle.com/OracleIDM oracle.com/identity

  31. Graphic Section Divider

More Related