This tutorial deals with the Oracle Identity Manager and its role in identity management and identity administration. In this part, we will discuss about the various aspects of an Identity Management System.

Identity Management System

As discussed before, Identity Management refers to the processes that a company uses to manage the entire security lifecycle of resources for its users, organisations, roles, and entities.

• Managing users, organisations, roles, and resources :
  This refers to the users (employees, managers, customers, etc.) of an organisation. Each of these users have specific roles, which denote the positions that the users hold and the functions that they perform. The resources, meanwhile, are all the information, data, areas, etc. that are able to be accessed by those particular users.

• Managing authentication and authorisation:
  Important user activities to be authenticated and authorised by a superior in charge of the function.

• Enforcing security policies for user accounts:
  There may be many security policies put in place, depending upon the organisation and regulatory requirements. For example, a user may not have access to more than two resources at a time.

• Providing auditing and logging through attestation processes:
  The attestation process is a regulatory activity that verifies the access of the users periodically through auditing and logging.

• Information flow between various resources to keep them in sync:
  The Identity Management System also takes care of the information flow between resources. In the diagram depicted above, the user has access to “Applications”, “Databases”, and “Directories”. Any activity he performs with one resource has to be synced with the data in the other resources. The Oracle Identity Manager links all of these accounts with the OIM User, i.e. Joe Smith.

Benefits of Identity Management

Making use of an Identity Management System has several advantages. It not only manages the users in an organisation, but also takes care of the regulatory and security requirements that come along with identity management. The following are the various benefits of using an Identity Management System:

• New users gain faster access to the resources needed.

• The system dynamically adjusts to meet the users’ changing needs.

• It enables faster processing of requests.

• Common processes across multiple accounts standardise procedures, reducing mistakes and cost.

• It results in reduced security costs through task automation.

• It has audit and reporting capabilities.

• Account clean-up or deletion validation across all platforms and applications is possible based on a single action.

Values of an Identity Management System

Using an Identity Management System adds a lot of value to the organisation. An Identity Management System provides the following values to any enterprise that uses it:

• It delivers the right information to the right people, at the right time.

• It saves costs by automating users’ access to different resources.

• It has the ability to better track the users and their access activities, which is invaluable for security audits.

• It has single-click deprovisioning, which prevents the loss of sensitive data to unauthorised individuals.

• It improves user experience.

• It simplifies application development and deployment.

Features of an Identity Management System

The features of an Identity Management System are:

• Establishing an enterprise identity and roles.

• Enforcing strong and granular security policies.

• Automating security-related processes.

• Defining an audit and control framework.

• Deploying a scalable integration architecture.

• Providing security and control for enterprise applications.

• Providing manageability and security for databases.

• Providing compliance and fraud management for financial services.

Terminology

The following are the terminologies used when discussing about an Identity Management System:

• Identity: A set of attributes that uniquely identify a user or service.
  

• Identity Database: It stores and manages identity information.
  

• Entitlement: An action that an entity is entitled to perform in a network.
  

• Policy: It governs the management of identities in an enterprise system.
  

• Provisioning: It is the automated creation, modification, and deletion of user identities and accounts across multiple resources.
  

• Reconciliation: It is the process by which an identity creation, modification, or deletion action in a resource is initiated from another resource.
  

• Identity Administration: It is the managing of information associated with an identity, which can be a user or a service.
  

• User Administrator: One who creates, modifies, and deletes or disables users in the system.

Functional Areas

The functional areas which come under Identity and Access Management are: 

• Identity Administration - to provision users.

• Access Management - to provide users access to resources.

• Directory Services - to create an enterprise user.

• Audit and Compliance - to generate the auditor and compliance reports.

• Suite Management - to manage Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Analytics seamlessly.

Krishnaa Lakshmanan

Add comment