This tutorial deals with the Oracle Identity Manager and its role in identity management and identity administration.
Identity Management
Identity Management refers to the processes that a company uses to manage the entire security lifecycle of resources for its users, organisations, roles, and entities. An Identity Management System is required in a company for:
-
Managing users, organisations, roles, and resources.
-
Managing authentication and authorisation.
-
Enforcing security policies for user accounts.
-
Providing auditing and logging through attestation processes.
-
Information flow between various resources to keep them in sync.
Fig. 1 - Identity Management in perspective
Business Drivers for Identity Management
<-->
Fig. 2 - Business Drivers for Identity Management
<-->As can be seen from the diagram depicted above, the main business drivers for the need for an Identity Management software (like the Oracle Identity Manager) is to reduce costs and improve the quality of service.
In a world without Oracle Identity Manager, if a user forgets his/her login credentials, they would have to put up a request through the help desk. The help desk staff would then generate a ticket for the user to reset and regenerate new credentials. This would take a minimum of two days to complete.
When Oracle Identity Manager is used, it reduces cost by eliminating the need to hire separate staff to attend the help desk calls and requests. At the same time, the quality of service is immensely improved by the waiting time being reduced from two days to a matter of thirty minutes, at the most.
Identity Management also provides open access to the business with minimum risk involved. For example, if a firm outsources a certain department to a third party company, they would have to provide access to tasks and activities that come under that department to users in the third-party company. This is achieved through Oracle Identity Manager by providing access to only those activities that are concerned with the operation of the outsourced department, without enabling access to other areas of the company.
A lot of companies use Oracle Identity Manager in order to comply to regulations. Some of those regulatory acts are:
-
Sarbanes-Oxley Act
-
Gramm-Leach-Billey Act
-
Health Information Portability and Accountability Act
-
European Data Protection Directive
These acts are meant to protect the stakeholders of the companies as well as to make sure that the companies are following the regulatory norms. For example, the Sarbanes-Oxley Act is meant to protect investors against accounting frauds. This act is being followed by most of the countries in the world. Identity Management helps facilitate this act by providing permissions to users that allow them to approve or reject activities.
During auditing, several reports are required to be submitted, so that the compliance with rules and regulations can be audited and checked. Manually, it is very difficult to generate these reports. Oracle Identity Manager makes this easy by automatically generating the required reports for auditing.
Ease of Operation
Fig. 3 - Identity Management in today’s scenario, manually
<-->
Fig. 4 - Identity Management when done by using an Identity Management solution, like the Oracle Identity Manager
<-->From the two charts depicted above, it is clear just how much an Identity Management solution (like the Oracle Identity Manager) can simplify the whole process of identities in an organisation. Any new account creation has to pass through the Oracle Identity Manager, just as how any old account deletion (of former employees) will be handled by the Identity Manager. Thus, any former employee’s account gets deleted, and they will not have any access.
Depending on the roles and privileges of the user accounts, they can access the relevant areas of the enterprise. For example, business partners can access the assets of the enterprise, while a customer cannot. Access is granted only after the Approving Manager approves the access requested by the user.
Fig. 5 - The provisioning process of the Identity Manager
<-->The following diagram depicts how the Oracle Identity Manager communicates with various resources for the provisioning of users and resources. The Identity Manager does this by installing connectors.
Fig. 6 - Communication of the Identity Manager to various resources
<-->Note that most of the connectors are agentless - meaning that Oracle Identity Manager does this automatically. The Active Directory connection requires an ADSI connector server to be installed as an agent. The connectors for custom apps require an agent, which can be customised according to the requirement.
Fig. 7 - The mapping of user roles and access by the Identity Manager
<-->In the above diagram, the mapping of a user (named Joe Smith) to his access to various resources is explained. In the case of applications, his user ID is ‘Jsmith’; for databases, it is ‘j145183’; and for directories, it is ‘smitty’.
The Oracle Identity Manager links all of these accounts with the OIM User, i.e. Joe Smith.
Apps2Fusion Articles 
Comments
buut you seem like you knopw what you're talking about!
Thanks
RSS feed for comments to this post