As businesses become increasingly collaborative and access to enterprise resources is extended to a diverse set of users, organizations face a complex challenge of managing identities, and authorizing and authenticating users to access sensitive enterprise resources. Management of identities become a challenging task as security policies are often inconsistent and circumventing around authentication and authorization policies is often straightforward.

Identity and access management (IAM) is the process of managing user-access to enterprise resources over time.

IAM systems manage digital identities of end-users throughout their association with the enterprise and streamlines business processes.This cross-functional process involves creation of digital identities of users, as well as connection of appropriate systems and applications to the created identities.

Reliason Solutions offer a full range of services for Identity Governance and Identity management as follows.

Identity Management Suite Implementation

We provide end to end installation, configuration and implementation services. This includes web server front end layer, Application Server, Directories, SOA suite, Oracle Identity and Access Management and webgate Single-Sign-on solution.

Single-sign-on

We provide SSO services using Access Manager with webgate plugin. With the single-sign-on a user has the convenience to log in only once and access all their applications without being asked for a user login and password. This also helps in seamless integration of applications. An example is a seamless integration of BI applications and E-business suite with SSO. E-business suite pages can be seamlessly opened in BI Applications and vice-versa.

Integrating Systems with Identity Connectors

Identity connectors are used to integrate OIM with other software applications. There are several pre-built Identity connector bundles provided by Oracle. These connector bundles are a set java programs and connector metadata information files bundled as Java archive files. Connector bundles are implemented using the Identity Connector framework (ICF). We provide OIM integration services with Oracle Sun Directory Server Enterprise Edition (ODSEE), Oracle Internet Directory (OID), Oracle unified Directory (OUD), MS Active Directory, EBS Users and EBS Employee reconciliation and Remedy.

Provisioning

Provisioning is a process by which an action to create, modify, or delete user, role, and organizational information in a resource is initiated from an Oracle Identity Management product (for example, Oracle Identity Manager) and passed into the resource. In terms of data flow, provisioning provides an outward flow of user, role, or organizational information. The provisioning system communicates with the resource and specifies changes to be made to the account.We implement provisioning solutions tailored to specific requirements. This includes creating configurations for manual and automated provisioning, creating provisioning metadata required to integrate an ICF connector with Oracle Identity Manager. The metadata objects include, IT Resource Type, IT Resource, Resource Object, Provisioning process, process form, process task, adapter task and lookups and publishing the changed objects in Application instances using sandbox. Provisioning encompasses,

  • Access Policies:

    An access policy is a list of roles and the resources that users in each role receive. Oracle Identity Manager uses access policies to determine whether to assign a resource to a user or restrict the user from accessing the resource because the user is a member of a role.

  • Approval Policies:

    Provisioning requests may be either of the following: Completely automated or subject to manual intervention through approval processes. An approval policy associates a request with a request-level or operation-level approval workflow, which is handled by a SOA composite application that orchestrates the manual approval process. We implement request-level and operation-level approval workflow as per the business requirement.

  • Creating Provisioning SOA Approval Workflows:

    Generate a SOA composite application template, configure the BPEL process to invoke the request web service to get request details, user details and catalog owner as desired. Create and configure a Human Task component, Configure Oracle Universal Messaging Service (UMS), Deploy and secure the Request Web Service, Invoke the Request Web Service and deploy a SOA composite application.

Reconciliation

A process by which an action to create, modify, or delete user-related, role-related, or organization-related information for a resource in an Oracle Identity Management product (for example, Oracle Identity Manager) and is initiated from another resource. The provisioning system communicates with this resource to receive this information. In terms of data flow, reconciliation provides inward flow of user, role, or organizational information into the provisioning system, through which it learns about any activity on the resource. We implement reconciliation by performing the following,

  • Define the reconciliation process metadata, Create a reconciliation attribute map (lookup definition), Create a reconciliation profile based on Reconciliation fields defined in the Resource Object, Reconciliation user matching rules as a Reconciliation Rule, Reconciliation action rules defined in the Resource Object, Map reconciliation fields to process form fields in the Process Definition.

  • Create or modify a scheduled task for reconciliation events. Execute the scheduled task job to initiate reconciliation with the authoritative source or target resource.

Entitlements in OIM

An entitlement granted to an account on a target system enables the account owner (user) to perform a specific task or function. An entitlement in OIM can be a responsibility, role, or group membership. The process to create organization, role and group entitlements includes capturing entitlement values from the trusted source into a lookup table, Synchronize entitlements into the request catalog and verify that entitlements can be added to a provisioning request. We provide Entitlements server for fine grained entitlements.