Home > Identity Administration, Oracle Identity Management, Oracle Identity Manager > A Primer on Oracle Identity Manager 11g

A Primer on Oracle Identity Manager 11g

As you may already know, Oracle Identity Manager, Oracle’s industry leading identity administration and user provisioning solution, provides operational and business efficiency through centralized administration & complete automation of identity and user provisioning events across the enterprise as well as the extranet. With its latest 11g release, Oracle Identity Manager has now been architecturally optimized for internet-grade scalability in cloud, distributed & in-house environments. This release not only provides enhanced usability to enrich user experience but also provides advanced security features for a granular control of this user experience. Oracle Identity Manager’s superior performance for enterprise-grade deployments makes it an ideal choice for customers seeking an identity administration platform that can serve their changing  business needs.

Let’s talk about some of the exciting new innovations with the 11g release, which has seen over 750 man months of development time from a dedicated Engineering team and 1300 man months of QA in this release, not to mention a great team of solution architects and product managers (cannot discount them!).

Rich User Interface

Oracle Identity Manager 11g provides a multi-tab, desktop-application-like, dynamic Web 2.0 user experience using Oracle’s ADF technology. In addition to great usability, it also provides high performance architecture, such as partial page rendering, real-time scrolling, and transparent paging. This UI framework allows high level meta-data driven customization, such as branding changes, label changes, changes in default sorting schemes, etc. It also includes built-in globalization and accessibility support. It provides very advanced browse, keyword based search and advanced search capabilities. It also tailors the user experiences for different user groups. For example, a task-oriented desktop-application-like UI model for administrators and guided wizards for business end-users. This corporate-wide UI framework contributes to customers’ bottom lines by allowing for greater flexibility in UI customization and reducing the UI learning curve for business end-users and administrators.

Suite Integration

Oracle Identity Manager provides out-of-the-box integration with Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator Oracle Identity Navigator to significantly reduce the deployment and administrative costs associated with setting up an enterprise deployment topology. Oracle Identity Manager provides the password management (security registration, expired password, forgotten password etc) flows in the login flows initiated by Oracle Access Manager. As an example the end-users clicking on forgotten password link in Oracle Access Manager are seamlessly directed to Oracle Identity Manager. Similarly in an integrated Oracle Identity Manager, Oracle Access Manager and Oracle Adaptive Access Manager environment, the challenge questions for the forgotten password flows may be answered in Oracle Adaptive Access Manager using its virtual devices. Oracle Identity Navigator provides a single, suite-wide SSO-enabled launch-pad to all Identity Management product administrative consoles, which streamlines the user experience and significantly improves the service levels.

Request Management

Oracle Identity Manager 11g provides multiple enhancements in the area of request management. It allows users to create requests for business & IT roles, new application accounts, modifications to existing application accounts and application entitlements or privileges.  It provides a very flexible, simplified, business-centric, and context sensitive request creation wizard that allows users to create these requests in context of their current views. As an example, the users may create requests for additional roles while viewing their existing role assignments, create request for additional accounts or modification to existing accounts while viewing the provisioned resource lists, or create a complex request including multiple roles & resources for self or others from their home page. By placing the request and approval process closer to the business, enterprises realize better service levels and reduced costs.

Request Templates

Request Management service in Oracle Identity Manager 11g allows administrators to create job or role specific request templates. The template is a simplified overlay on top of a request model that allows the person defining that template to control how a request gets created, and add additional layers of approval, authorization and data restrictions over those already defined in the model. Once configured by the administrators, the request templates provide the much-desired request catalog services to the end users. This results into significantly enhanced usability experience for the end users while creating access requests by providing them with a narrowing down the list of roles, resources and entitlements specific to their job functions.

Approval Workflow Orchestration

Oracle Identity Manager 11g relies on the Oracle BPEL Process Manager, an integral component of Oracle SOA Suite for its approval workflow and routing engine. Developers can use Oracle JDeveloper as their Integrated Development Environment that offers a rich visual design paradigm for creating and deploying BPEL based processes. Additionally developers can also leverage Oracle BPEL Process Manager’s advanced approval features like email based approvals, serial or parallel approval orchestrations or voting based approval etc. This not only results into significantly faster deployment time, but also provides the architecture agility to adjust workflows quickly when business processes and enterprise policies change for the approval needs.

Universal Delegated Administration

Oracle Identity Manager 11g introduces a new feature called Universal Delegated Administration that provides highly flexible authorization model without compromising corporate security policies by moving administration point users like customers, partners, suppliers etc ts as close to the user as possible. Oracle Identity Manager now embeds a fine-grained authorization service based on Oracle Entitlement Server. Using this authorization service, Oracle Identity Manager provides advanced, attribute level delegated administration policies that can be scoped using organization hierarchies and assigned based on roles. For example, administrators can configure a policy stating that users in the helpdesk administrator role can only change the password of the users in certain organizations, or users in the organization administrator role can unlock a locked out user only in their organization. Additionally as enterprises start managing extranet, Universal Delegated Administration enables the enterprises to define complex delegation policies for the extranet identity administration needs for users like customers, partners, suppliers etc.

High Performance Reconciliation Engine

Oracle Identity Manager 11g has a new high performance, next generation reconciliation engine that is optimized for handling multi-million user populations. For extranet and enterprise deployments with such high volume scenarios, up to  10x performance gains have been observed when compared with previous releases. Oracle Identity Manager achieves such performance gains by leveraging bulk and batch processing design paradigms directly at the database tier, which altogether avoids increased network latency resulting from middle tier to database tier communication.

Web-based Reconciliation Event Management

Oracle Identity Manager 11g provides a web based reconciliation event management tool that allows operational administrators to manually (also known as ad-hoc) link high-risk orphan accounts to users. Administrators can also tag these orphan accounts as service accounts, also known as administrator or privileged accounts, which have special life cycle requirements that extend beyond the lifecycle of an assigned user and across the lifecycles of multiple assigned users. Proper management of service accounts can help to eliminate another source of potential orphan accounts.

Service Oriented Security

Oracle Identity Manager 11g enables in-premise, cloud & partner applications to externalize their identity administration services through its XSD profile SPML web service, which defines the interfaces for applications to interact with Oracle Identity Manager. Additionally, Oracle Identity Manager now supports a LDAP identity repository for managing users, roles and role assignments. The SPML web service can thus be used by applications to achieve LDAP integration. The 11g release also provides new identity services for example, generating a username or a random password for the user, reserving username in LDAP while user registration is going through approval etc. Applications leveraging such a service oriented security strategy are able to benefit from the innovation in Oracle Identity Manager on day 1. Additionally, applications customers looking for enterprise provisioning solutions face a much shorter & smoother learning curve given that they are already well versed with provisioning technology powering their application.

Cost Effective Product Lifecycle Management

Oracle Identity Manager 11g leverages the standard Oracle lifecycle management technologies for installation, configuration, patching and upgrades. Oracle Universal Installer (OUI) is now used to perform a wizard-driven installation and configuration Oracle Identity Manager as well as other Oracle Identity Management 11g products. Pre-configured Oracle WebLogic Server domain templates enable easier deployment to an enterprise topology. Patching and upgrades are handled by Oracle OPatch and Upgrade Assistant technologies respectively. Additionally, Oracle Identity Manager now stores its configuration metadata in Oracle Meta Data Services thereby ensuring that this metadata can be managed independently. Customers will find their total cost of ownership significantly reduced as they do not have to learn and adopt any product specific technologies. Their time to market new features that their business users want is also expected to reduce given the usage of these enterprise-grade lifecycle management technologies.

That sums up the exciting new release highlights of Oracle Identity Manager 11g. For more information, please feel free to visit us on our product website, as well as the 11g Launch Center. Viresh Garg, Director of Product Management for Identity Administration, also provides a great webcast that highlights the OIM 11g release, available here.

  1. No comments yet.
  1. August 2, 2010 at 12:01 am

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: