The Oracle Identity Management 11g framework was designed to offer IAM services that could be integrated seamlessly with Oracle applications and Fusion Middleware components. Oracle Fusion Applications leverage Oracle Identity Management for foundation security services; identity administration (identity life cycle management, self-service account request and password management, enterprise role management); authentication and trust management (single sign-on, identity federation, privacy); access control (risk-based authorization, fine-grained entitlements, web services security); identity and access governance (audit and compliance reporting, segregation of duties, conflict-resolution management, attestation, role mining and engineering, identity and fraud-prevention analytics); and directory services (persistent storage, identity virtualization, synchronization, and database-user security).
Oracle’s Platform Security Services (OPSS) provides a standards-based, portable, integrated, enterprise-grade security framework for Java SE and Java EE applications, and is the security foundation for all Oracle Fusion Middleware 11g components. Oracle Fusion Applications “consume” OPSS framework services, giving customers the ability to build a flexible, extensible Oracle IAM platform for all of its applications, systems, and databases.
APTEC has experience integrating the Oracle IAM Suite with many Oracle applications and Fusion Middleware components, including:
Oracle Single Sign On and Directory Services for Oracle E-Business Suite 11i and R12
Many Oracle E-Business Suite (EBS) 11i customers using Oracle Single Sign On (OSSO) today have learned that Oracle EBS R12 will no longer support OSSO. For customers who wish to still utilize SSO across their EBS environments, but are also planning to upgrade to EBS R12, they must deploy Oracle Access Manager 11g. We have engaged with many Oracle EBS customers to either implement EBS R12 with Oracle Access Manager, or create a co-existence strategy for instances of EBS 11i and EBS R12, with Oracle Access Manager managing both simultaneously.
Frequently, our EBS customers also wish to utilize Active Directory or another enterprise directory as the authentication store for EBS users. Since EBS does not have the capability to integrate directly with Active Directory, we have deployed Oracle Internet Directory and integrated it with EBS, in order to synchronize Active Directory usernames and passwords with EBS users stored in EBS’s native FND_User tables. Oracle Internet Directory, using DIP synchronization profiles, can update EBS FND_User tables as Active Directory users are added or removed, and also update Active Directory if organizations wish to add or remove users directly from EBS.
Our customers benefit most using both Oracle Virtual Directory (OVD) and Oracle Internet Directory (OID): OVD to abstract access to identity data and OID to store the policy, role, and entitlement information used by Oracle Access Manager. In addition, OVD can be used to abstract access to a relational database containing information necessary for authentication or authorization.
To learn more about our IAM services for Oracle Applications, please Contact Us for more information.