Secure Oracle SaaS and PaaS with Oracle Identity Cloud Service This is a Branded Title Slide with Event Look and Feel slide ideal for including a brief title, subtitle and presenter information. Do not customize this slide with your own picture. To reuse this branded background in another presentation on PC Locate and open the presentation where you will be placing this artwork. Click New Slide from the Home tab's Slides group and select Reuse Slides. Click Browse in the Reuse Slides panel and select Browse Files. Double-click the PowerPoint presentation that contains the background you wish to copy. Check Keep Source Formatting and click the slide that contains the background you want. Click the left-hand slide preview to which you wish to apply the new master layout. Apply New Layout (Important): Right-click any selected slide, point to Layout, and click the slide containing the desired layout from the layout gallery. Delete any unwanted slides or duplicates. To reuse this branded background in another presentation on Mac Locate and open the presentation where you will be placing this artwork. Click New Slide from the Home tab's Slides group and select Insert Slides from Other Presentation… Navigate to the PowerPoint presentation file that contains the background you wish to copy. Double-click or press Insert. This prompts the Slide Finder dialogue box. Make sure Keep design of original slides is unchecked and click the slide(s) that contains the background you want. Hold Shift key to select multiple slides. Apply New Layout (Important): Click Layout from the Home tab's Slides group, and click the slide containing the desired layout from the layout gallery. Anand Murugesan Principal Product Manager Cloud Identity and Access Sep 22, 2016 Confidential – Oracle Internal/Restricted/Highly Restricted
This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, e-mail: Revrec-americasiebc_us@oracle.com For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information. http://my.oracle.com/site/fin/gfo/GlobalProcesses/cnt452504.pdf For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience. Confidential – Oracle Internal/Restricted/Highly Restricted
Program Agenda Introduction to IDCS Use Cases Premium Services 1 2 3 4 5 Confidential – Oracle Internal/Restricted/Highly Restricted
User Cases This is a Custom Section Header slide ideal for including a a brief title and optional subtitle. This slide can also be used as a Q and A slide. Do not customize this slide with your own picture. Subtitle Note: The speaker notes for this slide include information on how to use this Section Header slide. Tip! Remember to remove this text box. Confidential – Oracle Internal/Restricted/Highly Restricted
Identity Cloud Service Next Generation Cloud IDM for Oracle, Partner, Customer Apps HOW? WHAT? WHO? OpenID Connect Authentication Service Who ? SAML / What ? OAuth 2.0 Authorization Service How ? SCIM User Mgmt. RBAC, Provisioning Service Authentication Provisioning Authorization Confidential – Oracle Internal/Restricted/Highly Restricted
Oracle Identity Cloud Services Seamless User Experience Across Oracle, Partner and Customer applications HCM HCM Services HCM User Mgmt. Service (SCIM) Apps RBAC Service Federation Service (SAML) PaaS services Java/DB/BI/Docs Extend Oracle Saas applications, your applications and partner applications with PaaS services such as Java, Data Base, Mobile and BI Provided a seamless user experience to your customers SCIM based user management service to plugability of applications into user provisioning process RBAC Service to control access to applications SAML Service for seamless user experience across Oracle, customer and partner applications OAuth service for integrating and mobile enabling Oracle, customer and partner applications. Access Service for login controls and advance authentication needs Identity Event Service for integrating applications with Identity Life Cycle for business processes Cloud Directory Service is standards based and can scale to cloud demands Partner Apps OAuth Service Identity Service Platform HCM Apps HCM Access Service HCM Apps Identity Event Service HCM/CRM/Taleo/ CPQ etc. Cloud Directory Service Customer Apps
IDCS Simplicity Onboarding, configuration, access and reporting 1 2 3 4 5 6 ID Bridge CRM/CQP/Mobile Purchase Services Pick Service Associations Bring your users from on-premise Manage Application Access User Access Dashboard & Reports Confidential – Oracle Internal/Restricted/Highly Restricted
Oracle Identity Cloud Services Fusion DB Mobile Java Pre-configured Integrations Enterprise ID store Connectivity Group to SaaS Account mapping Automated Provisioning & De-provisioning User Self Service and Management Automated Password Reset
Oracle Identity Cloud Services Access Fusion Taleo Fix the format Mobile RightNow Single Sign-On to Oracle Applications Enterprise Identity Provider Integration Advanced Login Controls
Oracle Identity Cloud Services Administration & Self Service User Portal Admin Dashboards Monitoring & Activity Reports Password Policy Configuration & Customization REST API’s for Programmatic Control
Microservices Architecture Elastic Scalability and Zero Downtime Patching
SCIM for Identity Management Identity Integration Hub Oracle Public Cloud IETF Standard for User/Role REST API Identity Bridge for automated sync from on-premise Active Directory Automation Options for Directories beyond AD Bulk Import Bulk API SCIM API LDAP Bridge FA SCIM JCS SCIM Right Now SCIM DCS SCIM Taleo SCIM Identity Provider On-premise, 3rd party PCS SCIM SCIM Authenticate IdP SP SAML2 SCIM Service SAML Service Identities Synchronize Identity Store Identity Bridge SCIM SCIM
OAuth2 for Service Authorization Modern Token-based Security for Web Services Oracle Public Cloud Mobile & Desktop Apps FA JCS Right Now Browser Apps DCS Taleo PCS Web Server & Infrastructure Apps OAuth2 Service Identity Store End Users Applications
OAUTH2 for Service-to-Service Authorization Scalable Token-based Trust Model based on Service ID and/or User ID JCS JCS DCS FA DCS FA OAUTH Right Now Right Now PCS PCS Taleo Taleo Centralized Trust Model N client connections Peer-to-Peer Trust Model N2 client connections
Bring your Application to the Cloud (BYOA) Integrate applications in minutes Your apps and other cloud services Open-standards integration OAuth + OpenID Connect + SCIM + SAML Leverage native integration with OPC Synergy, segregation of concerts, cost saving Focus on core business And leverage IDaaS provided by Oracle Atul >> We will be highlighting in this session how you can build your own application in Oracle Public Cloud, secure it and integrate with other cloud services in minutes. How your applications can leverage IDCS’s Open-standards integration protocols that works independent of hosting, development platform, or language. How you can leverage oracle for doing end to end management of your service from development to hosting and how you can take advantage of Oracle’s build in security engine. And by off-loading security to Oracle IDCS, you can focus on your core business and focus on delivering the best value for your application. Now let me hand over to my friend Frederico who will guide us with the lab scenario and execution instructions. Confidential – Oracle Internal/Restricted/Highly Restricted
OAuth Flow Abstract flow 2-Legged 3-Legged Consent Support Federated SSO Support SIM OAuth Relay obsoleted Authorization Request Client Resource Owner Authorization Grant Authorization Grant Authorization Server Authorization Code Grant Web Applications Implicit Grant Brower JavaScript Clients Client Credential Grant / Trusted Client Flow OPC applications Mobile Applications Access Token ( & Refresh Token) Access Token Resource Server Protected Resource
Data Model Users, Groups, Apps, App Roles Group Apps Apps User
Groups and Roles Infrastructure A cross Section Application Security Repository User/Role Repository User (Business Role) Groups Application Role IT Role Privilege Duty Role Entitlements <App Roles> On Premise IDCS Apps AD / LDAP User/Groups/Roles
Identity Containers – Simple Case Customers Name Space Compartments are interoperable : Is backed by Identity Container Has Service association capabilities enabled Production S4-FA Customer Account Notion of consistent identity across services S3- docs2 Service Type “DOCS” S1- docs1 S2 MCS Service Instance Environment / Compartment / Circle of Trust Namespace
Identity Containers for Environment Types Customers Partitioned Name Space Test Production Stage S4-FA S4-FA S4-FA S3- docs2 S2 MCS S1- docs1 S2 MCS S2 MCS S2 MCS Service Instance Environment / Compartment / Circle of Trust Namespace
Global Identity Service Customers Partitioned Name Space Across the Globe Production Stage Test S4-FA S4-FA S4-FA Amsterdam S3- docs2 S2 MCS S1- docs1 Ashburn S2 MCS S2 MCS S2 MCS Chicago Service Instance Environment / Compartment / Circle of Trust Namespace Data Center / Availability Domain / Regions
User Cases This is a Custom Section Header slide ideal for including a a brief title and optional subtitle. This slide can also be used as a Q and A slide. Do not customize this slide with your own picture. Subtitle Note: The speaker notes for this slide include information on how to use this Section Header slide. Tip! Remember to remove this text box. Confidential – Oracle Internal/Restricted/Highly Restricted
User Cases Hybrid Management of Identities: On-Premise & Cloud Apps Seamless Access to OPC Properties: PAAS & SAAS Bring your own Apps Management of External Identities SaaS-PaaS Extensions SaaS-to-SaaS Integration Partner Integration Oracle Confidential – Internal/Restricted/Highly Restricted
Hybrid Management of Identities One set of credentials User/Password Mgmt. Integration with On-premise ID store Reports Manage access to On-Premise & Cloud Apps Customers/ Partners HCM ID Bridge IDCS HCM HCM HCM Apps Apps Active Directory Partner Apps On Premise Apps HCM HCM HCM HCM Apps Apps Passwords Customer Apps Cloud On-premise Employees Oracle Confidential – Internal/Restricted/Highly Restricted
Hybrid Management of Identities (Contd..) One set of credentials User/Password Mgmt. Integration with On-premise ID store Reports Manage access to On-Premise & Cloud Apps Customers/ Partners HCM ID Bridge IDCS HCM HCM HCM Apps Apps Oracle IAM Partner Apps On Premise Apps HCM HCM HCM HCM Apps Apps Passwords Customer Apps Cloud On-premise Employees Oracle Confidential – Internal/Restricted/Highly Restricted
Seamless access to OPC Properties One set of credentials User/Password Mgmt. Integration with On-premise ID store Reports Manage access to OPC PAAS/SAAS Apps Customers/ Partners ID Bridge IDCS HCM HCM Services HCM Apps PaaS services Java/DB/BI/Docs ID Store- AD / Oracle IDM Partner Apps HCM Apps HCM HCM Passwords Apps SAAS Services HCM/CRM/Taleo/ CPQ etc. Customer Apps Cloud On-premise Employees Oracle Confidential – Internal/Restricted/Highly Restricted
Bring Your own Apps Secure & Manage Identities for Cloud-first Apps IDCS Services Cloud Directory Web, Desktop or Mobile Apps Identities Your App Your App Your App Your App Oracle IDCS Passwords Oracle Confidential – Internal/Restricted/Highly Restricted
Manage External Identities Authentication Service User/Password Mgmt. Self-Service Bulk On-boarding Multi-channel Reports Customer Access HCM HCM Employee Identities on premise Apps IDCS Services Cloud Directory Customer Identities On-Prem IDM Customer Portal Directory Oracle IDCS Employee Apps HCM HCM Apps Passwords Passwords Cloud Employee Access Oracle Confidential – Internal/Restricted/Highly Restricted
Bespoke Application - JCS SaaS-PaaS Extension HCM customer wants to extend their HCM application to allow scoring of objectives by managers. They are building this custom application in Java Cloud Service. Customer Access IDCS Services Cloud Directory Sales Cloud Customer Identities Oracle IDCS Bespoke Application - JCS Passwords
SaaS-to-SaaS Integration We have embedded the CPQ Configure Quote functionality directly into Sales Cloud. With SSO, your sales team can now seamlessly move from managing their sales opportunities to configuring quotes for their customers right in the same UI. Customer Access IDCS Services Cloud Directory Sales Cloud Customer Identities Oracle IDCS CPQ Passwords
SaaS-to-SaaS Integration Marketers want to create precise and granular market segments. SSO allows your marketing users to seamlessly incorporate their BlueKai data directly into their campaigns right on their Eloqua or Responsys campaign-builder canvas to achieve the desired level of precision. Customer Access IDCS Services Cloud Directory BlueKai Customer Identities Oracle IDCS Responsys Passwords Eloqua
Partner Integration Employees who login for compensation needs can check their eligibility for Insurance from 3rd party insurance provider using corporate credentials. Customer Access IDCS Services Cloud Directory HCM Customer Identities Oracle IDCS Passwords Insurance Provider
Premium Services Provisioning 3rd party SSO Risk CASB MFA
This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, e-mail: Revrec-americasiebc_us@oracle.com For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information. http://my.oracle.com/site/fin/gfo/GlobalProcesses/cnt452504.pdf For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience. Confidential – Oracle Internal/Restricted/Highly Restricted
Confidential – Oracle Internal/Restricted/Highly Restricted