Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Oracle IDM at First National Bank

Internet of Things Security Architecture

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Principal Product Manger, Oracle Bob Beach, CIO, Chevron October,

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.

Implementing and Administering AD FS

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Unified Logs and Reporting for Hybrid Centralized Management

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2 Hidden Gems of APEX David Gale Software Engineer Oracle Application Express November,

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Policy Automation with Oracle Service Cloud Overview and Roadmap CON8909 Davin Fifield,

The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Getting Started with Oracle Compute Cloud

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit PaaS from an Applications Perspective Charles McGuinness Director,

Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.

A New IMS-Like Architecture for Enterprise Applications Reid Stidolph Master Principle Solutions Architect Communications Global Business Unit October.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

With the Help of the Microsoft Azure Platform, Awingu’s Web-Based Workspace Aggregator Enables Concrete and Easy Mobility Scenarios MICROSOFT AZURE ISV.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Alessandro Cardoso Microsoft MVP | Readify National Manager |

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Sofia Event Center November 2013 Sharepoint 2013: Applied Architecture from the Field (V3) Tihomir Ignatov Senior Consultant Microsoft Corporation.

Build Mobile Apps for Oracle E-Business Suite with Oracle Mobile Platform Bruce Bailey Principal Mobile/Social Solutions Consultant Jagadeesh Maira Senior.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Planning & Budgeting Cloud Service (PBCS) Overview Business Analytics Product Group.

WebCenter in Education & Research A Transformation in Digital Business Session: CON7709 Golden Gate C3 Room, Marriott Marquis Moderator: Kevin Roebuck,

DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.

Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

ALL INFORMATION PRESENTED AS WELL AS ALL SESSIONS ARE MICROSOFT CONFIDENTIAL AND UNDER YOUR NON-DISCLOSURE AGREEMENT (NDA) AND\OR TECHNOLOGY PREVIEW.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Secure Mobile Development with NetIQ Access Manager

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

F5 APM & Security Assertion Markup Language ‘sam-el’

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

DreamFactory for Microsoft Azure Is an Open Source REST API Platform That Enables Mobilization of Data in Minutes across Frameworks and Storage Methods.

Oracle Java Cloud Service Oracle Develop July 2013.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Daddy, what's a middle wear? An incredibly oversimplified explanation of what Middleware.

Secure Single Sign-On Across Security Domains

Chapter 6: Securing the Cloud

Introduction to Windows Azure AppFabric

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

Windows Azure AppFabric

OpenWorld 2018 Oracle API Platform: How to Manage Typical Workflows

Access and Information Protection Product Overview October 2013

Office 365 Identity Management

System Center Marketing

07 | Introduction to Authentication

Microsoft Virtual Academy

Presentation transcript:

Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar Intuit October 02, 2014 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management services for the Cloud Intuit Presentation

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Combined On-Premise and Cloud Deployments Access Management in the New Digital Economy Seamless Multi-Channel Access Access Any Application, From Any Device, Anywhere Scalable for Today’s Internet and Cloud Needs Standards-Based, Modular Architecture Integrated, Risk-aware, Strong Auth, and Fraud Prevention AppAdvantage: Increased Agility with Enterprise Apps 6

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management 7 Complete functionality Standards-based and modular Content-aware, context-aware, risk-aware Scalable, deployable across multiple data centers Automated upgrades, patching, and migration Support for hybrid environments (on- premise, Cloud) Introduction Web Authentication, SSO Adaptive Access and Fraud Prevention Identity Federation Secure Token Service Mobile Security and Social Identity Cloud SSO Enterprise SSO External, Fine-Grained Authorization Web Services Security API Security

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |8 Oracle Access Management Logical Deployment View Mobile Devices Mobile and Social SDK Mobile Devices Mobile and Social SDK HTTP/S - REST OAuth JMS - SOAP AM WebGates WS and API Gateway Load Balancer Oracle Directory Services Third-Party Directory Services Enterprise Applications Web Services – Web APIs On Premise or in the Cloud Enterprise Applications Web Services – Web APIs On Premise or in the Cloud Application Data Oracle Metadata Public Zone (Internet) Web Tier (DMZ) Application Tier (Intranet) Data Tier Oracle Access Management Suite Plus Laptop / Desktop Enterprise SSO Laptop / Desktop Enterprise SSO Web Services Web Services Security Client Web Services Web Services Security Client

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Cloud Identity Management 10 Deployment Options Private Cloud Managed Cloud Public Cloud Customer owns, customer operates Extends Access Management and Identity Governance to Cloud applications Customer owns, Oracle operates Avoid on-premise infrastructure costs by outsourcing management to experienced team Oracle owns, Oracle operates Subscription-based, elastic Access Management for Cloud environments

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access Management in the Cloud Primary web authentication, web SSO, coarse- grained authorization (optionally, Mobile and Social service if mobile clients are involved) Lightweight Cloud SSO proxy Identity Federation: Support for SAML, OAuth, OpenID Web services and API security: First line of defense on-premise and / or in the Cloud SOA Security: First-mile and last-mile security on- premise and / or in the Cloud 11 Services Involved

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access management is on premise or in the Cloud Applications are deployed in a public or private Cloud Clients (requesting parties) use laptop or mobile device browsers only Access management is on premise, some enterprise web applications are on premise, others are in a private Cloud SSO must be provided among applications deployed on premise Federation must be provided between applications deployed on premise and in the Cloud Clients (requesting parties) use laptop or mobile device browsers or native apps 12 Cloud Access Management Use-Case Scenarios

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Clients (requesting parties) use Oracle web services or applications deployed in the Cloud Requests are first intercepted in the DMZ and passed on to the Intranet resources for processing Responses returned to requesting parties must obfuscate selected private information Clients (requesting parties) located on- premise or in the Cloud send web services or web API requests to SaaS applications deployed in a public Cloud 13 Cloud Access Management Use-Case Scenarios (cont’d)

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Need for Access Portal Services Simplify the user experience to access corporate web and Cloud resources Adapt to different PC and mobile form factors Enable integration with existing corporate portals Provide wizard-driven tools to accommodate integration with SaaS, partner, and Cloud applications 15 Customer Challenges User Portal SSO to SaaS SSO to Corporate Web Apps Integrate and Customize SSO to Partner Apps

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Portal Hosted single sign-on (SSO) proxy service – Secure way for users to access enterprise applications from any device supporting a browser – Support intranet and extranet applications, on-premise or hosted in the Cloud, using Oracle's form-fill SSO technology 16 A Mobile and Cloud Solution for the Enterprise

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Federation Services Federation Types – SAML-based federation (authentication, attribute sharing) – OpenID-based federation (delegated authentication) – OAuth-based federation (delegated authorization) – Social-identity-based federation (redirected authentication) – Form-fill-based federation (SSO proxy) 17 On-Premise and Cloud Deployments

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Identity Federation Services 18 SAML-Based Federated Authentication and Attribute Sharing Domain A Identity Provider (IdP) Domain B Service Provider (SP) Identities Trust Oracle Access Management platform provides primary web authentication Oracle Access Management Identity Federation generates (IdP) and/or consumes (SP) SAML assertions

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access Management Identity Federation Fedlet Compact, lightweight, easy-to-deploy SAML 2.0 Service Provider implementation fully integrated with Access Management Identity Federation Fedlet is used in multi-tenant SaaS deployments where each SaaS customer acts as an Identity Provider – Each of the tenant applications authenticates remote users coming from its own Identity Provider – In such an environment each of the Fedlet instances is configured to always communicate with the same Identity Provider 19 On-Premise and Cloud Deployment Models

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Cloud Security Agent A WebLogic-Server-embedded Java agent designed to support perimeter authentication for browser-based interactions with services hosted in Oracle Cloud – Out-of-the-box SAML-based authentication solution (service provider), extensible to support Access Manager WebGate authentication and OAuth delegated authorization – Complements Web Services Manager which handles security requirements for all REST and SOAP requests in the same WLS container – REST-based communications between agent and Access Manager services – Leverages on-premise Access Management to protect Cloud applications – Leverages Cloud Access Management to protect on-premise applications 20 Sneak Preview (To be released in 2015)

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Identity Federation (OAuth) Extend Access Management services to provide token issuance, token validation, token revocation and user flows in accordance with the OAuth 2.0 standard Enhance Access Management federation use-case scenarios starting with Oracle’s own Cloud deployments – Eliminate the use of end-user passwords in service-to-service interactions – Centralize trust policies and associations in a large deployment The Oracle Access Management OAuth service is extensively used by Oracle Access Management Mobile and Social 21 On-Premise, Cloud, Mobile Deployments

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Web Services Manager Web services security enabler for – Oracle Fusion Applications SaaS offering – Oracle Java Cloud Service – Oracle Application Development Framework (ADF) – Oracle Service Bus (OSB) PaaS offering Enable secure communication between Fusion Applications, Java Cloud Service, Integration Service (SOA), and external, standards-based systems Simplified key store management for Cloud-centric usage 22 First-Mile and Last-Mile Security

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | API Gateway Secure access to web services and web APIs deployed on premise or in the Cloud Extend Access Management to RESTful APIs – Context-aware authentication – Content-aware authorization – Security tokens – Data redaction – Audit Extend access to web services and APIs from mobile devices (tablets or smartphones) Simplified deployment in Cloud environments 23 First Line of Defense Integrate with multiple environments to provide a complete, end-to-end solution – Oracle Access Management – Third-Party environments Data format transformations – XML to JSON and vice-versa Protocol bridging – REST, SOAP, JMS

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | API Gateway Can be deployed on premise and access web services or APIs hosted in the Cloud (top view) Can be deployed in the Cloud on Oracle or third-party Cloud services (bottom view) Functionality supported –Infrastructure as a Service (IaaS) –Platform as a Service (PaaS) – Cloud governance –Software as a Service (SaaS) 24 Support for Cloud Deployments API Gateway (on-premise deployment) Oracle Cloud Microsoft Azure Force.com Amazon Web Services Google Apps Oracle Cloud Amazon Web Services Microsoft Azure API Gateway Cloud Deployment

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Intuit 26 Identity Management as a Managed Service Upgrade from Access Manager 10g to Access Management platform 11gR2 for intranet and SaaS applications Deployment of Access Manager and Access Management Identity Federation service with active- active configuration in two data centers managed by OMCS LDAP and Credential Collectors reside in Intuit’s own data centers Six months upgrade supporting 150+ applications

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Questions 27

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |28 Complimentary eBook Register Now

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |29 Join the Community Twitter twitter.com/OracleIDM Facebook facebook.com/OracleIDM Oracle Blogs Blogs.oracle.com/OracleIDM Oracle IdM Website oracle.com/Identity

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |30