Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PAGE 2
Introduction
Organization
Speakers
Security Spectrum
Access Control
PAGE 4
Who We Are
Founded in 2000
Distinguished Oracle Leader
Technology Momentum Award
Portal Blazer Award
Titan Award Red Stack + HW Momentum Awards
Excellence in Innovation Award
Management Team is Ex-Oracle
Location(s): Headquartered in Atlanta; Regional office in Washington
D.C.; Offshore Hyderabad and Chennai, India
~250 employees with 10+ years of Oracle experience on
average
Inc.500|5000 Fastest Growing Private Company in the U.S.
for the 5th Time
Voted Best Place to work in Atlanta for 2nd year
30 Oracle Specializations spanning the entire stack
Speakers
PAGE 5
Profile
Kashif Dhatwani
Practice Director, Identity Management and Data Security
Enterprise and Solution Architect
15+ years of experience in delivering solutions around middleware technologies including Security,
SOA , Portal and Custom developed solutions
7+ years with BIAS Corporation and Previously held positions at Oracle and IBM
Focused on delivering solutions to provide best practices and industry standards based solution to
BIAS customers
Leading team of solution and technical architects for delivery of solutions across multiple industries
Madan Shah
Solution Architect, Identity Management & Data Security
15+ years of experience in middleware technologies
3+ years with BIAS Corporation
Solution Architect, Technical Architect Middleware Technologies including Java / J2EE, Portals, Data
Security and Identity & access Management
Leading Development teams to deliver Solutions for Identity & Access Management and Data Security
Oracle Access Management Suite Plus 11g Certified Implementation Specialist and Oracle Database
11g Security Certified Implementation Specialist
BIAS Practice Areas
PAGE 6
PAGE 7
BIAS Corporation is a recognized leader in Identity & Access Management system assessment,
design and implementation. As an Oracle Platinum partner, BIAS Corporations IDM Practice
provides experienced architects who have expertise in assessment of environments, building
roadmaps, design systems with deep technical experience and implementing solutions using
experienced developers part of BIAS IDM practice.
PAGE 8
Security Spectrum
Information Security Spectrum
PAGE 9
Identity Management Access Management Mobile Security Data Security
Governance Access Control Security Container Protect your data at Rest and
Compliance Authentication Single Sign-On in Transit
Single Source of Truth Authorization Application Management Data Access - Authentication
Provisioning / De- Single Sign-On Data Access Fine Grained
provisioning Multi-Factor Authentication Control
SoD Separation of Duties Auditing
Identity Management Portfolio 11gR2
PAGE 10
Modern, Innovative & Integrated
PAGE 11
Advanced Security, Data Audit Vault, Database Database Vault, Label
Masking Firewall Security
Transparent Data Encryption Database Activity Auditing Separation of Duties for DBAs
Network Encryption/Strong Auth Database Firewall Monitoring Protection Realms & Rules
Data Masking for Non-Production Centralized Audit Data Warehouse Label Based Access Control
PAGE 13
External
(partners, vendors)
Web Applications
Web Applications
Web Applications
Single User account
Cloud Providers
Single Logon
Internal
LDAP
Oracle Access Management System
PAGE 14
Architecture
Access Management Integration Architecture
PAGE 15
Cloud Providers
Federation / SSO
Access Gate
Authentication / SSO
On Premise Apps
External
(partners, vendors)
Webgate
Authentication / SSO
Web Applications
Internal
Web Applications
Web Applications
LDAP
Identity Management
PAGE 16
Overview
Benefits
PAGE 17
Centralized Access Management
A centralized security enforcement
A centralized policy control on application access
Single Sign-On
Use one (1) set of credentials to access all your applications
No need to remember multiple user-IDs and passwords
Reduced risk to compromise credentials
One Time login to your first application
Navigate securely to multiple applications
Federation
Single Sign-On for Third-Party application partners
Single Sign-On for Cloud based applications
User Repositories
Integration with multiple user repositories
Support for commonly used LDAPs and Microsoft Active Directory
Productivity
Increase productivity of employees
Maintain compliance standards
Capability to self service such as self password management
PAGE 18
Oracle e-Business Application
Single Sign-On
Oracle E-Business and Access Manager
PAGE 19
Support Architecture
11.5.10.2 12.2
12.1.3
Integration Architecture
PAGE 20
1. User Requests protected resource
Oracle Oracle
E-Business E-Business
Suite Suite
Oracle Oracle
Access Internet
Manager Directory
EBS Access Gate
PAGE 21
JAVA EE
Application
Deployed on
WebLogic Domain
UID + UID +
Oracle Access Manager Web Gate FND_USR Link
ORCLGUID ORCLGUID E-Business Suite Instance
Database
FND_USR Link
Deployment Topology (Clustered)
PAGE 22
Oracle E-Business Suite Release 12.2 single sign-on
EBS
AccessGate
Oracle Database
WebGate
Load Balancer
User
Oracle E-Business
Suite Release 12.2.2+
Web Server 1
Web Server 2
Load Balancer
OAM Server1 OAM Server 2
OID 1 OID 2
Third-Party LDAP Integration
PAGE 23
Third-Party Access Management
PAGE 24
Architectural Considerations
PAGE 25
Key Decisions
Provisioning
Unidirectional Provisioning
From Oracle Internet Directory to Oracle E-Business Suite only
From Oracle E-Business Suite to Oracle Internet Directory only
Bi-Directional Provisioning
From Oracle Internet Directory to Oracle E-Business Suite
From Oracle E-Business Suite to Oracle Internet Directory
Authorization
EBS responsibilities are managed within EBS
Upgrade
Existing environment can upgrade from OSSO to OAM
Co-Existence
Multiple E-Business systems using same Security Framework (Access Manager)
Best Practices
PAGE 26
SSO Infrastructure
High Availability
Disaster Recovery Environment
Performance Considerations
OAM Detached Credential Collector vs Embedded Credential Collector
Multi Factor Authentication and Risk-based Authentications
Auditing
Out of the Box Auditing functionality provided by OAM for User Authentications
BI Publisher Reports
PAGE 27
Oracle created the OPN Specialized Program to showcase the Oracle partners who have achieved expertise in Oracle product areas and reached
specialization status through competency development, business results, expertise and proven success. BIAS is proud to be specialized in 30
areas of Oracle products, which include the following:
Contact Us
PAGE 28
Kashif Dhatwani
770-685-6240
Kashif.Dhatwani@biascorp.com
PAGE 29