Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager
11g Release 1 (11.1.1)

Part Number E14568-08
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

What's New in Oracle Adaptive Access Manager 11g Release 1 (11.1.1)?

This chapter introduces the new and changed administrative features of Oracle Adaptive Access Manager 11g Release 1 (11.1.1). It contains these topics:

New Features for Oracle Adaptive Access Manager 11g Release 1 (11.1.1)

Oracle Adaptive Access Manager 11g Release 1 (11.1.1) includes many important features and enhancements that were not available with Oracle Adaptive Access Manager 10g. The following is a list of the new features and enhancements:

Areas Features and Enhancements

Interface

The new rich Oracle Adaptive Access Manager user interface provides

  • Navigation and Policy trees, which allow quick and visible access to features

  • Tabs and accordion panels that reduce real estate usage for multitasking

  • Streamlined flows that capture use case flows of execution. For example, the flow for rules is search, create, edit, and copy rules

  • Improved search and filtering, where you can save searches and filter directly on columns

  • New and improved screens in Oracle Adaptive Access Manager. Oracle Adaptive Access Manager provides enhanced usability for fraud analysis and forensic operations

  • Advanced table display controls to add and remove columns, reposition and resize columns, and detach columns

  • Additional search filters for alert messages, geographic location, and IP range

  • Export feature that enables search results to be exported to an Excel file format

  • New "Add to Group" feature in search sessions and details pages that enables entities to be added to groups easily

  • Direct access to documentation from Oracle Adaptive Access Manager

Security Policies

Newly updated security policies that incorporate:

  • Patterns and other techniques to improve the accuracy and risk analysis

  • Oracle Data Miner along with new rule conditions and improved learning patterns to create a unique and optimized real-time risk analytics solution more capable of profiling behaviors than previous versions

Policy Creation

New features in policy creation enables you to:

  • Copy policies to checkpoints

    Policies can be copied to other checkpoints. When policies are copied, all the details are copied including the nested policies, trigger combinations, preconditions, group linking, and others

  • Configure trigger combinations more easily

    The new design enables you to more easily define and manage trigger combinations and allows the appending or overriding of actions and alerts

  • Execute nested conditions

    New conditions support the execution of nested policies

  • View indicators

    Indicators are available to show the number of policies linked to a policy, rules, trigger combinations, group linking, conditions in policies, and so on

Rule Creation

Rules are now much easier to create.

  • Rule creation has been simplified with the removal of rule templates from the product.

  • Rules can be copied to different policies under any checkpoint

OTP Anywhere

OTP Anywhere can create universal delivery options for auto-generated one-time-passwords used for secondary, risk-based user challenges to add sophisticated security to basic authentication flows.

Investigation

New investigation tools have been added to make investigations quicker and easier

  • Details screen that allow investigators, security administrators, and other power users to cross reference on data points to find related data in a quick and easy way

  • The new agent cases that make forensic investigations quicker, easier and more successful. Events can be configured to create a case automatically. An investigator can quickly view the data involved in an incident and quickly locate related situations by easily harnessing the complex data relationships captured by OAAM

Encryption Keys

Encryption keys required by Oracle Adaptive Access Manager can be securely managed using Fusion Middleware Control without having to create Keystore files

Universal Risk Snapshot

Snapshots can be created allowing security administrators to simply and easily migrate security data across environments or restore security configuration to a known state

Multitenancy

Multitenant access controls for customer service representative interface to allow protection of multiple application tenants with a single instance of OAAM

OAAM Batch Risk Analysis

Oracle Adaptive Access Manager batch risk analysis tool to be used as:

  • A standalone security tool to analyze, detect and alert high risk transactions

  • A research and development tool to create and verify new policies and rules using offline customer data without impacting customers in real-time environment

  • A supplemental batch analysis tool in the tuning of rules and verification of rules behavior against real customer and transaction data without impacting customers in real-time environment

Audit

Most of the administrative operations are now audited using Oracle Audit Service. Audit events can be viewed using the standard audit reports.

Web Services

Oracle Adaptive Access Manager Web services are implemented using Oracle Web Services.

Application Logging

Oracle Adaptive Access Manager 11g uses Java logging instead of log4j. Logging can be configured using Fusion Middleware Control.

Integration with the Dynamic Monitoring System

Some performance metrics are now integrated with Dynamic Monitoring System. These metrics and related reports can be viewed using Fusion Middleware Control


Feature Comparison Chart - Oracle Adaptive Access Manager 11g vs. Oracle Adaptive Access Manager 10g

Features 10.1.4.3 10.1.4.5 11g (11.1.1)

Real-time and offline rules engine

X

X

X

Virtual authentication devices

X

X

X

Knowledge-based authentication

X

X

X

Adaptive device identification*

X

X

X

Base security policies (ongoing updates)

X

X

X

Real-time dashboard (improved)

X

X

X

Customer service module

X

X

X

Real-time access to activity data

X

X

X

Actions, alerts, and risk scoring

X

X

X

Rule conditions

 

X

X

Optimized log data management

 

X

X

Enhanced caching of rules data object

 

X

X

Expanded integration APIs

 

X

X

Investigation agent workflow

 

X

 

Rules authoring user interface

 

X

X

Transaction definition and mapping user interface

 

X

X

Data entity definition and mapping user interface

 

X

X

Behavior pattern configuration interface

 

X

X

Configurable actions

 

X

X

Server-generated one-time password

 

X (Native only)

X (All deployment types)

Customizable reporting BI Publisher (bundled)

 

X

X

Tree-based navigation and policy browse

   

X

Tabular multitasking user interface

   

X

Customizable search screens

   

X

Common audit framework

   

X

Oracle Installer and Repository Creation Utility

   

X

Oracle Patch

   

X

Oracle Adaptive Access Manager Offline User Interface

X

X

X

Document Models

X

X

 

Globalization

 

X

X


Integrations 10.1.4.3 10.1.4.5 11g (11.1.1)

Oracle Access Manager integration

X

X

X

Oracle Identity Manager integration

   

X


Concepts and Terminology Changes for Oracle Adaptive Access Manager 11g

Customers migrating from Oracle Adaptive Access Manager 10g to 11g will notice a few key conceptual and terminology changes. These changes are intended to align terminology used across the Identity Management suite products and simplify administration. Full definitions of these and many other terms can be found in the glossary.

General Term Changes

10g Term 11g Term

runtime

checkpoint

A checkpoint is a specified point in a session when Adaptive Access Manager collects and evaluates security data using the rules engine.

model

policy

Policies contain security rules and configurations used to evaluate the level of risk at each checkpoint.

manual override

trigger combination

Trigger combinations are additional results and policy evaluation that are generated if a specific sequence of rules trigger.

Application ID

Organization ID

From the administration perspective, each application/primary user group is translated into an "Organization ID." The term, "Application ID" has been renamed as "Organization ID," which represents the primary user group of a particular user.

For the OAAM Server side, the term "Application ID" remains the same as before. When communicating with proxies, OAAM Server passes the Applications ID, which uniquely identifies an application.


Concept Changes

Concepts changes are listed in the following table.

10g Concept 11g Concept

OAAM Adaptive Risk Manager

The rules engine is now part of OAAM Server. The Administration Console is now a separate application named OAAM Admin.

OAAM Adaptive Strong Authenticator

The end-user flows including the virtual authentication devices, Knowledge-Based Authentication and One-Time Password authentication are now contained in OAAM Server.

rule template

The concept has been removed from product

policy type

The concept has been removed from the product


Web Applications

Oracle Adaptive Access Manager's deployed applications in 11g are:

Architecture and Deployment Changes

Architecture and deployment changes are listed as follows: