Skip Headers
Oracle® Access Manager Introduction
10g (

Part Number B25342-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

1 Introducing Oracle Access Manager

This chapter provides an overview of Oracle Access Manager 10g ( and includes the following topics:

1.1 About Oracle Access Manager

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic group management; and delegated administration.

Oracle Access Manager offers a DMZ-type three-tier architecture to provide a highly secure deployment with maximum protection of data and applications that includes the following:

1.2 Oracle Access Manager Feature Overview

Oracle Access Manager includes a Web-based interface that provides a single point of entry. The Web-based System Console enables administrators to assign and delegate administrative responsibilities and to manage the appearance and behavior of Access and Identity components and applications.

10g ( enables you to present static data such as error messages and display names for tabs, panels, and attributes to users in their native language. Unicode UTF-8 encoding enables data transmission and storage in a universal format, as described in Chapter 4, "About Globalization and Multibyte Support". English is the default language and is always installed.

Oracle Access Manager Identity System—Provides delegated administration, user self-service, and real-time change management. For example, you can create, manage, and delete groups in the directory server. You can define a subscription policy for a group, including self-service with no approval needed, subscription with approvals, rule-based subscription, and no subscription allowed.

Administrators can build password management and other functions on top of the Oracle Access Manager identity management system. You can integrate other applications with the primary Identity System components using a single identity management system so that access cards, computer accounts, and payroll functions can all be modified from one identity change function when an employee leaves an organization. Customization and XML-based integration features are included.

End users can search for and view other users and groups, depending on the rights granted to them by an administrator; modify personal information such as phone numbers and passwords; and display organizational information such as floor plans and asset lists.

For details about Identity System components, applications, features, and functions, see Chapter 2, "About the Identity System".

Oracle Access Manager Access System—Stores information about configuration settings and security policies that control access to resources in a directory server that uses Oracle Access Manager-specific object classes. You can use the same directory to store the Access System configuration settings, access policy data, and user data, or you can store this data on separate directory servers.

Administrators can use the Access System to protect Web resources and enterprise resources such as J2EE applications, servlets, Enterprise Java Beans (EJBs), and legacy systems. The Access System also supports both Web (HTTP) and similar types of data in non-Web (non-HTTP) resources. Using the Access System for security administration enforces your company's access security policies for Web applications and content; provides common security measures across multiple Web servers and applications; combines centralized policy creation with decentralized management and enforcement; and enables granular control over security across heterogeneous applications and systems.

For more information about Access System components, features, and functions, see Chapter 3, "About the Access System"

Oracle Access Manager Integration Services—Oracle Access Manager integrations exist across multiple operating systems and third-party products to support the heterogeneous nature of most large-enterprise IT environments. The following is only a short list of the integration options Oracle offers:

For more information, see the Oracle Access Manager Integration Guide.

In addition, you may also perform the following integrations:

1.3 Examples of Oracle Access Manager Use

Oracle Access Manager enables you to change from a perimeter defense model in which you unilaterally block outside access to your resources to a security model based on business rules. You can securely provide business systems and data to employees, customers, and suppliers.

Automated bank tellers (ATMs) provide a useful analogy for the Oracle Access Manager solution. At one time, people had to conduct bank transactions in person. With the advent of ATM technology, banks could move to a self-service model for most transactions. Similarly, Oracle Access Manager enables you to move away from a centralized administration model to a distributed model where you provide data and applications securely over the Internet.

Oracle Access Manager helps your enterprise facilitate delivery of corporate functions to extended groups of employees, customers, partners, and suppliers; maintain a high level of security across applications; enable users and business partners to access the information they need.

For example, suppose that your internal users, your suppliers, and your customers require access to unique data sets. In addition, suppose that you also have common data that everyone should see. Using Oracle Access Manager, your identity-based policies can provide the right levels of access to each group while ensuring that everyone can securely access only the data that they need and that they have the right to access.

Using Oracle Access Manager, it is possible to manage a corporate portal that is open to external business partners. For instance, for a portal that allows customers to order manufacturing materials and equipment, all applications exposed through the portal are protected with one platform (Oracle Access Manager) which grants access rights. Administration of the access policies protecting these resources can be delegated throughout the corporation so that business units, rather than the IT department, make decisions about the customers, suppliers, and partners who are to be given access rights. This is possible even for companies with billions of dollars of revenue and tens of thousands of employees.

Using Oracle Access Manager, it is also possible to grant different types of privileges to different classes of users. For instance, a health-care organization can manage its data so that different groups can view different kinds of data, as follows:

An organization can use Oracle Access Manager to aggregate application accounts. For example, financial institutions can configure self-service portals to allow their customers to access different accounts from a single login, including online banking, mortgage information, and insurance.

1.4 About Installation

The Oracle Access Manager applications that access sensitive data reside within the firewall. The directory server is isolated so it is not exposed. The only server outside the firewall (or in the DMZ) is a Web server with a WebGate or WebPass installed.

The installation and setup sequence is outlined next and described in detail the Oracle Access Manager Installation Guide.

Task overview: Installing Oracle Access Manager

  1. Prepare the host machine

  2. Install the Identity Server and update the schema with Oracle Access Manager configuration data

  3. Install a WebPass

  4. Set up the Identity System

  5. Install the Policy Manager and policy data, then set up the Policy Manager

  6. Install the Access Server

  7. Install the WebGate

Non-Production/Test Environments—Oracle Access Manager components may be installed on a single machine. In this case, the machine must be hosting a Web server when you perform installation and setup tasks. Do not install the WebPass in the same directory as the Identity Server. Do install the Policy Manager at the same directory level as a WebPass.

Production Environments—In a production environment, Oracle Access Manager components are usually installed on different machines in your network. For example, a simple deployment may include:

See also the Oracle Access Manager Installation Guide and Oracle Access Manager Deployment Guide.

1.4.1 Installation Directories for Language-Specific Files

All Oracle Access Manager installations include a directory named \lang, which contains a named subdirectory for each installed language. For example, \lang\en-us contains English-language-specific subdirectories and files and is provided with each installation automatically. When you install a Language Pack (for French or Arabic, for instance), additional language-specific directories are included. For example:

IdentityServer_install_dir\identity\oblix\lang\en-us IdentityServer_install_dir\identity\oblix\lang\fr-fr IdentityServer_install_dir\identity\oblix\lang\ar-ar

Your installation will be English only unless one or more Oracle-provided Language Packs are installed. For more information about directories, see Chapter 4, "About Globalization and Multibyte Support".

1.5 Looking Ahead

Other chapters in this guide provide a more in depth look at Oracle Access Manager components, applications, functions, features, manuals, and terminology: