| Oracle® Identity Manager Design Console Guide Release 9.0 B25940-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Design Console Guide Release 9.0 B25940-01 |
|
Previous |
Next |
This chapter describes the architecture, benefits, and key features of Oracle Identity Manager. It contains the following topics:
The Oracle Identity Manager platform automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager instantly connects users to resources they need to be productive and revokes and restricts unauthorized access to protect sensitive corporate information.
The architecture of Oracle Identity Manager is designed for rapid integration within your business enterprise. It provides the following features:
Scalable Architecture: The J2EE application server model of Oracle Identity Manager provides scalability, fail-over, and load-balancing, and inherent Web deployment. Based on an open, standards-based technology, and featuring a three-tier architecture (the Client application, Oracle Identity Manager supported J2EE-compliant Application Server and ANSI SQL-compliant database), Oracle Identity Manager can provision both LDAP and non-LDAP enabled applications.
Extensive User Management: Oracle Identity Manager includes unlimited user organizational hierarchies and user groups with inheritance, customizable User ID policy management, password policy management, and user access policies that reflect customers' changing business needs. Oracle Identity Manager also provides a resource allocation history, and the ability to manage application parameters and entitlements. Delegated administration is also a key element of user management with comprehensive permission settings.
Web-based User Self-Service: Oracle Identity Manager contains a customizable Web-based user self-service portal with the ability to manage user information, change and synchronize passwords, reset forgotten passwords, request available applications, review and edit available entitlements, and effect or react to workflow tasks.
Powerful and Flexible Process Engine: With Oracle Identity Manager, you can create business and provisioning process models in easy-to-use applications, such as Microsoft Project and Microsoft Visio. Process models include support for approval workflows and escalations. You can track the progress of each provisioning event, including the current status of the event and error code support. Oracle Identity Manager provides support for complex, branching, self-healing processes, and nested processes with data interchange and dependencies. The process flow is fully customizable and does not require programming.
Comprehensive Reporting for Audit-Trail Accounting: Oracle Identity Manager provides real-time reporting, and up-to-the-minute status reports on all processes with full-state information. In addition, the complete OLAP capability of Oracle Identity Manager supports even the most complex reports, analysis, and dynamic queries.
Integration Using the Adapter Factory™: Attempting to support all systems with hand-coded adapters is impractical. Thus, Oracle has developed an automated tool for adapter generation. This tool, the Adapter Factory, supports a wide range of interfaces and virtually any application or device. These adapters run on the Oracle Identity Manager server, and do not require agents to be installed or updated on target platforms. In situations where the target application resource does not have a network-enabled interface, you can create remote integration by using UDDI/SOAP-based support. With the Adapter Factory, integrations that take months to implement can now be accomplished in a few days. Numerous adapters can be generated instantly. With the Adapter Factory, not only can you keep existing integrations updated, you can also support new integration needs quickly. Oracle Identity Manager has the ability to run programs on external third-party systems using the remote managers.
Built-in Change Management: Oracle Identity Manager enables you to package new processes, import and export existing ones, and move packages from one system to another.
The Oracle Identity Manager architecture consists of three tiers, as shown in Figure 1-1.
Figure 1-1 Oracle Identity Manager Three-Tier Architecture
The first tier provides two distinct interfaces, the Java Administrative and User Console applications.
|
Note: This guide contains information related solely to the behavior of the Design Console edition of the Oracle Identity Manager product. For information on the functions and usage of the Oracle Identity Manager Administrative and User Console, refer to the Oracle Identity Manager Administrative and User Console Guide. |
The Oracle Identity Manager application GUI component reside in this tier. Users login by using the Oracle Identity Manager client. By doing so, the Oracle Identity Manager client interacts with the Oracle Identity Manager server, providing it with the user's login credentials. The Oracle Identity Manager server then validates these credentials. In addition, through the Oracle Identity Manager client, you can submit requests to search for information in the database as well as save, edit, or delete that information.
The second tier implements the business logic, which resides in the Java Data Objects that are managed by the supported J2EE application server (JBoss application server, BEA WebLogic, and IBM WebSphere). The Java Data Objects implement the business logic of the Oracle Identity Manager application, however, they are not exposed to any methods from the outside world. Therefore, to access the business functionality of Oracle Identity Manager , you can use the API layer within the J2EE infrastructure, which provides the lookup and communication mechanism.
The Oracle Identity Manager supported J2EE-compliant application server is the only component that interacts with the database and is responsible for:
Logging into Oracle Identity Manager: The Oracle Identity Manager supported J2EE-compliant application server connects the Oracle Identity Manager client to the database.
Handling Client Requests: The Oracle Identity Manager supported J2EE-compliant application server processes requests from the Oracle Identity Manager client. It then sends the appropriate information from these requests to the database. The Server also delivers responses from the database to the client.
Scalability (Connection Pooling/Sharing): The Oracle Identity Manager supported J2EE-compliant Application Server supports single- or multi-application usage in a manner that is transparent to Oracle Identity Manager clients. Connection pooling improves database connectivity performance and dynamically resizes the connection pool by optimizing resources for usage scalability.
Securing System-Level Data (Metadata): Oracle Identity Manager employs row-level security to prevent unauthorized access by users who might otherwise accidentally delete or modify system-level information (system metadata).
|
Note: If an unauthorized user attempts to add, modify, or delete system-level information, the following message is displayed:"The security level for this data item indicates that it cannot be deleted or updated." |
