| Oracle® Identity Manager Design Console Guide Release 9.1.0.1 Part Number E14061-01 |
|
|
View PDF |
| Oracle® Identity Manager Design Console Guide Release 9.1.0.1 Part Number E14061-01 |
|
|
View PDF |
This chapter describes the architecture, benefits, and key features of Oracle Identity Manager. It contains the following sections:
The Oracle Identity Manager platform automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connects users to resources and revokes and restricts unauthorized access to protect sensitive corporate information.
The architecture of Oracle Identity Manager is designed for rapid integration with your business enterprise. It provides the following features:
Scalable architecture: The J2EE application server model of Oracle Identity Manager provides scalability, fail over, and load-balancing, and inherent Web deployment. It is based on an open, standards-based technology and has a three-tier architecture (the client application, an Oracle Identity Manager supported J2EE-compliant Application Server, and an ANSI SQL-compliant database). Oracle Identity Manager can provision LDAP-enabled and non-LDAP-enabled applications.
Extensive user management: Oracle Identity Manager enables you to define unlimited user-organizational hierarchies and user groups. It supports inheritance, customizable user ID policy management, password policy management, and user access policies that reflect customers' changing business needs. It enables administrators to manage application parameters and entitlements, to view a history of resource allocations, and it provides delegated administration with comprehensive permission settings for user management.
Web-based user self-service: Oracle Identity Manager contains a customizable Web-based, user self-service portal. This portal enables management of user information, changing and synchronizing passwords, resetting forgotten passwords, requesting available applications, reviewing and editing available entitlements, and initiating or reacting to workflow tasks.
Powerful and flexible process engine: With Oracle Identity Manager, you can create business and provisioning process models in easy-to-use applications, for example, Microsoft Project and Microsoft Visio. Process models include support for approval workflows and escalations. You can track the progress of each provisioning event, including the current status of the event and error code support. Oracle Identity Manager supports complex, branching and self-healing processes, and nested processes with data interchange and dependencies. The process flow is fully customizable and does not require programming.
Comprehensive reporting for audit-trail accounting: Oracle Identity Manager provides real-time reporting and up-to-the-minute status reports for all processes with full state information. The complete online analytical processing (OLAP) capability of Oracle Identity Manager supports the most complex reports, analysis, and dynamic queries.
Integration by using the Adapter Factory: Attempting to support all systems with hand-coded adapters is impractical. Oracle developed an automated tool for adapter generation. This tool, the Adapter Factory, supports a wide range of interfaces and virtually any application or device. These adapters run on the Oracle Identity Manager server, and do not require agents to be installed or updated on target platforms. In situations where the target application resource does not have a network-enabled interface, you can create remote integration by using UDDI/SOAP-based support. With the Adapter Factory, integrations that take months to implement can now be accomplished in a few days. Numerous adapters can be generated instantly. With the Adapter Factory, you can keep existing integrations updated, and you can support new integration needs quickly. Oracle Identity Manager has the ability to run programs on external third-party systems by using the remote managers.
Built-in change management: Oracle Identity Manager enables you to package new processes, import and export existing ones, and move packages from one system to another.
The Oracle Identity Manager architecture consists of three tiers, as shown in Figure 1-1.
Figure 1-1 Oracle Identity Manager Three-Tier Architecture
The first tier provides two interfaces, the Design Console (which is discussed in this guide) and the Administrative and User Console. Users log in to Oracle Identity Manager through the Administrative and User Console, which provides the Oracle Identity Manager server with the user's login credentials. With the Administrative and User Console, users search for, edit, and delete information in the Oracle Identity Manager database.
Note:
This guide describes the Oracle Identity Manager Design Console. For information about the Oracle Identity Manager Administrative and User Console, see Oracle Identity Manager Administrative and User Console Guide.The second tier implements the business logic in Java Data Objects. These objects are managed by the supported J2EE application server such as JBoss Application Server, Oracle WebLogic Server, IBM WebSphere Application Server, and Oracle Containers for J2EE. The Java Data Objects implement the business logic of the Oracle Identity Manager application, however, they are not exposed to any methods from other applications. To access the business functionality of Oracle Identity Manager, you can use the application programming interface (API) layer in the J2EE infrastructure, which provides the lookup and communication mechanism.
The J2EE-compliant application server that is supported by Oracle Identity Manager is the only component that interacts with the database. It is responsible for the following functions:
Logging in to Oracle Identity Manager: The application server connects the Oracle Identity Manager client to the database.
Handling client requests: The application server processes requests from the Oracle Identity Manager client and sends information from the requests to the database. The server also delivers responses from the database to the client.
Scalability (connection pooling or sharing): The application server supports single application or multiple application usage in a manner that is transparent to Oracle Identity Manager clients. Connection pooling improves database connectivity performance and dynamically resizes the connection pool by optimizing resources for usage scalability.
Securing system-level data (metadata): Oracle Identity Manager prevents unauthorized access by users who might accidentally delete or modify system-level information (system metadata). If an unauthorized user attempts to add, modify, or delete system-level information, the following message is displayed:
"The security level for this data item indicates that it cannot be deleted or updated."
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
