1 Introduction to Identity Management

Oracle Identity and Access Management is a product set that enables organizations to manage the end-to-end life cycle of user identities and to secure access to enterprise resources and assets. Oracle has developed products with identity and access management features that provide directory synchronization, secure directory administration, and a Web single sign-on service. Oracle enhanced the product set further through strategic acquisitions and investments in areas such as identity federation, Web access management, delegated identity administration, user identity provisioning, and virtual directory management.

1.1 Oracle Identity and Access Management Products

The Oracle Identity and Access Management product set consists of products that can be divided into the following categories:

Identity Management
Directory Services
Access Management

1.1.1 Identity Management

Identity management enables enterprises to manage the entire life cycle of user identities across all enterprise resources both within and beyond a firewall. An enterprise identity management solution can provide a mechanism for implementing the user management aspects of a corporate policy. It can also be a means to audit users and their access privileges. The identity management category consists of the following products:

Oracle Identity Manager: Automates user identity provisioning and deprovisioning and enables organizations to manage the entire life cycle of user identities across all resources in the organization.
Oracle Delegated Administration Services: Provides trusted proxy-based administration of directory information to users and application administrators.

The subsequent chapters of this guide will focus on Oracle Identity Manager and its various aspects.

1.1.2 Directory Services

Directory services, which are based on the Lightweight Directory Access Protocol (LDAP), are central to an identity and access management strategy. Oracle provides a scalable directory and integration technology that meets the requirements of general enterprise deployment, and is also leveraged by other Oracle products in the product set. The directory services category consists of the following products and product components:

Oracle Internet Directory: A scalable, robust, LDAP v3-compliant directory service that leverages the scalability, availability, and the security features of Oracle database.
Oracle Virtual Directory: Single and dynamic access point to existing user identity information. This directory service uses the LDAP or the XML protocols.
Oracle Directory Integration Platform: A component of Oracle Internet Directory designed to perform directory synchronization and application integration across various directories and compatible Oracle products.

1.1.3 Access Management

Access management is a means to control user access to enterprise resources. Access management products provide centralized and efficient user management for heterogeneous application environments as well as out-of-the-box integration with Oracle products such as Oracle Portal, Oracle Collaboration Suite, and Oracle E-Business Suite. The access management category consists of the following products:

Oracle Access Manager: Provides Web-based identity administration and access control to Web applications and resources running in heterogeneous environments.
Oracle Identity Federation: Enables organizations to securely link their business partners into a corporate portal or extranet to increase their compliance with privacy and security regulations.
Oracle Application Server Single Sign-On: Provides single sign-on access to Oracle and third-party Web applications.
Oracle Enterprise Single Sign-On Suite: Provides single sign-on for all applications and resources in an enterprise, without modification to the applications.