This chapter describes the purpose of Oracle Waveset and highlights the application's major features.
The chapter includes the following topics:
Oracle® Waveset makes it possible to automate the process of creating, updating, and deleting user accounts across multiple IT systems. Collectively, this process is known as provisioning (that is, creating and updating user accounts) and deprovisioning (deleting user accounts).
For example, when an employee joins a company, Waveset runs a workflow that retrieves the necessary approvals to grant the employee access. When these approvals are obtained, Waveset creates accounts for the employee in the company's human resources system (PeopleSoft), email system (Microsoft Exchange), and enterprise application (SAP). If the employee changes roles in the company, Waveset updates the user account and extends access to the necessary resources required in that new role. And when the employee leaves the company, Waveset automatically removes the user's accounts to prevent further access.
Waveset can also enforce audit policies on an ongoing basis. An audit policy specifies what types of access a user may or may not have. For example, in the United States it is a violation of Sarbanes-Oxley (SOX) for the same user to have access to both Accounts Payable and Accounts Receivable systems. This is known as a separation of duties violation. Waveset can conduct audit scanning to check for a variety of these types of violations and, depending on configuration, automatically remove access or send a notification to an administrator when a violation is detected. This process is known as remediation.
In Waveset, managed applications and other IT systems are called resources. Waveset uses either adapters or connectors to interface with resources.
Adapters and connectors are installed on the Waveset server. (Waveset does not require special software (called agents) to be installed on target resources.) Dozens of Waveset adapters and connectors are available, and new ones can be created to communicate with almost any resource using standard protocols or known application programming interfaces (APIs). Waveset ships with various adapters and connectors to communicate with many of the most common resources. In addition, templates and skeleton code is available to assist programmers in creating additional adapters and connectors.
Some resources cannot be communicated with directly and require the use of the Waveset Gateway. Examples of resources that require the Gateway include Microsoft products, such as Exchange and Windows Active Directory, Novell products, such as eDirectory (formerly Netware Directory Services), and several others. In such cases, Waveset communicates directly with the Gateway and the Gateway interfaces with the resource.
For a list of resources that Waveset supports, see Supported Resources in Oracle Waveset 8.1.1 Release Notes.
Waveset has a user interface (UI) for administrators, and a separate interface for end users. To use Waveset, administrators and end users use a web browser to log on to Waveset.
Administrators use the administrator interface to manage users, set up and assign resources, define rights and access levels, establish audit policies, manage compliance, and perform other business administrator and system administrator functions.
End users use the end-user interface to perform a range of self-service tasks, such as changing passwords, setting answers to authentication questions, requesting access to IT systems, and managing delegated assignments.
Companies can also use SPML (Service Provisioning Markup Language) to either create their own user interface, or integrate an existing front-end system with Waveset.
Other Waveset interfaces include the following:
The IVR (Interactive Voice Response) telephone interface, which enables end users to perform Waveset functions using a telephone
The Waveset IDE (Integrated Development Environment), which is used by software developers to customize Waveset
The Waveset console, which is a command-line interface available to administrators
Waveset Service Provider is a highly scalable, extranet-focused identity management feature that is capable of provisioning and maintaining millions of end user accounts that are stored on an LDAP directory server. The Service Provider feature can also manage thousands of administrator accounts and synchronize LDAP account data with other resources.
The Service Provider feature uses a subset of the features and functionality available in Waveset. For a detailed accounting of the differences between standard Waveset and the Service Provider feature, see Service Provider Features in Oracle Waveset Service Provider 8.1.1 Deployment.
Once available as a separate add-on product, Service Provider is now part of Waveset. Taking advantage of Service Provider functionality, however, requires special planning.
For information on how the Waveset Service Provider system architecture, see Understanding Waveset Service Provider System Architecture.
For information on planning a highly-available Waveset Service Provider architecture, see Understanding the Recommended Service Provider HA Architecture.
For information on deploying Waveset to take advantage of the Service Provider feature, see Oracle Waveset Service Provider 8.1.1 Deployment.