This chapter provides an overview of the benefits and a list of scenarios of Oracle Access Manager with Oracle Identity Manager and Oracle Adaptive Access Manager.
Detailed conceptual and procedural information is provided in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service.
Integrating Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Manager provides these features:
Password entry protection through personalized virtual authentication devices
KBA challenge questions for secondary login authentication based on risk
OTP challenge for secondary login authentication based on risk
Registration flows to support password protection and KBA and OTP challenge functionality
User preferences flows to support password protection and KBA and OTP challenge functionality
Password management flows
Oracle Adaptive Access Manager
Oracle Adaptive Access Manager is responsible for:
Running fraud rules before and after authentication
Navigating the user through Oracle Adaptive Access Manager flows based on the outcome of fraud rules
Oracle Identity Manager is responsible for:
Provisioning users (add/modify, delete users)
Managing passwords (reset/change password)
Oracle Access Manager is responsible for:
Authenticating and authorizing users
Providing statuses such as Reset Password, Password Expired, User Locked, and others
In this integration, Oracle Access Manager redirects users to Oracle Adaptive Access Manager when a trigger condition for password management is in effect. The "trigger condition" is the authentication scheme used in Oracle Access Manager.
Oracle Adaptive Access Manager interacts with the user based on lifecycle policies retrieved from Oracle Access Manager, and when the condition is resolved, notifies Oracle Access Manager so that the user is redirected to the protected resource. In this integration, Oracle Identity Manager serves to provide password policy enforcement.
The Challenge Registration flow allows the user to register challenge questions and answers.
The user is successfully authenticated but is required to register challenge questions. He cannot skip the registration. The user is not authorized to access protected resources until the challenges questions have been registered.
Note:
When adding Oracle Adaptive Access Manager to existing Oracle Identity Manager deployments, you will need to forego all the existing questions and answers that are registered in Oracle Identity Manager. Instead, users are asked to register the challenge questions again in Oracle Adaptive Access Manager on the next login.The Forgot Password flow allows the user to reset the password after successfully answering all challenge questions.
A "Forgot Your Password" link is made available from the Oracle Adaptive Access Manager password page for the user.
The Reset Password flow allows the user to reset the password.
The user is successfully authenticated. The "Change your password" link is available to the user at the Oracle Adaptive Access Manager password page.
The Challenge Reset flow allows the user to reset challenge registration.
The user is successfully authenticated. The "Reset your challenge questions" link is available in the Oracle Adaptive Access Manager password page.