What's New in Oracle Adaptive Access Manager 11.1.2?

This chapter introduces the new and changed administrative features of Oracle Adaptive Access Manager 11.1.2. It contains these topics:

New Features for Oracle Adaptive Access Manager 11.1.2.0

Oracle Adaptive Access Manager 11.1.2.0 includes many important features and enhancements that were not available with Oracle Adaptive Access Manager 10g. The following is a list of the new features and enhancements:

Areas Features and Enhancements
Enhanced mobile security Enhanced mobile security includes:

  • Better mobile browser UX

  • Mobile tuned security policies

  • REST services and SDK for mobile application developers

  • Hardened mobile device fingerprinting

  • Lost and stolen mobile device security
Transactional autolearning New transactional autolearning includes:

  • Customizable patterning

  • Transaction rule conditions
Investigation tools New investigation tools have been added to make investigations quicker and easier:

  • Improved case management

  • Utility panel quick search

  • Utility panel notes pane

  • Search transactions

  • Additional search filters for transaction and entity data, alert messages, geographic location, and IP addresses range

  • Transaction details

  • Compare transactions

  • Streamlined white/black listing

  • Multitenant access controls for customer service representative interface to allow protection of multiple application tenants with a single instance of OAAM

  • "Add to Group" feature in search sessions and details pages that enables entities to be added to groups easily
Entity enhancements Enhanced entities includes:

  • Linked entities

  • Entity CRUD operations

  • Targeted purging
Access monitoring toolkit The Access monitoring toolkit includes:

  • JMSQ interface

  • Database view generation

Feature Comparison Chart - Oracle Adaptive Access Manager 11.1.2.0 vs. Oracle Adaptive Access Manager 11.1.1.3.0

Features 10.1.4.5 11.1.1.3.0 11.1.2
Real-time and offline rules engine X X X
Virtual authentication devices X X X
Knowledge-based authentication X X X
Adaptive device identification* X X X
Base security policies (ongoing updates) X X X
Real-time dashboard (improved) X X X
Customer service module X X X
Real-time access to activity data X X X
Actions, alerts, and risk scoring X X X
Rule conditions X X X
Optimized log data management X X X
Enhanced caching of rules data object X X X
Expanded integration APIs X X X
Investigation agent workflow X    
Rules authoring user interface X X X
Transaction definition and mapping user interface X X X
Data entity definition and mapping user interface X X X
Behavior pattern configuration interface X X X
Configurable actions X X X
Server-generated one-time password X (Native only) X (All deployment types) X (All deployment types)
Customizable reporting BI Publisher (bundled) X X X
Tree-based navigation and policy browse   X X
Tabular multitasking user interface   X X
Customizable search screens   X X
Common audit framework   X X
Better mobile browser UX     X
Mobile tuned security policies     X
REST services and SDK for mobile application developers     X
Lost and stolen mobile device security     X
Customizable patterning     X
Transaction rule conditions     X
Improved case management     X
Utility panel quick search     X
Utility panel notes pane     X
Search transactions     X
Transaction details     X
Compare transactions     X
Streamlined white/black listing     X
Linked entities     X
Entity CRUD operations     X
Targeted purging     X
JMSQ interface     X
Database view generation     X
Integrated Oracle Identity Manager password management flows   X X
Oracle Installer and Repository Creation Utility   X X
Oracle Patch   X X
Oracle Adaptive Access Manager Offline User Interface X X X
Document Models X    
Globalization X X X

Integrations 10.1.4.5 11.1.1.3.0 11g (11.1.2)
Oracle Access Management Access Manager integration X X X
Oracle Identity Manager integration   X X
Juniper SSL VPN integration     X

Concepts and Terminology Changes for Oracle Adaptive Access Manager 11g

Customers migrating from Oracle Adaptive Access Manager 10g to 11g will notice a few key conceptual and terminology changes. These changes are intended to align terminology used across the Identity Management suite products and simplify administration. Full definitions of these and many other terms can be found in the glossary.

General Term Changes

10g Term 11g Term
runtime checkpoint

A checkpoint is a specified point in a session when Adaptive Access Manager collects and evaluates security data using the rules engine.
model policy

Policies contain security rules and configurations used to evaluate the level of risk at each checkpoint.
manual override trigger combination

Trigger combinations are additional results and policy evaluation that are generated if a specific sequence of rules trigger.
Application ID Organization ID

From the administration perspective, each application or primary user group is translated into an "Organization ID." The term, "Application ID" has been renamed as "Organization ID," which represents the primary user group of a particular user.

For the OAAM Server side, the term "Application ID" remains the same as before. When communicating with proxies, OAAM Server passes the Applications ID, which uniquely identifies an application.

Concept Changes

Concepts changes are listed in the following table.

10g Concept 11gR1 Concept
OAAM Adaptive Risk Manager The rules engine is now part of OAAM Server. The Administration Console is now a separate application named OAAM Admin.
OAAM Adaptive Strong Authenticator The end-user flows including the virtual authentication devices, Knowledge-Based Authentication and One-Time Password authentication are now contained in OAAM Server.
rule template The concept has been removed from product
policy type The concept has been removed from the product

Web Applications

Oracle Adaptive Access Manager's deployed applications in 11g are:

  • OAAM Server - Adaptive Risk Manager, Adaptive Strong Authenticator, Web services, LDAP integration and user Web application used in all deployment types except native integration

  • OAAM Admin - Administration Web application for all environment, Adaptive Strong Authenticator and Adaptive Risk Manager features

Architecture and Deployment Changes

Architecture and deployment changes are listed as follows:

  • Administration User Interface is now a separate Web application called OAAM Admin.

  • Adaptive Strong Authenticator is now deployed as part of the OAAM Server Web application.

  • OAAM Web applications are now packaged as .ear files. Exploding them is neither recommended nor supported.