Oracle Access Management provides an enterprise-level security platform, which comprises Oracle Access Manager and many incorporated services including (but not limited to) Identity Federation and Identity Context
The following topics provide a high-level overview of the Oracle Access Management architecture and services:
Oracle Access Management is a Java, Enterprise Edition (Java EE)-based enterprise-level security application that provides a full range of Web-perimeter security functions and Web single sign-on services including identity context, authentication and authorization; policy administration; testing; logging; auditing; and more.
It leverages shared platform services including session management, Identity Context, risk analytics, and auditing, and provides restricted access to confidential information. Many existing access technologies in the Oracle Identity Management stack converge in the Oracle Access Management stack as illustrated in Figure 1-1.
Figure 1-1 Oracle Access Management Overview
Description of «Figure 1-1 Oracle Access Management Overview»
Oracle Access Management includes these services.
Oracle Access Management Access Manager ( Access Manager ) is described in «Understanding Oracle Access Management Access Manager» and the following parts of this guide.
Oracle Access Management Identity Federation ( Identity Federation ) provides cross-domain single sign-on support using open federation protocol standards such as SAML and OpenID. This Identity Federation service includes a streamlined user interface and administration experience. For more information, see the chapters listed in Managing Oracle Access Management Identity Federation
The Adaptive Authentication Service is a One Time Password Authenticator that provides multifactor authentication in addition to the standard user name and password type authentication. It provides a framework for adding a custom second factor authentication processor that accepts a PIN from a user. For more information, see the chapters listed in Managing the Adaptive Authentication Service and Oracle Mobile Authenticator
WebGates are agents provided for various Web servers by Oracle as part of the product. Custom access clients, created using the Access Manager SDK, can be used with non-Web applications. Unless explicitly stated, information in this book applies equally to both.
Authentication Basics in Securing Applications with Oracle Platform Security Services
1.2.1 About Components in Access Manager
Access Manager sits on an instance of Oracle WebLogic Server and is part of the Oracle Fusion Middleware Access Management architecture.
Figure 1-2 illustrates the primary Access Manager components and services. The Protocol Compatibility Framework interfaces with OAM WebGates, and custom Access Clients created using the Access Manager Software Developer Kit (SDK).
This section does not illustrate or discuss all Access Manager components.
Figure 1-2 Access Manager Components and Services
Description of «Figure 1-2 Access Manager Components and Services»
Figure 1-3 illustrates the distribution of Access Manager components.
Figure 1-3 Access Manager Component Distribution
Description of «Figure 1-3 Access Manager Component Distribution»
The Oracle Access Management Console resides on the Oracle WebLogic Administration Server (referred to as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. Information shared between the two includes:
Agent and server configuration data
Access Manager policies
Session data (shared among all OAM Servers)
Policy Manager Console can optionally be deployed on the WebLogic Managed Servers. See Oracle Access Management Console and the Policy Manager Console for details.
1.2.2 Understanding Access Manager Deployments
Your enterprise may have more than one Oracle Access Manager deployments. Irrespective of the deployment size, the configuration wizard installs various components in a newly created WebLogic Server domain.
Table 1-1 describes the types of deployments in which Access Manager might be installed by your enterprise.
Table 1-1 Access Manager Deployment Types
Deployment Type
Description
Typically a smaller shared deployment used for testing
Typically a shared deployment used for testing with a wider audience
Fully shared and available within the enterprise on a daily basis
During initial installation and configuration of Access Manager in your deployment, you create a new WebLogic Server domain (or extend an existing domain). Regardless of the deployment size or type, in a new WebLogic Server domain, the following components are installed using the Oracle Fusion Middleware Configuration Wizard.
WebLogic Administration Server
In an existing WebLogic Server domain, the WebLogic Administration Server is already installed and operational.
Oracle Access Management Console deployed on the WebLogic Administration Server
A WebLogic Managed Server for Oracle Access Management services
Application deployed on the Managed Server
Understanding Oracle WebLogic Server Domains in Understanding Domain Configuration for Oracle WebLogic Server
Once the domain is configured, additional details are defined for OAM Servers, Database Schemas, (optional) WebLogic Managed Servers and clusters, and the following store types:
Policy Store : The default policy store is file-based for development and demonstration purposes, and is not supported in production environments. All policy operations and configurations are performed directly on the database configured as the policy store in production environments.
Identity Store : The default Embedded LDAP data store is set as the primary user identity store for Access Manager.
Keystore : A Java keystore is configured for certificates for Simple or Certificate-based communication between OAM Servers and WebGates during authorization. The keystore bootstrap also occurs on the initial AdminServer startup after running the Configuration Wizard.
1.3 System Requirements and Certification
Refer to the system requirements and certification documentation on Oracle Technology Network (OTN) for information about hardware and software requirements, platforms, databases, and other information.
The system requirements document covers information such as hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches:
The certification document covers supported installation types, platforms, operating systems, databases, JDKs, and third-party products:
Using the Oracle Fusion Middleware Configuration Wizard deploy components for a new domain and perform post-installation tasks.
The following sections contain information and links regarding Access Manager installation and post-installation tasks.
1.4.1 About Oracle Access Management Installation
The Oracle Fusion Middleware Supported System Configurations document provides certification information on supported installation types, platforms, operating systems, databases, JDKs, and third-party products related to Oracle Identity Management.
You can access the Oracle Fusion Middleware Supported System Configurations document by searching the Oracle Technology Network (OTN) Web site using the document name, or click the link below.
Using the Oracle Fusion Middleware Configuration Wizard, the following components are deployed for a new domain:
WebLogic Administration Server
Oracle Access Management Console deployed on the WebLogic Administration Server (sometimes referred to as the OAM Administration Server, or simply AdminServer)
A Managed Server for Oracle Access Management
An application deployed on the Managed Server
See About the Oracle Identity and Access Management Installation in Installing and Configuring Oracle Identity and Access Management for details on installation.
1.4.2 About Oracle Access Management Post-Installation Tasks
Access Management delivers risk-aware, end-to-end multifactor authentication (MFA) and single sign-on (SSO) that seamlessly integrate identities and systems across cloud and on-premises. Enhanced with microservices and available to deploy as an image in Oracle Cloud Infrastructure or in on-premises data centers, organizations gain flexibility to control access for existing enterprise platforms and support their migration to cloud. Organizations can ensure these policies follow the user regardless of the device and location to secure access to data anywhere, anytime, from any device.
Modernizing Identity and Access Management with Oracle (1:33)
See Oracle Access Management in action with a quick, self-guided tour.
Download the latest version of Oracle Access Management 12c.
Transition from Oracle Identity and Access Management (IAM) 11g to 12c.
Strengthen security and risk posture and gain the full potential of identity management across on-premises, cloud, or hybrid models. Accelerate and streamline the upgrade to IAM 12c with a top-down approach using the Oracle IAM Upgrade Factory.
Access Management features
Simplified access policies that follow the user
Deliver seamless user enterprise access control across cloud and on-premises from any device. Single sign-on (SSO) simplifies access to minimize the requirements for the user, while enabling consistent access security.
Решения Oracle Identity and Access Management обеспечивают безопасный доступ к корпоративным приложениям как для облачных, так и для локальных развертываний.
Узнайте, почему KuppingerCole признает Oracle лидером в сфере управления доступом и аналитики.
Читайте, как Oracle удовлетворяет меняющиеся потребности предприятий в сфере управления идентификационными данными.
Безопасное управление доступом к корпоративным нагрузкам.
Гибкая защита нагрузок
Решения Oracle Identity and Access Management предлагают варианты развертывания для защиты облачных и локальных нагрузок. Заказчики могут выбирать решение по управлению идентификационными данными, соответствующее их потребностям, с использованием облачной модели identity as a service (IDaaS), развертыванием ПО в корпоративном ЦОД или интегрированный идентификационный сервис для управления доступом к облачной инфраструктуре.
Интегрированное, высокомасштабируемое управление идентификационными данными
Решения по управлению идентификационными данными Oracle масштабируются на миллионы пользователей и интегрируются с инфраструктурой Oracle Cloud и приложениями, чтобы помочь компаниям обеспечить соответствие нормативным правилам и снизить операционные расходы.
Мощные и гибкие возможности для управления идентификационными данными
Решение Oracle Enterprise Identity Management отличается широкими возможностями настройки и может быть развернуто как для программной работы локально, так и в качестве экземпляра Oracle Cloud Infrastructure. Оно обеспечивает безопасный доступ для сотрудников, поставщиков, партнеров и заказчиков, помогая компаниям развертывать нагрузки на инфраструктуре выбранного ими провайдера и предоставляя при этом все режимы доступа.
Встроенные возможности управления доступом и идентификационными данными
Сервис Oracle Cloud Infrastructure имеет встроенные возможности управления доступом и идентификационными данными, которые дают компаниям средства контролировать доступ к облачным ресурсам с помощью простых для определения политик и правил.
Оставьте Ваши отзывы.
Оставьте Ваш отзыв! Поддержите ИТ-руководителей, поделившись отзывами о решениях Oracle Identity and Access Management. Ваш отзыв важен для будущего Oracle IAM. Просим Вас уделить 15 минут Вашего времени, чтобы пройти опрос Gartner Peer Insights и оставить анонимный отзыв.
Oracle — сильный партнер, оказывающий поддержку своим заказчикам. Решение Oracle IDCS предлагает надежную, масштабируемую и высокопроизводительную платформу IAM.
Руководитель программы, розничная торговля
Обзоры сравнительного анализа Gartner представляют собой субъективные мнения отдельных конечных пользователей, основанные на их собственном опыте, и не отражают взглядов компании Gartner и ее филиалов.
Продукты Identity and Access Management (IAM)
Удобные в использовании готовые средства для безопасного управления идентификационными данными
Oracle Identity Cloud Service предлагает функции облачного управления безопасностью и идентификационными данными нового поколения и является неотъемлемой частью корпоративной системы безопасности компании. Сервис также обеспечивает возможности управления доступом и безопасностью приложений.
Преимущество
Управление доступом к облачной инфраструктуре
Сервис Oracle Cloud Infrastructure Identity and Access Management является интегрированным решением по управлению учетными данными, которое дает компаниям возможность контролировать, кто имеет доступ к облачным ресурсам, какой это тип доступа и к каким конкретно ресурсам. Компании могут управлять большими организационными структурами и использовать большое количество правил на основе логических групп пользователей и ресурсов, а также легко определяемых политик.
Преимущества
Функции комплексного управления доступом для приложений, данных и веб-сайтов
Oracle Access Management полностью интегрирует Ваши идентификационные данные и системы, обеспечивая безопасный доступ из любого места, в любое время и любым способом. Это достигается за счет выполнения комплексной аутентификации пользователей с учетом рисков, а также реализации механизма однократной регистрации (SSO).
Управление и контроль доступа к информации (Oracle Identity & Access Management)
Обратная связь
Веб-форма не найдена.
Identity & Access Management — комплекс решений по управлению идентификационными данными и контролю доступа пользователей к различным информационным ресурсам.
Почему это актуально?
Накопление большого количества критичных данных
Рост количества прикладных систем
Ужесточение законодательства в области работы с данными
Компания «ФОРС – Центр разработки» имеет подтвержденную специализацию в области информационной безопасности — Oracle Identity Administration and Analytics 11g.
Решения корпорации Oracle (Oracle Identity & Access Management Solutions)
Программное обеспечение Oracle Identity & Access Management позволяет решать следующие задачи, связанные с управлением доступом:
В состав решений по управлению идентификационными данными и доступом от компании Oracle входят следующие основные программные продукты:
Oracle Identity Manager (OIM) — решение по централизованному управлению учетными записями и правами доступа пользователей в гетерогенной среде.
Решаемые задачи и особенности:
Oracle Access Manager (OAM) — решение по обеспечению однократной аутентификации и контролю доступа к Web-ресурсам.
Решаемые задачи и особенности:
Oracle Enterprise Single Sign-on (OESSO) — решению по обеспечению однократной аутентификации в распределенных гетерогенных информационных системах.
Решаемые задачи и особенности:
Oracle Identity Analytics (OIA) — решение по обеспечению ролевого управления учеными записями и правами доступа пользователей в гетерогенной среде.
Oracle Access Management provides an enterprise-level security platform, which comprises Oracle Access Manager and many incorporated services including (but not limited to) Identity Federation and Identity Context
The following topics provide a high-level overview of the Oracle Access Management architecture and services:
Oracle Access Management is a Java, Enterprise Edition (Java EE)-based enterprise-level security application that provides a full range of Web-perimeter security functions and Web single sign-on services including identity context, authentication and authorization; policy administration; testing; logging; auditing; and more.
It leverages shared platform services including session management, Identity Context, risk analytics, and auditing, and provides restricted access to confidential information. Many existing access technologies in the Oracle Identity Management stack converge in the Oracle Access Management stack as illustrated in Figure 1-1.
Figure 1-1 Oracle Access Management Overview
Description of «Figure 1-1 Oracle Access Management Overview»
Oracle Access Management includes these services.
Oracle Access Management Access Manager ( Access Manager ) is described in «Understanding Oracle Access Management Access Manager» and the following parts of this guide.
Oracle Access Management Identity Federation ( Identity Federation ) provides cross-domain single sign-on support using open federation protocol standards such as SAML and OpenID. This Identity Federation service includes a streamlined user interface and administration experience. For more information, see the chapters listed in Managing Oracle Access Management Identity Federation
The Adaptive Authentication Service is a One Time Password Authenticator that provides multifactor authentication in addition to the standard user name and password type authentication. It provides a framework for adding a custom second factor authentication processor that accepts a PIN from a user. For more information, see the chapters listed in Managing the Adaptive Authentication Service and Oracle Mobile Authenticator
WebGates are agents provided for various Web servers by Oracle as part of the product. Custom access clients, created using the Access Manager SDK, can be used with non-Web applications. Unless explicitly stated, information in this book applies equally to both.
Authentication Basics in Securing Applications with Oracle Platform Security Services
1.2.1 About Components in Access Manager
Access Manager sits on an instance of Oracle WebLogic Server and is part of the Oracle Fusion Middleware Access Management architecture.
Figure 1-2 illustrates the primary Access Manager components and services. The Protocol Compatibility Framework interfaces with OAM WebGates, and custom Access Clients created using the Access Manager Software Developer Kit (SDK).
This section does not illustrate or discuss all Access Manager components.
Figure 1-2 Access Manager Components and Services
Description of «Figure 1-2 Access Manager Components and Services»
Figure 1-3 illustrates the distribution of Access Manager components.
Figure 1-3 Access Manager Component Distribution
Description of «Figure 1-3 Access Manager Component Distribution»
The Oracle Access Management Console resides on the Oracle WebLogic Administration Server (referred to as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. Information shared between the two includes:
Agent and server configuration data
Access Manager policies
Session data (shared among all OAM Servers)
Policy Manager Console can optionally be deployed on the WebLogic Managed Servers. See Oracle Access Management Console and the Policy Manager Console for details.
1.2.2 Understanding Access Manager Deployments
Your enterprise may have more than one Oracle Access Manager deployments. Irrespective of the deployment size, the configuration wizard installs various components in a newly created WebLogic Server domain.
Table 1-1 describes the types of deployments in which Access Manager might be installed by your enterprise.
Table 1-1 Access Manager Deployment Types
Deployment Type
Description
Typically a smaller shared deployment used for testing
Typically a shared deployment used for testing with a wider audience
Fully shared and available within the enterprise on a daily basis
During initial installation and configuration of Access Manager in your deployment, you create a new WebLogic Server domain (or extend an existing domain). Regardless of the deployment size or type, in a new WebLogic Server domain, the following components are installed using the Oracle Fusion Middleware Configuration Wizard.
WebLogic Administration Server
In an existing WebLogic Server domain, the WebLogic Administration Server is already installed and operational.
Oracle Access Management Console deployed on the WebLogic Administration Server
A WebLogic Managed Server for Oracle Access Management services
Application deployed on the Managed Server
Understanding Oracle WebLogic Server Domains in Understanding Domain Configuration for Oracle WebLogic Server
Once the domain is configured, additional details are defined for OAM Servers, Database Schemas, (optional) WebLogic Managed Servers and clusters, and the following store types:
Policy Store : The default policy store is file-based for development and demonstration purposes, and is not supported in production environments. All policy operations and configurations are performed directly on the database configured as the policy store in production environments.
Identity Store : The default Embedded LDAP data store is set as the primary user identity store for Access Manager.
Keystore : A Java keystore is configured for certificates for Simple or Certificate-based communication between OAM Servers and WebGates during authorization. The keystore bootstrap also occurs on the initial AdminServer startup after running the Configuration Wizard.
1.3 System Requirements and Certification
Refer to the system requirements and certification documentation on Oracle Technology Network (OTN) for information about hardware and software requirements, platforms, databases, and other information.
The system requirements document covers information such as hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches:
The certification document covers supported installation types, platforms, operating systems, databases, JDKs, and third-party products:
Using the Oracle Fusion Middleware Configuration Wizard deploy components for a new domain and perform post-installation tasks.
The following sections contain information and links regarding Access Manager installation and post-installation tasks.
1.4.1 About Oracle Access Management Installation
The Oracle Fusion Middleware Supported System Configurations document provides certification information on supported installation types, platforms, operating systems, databases, JDKs, and third-party products related to Oracle Identity Management 12.2.1.3.0.
You can access the Oracle Fusion Middleware Supported System Configurations document by searching the Oracle Technology Network (OTN) Web site using the document name, or click the link below.
Using the Oracle Fusion Middleware Configuration Wizard, the following components are deployed for a new domain:
WebLogic Administration Server
Oracle Access Management Console deployed on the WebLogic Administration Server (sometimes referred to as the OAM Administration Server, or simply AdminServer)
A Managed Server for Oracle Access Management
An application deployed on the Managed Server
See About the Oracle Identity and Access Management Installation in Installing and Configuring Oracle Identity and Access Management for details on installation.
1.4.2 About Oracle Access Management Post-Installation Tasks