1
Implementation of Oracle Identity Governance & Access Management
Powered by
2
Our Major Projects on Oracle Identity Governance and Access Management
Client: Robi (An Axiata Telecom Company)
Project Scope: Supply of hardware and software; integration of 11 applications with OIM; implementation of ESSO on 20 applications
Client: BanglalinkProject Scope: Integration of 16 applications with OIM; Implementation of ESSO on 24 applications
Client: Acleda Bank Plc, Cambodia
Project Scope: Implementation of ESSO on 15 applications
Client: Grameenphone Ltd
Project Scope: Supply of hardware and software; integration of 134 applications with OIM; integration of 700+ nodes with OPAM
3
Integration with OIM using connectors
Application Database
Recon Employee Master Data
Provisioning
Reconciliation Adapter
Provisioning Adapter
Reconciliation
HRMSData From Authentic Source
(Trusted Reconciliation)Oracle Identity Manager
Identity Connector Framework (ICF)
[DBAT]
Protecting Web Application Server using OAM
Web Servers(Apache, IIS, OHS etc)Users
OAM Cluster
LDAP Server(Active Directory/OID/OUD)
OAM WebGate Deployed to Protect Resources
Verifies User Credentials
Pass Security TokensUser Request Web URL
Single Sign On Request Flow in OAM End Users User Store (LDAP)Web Server With WebGate Oracle Access Manager
User Request Web URL Check Protection
Evaluates & Returns Policy DecisionRedirect To App if Unprotected
Sends Login Page if Protected
Send User Credentials Verify User Credentials
Create Sessions , Cookies or HTTP Headers
Check User access
10Evaluates and Return Authorization
11Redirects to Application if Authorized
1 2
34
5
6 7
8
9
Integration with OAM for SSO using webgate
External Users
Front End Proxy(Deploy Webgate)
Application Servers
Internal Users
Oracle Traffic Director
Oracle Access Manager
Active Directory
Oracle Internet Directory
HOLISTIC VIEW OPAM DEPLOYMENT
77
Remote Users
VPN SSH/RDP
Internal UserRDP
Access Over LANOPAM Windows Agent
OPAM Application Server Database Server
Metadata logs and
Video Capture
SSH RDP SSH SSH/Telnet/Web Browser User Session Data Flow Audit Data Flow
OPAM Session Manager
Terminal Server/Jump Server
LDAP Server
OPAM Windows Agent
AGENT-BASED DEPLOYMENT (WINDOWS)
8
Database Server
OPAM Application Server
Metadata logs and
Video Capture
OPAM Windows Agent
OPAM Windows Agent
OPAM Windows Agent
OPAM Windows Agent
Activ
e Di
rect
ory
File
Ser
ver
Appl
icati
on S
erve
rDe
skto
p
Remote Users
VPN
RDP
RDP
RDP
Internal UserRDP
Access Over LAN
Local login
Direct Login
User Session Data Flow Audit Data Flow
AGENT-LESS DEPLOYMENT (LINUX/UNIX)
9Database Server
OPAM Application
ServerMetadata logs
and Session Capture
Remote Users
VPN
SSH
Internal UserSSH O
PAM
Ses
sion
M
anag
er
User Session Data Flow Audit Data Flow
OPAM Session ManagerLDAP Server
Authentication
TERMINAL SERVER AS A GATEWAY
10
Remote Users
VPN
RDP
Internal UserRDP
Access Over LAN
Putty
Web Browsers(Web Portals)
OPAM Windows Agent
OPAM Application Server Database Server
Metadata logs and
Video Capture
SSH RDP SSH SSH/Telnet/Web Browser
User Session Data Flow Audit Data Flow
OPAM Agent
Terminal Server/Jump Server
FIREWALL CONFIGURATION FOR GATEWAY APPROACH
11
• Network Firewall do not allow end user to bypass Terminal server.
RDP
Internal User
Access Over LAN
Remote Users
VPN
RDP
Terminal Server
HYBRID DEPLOYMENT-PROPOSED SOLUTIONS(AGENT-BASED + AGENT LESS + GATEWAY APPROACH)
1212
Remote Users
VPN
SSH/RDP
Internal UserRDP
Access Over LANOPAM Windows Agent
OPAM Application Server Database Server
Metadata logs and
Video Capture
SSH RDP SSH SSH/Telnet/Web Browser
User Session Data Flow Audit Data Flow
OPAM Agent
Terminal Server/Jump Server
LDAP Server
OPAM Windows Agent
2FA
2FA
2FA
ORACLE ACCESS MANAGER - 2FA
1313
Remote Users
VPN
OPAM Self Service Console
Internal UserUser Login using RDP
Access Over LAN
OPAM Server
Terminal Server/Jump ServerLDAP Server
OAM Server
2FA1
2
Token for 2FA
4
OPAM Windows Agent
Audit Data Flo
w
Login to OPAM Self Service Console
Password for Check in/Check out
3
2 FA Token
ON DEMAND ACCESS
1414
OIM & SOA Platform End Users Approval Policy
Terminal Server/Jump Server
LDAP Server
Reset Password
Authentication
SSH
RDP
SSH/Telnet/Web Browser
Request for Access
Approval Process
15
Thank you…