What is OIM
Oracle Identity Manager
(OIM ) is a highly flexible and scalable enterprise identity management system
that is designed to administer user access privileges across a company's
resources throughout the entire identity management life cycle, from initial
on-boarding to final de-provisioning of an identity.
OIM can be used as the
single point of management for the IT resources in your organization. An
integration of target systems in an enterprise with OIM is done using
reconciliation and provisioning.
Benefits of OIM
·
Minimize Security Risk – Control access to the
network and instantaneously update accounts in a complex enterprise environment
including: layoffs, acquisitions, partner changes, temporary and contract
workers. Improved quality of IT services. Legal
- · compliance – Many government mandates require secure control of access.
- · Automation : Automated solution lowers costs, boosts overall productivity, and optimizes security protocols.
- · Role-based access : No need to provide domain credentials to outsiders and access will be limited based on administrator map user roles.
- · Certification : Process of reviewing user entitlements and access-privileges within an enterprise to ensure that users have not acquired entitlements that they are not authorized to have. It also involves either approving (certifying) or rejecting (revoking) each access-privilege.
- · Reconciliation : Reconciliation provides the inward flow into OIM. Reconciliation is based on either a “push” or a “pull” model, using which OIM finds out about any identity-related activity on the target system. In other words, the process by which OIM receives information’s from target/resource. It is the process of bringing identities and accounts into OIM from some resource is also known as reconciliation.
There are two types of
Reconciliation:
1. Trusted Reconciliation (Authoritative)
2. Target Reconciliation (Non Authoritative)
v
Trusted Reconciliation :
Process of loading identities into IDM is known as Trusted
or Authoritative Reconciliation. In the process we load user profiles into IDM.
User gets created into IDM.
If we run trusted
reconciliation against any Target then user will get created into OIM. If user
already exists in OIM with that user id then his profile will get updated with
new values from target (If any).
v
Target
Reconciliation :
Process of loading account profile into OIM is known as
Target or Non Authoritative Reconciliation. In this process OIM load user’s
account profile i.e. user’s target account information. In this reconciliation
only Resource profile of user is created not user profile.
If we run target
reconciliation against targets then Resource Profile will get created into OIM.
Resource profile shows that User has account into Target. For creation of
resource profile, it is required that user must be present in IDM before.
- · Provisioning : In data flow terms, provisioning provides the outward flow from OIM. Provisioning is based on a “push” model, using which OIM communicates changes to the target system. In other words, the process by which OIM sends informations to target/resource.
- · Access Policy : Access policies are a list of roles and the resources with which roles are to be provisioned or deprovisioned. Access policies are used to automate the provisioning of target systems to users.
- · Password Management : Centralized password management for enterprise applications, a feature that you can leverage by provisioning through its connectors
- Work flows
- Export/Imports
- Connectors integration
- Bulk Operations
No comments:
Post a Comment