About Oracle Identity Management

What is OIM

Oracle Identity Manager (OIM ) is a highly flexible and scalable enterprise identity management system that is designed to administer user access privileges across a company's resources throughout the entire identity management life cycle, from initial on-boarding to final de-provisioning of an identity.

OIM can be used as the single point of management for the IT resources in your organization. An integration of target systems in an enterprise with OIM is done using reconciliation and provisioning.

Benefits of OIM 

·       Minimize Security Risk – Control access to the network and instantaneously update accounts in a complex enterprise environment including: layoffs, acquisitions, partner changes, temporary and contract workers. Improved quality of IT services. Legal

• ·       compliance – Many government mandates require secure control of access.

• ·       Automation : Automated solution lowers costs, boosts overall productivity, and optimizes security protocols.

• ·       Role-based access : No need to provide domain credentials to outsiders and access will be limited based on administrator map user roles.

• ·       Certification : Process of reviewing user entitlements and access-privileges within an enterprise to ensure that users have not acquired entitlements that they are not authorized to have. It also involves either approving (certifying) or rejecting (revoking) each access-privilege.

• ·       Reconciliation :   Reconciliation provides the inward flow into OIM. Reconciliation is based on either a “push” or a “pull” model, using which OIM finds out about any identity-related activity on the target system. In other words, the process by which OIM receives information’s from target/resource. It is the process of bringing identities and accounts into OIM from some resource is also known as reconciliation.

There are two types of Reconciliation:

1.                                      Trusted Reconciliation (Authoritative)

2.                                     Target Reconciliation (Non Authoritative)

v  Trusted  Reconciliation :

Process of loading identities into IDM is known as Trusted or Authoritative Reconciliation. In the process we load user profiles into IDM. User gets created into IDM.

 If we run trusted reconciliation against any Target then user will get created into OIM. If user already exists in OIM with that user id then his profile will get updated with new values from target (If any).

v  Target Reconciliation :

Process of loading account profile into OIM is known as Target or Non Authoritative Reconciliation. In this process OIM load user’s account profile i.e. user’s target account information. In this reconciliation only Resource profile of user is created not user profile.

 If we run target reconciliation against targets then Resource Profile will get created into OIM. Resource profile shows that User has account into Target. For creation of resource profile, it is required that user must be present in IDM before.

• ·       Provisioning : In data flow terms, provisioning provides the outward flow from OIM. Provisioning is based on a “push” model, using which OIM communicates changes to the target system. In other words, the process by which OIM sends informations to target/resource.

             

• · Access Policy :  Access policies are a list of roles and the resources with which roles are to be provisioned or deprovisioned. Access policies are used to automate the provisioning of target systems to users.

• ·       Password Management : Centralized password management for enterprise applications, a feature that you can leverage by provisioning through its connectors

• Work flows
• Export/Imports
• Connectors integration
• Bulk Operations