Oracle Access Manager overview & architecture

Oracle Access Management provides innovative new services that complement traditional access management capabilities. For example, adaptive authentication, federated single-sign on, risk analysis, and fine grained authorization are extended to mobile clients and mobile applications, and Access Portal allows customers to build their own private Cloud SSO services. Oracle Access Management services are delivered on a single platform

and can be licensed and enabled as required to meet the specific needs of your organization now and in the future.

Oracle Access Manager (OAM) provides centralized, policy-driven services for authentication, single sign-on (SSO), and identity assertion. SSO allows users to have access to multiple applications by signing in using only one account to different systems and resources. SSO is most useful when there are various systems that can be accessed by using a single password, and we want to prevent repeated access to them each time the user is disconnected from the service. SSO aims to simplify the user experience on the Internet by completely facilitating session sign-in tasks.

Oracle Access Manager has matured overtime and its one of the best of its kind in the market.Oracle has decades of experience and one of the finest engineering team which strives to make the product better. Oracle Access manager is highly scalable, Robust and matured. It can scale up to several millions of logins per second or more. Oracle also offers PAAS, IAAS and Cloud solutions.

Oracle Access Management is an integrated platform providing the following services:

1. Access Management Core Services: Authentication, web SSO, coarse-grained authorization for enterprise applications deployed on premise or in the Cloud.

2. Identity Federation: Cross-Internet-domain authentication and delegated authorization supporting industry

standards such as Security Assertions Markup Language (SAML), OAuth, and OpenID. Social log-on using social network identities is supported, allowing mapping to a local user account.

3. Mobile Security: Lightweight mobile, Cloud, and social networks interface to access corporate resources via

industry standards such as OAuth. The Mobile and Social service allows mobile clients such as smartphones to leverage the backend Access Management infrastructure for authentication, SSO, fine-grained authorization, risk analysis, and adaptive authentication.

4. Access Portal Service: A web-based central launch pad allowing users to federate all their applications through SAML, OAuth, or Form-Fill. Access Portal provides the foundation to build a private or public cloud SSO service.

5. Adaptive Access and Fraud Detection: Strong, multi-factor authentication and heuristic fraud detection.

6.Fine-grained Authorization: External, centralized, fine-grained, attribute-based authorization compliant with the Extensible Access Control Markup Language (XACML) standard.

7.API Security: First line of defense for REST APIs and web services typically deployed in the DMZ, supporting

protocol and data format transformation, API firewall, authentication, and authorization.

8. SOA Security: Last-mile security component co-located with the resource endpoint, designed to protect against man-in-the-middle attacks.

9.Security Token Service: Trust brokerage between different, heterogeneous infrastructure tiers by creating,validating and consuming standard security tokens such as SAML assertions or Kerberos tokens.

10. Rich-Client-Based Enterprise SSO: Standalone component suite installed on a Microsoft Windows PC to provide SSO to rich-client applications. Browser-based Enterprise SSO is available through Access Portal.

Is OAM right fit for you?

Expensive for midsize and small companies.

The product could be improved by simplifying changing the master password. That is, if you change a password in one place, it would be good to automate changing the password for all the gateways so that change is less complicated.

It should be more Customizable for Customer Specific needs.

Oracle Access Management connects well with Oracle Database but doesn't work smoothly with Microsoft AD.

OAM releases are not straightforward for version upgrades.

It's very hard to customize the tool as per client requirement and costly.

Releases prior to 11gR2 PS2 were hard to deploy due to lot of shipped bugs, resulting in dealing with multiple patches

Technical support needs to improve. It is faster to find the resolution ourselves than rely on support. Product team engagement has been helpful but it’s hard to get direct access to the product team resources. They are good at responding as per SLA without issue resolution.

Customizing the product as per the client requirement is challenging.

We would happy to help in case you are looking for help contact us!!

33 views0 comments

Recent Posts

See All