Experts David Cline and Ryan Babbitt discuss how Zero Trust Security…
Oracle Identity Management allows enterprises to manage end-to-end lifecycles of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more. Oracle Identity Management is a member of the Oracle Fusion Middleware family of products, which brings greater agility, better decision-making, and reduced cost and risk to diverse IT environments.
This Large Regional Manufacturing Company has 200 retail sales locations and 7,000 associates selling and servicing their products. They have a focus on continuous improvement that has involved more than 71,500 team members and industry experts. The company has been focused on improvements in all facets of the business including information technology.
The Company targeted implementing an Identity and Access Management solution in conjunction with their Simplified Web Configurator project to allow it to be the first product protected under the new IAM infrastructure which will be their enterprise-wide single sign-on solution moving forward.
The Company had an existing tool as part of their website where customers were able to create an online account in order to customize certain products for their home. The Company wished to have a unified view of their customers across all phases of this sales cycle. In order to do this, the first phase of the solution was taking these online accounts the customer had created and following up with them to set up in-home appointments to further discuss the home products that they were interested in. To make this possible, Zirous implemented an IAM solution to allow login and User Self Registration for end users through a WebCenter Sites application.
Oracle Access Manager (OAM) was used as the SSO engine with Oracle Identity Manager (OIM) as the user and password management engine. OIM was synced to Oracle Virtual Directory, which in turn virtualized Oracle Internet Directory as the primary identity store. This architecture provided the Company with many benefits, including:
- Real-time synchronization of user changes to the identity store
- Centralized management of application user profiles and credentials
- The ability to include additional identity stores in the future
These characteristics make the system highly flexible and position the Company for improved efficiency and reduced costs for integrating additional new and existing web applications in the future.
Zirous also understood that the Company required the login screens to look and feel consistent with the rest of the website. To fulfill this unique request, Zirous had to write an API layer for OAM and OIM that would be called from within the web application to:
- Create newly registered application users in OIM, syncing them to OID in real-time
- Automatically establish an SSO session for newly registered users (without having to re-authenticate with their new credentials)
- Authenticate users against their OID credentials, enforcing security constraints on the lifetime and number of sessions a user can concurrently have
- Update user profiles and passwords, syncing changes to OID in real-time
- Provide self-service Forgot Password functionality with an HTML-enabled email notification containing an application-specific URL unique to the requesting user