This privately held Major Regional Bank has locations in seven states and more than 6.6 million customers across the country. The bank was previously leveraging dozens of independent authentication realms for customer access to online systems, which resulted in a duplication of functionality and the associated infrastructure and support costs. Since there was no centralized authentication realm or repository of customer credentials, any new application whose customer base didn’t fit into one of the existing authentication realms, or needed to span multiple realms would either create a silo or require extensive and complex customization. This was a costly model for the bank that would continue to grow over time.
Oracle Identity Management allows enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more. Oracle Identity Management is a member of the Oracle Fusion Middleware family of products, which brings greater agility, better decision-making, and reduced cost and risk to diverse IT environments today.
The banking industry has unique and specific trends that must be met to be successful in today’s competitive environment. The industry is focused on risk and cost reduction and must also continue to work with a flat or declining budget. The industry is being asked to further integrate core (legacy) banking systems, address the new requirements for compliance, and meet increasing customer expectations.
The Bank faced several challenges typical of dynamic and growing organizations. Their specific challenges include:
• Conducting more business online by providing secure access to protected applications
• Providing customers a personalized web experience through their local bank web site
• Allowing transparent access to a broad range of third party financial services
• Minimizing costs of setting up current and future multi-partner business relationships
• Facilitating compliance with federal (FFIEC) recommendations for internet banking
Zirous architected a complete, Highly Available solution for the bank, which leveraged Oracle’s Identity and Access Management Suite. The solution provided Single Sign-On, Multi-Factor Authentication, and Centralized user management using Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Identity Manager and Oracle Virtual Directory.
Oracle Access Manager (OAM) provided an authentication solution for the bank’s core business applications as well as remote branch applications. OAM was deployed tofacilitate centralized authentication, course grained authorization, and multi-domain Single Sign-On for banking customers. It was integrated with the bank’s custom login application and used the Oracle Access Manager SDK to authenticate and authorize users against OAM’s identity store: Oracle Virtual Directory (OVD). OVD provided identity aggregation and transformation by unifying identity data across heterogeneous data sources at the bank without consolidation. Identity data was reused without creating
redundant copies of that same data allowing the new identity system to easily consume and use legacy identity data.
Oracle Adaptive Access Manager (OAAM) was included to provide real-time risk analysis, complex device identification, and challenge questions. OAAM was used in conjunction with OAM to strengthen the authentication process and provide multi-factor authentication in accordance with FFIEC guidance. OAAM provides a rich framework for defining and enforcing policies to mitigate the risks that financial institutions face when providing online account access to their customers.
Oracle Identity Manager (OIM) provided a centralized user management solution for managing the many digital identities within the bank. The OIM API’s were used to handle user registration and role assignment, enabling the bank to provide customers a streamlined, just-in-time migration flow. OIM handled the provisioning of users to Oracle Internet Director (OID) through OVD, and serves as a centralized user management solution to manage users across the many solutions the bank provides.
The result was a complete redesign of the bank’s current processes around single signon, multi-factor authentication, and user management by leveraging Oracle’s integrated suite of Identity Management products (see figure 1).
Highlights of the solution include:
• Consolidate all applications into a centralized authentication realm
• Removal of extensive customization requirements for current and future applications
• Allowing customers to transparently access a broad range of third party financial services
• Improvement of customer experience by allowing for simplified sign-on across applications
• Allowing for a cross enterprise view of a web user for purposes of business intelligence/analysis