Identity Management At Ease

I always wonder how companies manage to keep user information in sync with their many IT resources. Whenever a new employee or contractor joins a company, his/her information must be inserted into all the systems such as Network, Email, Packaged Applications such as Expenses, Human Resources, Travel, Procurement etc. The above mentioned systems a small subset of what companies might use. The system might have been either purchased or home grown. There needs to be a central place from where we should be able to insert the user information or provision the user information into all these systems. Creating a bunch of request to different administrator and having them individually deal with their system can be a logical approach. But keeping track of all the individual requests associated with the main request to provision the user to all the IT system and getting approvals when needed demands for an automated way in which this should be done. The same applies when an employee or contractor leaves the company. Their information should be de-provisioned or removed from all the systems. According to Gartner, the time IT spend in creating or removing user information constitutes around 10% where as dynamically modifying user privileges with resources constitutes the rest of 90%.

Oracle Identity Manager (OIM) is a key product in the Oracle Identity & Access Management Suite which is a part of Oracle Fusion Middleware. After knowing what OIM does, my mysteries were solved about Identity Management. OIM not only ease the provisioning of user across various systems but also helps companies to keep auditing information for compliance purpose. With growing privacy concern, meeting the regulatory and the privacy requirements are mandatory for many business such as Finance, Health care etc. OIM is a hot pluggable product built on J2EE which maintains a repository which can be synced with other systems such as corporate directories, operating systems, database etc. With OIM, user information can be provisioned, de-provisioned, passwords can be managed across systems. These tasks can either be automated with no manual intervention of can be assigned with approval work flows that provides control for managers and power users.



For auditing and compliance reasons reports can be generated on access control and user information such as who has access to what and when etc. Also to ensure that only appropriate users have accessed information in enterprise OIM support a process called Attestation. Companies used to maintain mountains of documentation, reports in the form of paper files to keep track of security information in the past which is now eliminated to these niche Identity Management products.

For more information on OIM visit Oracle's product page here. I shall write more about OIM and the other products in Oracle Identity & Access Management Suite in the coming days.