Oracle Access Management
Oracle Access Management is part of the Oracle Fusion Middleware Identity Management pillar. Oracle Access Management provides innovative, fully integrated new services that complement traditional access management capabilities by extending
security from enterprise to mobile to cloud.
Oracle Access Management is designed to meet the needs of your organization in typical use-case scenarios involving the cloud (allowing both on-premise and cloud resources to be secured from a single set of controls), mobile access (native or browserbased apps), employee-facing intranet, and customer-facing extranet. Oracle Access Management provides the following functionality, licensed and enabled as required:
- Access Management Core Services: Authentication, web SSO, coarse-grained authorization for enterprise applications deployed on premise or in the cloud.
- Identity Federation: Cross-Internet-domain authentication and delegated authorization supporting industry standards such as SAML, OAuth, and OpenID. Social log-on using social network identities is supported.
- Mobile Security: Lightweight mobile, cloud, and social networks interface to access corporate resources via industry standards such as OAuth. The Mobile and Social service allows mobile clients such as smart phones to leverage the backend Access Management infrastructure for adaptive authentication, SSO, fine-grained authorization, risk analysis and fraud detection.
- Access Portal Service: A web-based central launch pad allowing users to federate all their applications through SAML, OAuth, or Form-Fill. Access Portal provides the foundation to build a private or public cloud SSO service.
- Adaptive Access and Risk Analysis: Strong, multi-factor authentication and heuristic fraud detection service. Oracle Mobile Authenticator provides a soft-token OTP solution with one-touch notification services.
- Fine-grained Authorization: External, centralized, fine-grained, attribute-based authorization compliant with the Extensible Access Control Markup Language (XACML) standard.
- API Security: First line of defense for REST APIs and web services, typically deployed in the DMZ, supporting protocol transformation, API firewalling, authentication, and authorization.
- SOA Security: Last-mile security component co-located with the resource endpoint, designed to protect against man-in-the-middle attacks.
- Security Token Service: Trust brokerage between different, heterogeneous infrastructure tiers by creating, validating and consuming standard security tokens such as SAML assertions or Kerberos tokens.
- Rich-Client-Based Enterprise SSO: Component suite installed on a Microsoft Windows PC to provide SSO to rich client applications. Browser-based Enterprise SSO is available through Access Portal.