Sun2 oracle avea's identity management platform transformation
description
Transcript of Sun2 oracle avea's identity management platform transformation
Sun2Oracle: Avea’s Identity Management Platform Transformation
Darin Pendergraft, Oracle IDM
Ulvi Bucak, Avea
Mahmut Kucuk, Avea
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 2
This document is for informational purposes. It is not a commitment to deliver any material,
code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality described in this document
remains at the sole discretion of Oracle. This document in any form, software or printed
matter, contains proprietary information that is the exclusive property of Oracle. This
document and information contained herein may not be disclosed, copied, reproduced or
distributed to anyone outside Oracle without prior written consent of Oracle. This document
is not part of your license agreement nor can it be incorporated into any contractual
agreement with Oracle or its subsidiaries or affiliates.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3
Sr. Director, Product Marketing
Darin Pendergraft
Security Planning Supervisor
Mahmut Küçük
Security Operations and Planning Manager
Ulvi Bucak
Speakers
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 4
IDM Drivers
Barriers to Adoption
Avea Case Study
Platform Benefits
Resources
Q&A
Agenda
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5
What is driving your IDM strategy?
Mobile Application Security
Social Identity Integration
Cloud Services
Self Service Enterprise
Regulatory Compliance
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 6
Need to leverage existing IDM investments
Uncertain funding
Lack of in-house resources
Scalability concerns
Architectural complexity
Service outage
Barriers to Adoption
AVEA Identity & Access Management
Project
• About Avea
• Business & Technical Requirements
• What is the scope ?
• Challenges
• Lessons Learned
• Avea, the sole GSM 1800 mobile operator of Turkey, was founded in 2004.
• Member of Turk Telekom Group.
• 12.8 million customers as of the first quarter of 2012.
• Offering services to 98% of Turkey's population through its next generation network.
About Avea
• Replace Sun IDM with OIM.
• Implement Role Based Access Control (RBAC) for entire Avea organization.
• Enhanced Self Service Workflows.
• Improve Provisioning Performance.
• Improve Security of Self Service Password Reset.
• Review process for user entitlements periodically.
• Enable new platform to scale . (Project Ph2 is on the way for dealers)
• Build accurate and customized reports.
Business & Technical Requirements
• Business Roles are not defined (OIA)
• Request & Approval processes are not defined.
• User Interface customizations on 11g R1 is not easy.
• Outsourced testing team.
• Migration from existing Sun IDM.
Challenges
• 6300 identites (employees & outsoures)
• 16 Enterprise Systems and Applications Integration (SAP, MS AD,Exchange,Siebel CRM, Unix Systems, etc.)
• ~150 of Roles and Access policies are defined
• 23 Request& approval workflow processes
• Attestation & SOD
What’s in scope?
Avea IDM System Overview
• SAP HR User and Organization reconciliation with RFCs. – Hire,Update,Transfer,Fire,Transfer to Sister Company to User – Create,Update,Delete,Disable Organization – Resolve missing records and synch issues. – Create groups for CC (OrgId+Title+Location)
• New Outsource Management Application is developed
on SAPHR. – To improve data quality
Completed tasks ..
• SMS and IVR voice recognition based Password Reset.
• User entitlement structure is changed for Avea subscription system.
• HR has role management responsibility.
• Organizational Change Process has been rebuilt.
• Online end user training.
Completed tasks ..
• CC Role Management UI &Workflows – Create New Access Policy (with template option)
– Assign Resource to AP
– Assign AP to Groups
– Assign User (Temporarily) to a Group
– ...
• NonCC UI and Workflows – Manage Entitlements (needs Admin approval)
– Request Resource for User
• Single or Multi Privileges
– Request Group for User
– Password Reset for IT Helpdesk
– ...
UI Customizations
• Product and Partner.
• You need role mining (OIA) to define business roles and policies.
• Business sponsors.
• Tests must be performed onsite.
• Sun migration was not just an upgrade.
Lessons Learned
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 18
3X
Scale Efficiency Security
User Productivity
Operational Cost
Opportunity Cost
New Customers
Quality of Service
Compliance
Internal Governance
Security Risk
Assess the Business Opportunity
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19
Oracle Identity Management 11gR2
Simplified Experience
Cloud, Mobile and Social
Extreme Scale
Clear Upgrade Path
Faster
Deployment
Lower
TCO
Modernized Platform
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 20
Fraud Detection
Identity
Governance
Fraud Detection Access
Management
Directory
Services
Lifecycle Management & 360 visibility
Regular & Privileged identities
Complete access control & SSO
Converged Policy Administration & Control
LDAP, Virtualization & Meta-directory
Unified Administration & Management
Oracle Identity Platform
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 21
46% Cost Savings
Source: Aberdeen “Analyzing point solutions vs. platform” 2011
48% More Responsive
35% Fewer Audit Deficiencies
TAKING A
REDUCES
INCREASES
IMPROVES
The Platform Approach makes sense
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 22
Resources
Blogs.oracle.com/OracleIDM
Facebook.com/OracleIDM
Twitter@OracleIDM
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 23
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 24
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 25