<Insert Picture Here>

Protecting Cloud Applications with

Enterprise Single Sign On

임기성, Principal Sales Consultant

Enterprise Application Goals

Fast, Secure Access To Systems and Applications is

Critical To Accomplishing Your Business Objectives

Operational Efficiency

Operating Costs

Security & Compliance

Risk

• Bad password management reduces security• Weak passwords are easy to guess or hack

• Strong passwords get written down and our vulnerable

• Password synchronization results in “Keys to the Kingdom”

• Employees Lose Productivity managing passwords• Complex userid’s and passwords are hard to remember

• Employees get locked out of applications resulting in helpdesk calls

• Assure GRC Policies are Met (Compliance)• HIPAA 164, PCI, SOX 404, HSPD – 12

• All Compliance initiatives are driven around

• Assuring only the appropriate people have access to applications

• Auditing when and by whom that application was accessed

The Business Problem

• Users have too many ID’s &

passwords

• Need Access from anywhere

• Hard to know who has

access to what

• Secure delivery of

application credentials

to end users

• Users forget Windows

passwords

• Strong authentication

is too complex and

expensive to deploy

Sign-on

Enterprise Access Challenges

• More services being offered in a hosted manner

– CRM

– Personal Productivity Products

– Business Intelligence

• Provide many benefits to the organization

– No need to procure large and complex infrastructure

– No deployment or maintenance costs associated

– Provides easy access to information from anywhere

Cloud applications are proliferating

• Add another set of credentials for users to maintain

• Securing access to those applications

• Controlling access to only those who need it

– Changing roles

– Termination

• Auditing access to the application

Drawbacks of cloud applications

• Established track record– Passlogix Founded in 1996

– Proven history of success as Oracle

OEM provider since 2006

– Oracle Acquires Passlogix in Oct 2010

• Market-leading– 20 million+ licenses sold

– 1,500+ enterprise customers

– 10,000’s of applications

– Customers with millions of employees

• Patented technology– Provides fast deployment, quick ROI

– 2 US patents and 7 foreign, additional

pending

Cumulative # of Licenses Sold

Oracle ESSO: Solves Access Challenges

“The company goes around a problem .... It is far different from thinking out of the box. It's refusing to acknowledge that the box exists in the first place.”

“Passlogix has been very successful early on in the

IAM market with its Enterprise SSO. Passlogix

[has] a solid reputation and name recognition not

typically realized by a company of its size.”

“Passlogix provides an excellent, lightweight, low

maintenance SSO solution, suitable for deployments

of any scale … and it is seen as a “best of breed”

enterprise SSO product – the general good opinion in

which it is held …”

“Passlogix has some highly functional ESSO

technology … they often pioneer in the

market…”

100% of customers would buy it again

100% of customers would recommend it to a peer

100% of customers said Passlogix keeps all promises

71% ranked Passlogix as their Best or 2nd Best Vendor

Recognized Leadership

FinancialLicenses: 1.6 million +

Healthcare / PharmaceuticalsLicenses: 600,000+

EnergyLicenses: 500,000+

GovernmentLicenses: 700,000+

Deployed by Leading Customers

Complex Compliance Environment

Assure GRC

Policies

Avoid Fines, Litigation, Loss of

Revenue

Helpdesk Nightmare

80% Call Volume

Reduction

Strong Auth to Ensure Identity

Reduced Employee

Productivity

Quicker Application

Access

No Downtime with Acct Lockouts

Growing Security

Risks

Simplified Secure Access

Enforce Strong Policies

Oracle ESSO Value Proposition

ESSO Authentication Manager

ESSO Provisioning Gateway

ESSO Logon Manager

ESSO Password Reset

Sign-On ESSO Kiosk ManagerESSO Anywhere

ESSO Logon Manager

Sign-on

Oracle ESSO Suite Plus

ESSO Logon Manager Overview

User’s Desktop

ESSO Admin Console

ESSO Logon Manager

Directory, Domain, Database

Application Sign-OnUser Authentication

Synch

Token/ Smart card

PKI

Password

Credential& Profile

Store

Audit, Reporting

ES

SO

AM

API

Windows

Web Sites

Extranet & Portal

Mainframes (OS390, AS400)

JavaBiometrics

ESSO Logon Manager (ESSO-LM)

• Enforces strong password policies

• Optionally can generate random passwords not known by users

Manage Passwords

• Leverage corporate strong authentication deployment

• Challenge for re-authentication prior to providing credentials to the application

Integrate Strong Auth

• All logon events are audited and associated to an enterprise user name

• Track all password change events to comply with security

Ensure Compliance

ESSO LM Provides Efficient Security

Sample Report

Randomly Generated Password look like this:

ESSO creates Strong Passwords

• More challenging then conventional applications

– Hosted applications can be accessed from anywhere

– Disabling network ID does not terminate application access

• ESSO LM does not allow user’s to reveal passwords

• This allows easy removal of access

– Disable windows account

– Remove SSO password through ESSO Provisioning Gateway

Controlling User’s Access

Cloud Application

Access the cloud anytime, from anywhere

Remote

PC ESSO-LM

Agent

Cloud Applications

ESSO from Anywhere

1. User logs on to portal with SSL VPN

5. User launches application (e.g. SAAS CRM)

automatically signed on by ESSO-LM

4. ESSO-LM retrieves credentials

2. ESSO-LM downloads, runs

3. ESSO-LM authenticates to corporate directory

Corporate Directory

6. User signs off, credentials and ESSO-LM deleted

ESSO-LM

ESSO-LM

ESSO-LM

How It Works

User’s Desktop

Directory, Domain, Database

Application Sign-OnUser Auth

Biometrics

Token/ Smart card

PKI

Password

Windows

Web Sites

Extranet & Portal

Mainframes (OS390, AS400)

Java

ESSO Logon Manger

Server

Connectors

SPML

Provisioning Sources

Applications & Custom Programs Data file and Manual Entry

Provisioning Instructions

Credentials

Oracle Identity Manager

Oracle ESSO PG

ESSO Provisioning Gateway

Sign-off

Windows

Web, Extranet, Portal

Mainframes (OS390, AS400)

Java

Session Actions

initiate, suspend, screen saver, terminate

Events Monitor

- time out

- card removal

- tap out

App. Shutdown

- keystroke xmit

- closure request

- process terminate

LDAP Logon

Retrieves policies and settings

AD, LDAP, SQL

eSSO

Admin Console

Define kiosk policies and settings

ESSO-KM Architecture

Domain

ESSO PR Console

Admin

Audit, Reporting

Windows Logon

ResetESSO Reset

Server

ESSO Password Reset Architecture

Key Innovations

• Simplicity over security

• Natively designed for all methods

• Client-side architecture

• No proprietary databaseActive Directory

•Card serial #, PIN

•User Windows id, password

•Policies (e.g. PIN length)

•Settings (e.g. force user enrollment)

ESSO-UAM

ESSO-LM

Admin Console

User enrollment

Actual authentication

PIN reset

Cache - disconnected use

Card serial #

PIN

ESSO-UAM General Architecture

oracle.com/identity

search.oracle.com

or

Identity management

For More Information

• Simplify access to cloud applications through ESSO

• Increase security by maintaining user’s password for

them

• Audit all access to the application for Regulatory

Compliance

• Enforce all policies from any computer with internet

access

Summary