Features of Video Calls in the Discuss Module in Odoo 17
Oracle 4월 20일
1. <Insert Picture Here>
Protecting Cloud Applications with
Enterprise Single Sign On
임기성, Principal Sales Consultant
2. Enterprise Application Goals
Fast, Secure Access To Systems and Applications is
Critical To Accomplishing Your Business Objectives
Operational Security &
Efficiency Compliance
Operating Risk
Costs
3. The Business Problem
• Bad password management reduces security
• Weak passwords are easy to guess or hack
• Strong passwords get written down and our vulnerable
• Password synchronization results in “Keys to the Kingdom”
• Employees Lose Productivity managing passwords
• Complex userid’s and passwords are hard to remember
• Employees get locked out of applications resulting in helpdesk calls
• Assure GRC Policies are Met (Compliance)
• HIPAA 164, PCI, SOX 404, HSPD – 12
• All Compliance initiatives are driven around
• Assuring only the appropriate people have access to applications
• Auditing when and by whom that application was accessed
4. Enterprise Access Challenges
• Users have too many ID’s &
passwords
• Need Access from anywhere
Sign-on
• Hard to know who has • Users forget Windows
access to what passwords
• Secure delivery of • Strong authentication
application credentials is too complex and
to end users expensive to deploy
5. Cloud applications are proliferating
• More services being offered in a hosted manner
– CRM
– Personal Productivity Products
– Business Intelligence
• Provide many benefits to the organization
– No need to procure large and complex infrastructure
– No deployment or maintenance costs associated
– Provides easy access to information from anywhere
6. Drawbacks of cloud applications
• Add another set of credentials for users to maintain
• Securing access to those applications
• Controlling access to only those who need it
– Changing roles
– Termination
• Auditing access to the application
7. Oracle ESSO: Solves Access Challenges
Cumulative # of Licenses Sold
• Established track record
– Passlogix Founded in 1996
– Proven history of success as Oracle
OEM provider since 2006
– Oracle Acquires Passlogix in Oct 2010
• Market-leading
– 20 million+ licenses sold
– 1,500+ enterprise customers
– 10,000’s of applications
– Customers with millions of employees
• Patented technology
– Provides fast deployment, quick ROI
– 2 US patents and 7 foreign, additional
pending
8. Recognized Leadership
“Passlogix has been very successful early on in the
IAM market with its Enterprise SSO. Passlogix
[has] a solid reputation and name recognition not
typically realized by a company of its size.”
“Passlogix has some highly functional ESSO
technology … they often pioneer in the
market…”
“Passlogix provides an excellent, lightweight, low
maintenance SSO solution, suitable for deployments
of any scale … and it is seen as a “best of breed”
enterprise SSO product – the general good opinion in
which it is held …”
100% of customers would buy it again
100% of customers would recommend it to a peer
100% of customers said Passlogix keeps all promises
71% ranked Passlogix as their Best or 2nd Best Vendor
“The company goes around a problem .... It is far
different from thinking out of the box. It's refusing
to acknowledge that the box exists in the first
place.”
9. Deployed by Leading Customers
Financial Healthcare / Pharmaceuticals
Licenses: 1.6 million + Licenses: 600,000+
Energy Government
Licenses: 500,000+ Licenses: 700,000+
10. Oracle ESSO Value Proposition
Complex Reduced Growing
Helpdesk
Compliance Employee Security
Nightmare
Environment Productivity Risks
Assure 80% Call Quicker Simplified
GRC Volume Application Secure
Policies Reduction Access Access
Avoid Fines, No
Strong Auth Enforce
Litigation, Downtime
to Ensure Strong
Loss of with Acct
Identity Policies
Revenue Lockouts
13. ESSO Logon Manager (ESSO-LM)
ESSO Admin
Console
Directory, Domain, Windows
Database
Password
Audit, Web Sites
Reporting
Synch
PKI
API Mainframes
(OS390, AS400)
Credential
& Profile
Store Java
Biometrics
ESSO AM
ESSO Logon Extranet &
Manager Portal
Token/ Smart card
User Authentication User’s Desktop Application Sign-On
14. ESSO LM Provides Efficient Security
• Enforces strong password policies
Manage • Optionally can generate random passwords not known by
Passwords users
• Leverage corporate strong authentication deployment
Integrate • Challenge for re-authentication prior to providing credentials
Strong Auth to the application
• All logon events are audited and associated to an enterprise
Ensure user name
Compliance • Track all password change events to comply with security
17. Controlling User’s Access
• More challenging then conventional applications
– Hosted applications can be accessed from anywhere
– Disabling network ID does not terminate application access
• ESSO LM does not allow user’s to reveal passwords
• This allows easy removal of access
– Disable windows account
– Remove SSO password through ESSO Provisioning Gateway
20. How It Works
1. User logs on to portal with SSL VPN
2. ESSO-LM downloads, runs
ESSO-LM
3. ESSO-LM authenticates to corporate directory
ESSO-LM Corporate
Directory
4. ESSO-LM retrieves credentials
ESSO-LM
5. User launches application (e.g. SAAS CRM)
automatically signed on by ESSO-LM
6. User signs off, credentials and ESSO-LM deleted
21. ESSO Provisioning Gateway
Provisioning Oracle Identity Manager Applications & Custom Programs Data file and Manual Entry
Sources
Connectors
Oracle Windows
ESSO PG SPML
Password Server
Web Sites
Mainframes
PKI Directory, (OS390, AS400)
Domain, Database
Java
Provisioning Credentials
Biometrics Instructions
Extranet &
ESSO Logon Manger Portal
Token/ Smart card
User Auth User’s Desktop Application Sign-On
22. ESSO-KM Architecture
eSSO
Admin Console
Define kiosk policies
and settings
AD, LDAP, SQL
Retrieves policies and
settings
Windows
Events Monitor App. Shutdown Web, Extranet,
LDAP Logon Sign-off Portal
- time out - keystroke xmit
- card removal - closure request
Java
- tap out - process terminate
Session Actions Mainframes
initiate, suspend, screen saver, terminate (OS390, AS400)
23. ESSO Password Reset Architecture
ESSO Reset
Reset Server
Windows Logon
Audit,
Reporting
Domain
Admin
ESSO PR
Console
24. ESSO-UAM General Architecture
Key Innovations
• Simplicity over security ESSO-LM
• Natively designed for all methods Admin Console
• Client-side architecture
Active Directory
• No proprietary database
•Card serial #, PIN
•User Windows id, password
•Policies (e.g. PIN length)
•Settings (e.g. force user enrollment)
Card serial # ESSO-UAM
User enrollment
Actual authentication
PIN reset
Cache - disconnected use
PIN
25. For More Information
search.oracle.com
Identity management
or
oracle.com/identity
26. Summary
• Simplify access to cloud applications through ESSO
• Increase security by maintaining user’s password for
them
• Audit all access to the application for Regulatory
Compliance
• Enforce all policies from any computer with internet
access