Issuu on Google+

Fusion IdM

Committed to delivering Oracle's state of the art Identity & Access solutions to enterprises across Europe, Middle East and Africa

August 2012


Introduction Fusion IdM is one of the fastest growing consultancies which

We believe that highly customised and over-engineered IAM

specialises in the development and delivery of Identity

solutions have a tendency to become unmanageable over time,

Management solutions within the EMEA region.

as business processes and organizational needs can be extremely fluid.

Fusion IdM delivers technology solutions that help companies solve complex business problems, gain competitive advantage

A successful IAM architecture must be elegant, scalable and

and meet compliance requirements.

adaptable enough to respond to evolving business and regulatory demands.

We understand that a successful IAM project requires not just outstanding technical expertise, but effective governance,

Furthermore, Fusion IdM understands the political and

robust executive sponsorship and organizational discipline.

organizational challenges that are inherent to most large IAM projects.

We believe that developing a deep understanding of our customers’ business processes and culture is just as important

To ensure the success of our customers in this notoriously

as developing the right technical solution.

challenging field, we have developed a unique set of best practices and guidelines for IAM implementations, based on our

Our architectural philosophy emphasises simplicity and

vast experience of delivering complex enterprise IAM solutions

elegance. We are firm proponents of loosely coupled

across a wide range of industry verticals.

architectures that promote agility by embracing open standards and minimal customization.

2

Fusion IdM


More Than Just Identity Management The first step along the IdM path is to build Oracle's powerful Identity management system to manage users and their roles. Once Identity Management system in place, you can easily get a better return on your investment by including additional applications and managing user access to systems by using IdM's SelfService and approval workflows to enable users to directly request access to these services. Automating your business processes by making full use of your IdM system, by speeding up the

Consultant Recommendation Oracle IAM Project Manager (Principal Consultant) at RBS (UK) “Fusion IdM team member worked well as a member of the Oracle project team. His strong knowledge and experience in Oracle Identity Manager and the requisite technical skills are impressive. The consultant was friendly and took a practical approach to work and always willing to pick up new areas and complex pieces of work.�

approval life-cycle and provisioning of your IT systems. This will keep your users happy by making the IT experience pleasant and, as a bonus, it reduces costs by freeing up Applications administrators to concentrate on developing their systems.

IDENTITY & ACCESS

Business Workflows

Microsoft Sharepoint

User Self-Request

LDAP Applications

Portal Applications

Fusion IdM

3


Company Ethos At Fusion IdM, we take pride in building strategic long-term relationships with our customers, partners and employees. Our success so far has been built on a number of core company values that we strongly believe in. QUALITY - Delivering excellent standards consistently. COLLABORATIVE – We work closely with you at all stages as a team and trusted advisor to meet the business objectives. COMMITTED - An open and honest engagement with the client is crucial to Fusion IdM, whilst emphasising application of best effort to meet timescales as well as high quality standards. INNOVATION – Fusion IdM is constantly seeking out new technologies, tools and products in order to maintain high technical standards ASSURANCE – With the experience gained from our engagements in many enterprise projects, you can be sure of getting competent and knowledgeable consultants.

Consultant Recommendation – Service Delivery Manager – Oracle ACS (UAE) “An outright domain expert in the IAM arena with great in-depth knowledge of Oracle's IdM portfolio of solutions, The consultant is a great ally to have in your team. He was constantly able to think and evaluate strategies to enable him to tackle most problems head on and be nimble and adaptable to most situations. No matter how varied questions are, the consultant always managed to find time to answer each question in a useful and comprehensive way. He was a highly qualified consultant in Oracle Identity Management and has now earned reputation in the Middle East for his delivery capabilities. He consistently delivered solutions necessary to achieve the highest level of quality for the End Client. He had the drive and energy to see complex obstacles through to completion, guiding teams and clients through the entire lifecycle process, on time and within budget.”

4

Fusion IdM


quest, Business Process e R f Au Sel to ing Protect

Si n

gle -

Pr

(

O SS

Access Contro ls

co

s& flow

Information pany om

Directory Servic es

mp

)

ns

an

ts & applica s se tio a y

rk Wo

gC tin

Sig nOn

ma tio n, ma Ap tio n

al ov pr

ration dminist

y In for

ec ot

A ntity Ide

Compa n

Consultant Recommendation – Head of Architecture at William Hill (UK) “I hired this consultant for the first time as we were starting a huge, complex Java based project at William Hill. We had a need of a Consultant of architect calibre and he fitted the bill perfectly. Part of the project compromised of security issues, Authentication and Authorisation aspect and the end-to-end project was delivered on time. The Quality and Skills involved in this project was to a very high standard thanks to this consultant. Even though he was an external consultant, I was surprised by his level of dedication, commitment and effort put by him to get the job done! I have hired this consultant on numerous occasions as he was my first choice every time I had a need on one of our projects. The consultant excelled both in client facing as well as a fine technical architectural roles and I have no reservation whatsoever to recommend.”

Fusion IdM

5


A Specialist Company Fusion IdM is focused solely only on Oracle Identity Solutions.

The company founders are seasoned Identity and Access

But that's ok, because Oracle’s Identity and Access

Management experts with over 20 years of Oracle Identity

Management product set is the market leader.

management experience between them.

The Oracle suite is a comprehensive and complex set of

Our consultants have worked on various very large scale and

enterprise products – you need experts to guide you and help

complex national and international IdM engagements.

you build your security solution.

6

Fusion IdM

nd Busine

ss

A

n

Identity Manager

rity a u c Se

matio uto

er p Ent rise

Fusion IdM’s head office is based in London (UK), with plans for a second office in Dubai (UAE) in 2013.

Access Manager

Directory Services


Our People Over many years, our people have successfully implemented some of the world’s largest and most complex IAM projects. On some projects, where the technical scope is very wide and IAM forms part of the solution, we are strategic partners to some of the world’s largest and well known systems integrators The company comprises of well referenced and what are considered to be some of the best consultants in the IdM field. To extend our ability to engage in all areas of Government, many of our consultants currently hold UK Security Clearance including some with Enhanced Security Clearance, to enable them to work on some of the most sensitive IAM projects.

Consultant Recommendation - IDAM Team Leader at Logica for NPIA project (UK) “I have worked with a consultant from the Fusion IdM Team on an Identity management piece of a large, complex public sector project. We worked closely with the requirements team to generate a working solution for user provision, work groups and certificate imports. He used diligence to ensure a good understanding of the detailed requirements and was able to negotiate with the requirements team on areas which needed to be aligned with the capabilities of the IdM product. He was able to deliver his tasks without any faults and in a timely manner. He works well in a large team and was able to help/guide other members of the team. I found that he has wide and deep experience of Identity management systems and general computer technologies. He has a very pragmatic approach while defining business solutions as this helped us define the short and long term road-map for the implementation. I would be happy to work with him again.”

Fusion IdM

7


Our Aim

Consultant Recommendation

To become the preferred IdM partner for most of the world's largest IT companies.

Head of Oracle IAM Development – Oracle EMEA

Achieve Oracle Specialist Identity Partner status by 2013 to recognise our excellence

“I represent Oracle's Identity &

and quality of delivery for Oracle IAM solution delivery.

Access Management Development Organization in

To be recognised as the one of the best IAM consultancies in the world.

EMEA region. I was involved in a project with the consultant on

To attain a 300% growth by the end of 2013 to allow us to easily handle multiple

one big Telco client in EMEA.

enterprise assignments in this rapidly growing market.

This consultant came with fantastic references from their previous contract that increased his credentials. The Oracle Identity Management assignment was a very complex one as it meant dealing with more than 8

Consulting Excellence

million users. The consultants worked very closely with both the external and internal teams and in my experience, this was one of the fastest project delivered, that had this many users. The quality of the delivery was to a very high standard, and the Systems Integrator wouldn't have delivered this project without these consultants which they subcontracted. This consultant was very knowledgeable, quick learner and always thinking “outside the box" for solution.”

8

Fusion IdM


Why Fusion IdM?

Consultant Recommendation

With the experience of many implementations, we can minimise financial

Oracle IdM Project Manager at Lloyds TSB (UK)

risk as well as project delivery risks to client.

“This consultant mpresses the

You will get a team with some of the most experienced and accomplished

most with his diligent and

consultants in the IAM marketplace. We focus solely on Identity and Access

organized approach of

Management to maintain our lead.

gathering the requirements and moving forward in designing

We have business advisors as well technical delivery specialists.

the solution. I found the consultant very well versed with

Working as a specialist team, we are able to cut through the large overheads of major consulting practices.

the ID and Access Management and related technologies. I had an

We are please to engage in fixed price assignments.

opportunity of successfully implementing OIM and would give Fusion IdM my highest endorsement.�

Fusion IdM

9


Our Mission Statement Fusion IdM was founded with a vision to deliver high quality identity solutions through a combination of commitment, knowledge and experience.

Consultant Recommendation - Head of Oracle IdM Team at KPN (Netherlands) “The consultants has excellent development skills coupled with a very good knowledge of Oracle Identity Management. He worked autonomously to complete his assignment and did not required and help or guidance at any stage of the engagement. Whilst on the KPN project, he were involved with OIM, OIM API Libraries and the development of Web Services. He integrated very well with the team culture and did not have the 9 to 5 mentality. I was very impressed by his level of commitment, his level of IdM expertise and documentation skills. He was a very personable and dedicated consultant who was not afraid to deal with new challenges involved in different projects. In my experience, I would rate this consultant to be one of the Top 5% of the IdM consultants I know and I would not hesitate to recommend his services to any clients.�

10

Fusion IdM


Industry Experience zx Financial Institutions zx Public Services zx Mobile Network Providers zx Governmental Bodies zx Educational Institutions

Fusion IdM

11


Company Capabilities

Specialist Testing

Service management

Infrastructure design Assessment and feasibility study

Proof of Concept

Governance, Risk and Compliance Strategy

Project management

Development

Consultant Recommendation - Managing Consultant at IBM Global Business Services (Netherlands) “I hired this consultant when I was the Program Manager for the Oracle Identity Management implementation, which is still considered the biggest Oracle Identity implementation (8 Million customers). He was hired to build the Identity Management and the Access Management part and the team was very keen on his configuration management skills. Even while being an expert in IdM, Access Management and Java technology, he was always very open to discuss different ways to improve things. I would say that he is very knowledgeable with very good experience on the conceptual and architectural level. The consultant was flying home (UK) on a weekly basis for 2 years and that didn't at any moment diminish his commitment on the project.�

12

Fusion IdM


IdM Specialities Our consultant's engagement in various enterprise IAM projects, ensures that we have a broad range of experience in Oracle Identity products. At the heart of Oracle's Identity

Oracle Identity Manager

Oracle Identity Analytics

product set, is Oracle Identity Manager, and we have extensive experience with this product.

Oracle Access Manager

nt

y

& Access nagem e Ma

le Identi c t a

Oracle Internet Directory

Oracle Enterprise Directory EE

Oracle ESSO

Fusion IdM

13

Or


Case Study Oracle IdM Customised to Manage User Membership for Sharepoint Applications The Business Requirement The large company in this study, used Microsoft Sharepoint to create many enterprise-wide business applications, for example,

The Solution

time keeping, holiday requests, etc. The user scope of these applications was varied - some applications were company-wide, whilst other applications were owned and visible only to users within their respective business areas.

The solution involved identifying groups of users by business areas. Custom

The generic applications were provided to all users by default, but for specialised applications, the users had to manually request access. The process of obtaining access to these applications was kick-started by request from the employees manager. The administrators would have to confirm that the user was entitled use the application by making enquiries about the users job title and business area. Then the administrator granted the user access to the specified Sharepoint application. This manual process was time consuming for both administrators and users as it involved lengthy investigative tasks, followed by a manual task of adding the users membership to the Sharepoint application. Extending the Oracle IdM System

using OIM's powerful APIs. This allowed users new capability to request Sharepoint applications relevant to their business area. OIM Access policies were designed and developed to support the provisioning user memberships of AD security groups - this in turn enabled/disables the user's access the applications. A bulk load tool was developed to automatically build the required OIM Request-Template framework to support the self-request mechanism. The Self-Service Request Template included group controls to filter applications by business area.

The Company had recently installed an Oracle IdM system. The

A user submitting a Self-Request resulted in the generation of an approval

companies users (and their managers) were already uswing the

workflow process which was submitted to the users managers account.

IdM system on a daily basis. The company wanted to enhance their IdM syswtem and introduce further business efficiency - one such area was the automation of user access to Sharepoint applications. The answer was to introduce this automation by making use of OIM's Self-Service facility, which was already avilable to all users.

14

OIM Request-Templates were created

Fusion IdM

Subsequently, the manager gets a notification of a new approval task. Once the manager approves the request, the AD security group membership is provisioned for the user and the user is then able to access the Sharepoint application from his/her desktop. This whole process is automated and operates without the involvement of the Sharepoint administrators, who are now free from this mundane task.


Case Study Oracle IdM Customised for Automated Obsolete Entitlement Removal

AUTO MA TE D

The Problem After the Companies IdM system is developed, users are imported in to

EX PI R

Y

O F S OLE TR AN ND DU RE

the IdM system and then their roles and entitlements are imported from the various target systems. For many of these users, their access entitlements are the cumulative sum of access granted to them over many years of service. Some of this access will still be required for their current role, but other access will now be obsolete and redundant - this is a security risk. One solution to this problem is to use the IdM system to enforce regimented business roles which provide specific access based on their role in the company. However, in complex enterprise environments, the introdiuction of such a strict approach would be an unacceptable, drastic change - this sudden loss of access across the board, would be reject by the business divisions.

date for this role further into the future. As part of the solution, the SelfRequest mechanism was extended to build a custom Request-Templates framework to support this functionality. In addition,

There is a security requirement to automatically correct the users

custom schedule tasks were built to warn and expire for ageing roles.

entitlements to business roles by, gradually and automatically removing

The Result

redundant access entitlements. The Solution

The introduction of role lifetime mechanism, over time, automatically removes redundant roles from users. Gradually the IdM system fulfills

The solution is to use OIM's flexible and comprehensive customisation

its purpose of limiting access to only those entitlements which are

capabilities. The OIM core capability for user roles was extended to

required for the employees to perform their assigned tasks. This role

incorporate a new role "lifetime" capability. When a user is granted a role,

cleansing process come into effect gently, gradually and with minimal

the role would valid for a limited life (for example 6 months). Just before

disruption to the Companies business divsions.

the end of this lifetime, the IdM system would detect an approaching expiry date and send a reminder to the user, that his/her role is about to expire in a few weeks. If the user needs that role entitlement, the user has the option to re-arm the role using OIM's Self-Request facility. This would move the expiry

Fusion IdM

15


Contact Rai Chadee (rai@fusionidm.com) Fusion IdM Limited 88-90 Hatton Garden, London, EC1N 8PN, UK T: +44 (0)207 993 6392 | M: +44 (0)7730 869 724

Fusion IdM Excellence Securely Delivered


Fusion IDM