Oracle Access Management 12.2.1.4.
Modernized and Open Standard Based Platform
Key Features
Oracle Access Management (OAM) 12c is part of the Oracle Fusion Middleware Cores Services
Identity and Access Management Suite 12c that includes Oracle Access
• Multiple authentication
Manager, microservices – Oracle Advanced Authentication (OAA) and Oracle schemes
RADIUS Agent (ORA), and extended support of legacy software Enterprise
• Web single sign-on (SSO)
Single Sign On (ESSO). Collectively, these solutions can provide innovative, and Identity Federation
fully integrated services that complement traditional access management • Session management life
capabilities by extending security from on-premises to cloud in a scalable cycle
format. Adoption of open standards such as SAML, OAuth, OpenID Connect, • Coarse-grained
and FIDO2 allows adaptive authentication, risk analysis, multifactor authorization
authentication (MFA) methods, federated single sign-on (SSO), and fine- Intelligent Access Management
grained authorization extended to mobile and cloud applications. The release
• Context-aware (device
of the OAM container image can simplify the upgrade experience, accelerate context, geo-location,
the move to cloud, and automate the deployment experience with high session context, transaction
availability and disaster recovery on-premises or in the cloud. context)
• Content-aware (leveraging
content classification)
• Risk-aware (real-time risk
assessment based on
context and policies)
• Context, content, and risk
driven, dynamic, step-up
authentication and fine-
grained authorization
Adaptive Access
• MFA with FIDO2, YubiKey,
One-time Password (OTP),
Time-based One-time
Figure 1. Oracle Access Management Deployment Options and Core Components
Password (TOTP), SMS,
Email, or Oracle Mobile
Core Functionalities Authenticator (OMA) (a soft
token OTP mobile app)
Oracle Access Management 12c provides the following functionalities, licensed
and enabled as required: • Device fingerprinting
• Predictive auto-learning
• Access Management Core Services: Authentication, web SSO, coarse-
• Knowledge-based
grained authorization for enterprise applications deployed on-premises or
authentication (KBA)
in the cloud.
• Out of band TOTP for
• Identity Federation: Cross-Internet-domain authentication and password resets
delegated authorization supporting industry standards such as SAML, • Passwordless access with
OAuth, and OpenID Connect. Social logon using social network identities OMA push notification
is supported. • QR code-based OMA App
registration
• Adaptive Access and Risk Analysis: Using multifactor authentication
Fraud Detection and
and the heuristic fraud detection service, the Oracle Mobile Authenticator
Investigation
(OMA) provides soft-token TOTP solutions with one-touch notification
• Real-time and batch
services as well as passwordless access with OMA push notifications.
analysis (heuristic behavior
analysis)
1 Data Sheet / Oracle Access Management 12.2.1.4.0 / Version 1.0
Copyright © 2021, Oracle and/or its affiliates / Public
• Oracle Mobile Authenticator (OMA): Supports new enhanced • Universal risk snapshot
enrollment process for adding your accounts to the OMA app. Standard-based Integration
Organizations can use the App Protection feature to help protect the OMA • Support for SAML 2.0,
app with a fingerprint identity sensor such as Touch ID for iOS and OAuth 2.0, OpenID Connect,
Fingerprint for Android. Windows 10 platform is now also supported. and FIDO2
• Integration with Oracle
• Oracle Advanced Authentication (OAA): Customers can enhance their Cloud Infrastructure Identity
MFA solution with support of FIDO2 and YubiKey modern passwordless and Access Management
factors. Customers can extend this protection by pairing it with the new (OCI IAM)
microservice Oracle RADIUS Agent (ORA) to help customers protect Password Management
Oracle databases, VPN, and SSH sessions with a modern MFA user • User group specific
experience. password policies groups
• OAuth2 Dynamic Client Registration: Dynamic Client Registration • OTP based Forget Password
and Out of band TOTP for
provides a way for native mobile apps to dynamically register as clients password resets
with the OAM OAuth Server.
• Admin driven forced
• OAP over REST: Oracle Access Protocol (OAP) over REST enables the use password change
of HTTPS infrastructure to route and load balance requests. Changing the MDC Lifecycle Simplification
transport mechanism between WebGate and server can have a beneficial • MDC Admin REST APIs
impact on reducing operational cost for hybrid deployments. This is
• Support OAuth in Multi
especially significant when some components are on-premises and others Data Center environment
have moved to cloud.
Enhanced OAuth2 Supports
• Password Management: OAM supports multiple password policies, • OAuth consent
enabling varied levels of password-based complexity protection for users management
belonging to different groups. The reset and forgot password capability • OAuth Just-in-time (JIT)
can be supported with second factor authentication methods and Out-of- provisioning
band TOTP. • OAuth dynamic client
registration
• OAM Snapshot Tool: The OAM Snapshot tool helps administrators
• OAuth refresh token
manage, migrate, and update OAM deployments. This tool enables
revocation
management of OAM deployments across various infrastructures in a
Simplified Installation,
uniform manner, utilizing Oracle Database backup and cloning solutions. Configuration and Upgrade
• Multi Data Center Lifecycle Simplification: OAM simplifies the process • Production ready OAM
of setting up and administering multi data center (MDC) topologies container image with
Kubernetes and OAM
without using test to production tooling. New REST based APIs introduced
container Image in Oracle
for administrative and diagnostic purposes can significantly reduce the Cloud Infrastructure (OCI)
number of configuration steps performed in the MDC environment. marketplace for quick
OAuth Artifacts (such as Identity Domains, Clients, Resources, etc.) evaluation
created in one data center are visible and seamlessly synchronized across • OAM SnapShot Tool
other data centers. • OAP over REST
• OAuth Consent Management: Consent Management can be enabled for • Bootstrapping framework
each of the OAuth Identity Domains or all the OAuth Identity Domains in • Stateless mid-tier with DB
OAM. All OAuth tokens issued to a client can be revoked on demand by state persistence
an administrator, in scenarios such as a user no longer using the relevant
client application or the device is lost or stolen.
• OAuth Just-In-Time (JIT) Provisioning: JIT user provisioning enables a
user identity to be provisioned dynamically when the user tries to login for
the first time using any social identity providers. User account creation is
done directly, without the need to provision users in the system, in
advance.
2 Data Sheet / Oracle Access Management 12.2.1.4.0 / Version 1.0
Copyright © 2021, Oracle and/or its affiliates / Public
• OAM Stateless Mid-tier: Database state persistence with stateless mid-
tier can simplify the upgrade and cloud migration process. It enables new
use cases including linking of sessions across web, API and device access Key Benefits
and consolidated state across SSO, federation, and OAuth.
• Scalability (support for up to
• TLS1.3 and SHA2: OAM 12c supports TLS1.3, , and IPV6 protocols and 250 million user accounts)
addresses FIPS 140-2 compliance requirements. All the simple mode • High availability with active-
certificates that are generated out-of-the-box for WebGate SSL active multiple data center
support
communication are upgraded to SHA2.
• Dynamic, proactive security
• Enterprise Single Sign-On (ESSO) release: ESSO eliminates the need posture, avoiding the
for users to remember and manage passwords for virtually any common pitfalls of reactive,
static security systems
application. ESSO 11.1.2.4.0 is the latest release available for customers to
deploy or upgrade to.
Related Products
• Standards Based Integration: Adoption of open standards such as
OAuth, OpenID Connect, SAML, and FIDO2 allows for heterogeneous • Oracle Directory Services:
All-in-one directory solution
environment coexistence. REST APIs are extended in 12c for federation with storage, proxy,
management, multi data center, OAuth, password management, synchronization, and
multifactor authentication, OTP, password policy, and session virtualization capabilities.
management. • Oracle Identity Governance:
User administration
• New and Enhanced WebGates: The 12c version of WebGates released for (provisioning), privileged
Apache HTTP Server and Internet Information Services web servers. account management,
identity intelligence and
• OAM Container Image: Using the OAM Container Image, OAM can be analytics.
deployed on-premises and in the cloud with Kubernetes container • OCI Identity and Access
orchestration, allowing deployment and upgrade automation, auto-scale, Management: Cloud native,
and portability to multi cloud and on-premises environments. comprehensive, security
and identity management
• Simplified Install and Upgrade Experience: The installation footprint platform.
and time investment have been significantly reduced with fewer steps and
less time using the bootstrap framework and configuration auto-
discovery. OAM deployments can now be patched with the Stack Patch
Bundle, which includes the bundle patches for each of the select identity
management products and the patches for their respective underlying
components.
• Performance Improvements: Session management has been enhanced
using significant Database Optimizations in OAM 12c.
• Integration with OCI Identity and Access Management: OAM supports
SSO between apps protected by OCI IAM and OAM using Federation.
To find out more information about OAM 12.2.1.4.0, please visit OAM
Help Center- https://docs.oracle.com/en/middleware/idm/access-
manager/12.2.1.4/index.html.
3 Data Sheet / Oracle Access Management 12.2.1.4.0 / Version 1.0
Copyright © 2021, Oracle and/or its affiliates / Public
Connect with us
Call +1.800.ORACLE1 or visit oracle.com. Outside North America, find your local office at: oracle.com/contact.
blogs.oracle.com facebook.com/oracle twitter.com/oracle
Copyright © 2021, Oracle and/or its affiliates. All rights reserved. This document is Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be
provided for information purposes only, and the contents hereof are subject to change trademarks of their respective owners.
without notice. This document is not warranted to be error-free, nor subject to any
Disclaimer: This document is for informational purposes. It is not a commitment to deliver any
other warranties or conditions, whether expressed orally or implied in law, including
material, code, or functionality, and should not be relied upon in making purchasing decisions.
implied warranties and conditions of merchantability or fitness for a particular
The development, release, timing, and pricing of any features or functionality described in this
purpose. We specifically disclaim any liability with respect to this document, and no
document may change and remains at the sole discretion of Oracle Corporation.
contractual obligations are formed either directly or indirectly by this document. This
document may not be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without our prior written permission.
4 Data Sheet / Oracle Access Management 12.2.1.4.0 / Version 1.0
Copyright © 2021, Oracle and/or its affiliates / Public