See how by leveraging the features of Oracle’s Identity and Access Management Suite, Zirous designed and implemented a solution to safeguard applications that provide online access to unemployment claims, eligibility analysis, employer tax reporting and employer unemployment tax data for this state government agency.
Oracle Identity Management allows enterprises to manage end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more. Oracle Identity Management is a member of the Oracle Fusion Middleware family of products, which brings greater agility, better decision-making, and reduced cost and risk to diverse IT environments today. During difficult economic times, state employment agencies are faced with many challenges. Managing the identities, access and authorization of this complex user base is a daunting task.
Details
Project Facts
This State Government Agency has vital responsibilities including the support of unemployment benefits and recruiting assistance to businesses. It is also responsible for the maintenance of accurate workforce information required to make informed decisions. With a growing number of public facing web applications that serve over 150,000 businesses and citizens in its state, this agency needed a solution that improved user authentication and access, simplified user account maintenance, and protected access to sensitive data.
Leveraging the features of Oracle’s Identity and Access Management Suite, Zirous designed and implemented a solution to safeguard applications that provide online access to unemployment claims, eligibility analysis, employer tax reporting and employer unemployment tax data. The solution met the agency’s primary goal by providing a framework to protect core business applications with centralized security, user management, and self-service. This security framework is extensible as it functions for both the internal and external user communities while bridging the gap between usability and security.
Providing access to businesses and customers throughout the state posed several challenges to the agency including:
• Providing seamless access to all applications with a single password
• Centralization of user registration and management
• Automated provisioning
• Delivering delegated administration to businesses and affiliates
Although delegated administration is a common challenge for many Identity Management projects, the agency’s requirements were unique and extended beyond the traditional requirements.
The diagram depicts a common scenario. Acme Supply outsources their payroll processing to Payroll, Inc. Acme can designate Payroll, Inc. as an affiliate whose employees can access the Department’s applications on Acme’s behalf (figure 1). Acme will be responsible for administrating its employees’ access to the applications while Payroll, Inc. will be responsible for managing its employees’ access on behalf of Acme.
Zirous architected a solution leveraging the key features of Oracle Identity Manager (OIM) and Oracle Access Manager (OAM). OAM provided a comprehensive access management solution with single sign-on, authentication and authorization enforcement, session management, centralized policy administration, and built-in monitoring tools. Oracle Adaptive Access Manager (OAAM) is used to provide multifactor authentication and enable strong authentication while protecting against threats such as phishing, trojans, and proxy attacks. OIM was utilized to centralize the registration of new users with the collection of vital information that will be used to authorize users for access to specific applications of the agency. Using OIM the agency was able to speed up the creation, modification and access to critical resources. The product made it possible to create, modify, and automatically provision user’s access based on their role.
The agency’s new identity system utilizes OIM by leveraging the role inheritance and role membership rule functionality to streamline the assignment of roles to users. The system includes three types of roles:
• Resource roles used to control permissions inside applications
• Access roles used to control authorization to specific applications
• Business roles used to bundle relevant sets of resource and access roles.
The agency’s implementation also featured other components of the Oracle Identity Suite. Oracle Internet Directory (OID) coupled with Oracle Virtual Directory (OVD) leveraged industry standards allowing the agency to centralize identity data into a single location; thus simplifying the determination of a user’s permissions within an application while preventing fraudulent user registrations.
The delegated administration challenge was met by developing a custom application which leveraged extensive Application Program Interfaces (API) calls into the Oracle Identity and Access Management Suite. The resulting solution not only empowered businesses but also reduces help desk calls. The first phase of the deployment will protect five public facing applications listed below:
• Online Claims System: Suite of applications that support the approximately 150,000 accounts claiming unemployment benefits.
• Workforce Management Information System: Application that performs shared registration and eligibility analysis for a suite of applications utilized by approximately 300,000 job seekers.
• Payroll Reporting System: New application that will allow approximately 150,000 businesses to submit and adjust quarterly payroll taxes.
• Employer Account Access: Gives approximately 100,000 businesses read-only access to their state unemployment tax information.
• Child Care Regulatory Info System for Partners: Gives approximately 200 partners of Child Care Division read-only access to information about registered childcare providers.