2 Introduction to Oracle Access Manager Integrations 2-1 2 Introduction to Oracle Access Manager Integrations This chapter introduces the integrations between Oracle Access Manager and other components of the Oracle Identity Management suite, including interaction flows among the components, high level requirements for each integration, and related information. This chapter contains these sections: ■ Summary of Integrations ■ Enabling Identity Administration with Oracle Identity Manager ■ Enabling Single Sign-On for Oracle Identity Manager ■ Integrating with Oracle Adaptive Access Manager for Native Authentication ■ Enabling Single Sign-On for Oracle Identity Navigator ■ Integrating Oracle Access Manager with Oracle Identity Federation ■ Integrating Oracle Identity Manager, Oracle Access Manager, and Oracle Adaptive Access Manager

2.1 Perspectives on Identity Management Integration

At the outset it is useful to consider different approaches to integrating the various Oracle Identity Management components. ■ Access Management Perspective ■ Oracle Identity Manager Perspective ■ Additional Perspectives

2.1.1 Access Management Perspective

A common starting point is to adopt an Oracle Access Manager perspective with intranetextranet SSO. From this perspective, you may want to simply enable user Note: Integration procedures are described elsewhere in this document. See Section 2.2, Summary of Integrations . See Also: Section 1.2, A Note About IDMDomain Agents and Webgates . 2-2 Oracle Fusion Middleware Integration Guide for Oracle Access Manager managementregistration into the LDAP directory with which Oracle Access Manager works. In this scenario you do not need enterprise provisioning but rather focus on management of users in the LDAP directory. The requirements include tasks like integrating the login page forgotten password link, setupdetection of password policies, password-must-change redirects, tracking password history, deploying schema for passwordaccount attributes, and so on. This integration is primarily centered around access management with Oracle Access Manager. In this deployment Oracle Access Manager and Oracle Identity Manager could be in the same Oracle WebLogic Server domain, but you may wish to set up two different domains. User registration workflows usually have workflow enabled.

2.1.2 Oracle Identity Manager Perspective

From the Oracle Identity Manager provisioning perspective, we wish to use Oracle Access Manager as the SSO solution for Oracle Identity Manager as well as other applications. In this configuration Oracle Identity Manager is protected by an agent or asserter and participates in the corporate SSO domain.

2.1.3 Additional Perspectives

Beyond identity and access, additional perspectives apply to sites needing federated single sign-on and advanced access management. Here, the SSO infrastructure needs to be federated by means of Oracle Identity Federation, bringing in Oracle Access ManagerOracle Identity Federation integration; or strengthened by means of Oracle Adaptive Access Manager, bringing in and Oracle Access ManagerOracle Adaptive Access Manager integration.

2.2 Summary of Integrations