Skip Headers
Oracle® Fusion Middleware Integration Overview for Oracle Identity Management Suite
11g Release 1 (11.1.1)

Part Number E15477-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

3 Enterprise Single Sign-On

Oracle Enterprise Single Sign-On Suite provides users with unified sign-on and authentication across all their enterprise resources. Unlike Oracle Access Manager that focuses on web access management, Oracle Enterprise Single Sign-On Suite covers also desktops, client-server, custom and host-based mainframe applications. Even if users travel or share workstations, they can enjoy the flexibility of a single log-on that eliminates the need for multiple user names and passwords and helps enforce strong password and authentication policies.

This chapter contains topics related to enterprise single sign-on:

3.1 Enterprise Single Sign-On Synchronization

ESSO Synchronization is a component of Oracle Enterprise Single Sign-On Suite Logon Manager, which handles storage and retrieval of credentials and settings from an external repository such as an LDAP or RDBMS store. This feature lets you synchronize credentials between an end user's local store (on a workstation) and a store in a remote SSO repository (file system share, relational database, or directory server). You configure synchronization through the ESSO-LM administration console.

Table 3-1 shows the supported integrations:

Table 3-1 Oracle Enterprise Single Sign-On Suite Synchronization Manager Integrations

ESSO Synchronization Manager Integrated with Additional Information

Microsoft Active Directory

http://download.oracle.com/docs/cd/E15624_01/logon.11111/SSOAdmin.chm

Microsoft Active Directory Application Mode (ADAM)

http://download.oracle.com/docs/cd/E15624_01/logon.11111/SSOAdmin.chm

LDAP

http://download.oracle.com/docs/cd/E15624_01/logon.11111/SSOAdmin.chm

Database

http://download.oracle.com/docs/cd/E15624_01/logon.11111/SSOAdmin.chm


3.2 Enterprise Single Sign-On Provisioning Gateway

Oracle Enterprise Single Sign-On Suite Provisioning Gateway (ESSO-PG) enables system administrators to directly distribute, reset, remove, or delete user credentials to an Enterprise Single Sign-On solution without the need for any user involvement.

Here are some examples:

All these operations can be automatically initiated and controlled by industry-leading provisioning systems. ESSO-PG provides an open interface to integrate with other industry-standard or internally-developed provisioning systems, and also provides an interactive interface for administrators to manually provision credentials.

Table 3-2 shows the supported integrations:

Table 3-2 Oracle Enterprise Single Sign-On Suite Provisioning Gateway Integrations

ESSO-PG Integrated with Additional Information

Oracle Identity Manager

http://download.oracle.com/docs/cd/E12472_01/provisioning_gateway/PGWOC.pdf

Oracle Waveset

http://download.oracle.com/docs/cd/E12472_01/provisioning_gateway/EPGSC.pdf

IBM Tivoli Identity Manager

http://download.oracle.com/docs/cd/E12472_01/provisioning_gateway/EPGSC.pdf

Novell Identity Manager

http://download.oracle.com/docs/cd/E15624_01/provisioning.11111/NIMIG.pdf


3.3 Enterprise Single Sign-On Authentication Manager

Oracle Enterprise Single Sign-On Suite Authentication Manager (ESSO-AM), an add-on module to Oracle Enterprise Single Sign-on Logon Manager (ESSO-LM), enables an organization to seamlessly provide a strong authentication bridge to all its applications, including smart cards and Entrust authenticators.

Users can employ different authenticators at different times, and application access can be controlled based upon the authenticator used for all authentication events: initial authentication, re-authentication, and forced authentication.

Table 3-3 shows the supported integrations: