Advanced User Security Mapping™ for Oracle UCM

Advanced Security Integration for Oracle UCM with LDAP, Active Directory (AD), and Single Sign-On (SSO) Solutions.

Are you having difficulty leveraging information from your user directory to secure content in UCM?
Would you like to automatically assign aliases based on rules you have set up?
Do you want to deny access to content based on users' directory information?
Would you like to automatically populate users in UCM from LDAP or AD?

Click Here to Contact a Technical Representative.

“When we used the basic integration on our network of about 15,000 users, we had around 65,000 LDAP groups. By mapping user attributes from LDAP to Stellent, we were able to get our Stellent Security Groups to about 12! Besides a much simpler account structure, our network performance has improved dramatically.”

Terry Leach, Contractor to a Large Government Agency

Advanced User Security Mapping (AUSM) bridges the gap between Oracle UCM security and your enterprise security model. It is the only out-of-the-box, supported solution to integrate UCM with 3rd party single sign-on products. It also extends the core UCM LDAP/AD integration to interpret additional directory information including user attributes, organizational units, and group membership to define access to content.

Benefits of Advanced User Security Mapping:

SSO Integration-- extends single sign-on capability to Oracle UCM, saving users' time, increasing user adoption, and supporting corporate compliance standards.
Synchronization-- automatically pre-populates the Oracle UCM system with users, versus waiting for each user to manually log-in to the system before adding them to workflows, aliases, etc.
Performance-- drastically improves network performance through a simplified LDAP or AD structure, or the ability to use single sign-on without connecting to LDAP.
Flexibility-- the intuitive "rules engine" extends the basic LDAP/AD integration, allowing administrators to assign user permission from complex rules based on directory information. Permissions can be both granted and denied. Users can now be assigned to aliases for workflows and collaboration manager automatically based on directory information.
Compliance-- easily demonstrates compliance by showing user access levels to content across your entire Oracle UCM system.
Simplified Administration-- allows administrators to validate permissions and troubleshoot access issues for specific users without requiring them to log in.

Register today to see an online demonstration to take advantage of single sign-on and more powerful Oracle UCM LDAP/AD integration features.

Advanced User Security Mapping Product Specifications

Current Features:

Integrates with a variety of 3rd party single sign-on products
Creates rules to map attributes, groups, and OUs to roles/accounts/aliases
Creates exceptions to the rules to deny access
Reduces the number of rules by dynamically assigning roles/accounts/aliases based on attributes
Simulates user log-in to debug permission issues
Retrieves the list of users and access levels for security group and account combinations
Synchronizes and refreshes users with either LDAP/AD or Oracle UCM as the source

Supported Environments:

Oracle UCM Content Server Versions 7.1.x, 7.5.x, 10gR3
Any single sign-on product capable of passing user information through http header variables, such as:
- CA Siteminder
- Sun Access Manager
- Tivoli Access Manager
- Oracle's Identity Management Suite (formerly Entrust and Oblix)
MS SQL, Oracle Databases
Any LDAP version 3 compliant directory server, such as:
- Sun One Directory Server
- Novell eDirectory
- Active Directory
- Active Directory Application Mode (ADAM)

Advanced User Security Mapping Frequently Asked Questions

1) Can I make changes to people’s access without involving my network administrator?

Yes, Advanced User Security Mapping allows you to create rules and exceptions based on users characteristics (LDAP group, User attributes or Organizational Unit) and AUSM will automatically reassign permissions based on the criteria set. For Example—you can take one user and give them the admin role, or take an entire department and give them access to a specific account, all without modifying Active Directory or LDAP.

2) Does Advanced User Security Mapping write information back into LDAP or Active Directory?

No, AUSM only reads information from LDAP and AD, but does not push back information to them. Many organizations follow the common practice of not allowing a third party application to modify their corporate security structure.

3) How do I know what access a specific user is assigned?

Advanced User Security Mapping’s interface has a rules page where you can type in a username and AUSM will show you their access and what rules apply to get that access.

4) Can users be assigned to aliases automatically?

Yes, users can be assigned to aliases automatically using the same rule definition process based on LDAP group, attributes, or Organizational Unit.

5) How do I see what users have access to a security group and account?

From AUSM’s Retrieve Users With Access interface you can choose what security group, account and permission level you would like to view and a list is returned with users that have at least that much privilege. For example—if you want to see who can modify public documents, choose the public security group, the empty account (if accounts are enabled) and read/write permission.

6) How do I add new Active Directory users to the Content Server?

By default AD users are added to the Content Server when they first log in. With AUSM, new users can be added automatically through a synchronization process on a scheduled basis or can be manually initiated by an administrator.

7) When users are removed from Active Directory, does the synchronization process also remove them from the Content Server?

AUSM currently does not remove users from the Content Server database when they are removed from the directory. This is an enhancement that has been under consideration and if it would be of interest to you please contact us at oraclesales@fishbowlsolutions.com