Advanced User Security Mapping™ for Oracle WebCenter Content (UCM)
Advanced Security Integration for Oracle WebCenter Content with LDAP, Active Directory (AD), and Single Sign-On (SSO) Solutions
New! Watch the Video Demo
Are you having difficulty leveraging information from your user directory to secure content in Oracle WebCenter Content?
Would you like to automatically assign aliases based on rules?
Do you want to deny access to content based on users' directory information?
Would you like to automatically populate users in Oracle WebCenter Content from LDAP or AD?
“When we used the basic integration on our network of about 15,000 users, we had around 65,000 LDAP groups. By mapping user attributes from LDAP to [Oracle WebCenter Content], we were able to get our [Oracle WebCenter Content] Security Groups to about 12! Besides a much simpler account structure, our network performance has improved dramatically.”
- Terry Leach
Advanced User Security Mapping (AUSM) bridges the gap between Oracle WebCenter Content (UCM) security and your enterprise security model. It is the only out-of-the-box, supported solution to integrate Oracle WebCenter Content with 3rd party single sign-on products. It also extends the core Oracle WebCenter Content LDAP/AD integration to interpret additional directory information including user attributes, organizational units, and group membership to define access to content. Benefits of Advanced User Security Mapping:
- SSO Integration-- extends single sign-on capability to Oracle WebCenter Content, saving users' time, increasing user adoption, and supporting corporate compliance standards.
- Synchronization-- automatically pre-populates the Oracle WebCenter Content system with users, versus waiting for each user to manually log-in to the system before adding them to workflows, aliases, etc.
- Performance-- drastically improves network performance through a simplified LDAP or AD structure, or the ability to use single sign-on without connecting to LDAP.
- Flexibility-- the intuitive "rules engine" extends the basic LDAP/AD integration, allowing administrators to assign user permission from complex rules based on directory information. Permissions can be both granted and denied. Users can now be assigned to aliases for workflows and collaboration manager automatically based on directory information.
- Compliance-- easily demonstrates compliance by showing user access levels to content across your entire Oracle WebCenter Content system.
- Simplified Administration-- allows administrators to validate permissions and troubleshoot access issues for specific users without requiring them to log in.
Contact Us to learn more, schedule a demo, or request a quote.
- Integrates with a variety of 3rd party single sign-on products
- Creates rules to map attributes, groups, and OUs to roles/accounts/aliases
- Creates exceptions to the rules to deny access
- Reduces the number of rules by dynamically assigning roles/accounts/aliases based on attributes
- Simulates user log-in to debug permission issues
- Retrieves the list of users and access levels for security group and account combinations
- Synchronizes and refreshes users with either LDAP/AD or Oracle WebCenter Content as the source
- Oracle WebCenter Content Server Versions 7.1.x, 7.5.x, 10gR3, 11g
- Any single sign-on product capable of passing user information through http header variables, such as:
- CA Siteminder
- Sun Access Manager
- Tivoli Access Manager
- Oracle's Identity Management Suite (formerly Entrust and Oblix)
- CA Siteminder
- MS SQL, Oracle Databases
- Any LDAP version 3 compliant directory server, such as:
- Sun One Directory Server
- Novell eDirectory
- Active Directory
- Active Directory Application Mode (ADAM)
Advanced User Security Mapping Frequently Asked Questions
Can I make changes to people’s access without involving my network administrator?
Yes, Advanced User Security Mapping allows you to create rules and exceptions based on users characteristics (LDAP group, User attributes or Organizational Unit) and AUSM will automatically reassign permissions based on the criteria set. For Example—you can take one user and give them the admin role, or take an entire department and give them access to a specific account, all without modifying Active Directory or LDAP.
Does Advanced User Security Mapping write information back into LDAP or Active Directory?
No, AUSM only reads information from LDAP and AD, but does not push back information to them. Many organizations follow the common practice of not allowing a third party application to modify their corporate security structure.
How do I know what access a specific user is assigned?
Advanced User Security Mapping’s interface has a rules page where you can type in a username and AUSM will show you their access and what rules apply to get that access.
Can users be assigned to aliases automatically?
Yes, users can be assigned to aliases automatically using the same rule definition process based on LDAP group, attributes, or Organizational Unit.
How do I see what users have access to a security group and account?
From AUSM’s Retrieve Users With Access interface you can choose what security group, account and permission level you would like to view and a list is returned with users that have at least that much privilege. For example—if you want to see who can modify public documents, choose the public security group, the empty account (if accounts are enabled) and read/write permission.
How do I add new Active Directory users to the Content Server?
By default AD users are added to the Content Server when they first log in. With AUSM, new users can be added automatically through a synchronization process on a scheduled basis or can be manually initiated by an administrator.
When users are removed from Active Directory, does the synchronization process also remove them from the Content Server?
AUSM currently does not remove users from the Content Server database when they are removed from the directory. This is an enhancement that has been under consideration and if it would be of interest to you please contact us at firstname.lastname@example.org
Advanced User Security Mapping News
Advanced User Security Mapping Brochures