Oracle Adaptive Access Manager (OAAM) Statement of Direction (Doc ID 2305294.1)

Oracle Adaptive Access Manager Statement of Direction (OAAM) - September 2017

Oracle Adaptive Access Manager (OAAM) was designed to cover:

• Risk-based AuthN
• Risk-based Analysis
• Fraud prevention
• Multifactor authentication

Oracle Adaptive Access Manager (OAAM) 11gR2 PS3 is the latest available release. Oracle does not have plans to offer OAAM and associated functionality as part of the 12c product line. Oracle will maintain existing versions of OAAM functionality and provide critical bug fixes according to Oracle’s Lifetime Support policy. No new major enhancements are currently planned for OAAM. As Oracle continues to evaluate and extend its Identity Management product strategy, key security capabilities like Multi-Factor Authentication and Adaptive Access are planned to be available and delivered via the Oracle Identity Cloud Service (IDCS), which is Oracle’s next generation Identity Management offering.

Adaptive Access requires a comprehensive set of constantly changing risk, context and threat information like IP/Social Identity reputation, compromised credentials, and behavior analytics across on-premise and cloud properties. Oracle plans to deliver these capabilities via Oracle’s Identity Cloud Service. The Adaptive Access capability in IDCS is planned to initially support device fingerprinting and IP reputation services to detect blacklisted/anomalous/anonymous IP addresses, geo-velocity violations and risk score from an external CASB (Cloud Access Security Broker) solution and take remediation action like Allow/deny/MFA. Additional capabilities that are planned will include analysis of a wide variety of risk events based on historical data and support for additional integrations with various risk engines.

For more detailed information refer to the attached Statement of Direction document which was released by Oracle Product Management. It contains information with regard the future of Oracle Adaptive Access Manager.

Please read the following sections:

• Current Product Overview
• Roadmap Plans
• FAQ

• Some of the OAAM features are being incorporated to the Oracle Access Manager (OAM) 12c Application
• Oracle Advanced Authentication ( OAA ) provides similar functionalities like OAAM and it is a standalone micro-service that supports establishing and asserting the identity of users. For more information on this refer to the "Oracle Advanced Authentication Guide"
• The functionality of OAAM Risk Based Authentication will be made available through Oracle Advanced Authentication and a new micro-service called “Oracle Adaptive Risk Management”. OAA is already released, and new updates are getting released
• OARM is tentatively planned to be released for Q1 CY2022
• The combination of OAA & OARM will offer modernized capabilities for Multi Factor Authentication (MFA) & Adaptive use cases.