Oracle has updated its Identity Manager platform by adding tools to address compliance and auditing chores.
The new features enhance the continuous validation of access privileges, introduce a workflow design tool and integration gateway, and add report templates and connection wizards.
Oracle Identity Manager (OIM) 10 gR3 is part of the company's Fusion Middleware line up and provides software to automate the addition, subtraction and updating of user accounts from applications and directories.
Oracle jumped into the identity market three years ago with the purchase of Thor Technologies, which forms the provisioning backbone of Oracle's identity technology. That acquisition was followed by acquisitions of Phaos in 2004 and Oblix in 2005 to support federation and access management and OctetString in 2005 to add virtual directory technology.
The company competes with Microsoft, IBM, Novell and Sun in the identity-management market.
Oracle said updates to the platform centre on auditing, including enhancements to its capabilities to review at set intervals that access policies are providing users only the privileges for which they are authorised.
"Proving control polices are working correctly and that you are doing a periodic review of who has access to what and that they should indeed have that access is something that costs people lots of money," said Amit Jasuja, Oracle's vice president of development for security and identity management.
In addition, Oracle has added 19 new compliance and operational report templates to support the audit process, such as tracking down rogue accounts, detailing who authorised access rights for particular users, and documenting exceptions to access policies.
The suite now has a new designer for creating provisioning and approval workflows that hides development work behind a Web-based GUI interface. Also new is an inbound gateway based on WS-SPML 2.0 and a set of updated wizards to support integration with other provisioning platforms.