KuppingerCole Report
By Martin Kuppinger

Oracle Identity Cloud Service: Identity for Business Applications in the Hybrid IT

Today, most businesses are using hybrid IT, with a mix on-premises and cloud applications and services. And hybrid IT is here to stay, given that many of the legacy applications are hard and costly to migrate. Thus, Identity Services must work well for all these applications and the entire hybrid IT infrastructure. While they increasingly run from the cloud, as IDaaS (Identity as a Service), connecting back to on-premise applications and delivering comprehensive IAM capabilities for hybrid IT becomes essential. Oracle Identity Cloud Service is built for these environments, with specific strengths for the full breadth or Oracle business applications.

Commissioned by Oracle

1 Introduction

Cloud services have become a reality for most businesses over the past few years. For most businesses, “cloud first” has become the norm, not the exception. As a result, more and more of the business workloads are shifting to the cloud, into as-a-service deployment models. This has created hybrid business systems for most organizations.

This evolution requires other IT services such as IAM (Identity and Access Management) to follow this trend. This critical authentication service should run wherever critical applications run that need to be supported and protected. There is no way to split identity services into disparate services for the “old” and “new” IT. There is a need for a hybrid IAM. While this tended to be an on-premises IAM with some support for cloud services, it is about to shift to cloud IAM with strong support for existing on premises business services with more and more business workloads shifting to the cloud.

Over the past years, a growing number of IDaaS (Identity as a Service) solutions have appeared on the market. However, many if not most of these are focused on some part of IAM, which is supporting Single Sign-On (SSO) of users and adaptive authentication schemes. Unfortunately, IAM is not done by authenticating a user. It is about managing the identities and their entitlements, it is about authenticating, and it is about authorizing access. IDaaS services that are just SSO and authentication services lack the depth that is required for successfully securing and governing business applications.

However, as the shift of business workloads is a long-term journey for most businesses, moving from on-premises IAM to IDaaS while delivering comprehensive support for IAM capabilities across all target systems, independent of their deployment model, is a multi-step journey as well.

Many of today’s investments into IDaaS don’t follow a well-thought-out strategy but are tactical: there appear some new cloud services, thus connectors or SSO are added. However, when looking at the mid-term IT strategy (commonly a “cloud first” or “cloud preferred” approach) and the mid-term IT reality, which is hybrid for most organizations, a well-planned approach must be taken.

Part of this approach is to start with a clear focus on and acceptance of the hybrid reality of IT. While “cloud first” might be the strategy, the reality is different. Moving to an “IDaaS first” approach is a consequent in the shift to as-a-service models. Thus, businesses need to decide when to best make this step and how.

Oracle Identity Cloud Service (IDCS) provides, together with additional offerings in the field of security and identity, a broad range of options for customers on their journey to the cloud. A specific strength is the level of integration with Oracle business applications and databases, which make IDCS a strong fit for these organizations.

2 Highlights

  • IAM challenges in supporting the hybrid IT reality of today’s businesses
  • Limitations of IDaaS solutions focused on Single Sign-On and run-time aut ...
Login Get full Access

3 Hybrid Identity Services for Hybrid Business Systems

The hybrid reality of IT in most organizations requires a hybrid IAM that supports all business applications and services from a central point-of-cont ...

IAM must support all these models, in a consistent manner, and from an integrated set of identity services. Users must be able to access all services, ...

Login Get full Access

4 Delivering Depth in Identity Services for Business Systems

Many of today’s IDaaS services are targeted on Single Sign-On and run-time authentication. However, without support for the administration of identi ...

There are various schemes for structuring IAM services. A common way is following the 4A approach, which splits the services into:

  • Administration: ...
Login Get full Access

5 Supporting a Gradual Migration to the Future Cloud IT

There are different ways to migrate IAM to the cloud, supporting the future cloud IT. These need to be well-thought-out and can happen in different st ...

Login Get full Access

6 Oracle Identity Cloud Service: Supporting the Hybrid Business

Oracle Identity Cloud Service is a comprehensive IDaaS offering with deep support specifically for Oracle business applications, but also beyond these ...

The service is implemented using a microservice architecture that is aligned with Cloud principles of Scalability, Elasticity, Resilience, Ease of Dep ...

Login Get full Access

7 Action Plan for Shifting Identity Services to the Cloud

A migration strategy for moving from an on premises IAM to a hybrid IAM can take multiple stages. It might specifically start with building on integra ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.