General FAQ

Sun Java System Access Manager helps organizations manage secure access to an enterprise's web applications both within the enterprise and across business-to-business value chains. It is an an open, standards-based product that provides centralized authentication and policy-based authorization from a single, unified framework. Access Manager meets the current needs of the enterprise for secure protection of essential identity and application information and supports their future business needs through implementation of the latest identity federation standards for tighter integration with business partners. It improves user experience through single sign-on to all of an organization's web-based applications and creates revenue opportunities through deepened relationships with partners, suppliers, and customers.

The industry-leading Sun Java System Access Manager software delivers open, standards-based access control across intranets and extranets. Access Manager helps organizations manage secure access to an enterprise's Web applications both within the enterprise and across business-to-business (B2B) value chains. Access Manager:

1. provides centralized authentication and authorization services across internal and external computing domains
2. ensures that appropriate authentication credentials are required of users depending on the value of the protected resources
3. makes certain that authorized users have access to specific resources while protecting those resources from unauthorized users
4. presents streamlined navigation across enterprise Web applications through single sign-on
5. enables the enterprise to audit all access activities, including authentication attempts, authorizations, and changes made, to assist in complying with regulatory audit requirements

Sun's Access Manager is ideally suited to provide a single point of authentication and authorization to all applications deployed in the enterprise. Its open and standards-based design and broad suite of resource adapters allow for quick and easy integration with an existing heterogeneous IT environment allowing the enterprise to protect and extend existing investments.

Access Manager provides a framework for authorization decisions so that applications across the enterprise can leverage a single centralized policy decision point for granting access to users by leveraging role and rule-based access control. It ensures that appropriate authentication credentials are required of users depending on the value of the protected resources, and makes certain that authorized users have access to specific resources while protecting those resources from unauthorized users.

Access Manager also implements the open-standard JAAS (Java Authentication and Authorization Service) framework, offering a vast array of supported authentication modules such as LDAP, digital certicate, RSA SecurID, or any other JAAS-compliant authentication plug-ins. It also provides policy agents for the enterprise applications/platforms including SAP, Lotus Domino, Apache, BEA Weblogic, IBM WebSphere, Microsoft IIS, Oracle, and Tomcat. By providing these policy agents, Access Manager ensures that enterprise applications can be integrated into a centralized authentication/authorization framework. For legacy applications that are not Web or XML friendly, Access Manager provides APIs and SDKs for authentication, authorization, policy decisions and single sign-on so that non-Web applications can leverage the same security framework.

Access Manager's support for federated identity standards provides a strong framework for regulatory compliance and for implementing services in compliance with key global privacy policies and regulations, including Sarbox, HIPAA, GLBA, European Union privacy and others. Access Manager addresses the key issue of managing and providing visibility into who has access to what information and ensures that authorized users have access to specific resources while protecting those resources from unauthorized users. This is critically important in conforming to regulation mandated by governments for the protection and privacy of users' informations.

Access Manager leads the market in productization of the latest federation standards, including Liberty Phase 2.0 and SAML 1.1 specifications. Sun has been a founding member and sponsor of the Liberty Alliance Project since its inception and fully supports the Liberty Alliance business guidelines and technical specifications. The Security Assertion Markup Language (SAML), managed by OASIS, is an XML framework for exchanging authentication and authorization information across security domains. Sun is involved in the development of SAML and has a co-chair position as part of the OASIS.

Since it is difficult for enterprises to forecast which systems and solutions their company will implement in the future, it is critical that their access management vendor delivers support for the current and latest standards and takes a strong role in creating future standards. To the extent that enterprises are standards-driven, they will be in an excellent position to take advantage of emerging technologies such as Web services in the future.

An access management solution that supports the latest federation standards has many business benefits. It allows for revenue growth through delivery of customized products and service offerings; It enhances user experience and improves customer retention through single sign-on across linked business networks, and provides interoperability across different vendor platforms protecting enterprises' existing technology investments. Sun is leading the industry in providing fully productized support for the latest federation standards providing interoperability and authentication and authorization services by enabling organizations to deepen their relationships with customers, partners, and suppliers.

Access Manager is sold to customers in over 22 countries in all geographies and multiple industries. Access Manager's momentum is increasing with recent wins in vertical industries including: financial services, wireless telcos, healthcare, government and retails. Access Manager has been deployed at over 600 customers including: Advocate Health Care, Albertsons, Red Cross, HE Butt Grocery, Ministry of Railway, U.S. Army Accessions Command, among many others.

Yes. Access Manager can be configured to authenticate users against any LDAP compliant directory ensuring full leverage of existing application invesments.

Access Manager provides real-time auditing of all authentication attempts, authorizations, and changes made. Access Manager maintains a history of all event data to meet specific customer requirements for auditability as well as facilitate regulatory compliance.

Access Manager has several leading proof points:

• Access Manager is the first in the industry to support the Liberty Alliance Phase 2 and SAML 1.1 specifications. Per Burton Group, August 2003 report, "Sun leads in implementation of the federated identity management specifications of Liberty Alliance and OASIS SAML."
• Sun has a comprehensive and well-integrated set of identity management solutions as compared to the point product approach of many competitors.
• Recognizing that Sun's customers operate in heterogeneous environments and that its products must run on multiple platforms and interoperate with technologies from other vendors, Sun is committed to providing the most "integratable" family of identity management products. Sun is committed to openness, and invests significant R&D in product integrations with partners and complementary software vendors. Sun is a leading contributor to identity management standards and invests significant resources to incorporate these standards into its identity management solutions. These efforts foster openness and interoperability and help to protect existing and future technology investments.

This is clearly demonstrated by Access Manager's out-of-box support for third party products with over 30 policy agents that enable SSO and access control across multiple platforms, applications, and Internet domains, such as Apache, BEA, IBM, Lotus, Microsoft, Oracle, PeopleSoft, and SAP.