Oracle Cloud Security: Single Sign-On and Role Assignments

Cloud security is one of the primary concerns for users live on Oracle Cloud. Users may be interested in single sign-on or wondering if they have employees in the right security roles. So how do you determine if your security strategy is on point? Below, we detail strategies and suggestions around Single Sign-On and Role Assignments, as well as actionable next steps to evaluate your current security architecture. 

 

Single Sign-on

Single sign-on (SSO) allows for employees to use their company login credentials to access their Oracle Cloud user account. There are various advantages of enabling SSO, including a reduction in failed login attempts/password resets, fewer passwords for the user to track, and centralization of authentication and authorization. You can use any SAML 2.0 identity provider, including Oracle Identity Federation, Microsoft Active Directory Federation Services 2.0+, Okta, Ping Identity PingFederate, and Shibboleth Identity Provider, to establish SSO.

 

Role Assignments

The first step of ensuring users are placed in the right roles is to have your IT department provide an extract of current system roles and role descriptions. Using these descriptions, you can map to delivered Cloud roles, or identify if there’s a custom security or reporting requirement. If you’re unfamiliar with Cloud security roles, take a look at the Oracle Human Capital Management Cloud Security Reference white paper, or search/compare roles within the Cloud application itself. This function will allow you to view the various privileges that are associated with each role. 

 

This mapping exercise will likely identify data role requirements as well. Simply provisioning a job role to a user (e.g., HR Specialist, Benefits Administrator, Payroll Manager, etc.) limits data access based on the data security policies of the inherited duty roles. Provisioning a data role will limit data access of the inherited job role to a specified set of data (e.g., specific Business Unit, set of departments, etc.). Once the role mappings and security requirements are identified, assign these roles to core users for system integration/user acceptance testing. Some trial and error is expected, but their feedback will help identify where modifications need to be made.

 

Interested in learning more about Cloud ? Register for one of our upcoming webinars, including this webinar on Cloud Security and Reporting Best Practices

For more information on Elire’s services, visit the Oracle Cloud Consulting Services page of our website.