Suppose you are in charge for the security of a bank (CISO, CSO,…) that wants to control the access of users to the new ERP in the cloud that you are implementing.
There is a very simple and safe way to control which users access the environment.
Simply configure the Single Sign On of the cloud solution side so that the Service Provider is the ERP, and the Identity Provider is your on-premises identity management infrastructure.
How does it work?
When a user requests the url of the ERP, a login form hosted on the corporate servers appears, requesting the credentials. Since this form is deployed on-premises, only users connected to the corporate network (directly or via VPN) can access it.
Oracle Identity Cloud is always provisioned when you buy clod services and allows you to configure, among other things, the following:
- federate users between the cloud and LDAP on premises without the need to store the password in the cloud
- configure the SSO provided by the on-premises access system
- configure several authentication factors (MFA) for administrators
- define network perimeters (ranges of IP’s that can access the cloud)
- define Risk Providers and Adaptative Security, which are mechanisms to evaluate the risk in user access actions
- define Sign On policies, which are rules that apply in different way depending on the user roles (the more powered user the more strong rules to apply)
- out of the box reports with login attempts and application access