Help secure job applicant and corporate traffic in Oracle Fusion Cloud with WAF for SaaS

Imagine that you’re hiring for a new role and your company’s career site is active with candidates exploring opportunities. At the same time, your internal employees are using Oracle Fusion Cloud for their day-to-day operations. Keeping these two types of traffic separate is crucial to protect sensitive information and maintain a smooth user experience. In some Oracle Fusion Cloud environments with higher security requirements from customers, employees using the system must manage public candidate traffic by accessing Oracle Fusion Cloud Recruiting career sites from internal corporate traffic.

To address this issue, Oracle Fusion Cloud allows you to manage traffic paths by configuring Web Application Firewall (WAF) for software as a service (SaaS) with IP filtering.

Configuring WAF for SaaS with IP filtering

To achieve this separation, you can configure WAF for SaaS to implement IP filtering across Oracle Fusion Cloud Applications. This filtering restricts access to certain parts of the environment based on a set of known IP addresses or country-specific locations, such as the enterprise network or employee VPNs. This setup allows only authorized traffic from these trusted sources to access core Fusion Applications.
When WAF for SaaS is configured, the filtering applies to the entire Fusion environment, including the Oracle Recruiting Cloud career sites. However, you can explicitly allow access to specific career sites and integrations from unknown IP addresses. This configuration permits traffic to bypass the restrictions applied to other internal Fusion applications, so job applicants from anywhere can access the career sites while keeping internal traffic secure.
Importantly, authentication requirements for accessing Oracle Recruiting Cloud and other parts of Fusion applications remain unchanged, maintaining  robust and enforced login rules.

Example: IP filtering configuration 

Enabling IP filtering with WAF for SaaS is straightforward. To get started, submit a service request specifying the classless interdomain routing (CIDR) ranges that you want and designate Oracle Recruiting Cloud as a qualified target. The following example shows a configuration:
​​​​​​Allow CIDR <192.134.0.0/29, 192.158.129.23/17>
Qualified Target <Oracle Recruitment Cloud

This setup restricts access to Oracle Fusion Applications to traffic from specified CIDR ranges, such as corporate networks and VPNs, while allowing unrestricted access to Oracle Recruiting Cloud career sites from any IP.

Restricting candidate traffic by geography

If you need more control, you can limit traffic to Oracle Recruiting Cloud career sites based on geographic location. For example, if you want to restrict access to candidates from specific regions or countries, you can configure it accordingly. For example, to limit access to candidates in the United Arab Emirates (UAE), use the following string:
Qualified Target <Oracle Recruitment Cloud> Allow Country <AE>

WAF for SaaS allows filtering based on any combination of countries using ISO 2-character country codes, providing you with further flexibility to manage access to Oracle Recruiting Cloud career sites while keeping internal traffic secure.

Conclusion

Oracle’s WAF for SaaS makes it easy to separate candidate traffic from internal Fusion Applications traffic with precise IP filtering. By configuring WAF for SaaS to allow exceptions for Oracle Recruiting Cloud, you can maintain a robust security posture while providing seamless and unrestricted access to external candidates. To get started, submit a service request to enable WAF for SaaS IP filtering and specify your desired CIDR ranges and qualified targets.
For detailed guidance on setting up IP filtering with WAF for SaaS, check out the IP Filtering blog. For more information, see the following resources:

• How to request for WAF4SaaS IP-based access control? (Doc ID 2969290.1)
• How to submit a technical service request for WAF4SaaS? (Doc ID 2969373.1)
• Oracle Recruiting Cloud career sites