X

Cloud Security Perspectives and Insights

Enabling Hybrid Identities across Cloud and On-premises applications using IDCS

This is the second of a four-part series of blogs that started with an overview of Identity Cloud Service and now focused on providing more insights into each of the key pillars upon which IDCS is designed – Hybrid Identity, Open & Standards based, and Secure Defense in Depth.

Let’s start off with Hybrid Identity. Most of Oracle’s large enterprise identity customers have invested tremendous amounts of resources over several years in their on-premises Identity & Access Management deployments.  Many have automated access request process and access review certifications, deployed sophisticated approval workflows, audit capabilities, and reporting for on-premises applications. It was our goal with IDCS to enable these customers to extend such sophisticated capabilities to cloud resources as well, providing a single pane of glass view of the user.

IDCS enables on-premises identities to be used for cloud applications in three key ways:

  1. User Synchronization: IT can synchronize on-premises user identities to the cloud from Active Directory or Oracle Identity Governance. Active Directory uses an Oracle “ID Bridge” component, easily deployed on-premises. The ID Bridge synchronizes identity data (users and groups) from AD to IDCS. Alternatively, for customers using Oracle Identity Governance as their authoritative source for identities, a new “IDCS Connector” for OIG allows identity data to be synchronized from Oracle Identity Governance to IDCS as well. Synchronizing on-premises user identities allows users to authenticate to cloud applications using the same set of credentials as for their on-premises applications.
  2. Federation: Many customers are looking to offer single sign experience across their on-premises and Cloud applications, and centralize all access management policies using a single Access Management solution. IDCS provides the ability to federate authentication with an external Identity Provider, such as Oracle Access Management, ADFS and many others. This integration is easily configured via standards-compliant SAML 2.0 capabilities available within IDCS.
  3. Governance: IDCS allows governance workflows to be run for cloud applications managed within IDCS. The IDCS Connector for Oracle Identity Governance (OIG) extends identity governance capabilities of OIG to cloud applications managed by IDCS. For example,
  • Customers can run Certification Campaigns for cloud applications as well as on-premises applications right within Oracle Identity Governance, and verify Certification results within OIG. This brings cloud applications under the purview of existing Compliance Certification processes. The process also enforces closed loop remediation for IDCS protected applications in cases where access needs to be removed.
  • Administrators can now define Audit policies for enforcing Segregation of Duties (SoD) for both on-premises applications and IDCS right within Oracle Identity Governance. They can also run these policy scans from OIG and detect and remediate SoD violations for cloud application access, thereby minimizing risks of unauthorized access to their cloud applications.
  • Those that rely on application access reports in OIG can now run “Account Activity in Resource” reports and “User Resource Access” reports from OIG to review information about active users and provide a single view of user activity across on-premises and cloud applications. This also helps better tracking of active usage of cloud applications.


Like we mentioned in earlier blog posts, IDCS is wrapping up its beta program and getting ready for launch later this year. Next week you will hear more about how IDCS is designed to be open and standards-based and how this benefits you. The following week we will delve into how our core focus is security and some of the features that help provide Secure Defense in Depth. In the meantime, you can find more information about the product here:

Oracle Identity Cloud Service Product Page

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.