Oracle Cloud Infrastructure

Management of Corporate Identities and Access to Cloud Resources and Services through the Identity & Access Management (IAM) Module

Scenario

We live in an era where digital transformation is increasingly prevalent in businesses, with the rapid adoption of digital technologies and cloud services. This growing digital complexity makes centralized and secure management of identities and access essential.

Data protection and privacy regulations, such as GDPR in Europe, require companies to manage identities and access in compliance with current laws and regulations. User privacy is a crucial aspect: companies must ensure that user's personal information is safe and used appropriately.

Technology Reply is currently working with a significant client in the public services sector to integrate identity and access systems with the Oracle Cloud platform, ensuring greater uniformity and security in accessing their cloud services.


Solution

In this context, Technology Reply is using the Identity and Access Management (IAM) module available in the client's Oracle Cloud Infrastructure (OCI) tenant to achieve project goals. IAM is a fundamental part of the OCI service and provides tools to manage identity, access, and permissions for resources and services exposed in the Oracle Cloud.

Given the scenario in which users from multiple organizations need access to the same cloud services and resources, federation between multiple identity management systems, such as Active Directory, has been implemented through the IAM module. This allows users to use their company credentials without creating new accounts. The use of a centralized console reserved for client IT administrators also makes identity and access management effective, configured through the definition of groups and policies, which define how a user can use a cloud service or resource.

In addition to unifying user access (different domain credentials, same target), Technology Reply has enabled access to all cloud applications, such as Apex, by configuring Single Sign-On. Once authenticated in the cloud, users can access various applications without the need to re-enter credentials. All of this is guaranteed by using the latest standards such as SAML and OAuth 2.0.

With OCI and IAM, Technology Reply introduces the client to the latest technological and cloud innovations, as well as ensuring compliance with security standards, primarily required by privacy and personal data protection regulations (e.g., GDPR). Standardization, security, and simplification in managing application assets and user identities are among the shared goals of this important project between Reply and the client.


Advantages

The main advantages for the client can be summarized as follows:

  1. High Security: IAM allows for the adoption of granular controls on access to resources and applications exposed in the cloud and the application of specific criteria for user recognition. For users with elevated privileges, such as platform administrators, the introduction of two-factor authentication (MFA) with OTP/token is planned. This contributes to ensuring high security standards, as only authorized entities can access resources, reducing the risk of data breaches and unauthorized intrusions.
  2. Regulatory Compliance: Advanced audit features available in IAM help companies maintain compliance with major privacy and data protection regulations, such as GDPR, or other sector-specific regulations, especially when handling personal and/or sensitive data. Advanced monitoring also helps quickly identify any suspicious or anomalous behaviors.
  3. Simplified and Efficient User Management: Companies can easily manage user accounts and access to OCI services through a centralized cloud console, saving time and resources in common operations related to user lifecycle management.
  4. Integration with Existing Infrastructure: IAM can be integrated with multiple existing identity management systems (IdPs) within the organization, both in the cloud and on-premises, enabling a single access method for users. Users from different organizations within the same company, as in the case of Reply Technology's client, can use a single access credential to access cloud systems without the need to duplicate accounts or use different passwords.
  5. Standardized User Management Operations: Centralized management of identities and authorizations reduces the risk of human errors and simplifies the management of authorization changes.

In summary, IAM in Oracle OCI provides a comprehensive set of tools to ensure security, simplify identity and access management, and improve operational efficiency in the cloud environment. These benefits are particularly relevant for companies that want to adopt the cloud securely and efficiently, whether or not they integrate with existing on-premises systems.