Secure Identity
How will OCI integrate into our existing IAM system?
Oracle has a fully featured identity solution called IDCS. We recognise many organizations will have an existing Identity Provider. That being the case, our recommendation is to keep things simple and that, wherever possible, you continue to use your existing Identity Provider solution using federation to manage user access to OCI.
For more information on how you can federate to OCI please see here..
Federating with Identity Providers
How do we deliver Role Based Access Control?
Role based access is built into the fabric of OCI. Roles are defined by policies being attached to groups. The scope of each policy is either a compartment or the tenancy.
For Cloud Foundation guidance on compartments and policies please take a look at;
For general information about groups and policies, please see here..
How do we ensure secure organizational segmentation?
Segmentation is achieved through having a robust comparment design aligned with an appropriate network toplogy. The primary OCI capabilities needed are compartments, VCN’s, Dynamic Routing Gateways, Subnets & Network Security Groups.
Cloud Foundation guidance on this topic can be found here..
Reflecting Your Organizational Structure
What do we use to secure instance to instance interactions?
We recommend the use of Instance Princpals to allow secure connections between different compute instances in OCI, without having to store credentials or use passwords.
More information about Instance Principals can be found here..
Calling Services from an Intance
How do we secure service to service interactions?
We recommend the use of Resource Principals when you want to allow running code to securely interact with other OCI services.
You can find out more information on Resource Principals here..