13 Federated Security Support

Oracle Cloud Infrastructure Identity and Access Management (IAM) may be configured in Delegated Authentication mode to act as a service in federation when an external identity solution provides the identity of the Oracle Utilities Cloud Service implementation.

Note:

Delegated Authentication Mode is not supported with the IAM included in the base service. Customers requiring this capability must upgrade their IAM license.

In a federated security, the embedded IAM delegates security to a trusted external identity provider. Oracle Utilities Cloud Service acts as a conduit between the identity provider and the service in the federated security configuration. The relationship between the identity provider and service is illustrated below:

The completed federated security configuration governs all accesses to authenticate and authorize users to the Oracle Utilities Cloud Service.

User Management Implications

The user management implications when using the federated security model on Oracle Utilities Cloud Service are as follows:

• All users must be defined in the external identity provider using the tools provided by the provider external to the Oracle Utilities Cloud Service.
• Delegated authentication must be enabled with configuration of behavior of the integration between IAM and the identity provider.
• Users may be managed by IAM for deployment into Oracle Utilities Cloud Service as standard.
• If users are managed solely in the identity provider, IAM’s Delegated Authentication must be altered accordingly, and users managed via IAM if permitted, or manually using the User object.