Author: Darren Fowler

Making access easy but secure

So following on from my earlier article, Policies let your teams play safe, I have been given another challenge: Can we give our users single sign on now that each team can play safely in their own Oracle Cloud Infrastructure compartments?

Single sign on delivers a number of really important benefits. Firstly, the user experience is much smoother and seamless as users don’t get prompted for multiple passwords and don’t have to remember even more passwords. More importantly, single sign on eliminates the need to manage multiple stores of identities. This can be a big overhead for administrators and sometimes open up additional risks. Finally, an enterprise wide identity solution can often provide additional capabilities can be leveraged by your Oracle Cloud Infrastructure.

Continue reading “Making access easy but secure”

Advertisement

Policies let your teams play safe

Earlier today I was given a challenge by my colleagues. Recently Oracle released the Autonomous Data Warehouse and we have a lot of excitement from customers, partners and internal folk alike. This excitement is driving a lot of innovation right now, but that also brings some challenges. The last thing we want is the Marketing team to mess with Finance resources. How do we make sure different teams don’t step on each other’s toes?

Continue reading “Policies let your teams play safe”

Your Place or Ours

Sometimes you just want to build a local environment on your own equipment simply because it’s quick and easy. But you soon realise that other people need access and resources get a bit tight (memory, CPU, etc). That’s when it makes sense to move it from your place into the cloud.

Just recently I realised how useful Oracle Virtual Box’s new export feature is for migrating local VMs into Oracle Public Cloud Infrastructure – Compute Classic. Oracle Virtual Box’s new export formats give me the ability to easily migrate Images to the Oracle Public Cloud where I can scale my environments as required.

Earlier this week I was building a new Oracle Identity and Access Management development environment on my laptop. This worked well from an initial build and configure perspective but there comes a time when I need to make this environment available to my Developers, Testers and other stakeholders. Running this image continuously on my laptop quickly becomes impractical even for development teams.

Continue reading “Your Place or Ours”

Hey Dude, where’s my keys?

I was asked recently to speak at a Developer forum about ways to make life easier for developers to secure their applications in the cloud. The session was great and lots of questions were asked but perhaps the most surprising question asked was from a developer who wants to integrate a custom application with Oracle Identity Cloud. This developer needs access to the public keys used by Identity Cloud Service before a user has authenticated to the service. More importantly, the developer needs the keys represented in the JWK format. According to the specification, a JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key.

There are very valid reasons why the developer needs access to the public keys without an authenticated session. Public keys let someone verify the signature on something signed with the associated private key or encrypt a message to send to you.

The developer asked Can I get a JWK from Oracle Identity Cloud Service without an OAuth Access Token?

The answer is simple… YES!!! There are two important API’s available in Oracle Identity Cloud Service

Continue reading “Hey Dude, where’s my keys?”

Policy Based Multi Factor Authentication

In my previous article, Securing Applications with Multi Factor Authentication I discussed how to roll out basic MFA. While this is great if your requirements are very straightforward, there are times when you’ll need a more sophisticated approach. One of the most common examples that I get asked about is how to challenge users for Multi Factor Authentication only when they are connecting remotely from home or when traveling.

In this article I use an example where the business requirement is to enforce MFA for people in the Customer Relations department who are accessing protected applications when they are not on the corporate network. I’ll explain how to configure policies and rules that allow users connected to the corporate network to login with just their User ID and Password, while users connected remotely will need to use Multi Factor Authentication to access protected applications.

Continue reading “Policy Based Multi Factor Authentication”

Securing Applications with Multi Factor Authentication

These days, passwords online are not strong enough by themselves to protect applications. Scandals about password breaches seem to happen on a regular basis. This is where Multi Factor Authentication (MFA) greatly reduces the risks associated with protecting information online. Multi Factor Authentication combines something you know (e.g. your password) with something you have (e.g. your smartphone). MFA can be used with SMS or a Mobile App on an iPhone, an Andriod phone or a Windows Phone. Using MFA on a smartphone significantly reduces the costs associated with older and more traditional MFA technologies like physical tokens because of the cost of delivery and administrative overheads.

Oracle Identity Cloud Service allows you to deliver Multi Factor Authentication quickly and easily. In this article I’ll walk through the steps necessary to enable Multi Factor Authentication using Oracle Identity Cloud Service(IDCS). Once MFA is enabled you’ll be able to use MFA with any application protected by your instance of Oracle IDCS. In my example, I’ll use the Oracle Mobile Authenticator App on an iPhone to protect applications as well as the User Self Service Console in IDCS.

Continue reading “Securing Applications with Multi Factor Authentication”

Multi Factor Authentication is Critical for Everyone

In today’s environment where systems run in the cloud and so much business and personal activity occurs online, passwords are not strong enough by themselves to protect applications. Scandals about password breaches seem to happen on a regular basis. It’s easy to find many case studies where passwords have been compromised as a result of malware, email scams and other techniques. The key point is that no matter how strong our passwords, no matter how much we educate our users, there will be situations where people are caught off guard and click on the wrong link, look at the wrong email or open the wrong document. Once this happens, our passwords can be compromised.

Continue reading “Multi Factor Authentication is Critical for Everyone”

%d bloggers like this: