Securing Interviews with Oracle Identity Cloud Service

For the first time in a long while we had cause to set up a demonstration of this feature. It allows the customer to create “secured” Workspaces which contain Interviews, that can only be accessed by a securely managed group of people.

As you are no doubt aware, in the case of a Cloud instance of Oracle Intelligent Advisor, a deployed Interview URL is essentially publicly available. This is precisely what you would expect and is great, to be able to (for example) stand up a new interview to respond to citizen queries in the light of a new compelling event – a flood, a pandemic or in a more positive vein, a new place to express interest in a service you are going to provide.

But in some circumstances securing interviews, the opposite is true – an interview needs to be accessed only by a small group of people – anyone else needs to be blocked. At a simple level, this is done in one of 2 ways – either through using Oracle B2C Service and setting up the interview to be an employee only interview, or (as in the case we are discussing) using Oracle Identity Cloud to set up a secure mechanism.

The basics are as follows.

  • Spin up an instance of IDCS, from your OCI account. You can create a free instance which has of course limitations but is perfect for a demonstration.
Securing Interviews 1
  • In IDCS, create a Confidential Application. Think of this as the place where we draw together information about your Oracle Intelligent Advisor setup and provide the list of people you want to have access to the workspace (and the interviews in the workspace). In the Confidential Application, fill in some information about your instance of OIA. This will in our case be pointing to the root URL of your web determinations server. There is also a authorization redirect which needs to be entered, the URL format is predefined and you just need to copy and paste.
Securing Interviews 2
  • Specify a “scope” phrase which you will need to use later in the setup of OIA. Think of it as the specific pointer to the users of web interviews that you are connecting to a workspace (or workspaces). You may have other scopes pointing to other Workspaces and users. You might also secure Web Services for example which would need a new Confidential Application with the appropriate URL in the initial setup.
Securing Interviews 3
  • Add some users. These users represent the consumers of your interview. They do not have anything to do with Hub users – they are just the humans who are authorized to see your interview, and who prove it by entering their IDCS login and password.
Securing Interviews 4
  • Once active, the Confidential Application provides the secret id and secret key that you use inside Oracle Intelligent Advisor to set up an Interview Authorization Provider. This will need the URL of your IDCS instance and the various keys and scope to be entered.
Securing Interviews 5
  • Connect the Interview Authorization Provider to the Workspace.
Setting Up Authorization Provider
  • Test the Interview(s) in the Workspace. Opening the interview should take you to the IDCS login page for you to authorize yourself (of course, if you already have a session of IDCS open with one of those users, you will not be asked to login again.
  • Try and access your interview from anywhere, and you are forced to authorize using the IDCS login page thanks to the redirect. Authorized users can login and use the interview of course.

Below is a more detailed walkthrough. Given that IDCS can be used to federate with your own directory service, it is a great way to extend authorization to existing users in your own systems. The video is also available on YouTube.

video
play-sharp-fill

Author: Richard Napier

After 8 years in case management and ERP software roles, Richard Napier joined Siebel Systems in 1999 and took up the role of managing the nascent Siebel University in Southern Europe. He subsequently was Director of Business Development and Education for InFact Group (now part of Business & Decisions) for 8 years. He now runs Intelligent Advisor IT Consulting OÜ. Owner of intelligent-advisor.com, he also is Co-Founder of the Siebel Hub.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Intelligent Advisor IT Consulting Serving Customers Worldwide
Hide picture