- 3,715,957 Users
- 2,242,917 Discussions
- 7,845,703 Comments
SSO Enablement/Access to the OIA Hub
We work with an agency where security and access to the application are mission critical parts of the solution architecture:
OIA interviews are invoked from the B2C Service site, where the B2C site itself is SSO enabled via an external ADFS authentication service. The client asks, whether it is possible to use the same authentication service to enforce access to the OIA hub urls?
We proposed to use the standard permission management functionality to restrict user access, or suggested considering the use of IDCS to manage access to the OIA Hub.
Any other restrictions to access the OIA hub url itself may be beyond OIA's capabilities and it should be subject to the overall security management practice of the client (adding the OIA hub to a whitelist, etc.).
Is there anyone, who had a similar situation? What are Oracle's recommendations in this case?