4 Security Shield Authentication and Authorization by IDCS
The Oracle Communications Security Shield Cloud Service (Security Shield) uses the Identification Cloud Service (IDCS) to provision your authentication and authorization credentials.
User Authentication and Authorization
During a your Security Shield on-boarding process, Oracle provisions a user name and password pair for you by way of IDCS. You use the user name and password to access the Security Shield Dashboard. On the Dashboard you can administer and manage call policies and view various call statistics through web browsers. IDCS(Oauth2.0) manages and verifies the user name and password. Oracle recommends that you follow the IDCS guidelines for password policy and assure that only authorized personal access Dashboard information and manage call policies. Oracle authenticates and authorizes each request, but you must make sure that the user name and password are kept safe including protection from various online security attacks.
Ground to Security Shield Authentication and Authorization
During your Security Shield on-boarding process, Oracle provisions a unique client_id and secret pair per Cloud Communication Service (CCS) per customer by way of IDCS. The CCS uses the client_id and secret to acquire an access token (OAuth2.0) from IDCS. The CCS uses the access token for all requests from the Session Border Controller through the CCS for authentication and authorization at the Security Shield gate and destination micro services. The client_id and secret are very sensitive information for Security Shield security. Protect this information.
Security Shield Cloud to Ground Authentication and Authorization
The Security Shield communicates with the CCS deployed in your network for call policy and mid-call updates. The requests from Security Shield include an access token from IDCS. The CCS authenticates and authorizes the requests by way of the access token. In this scenario, the CCS uses its client_id and secret to acquire the IDCS server certificate to verify the signature of the access token.
You must manage user access and account deletions. IDCS does not.
For more information about IDCS and IDCS configuration, see: https://docs.oracle.com/en/cloud/paas/identity-cloud/index.html