Update the README.md with references to the healthchecks and OKTA OCI… #1767
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… IAM Identity Domain integration documentation
oracle-contributor-agreement
bot
added
the
OCA Verified
oheimburger
requested changes
May 21, 2025
| - **Breakglass Administrator:** Do not use the out-of-the-box OCI Adminstrator account for day-to-day operations. Configure additional administrators based on least privileges and secure the OCI Administrator account as a breakglass account, reserved for emergency use only, as defined in the [OCI IAM Security Best Practices](https://docs.oracle.com/en-us/iaas/Content/Security/Reference/iam_security.htm#Securing_IAM). | ||
| - **Multi‑Factor Authentication (MFA):** Enable MFA for all users to protect against unauthorized access. Additional best practices are detailed in the [OCI IAM Security Best Practices](https://docs.oracle.com/en-us/iaas/Content/Security/Reference/iam_security.htm#Securing_IAM). | ||
| - **Federation:** Configure federated identity management (e.g., using [MS EntraID](https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm)) to streamline user access. | ||
| - **Federation:** Configure federated identity management (e.g., using [MS EntraID](https://docs.oracle.com/en-us/iaas/Content/Identity/tutorials/azure_ad/sso_azure/azure_sso.htm) or [OKTA](https://docs.oracle.com/en/learn/integrating-identity-domains-with-okta/index.html#introduction)) to streamline user access. |
Member
There was a problem hiding this comment.
Should read "Microsoft Entra ID".
Should read "Okta".
| - **Multi‑Factor Authentication (MFA):** Enable MFA for all users to protect against unauthorized access. Additional best practices are detailed in the [OCI IAM Security Best Practices](https://docs.oracle.com/en-us/iaas/Content/Security/Reference/iam_security.htm#Securing_IAM). | ||
| - **Federation:** Configure federated identity management (e.g., using [MS EntraID](https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm)) to streamline user access. | ||
| - **Federation:** Configure federated identity management (e.g., using [MS EntraID](https://docs.oracle.com/en-us/iaas/Content/Identity/tutorials/azure_ad/sso_azure/azure_sso.htm) or [OKTA](https://docs.oracle.com/en/learn/integrating-identity-domains-with-okta/index.html#introduction)) to streamline user access. | ||
| - **Life Cycle Management (LCM):** Configure [LCM between Entra ID and OCI IAM Identity Domain](https://docs.oracle.com/en-us/iaas/Content/Identity/tutorials/azure_ad/lifecycle_azure/01-config-azure-template.htm) or [OKTA](https://docs.oracle.com/en-us/iaas/Content/Identity/tutorials/okta/lifecycle_okta/okta-lifecycle.htm) |
Member
There was a problem hiding this comment.
Be consistent.
Should read "Microsoft Entra ID".
Should read "Okta".
| - **Landing Zone Workload Extensions:** A workload extension is a tangible and self-contained set of resources with a clear functional scope, pluggable to a Landing Zone. They have a design and an implementation ready to receive a specific workloads on top of a landing zone. Each of these extensions follows the [tailored landing zone approach and is ready for deployment](https://github.com/oci-landing-zones/oci-landing-zone-operating-entities/tree/master/workload-extensions) | ||
| - **Marketplace Solutions:** Explore pre-configured applications and solutions available in the [OCI Marketplace](https://cloudmarketplace.oracle.com/marketplace/en_US/homePage.jspx) to accelerate deployment. | ||
| - **Bring Your Own Image (BYOI):** If needed, you can manually provision resources through the [OCI Console](https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/launchinginstance.htm) or automate tasks with the [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm), including [Bring Your Own Image](https://docs.oracle.com/en-us/iaas/Content/Compute/References/bringyourownimage.htm) | ||
| - **Assess OCI security posture against best practises outlined in the OCI CIS benchmark:** Available are the [OCI Security Health Check - Standard Edition](https://github.com/oracle-devrel/technology-engineering/tree/main/security/security-design/shared-assets/oci-security-health-check-standard) and the OCI Security Health Check - Advanced Edition. The OCI Security Health Check - Advanced Edition can be requested by raising a service request. |
Member
There was a problem hiding this comment.
Should read "CIS Oracle Cloud Infrastructure Foundations Benchmark".
| - **Landing Zone Workload Extensions:** A workload extension is a tangible and self-contained set of resources with a clear functional scope, pluggable to a Landing Zone. They have a design and an implementation ready to receive a specific workloads on top of a landing zone. Each of these extensions follows the [tailored landing zone approach and is ready for deployment](https://github.com/oci-landing-zones/oci-landing-zone-operating-entities/tree/master/workload-extensions) | ||
| - **Marketplace Solutions:** Explore pre-configured applications and solutions available in the [OCI Marketplace](https://cloudmarketplace.oracle.com/marketplace/en_US/homePage.jspx) to accelerate deployment. | ||
| - **Bring Your Own Image (BYOI):** If needed, you can manually provision resources through the [OCI Console](https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/launchinginstance.htm) or automate tasks with the [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm), including [Bring Your Own Image](https://docs.oracle.com/en-us/iaas/Content/Compute/References/bringyourownimage.htm) | ||
| - **Assess OCI security posture against best practises outlined in the OCI CIS benchmark:** Available are the [OCI Security Health Check - Standard Edition](https://github.com/oracle-devrel/technology-engineering/tree/main/security/security-design/shared-assets/oci-security-health-check-standard) and the OCI Security Health Check - Advanced Edition. The OCI Security Health Check - Advanced Edition can be requested by raising a service request. |
Member
There was a problem hiding this comment.
"The OCI Security Health Check - Advanced Edition can be requested by raising a service request." should read "To request the OCI Security Health Check - Advanced Edition contact your Oracle Sales Representative."
Oracle Support has no idea.
oheimburger
requested changes
May 21, 2025
Member
oheimburger
left a comment
oheimburger
left a comment
There was a problem hiding this comment.
Still missing that change.
| - **Landing Zone Workload Extensions:** A workload extension is a tangible and self-contained set of resources with a clear functional scope, pluggable to a Landing Zone. They have a design and an implementation ready to receive a specific workloads on top of a landing zone. Each of these extensions follows the [tailored landing zone approach and is ready for deployment](https://github.com/oci-landing-zones/oci-landing-zone-operating-entities/tree/master/workload-extensions) | ||
| - **Marketplace Solutions:** Explore pre-configured applications and solutions available in the [OCI Marketplace](https://cloudmarketplace.oracle.com/marketplace/en_US/homePage.jspx) to accelerate deployment. | ||
| - **Bring Your Own Image (BYOI):** If needed, you can manually provision resources through the [OCI Console](https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/launchinginstance.htm) or automate tasks with the [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm), including [Bring Your Own Image](https://docs.oracle.com/en-us/iaas/Content/Compute/References/bringyourownimage.htm) | ||
| - **Assess OCI security posture against best practises outlined in the CIS Oracle Cloud Infrastructure Foundations Benchmark:** Available are the [OCI Security Health Check - Standard Edition](https://github.com/oracle-devrel/technology-engineering/tree/main/security/security-design/shared-assets/oci-security-health-check-standard) and the OCI Security Health Check - Advanced Edition. The OCI Security Health Check - Advanced Edition can be requested by raising a service request. |
Member
There was a problem hiding this comment.
"The OCI Security Health Check - Advanced Edition can be requested by raising a service request." should read "To request the OCI Security Health Check - Advanced Edition contact your Oracle Sales Representative."
Oracle Support has no idea.
oheimburger
approved these changes
May 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding HCs and references to OKTA integration with OCI IAM Identity Domain