Location Based Access control enhances the security in Oracle HCM Cloud. This feature facilities the organization to restrict the access to the system from any unregistered machine/network, in other words it enables right access to the right person from the right place.
Let’s take an example to comprehend the functionality of location based access. You want your users to have complete access to tasks or features when they’re signed into the application from your office network. If the user’s login into the application with registered IP Addresses, then the users have complete access of all the functions. Otherwise, if the users are accessing the system from some public places like coffee shops, malls or even from their unregistered home network – no access to their role-based tasks and data will be given. They will have access only to their own data. You can control the access for the user based on their assigned roles and the IP addresses of the computers from which the user login the application.
How does it Work?
For better clarification how Location Based Access Control works, we have some cases and their respective output.
How to Enable Location Based Access Control?
Step 1: You must have the IT Security Manager role to enable location based access control.
Step 2: For Enable Location Based Access Control search Profile Option Code as ASE_ADMINISTER_LOCATION_BASED_ACCESS_CONTROL and set the Profile Value as Yes then Save and Close.
Navigator >> Others >> Setup and Maintenance >> Search >> Manage Administrator Profile Values
Step 3:You should be able to access setup pages to configure LBAC under Security Console.
Step 4:Check the Enable Location Based Access box then in IP Address Whitelist text box, enter one or more IP addresses separated by commas and click on Save. For example, 172.20.10.4, 172.20.10.1
- Go to Navigator >> Tools >>Security Console >>Administration >> Location Based Access >>Enable Location Based Access >>IP Address>>Save
Step 5: Make the Roles Public which you want to access form unregistered computer and at least the IT Security Manager role is granted public access (access from all IP addresses in case of recovery methods).
- Roles tab > search for IT Security Manager Role > Click on the drop down of the role > Click on Edit Role.
- Check the Enable Role for Access from All IP Addresses check box then next and Save and Close.
Step6: The Below Screenshot illustrates the Employee’s login to the application with unregistered IP Addresses, hence have limited access even respective roles tagged
Step7: The Below Screenshot illustrates the Employee’s login to the application with registered IP Addresses, which in turn have full access as per roles tagged
How does it benefit?
- Enhances the Access level Security in the Organization.
- Protection against application access via unregistered machine/network.
- Compliance with privacy regulations , business rules and data protection
- Easy to maintain since the duties are segregated by Role security using IP address.
- It increases the efficiency and prevention against Data breaches
Kovaion – Oracle Cloud Team