Setting Up Authentication and Authorization

The user authentication and authorization process ensure that you establish a secure network connectivity to access Thales CipherTrust Manager resources. As an administrator you can control user access (signed in) and authorize (provide permissions) to Thales CipherTrust Manager (CM) resources. Once the OCI KMS service authenticates a user, the next step is to authorize the user permissions. Also, the External KMS feature uses OAuth 2 protocol for authorization, and for the protocol to work, you must complete the following:

• Create confidential resource application in identity domain
• Register Oracle identity provider (JWT Issuer) in Thales CipherTrust Manager
• Associating Confidential Client App with Confidential Resource App
• Configure IAM policies for vault and keys