You can use the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol to ensure the following types of secure network connections for Identity Governance:
HTTP, which provides end-user access to and from Identity Governance
LDAP, which ensures secure communication between Identity Governance and the authentication server
JDBC, which ensures secure communication between Identity Governance and the database server
TLS/SSL protocols are not configured by default. During installation, you should specify https as the protocol for communication with the database and authentication server. The installation process generates a private key, certificate, and password for the SSL server. The Identity Governance database stores the certificate and password. After installation, you can configure Identity Governance to use the TLS/SSL protocol before putting the system into production.
We highly recommend that you configure Tomcat to use https with either TLSv1.2 or TLS1.1. Any prior version of TLS should not be used. For more information, see Securing Tomcat
.
For more information about the Identity Governance Configuration Utility, see Running the Identity Governance Configuration Utility.
To configure secure communication with the authentication server:
Stop Identity Governance (and Tomcat). For examples, see Stopping, Starting, and Restarting Tomcat.
Run the Identity Governance Configuration Utility.
For Authentication Server Details and Network Topology, verify that the connection protocol for the servers is set to https.
Select Save, and then close the utility.
Ensure that the specified host and port for the authentication server support TLS/SSL communication.
Start Identity Governance (and Tomcat). For examples, see Stopping, Starting, and Restarting Tomcat.