Skip to content
Oblique Docs

Shared responsibility model

Securing identity and access management requires both Oblique and the customer to share responsibility. This non-exhaustive list covers responsibilities for both parties.

Oblique’s responsibilities

Section titled “Oblique’s responsibilities”
  • Secure the Oblique platform, including hardening hosting infrastructure, encrypting data at rest and in transit, patching the application and underlying systems, and monitoring for security threats.
  • Use secure software development practices for the Oblique application, including code reviews, security testing, vulnerability management, and secure build and deployment processes.
  • Protect customer data by implementing access controls, audit logging, data backup and recovery, and following security compliance standards.
  • Provide secure integration capabilities with identity providers, HRIS systems, and enforcement points through hardened APIs and authentication mechanisms. Maintain platform availability and reliability with monitoring, incident response, and service level commitments.

Customer’s responsibilities

Section titled “Customer’s responsibilities”
  • Secure your integrated systems, including your HRIS (like Workday), identity provider (like Okta), and other connected applications by keeping them patched and properly configured.
  • Manage user lifecycle by ensuring users are added and removed from your source systems when they join and leave your organization.
  • Ensure data accuracy in your source systems to ensure Oblique has current and correct information about users and user attributes.
  • Keep team information current by ensuring managers and team owners maintain accurate team membership and resource assignments.
  • Configure access appropriately for your security requirements, including setting up groups, teams, entitlements; change request and approval workflows; and checks that align with your organization’s needs.
  • Monitor and respond to access requests within your defined change request processes and timelines.
  • Provide environmental details when requested for troubleshooting purposes as part of support requests.

To best protect your organization, we recommend regularly reviewing your teams, entitlements, and access request requirements.