Oracle Cloud Infrastructure Documentation

Manually Federating Your Tenancy

In certain cases, your tenancy may need user federation between Oracle Cloud Infrastructure's IAM and Oracle Identity Cloud Service (IDCS).

This section applies only to cloud accounts that do not use identity domains. See About Setting Up Users and Groups

Note

Follow the steps in this section ONLY if your tenancy is not manually federated. See Is My Tenancy Federated Between Oracle Cloud Infrastructure IAM and Oracle Cloud Identity Service?

The following section also provides For additional instructions for manually federating with IDCS, see Federating with Oracle Identity Cloud Service in the Oracle Cloud Infrastructure documentation. The Instructions for Federating with Oracle Identity Cloud Service section lists four main steps. However, step 1 differs for Visual Builder: Instead of accessing client ID/secret information from a COMPUTEBAREMETAL IDCS application, you'll create an IDCS application to generate this information for federation, as described here.

Is My Tenancy Federated Between Oracle Cloud Infrastructure IAM and Oracle Cloud Identity Service?

Oracle Visual Builder requires that Oracle Cloud Infrastructure Identity and Access Management (IAM) be federated with Oracle Identity Cloud Service (IDCS) for your tenancy.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Federation.
  2. On the Federation page, look for an Oracle Identity Cloud Service link.

    The Federation screen is shown. Its Identity Provider Information tab identifies the default federation configured between the Oracle Identity Cloud Service stripe and the Oracle Cloud Infrastructure tenancy in a cloud account. Note that this screen may show more than the default identity provider.

    If you see a console link, your instance is federated. If it's not, perform the steps in Manually Federating Your Tenancy.

    Description of default_idcs_iam_federation.png follows

Getting Required Information from Oracle Identity Cloud Service

Follow these steps to create and configure an Oracle Identity Cloud Service application, activate the application, and create an IDCS administrator group.

Note

Follow the steps in this section only if manual federation is needed.
  1. Sign in to Oracle Identity Cloud Service with admin privileges. You must be viewing the admin console.
    Use the link, username, and password provided in your account welcome email.
  2. Select Applications.
    Description of federate1.png follows
  3. Click Add.
  4. Select Confidential Application.

    Description of federate2.png follows

    The Add Confidential Application page is displayed.
  5. In the Name field under App Details, enter a name (such as Oracle Cloud Infrastructure Federation). Click Next.
    Client options are displayed.
  6. Under Authorization, select Client Credentials.
  7. Under Token Issuance Policy, click +Add by App Roles. Select Identity Domain Administrator. Click Next.
  8. Click Next to skip the Resources options.
  9. Click Next to skip the Web Tier Policy options.
  10. Click Finish.

    Description of federate3.png follows

    The application's Client Id and Secret are displayed.
  11. Copy the Client Id and Secret for use later (in Adding Oracle Identity Cloud Service as an Identity Provider). Close the window.
  12. Activate the app by selecting Activate in the upper right corner.
  13. Create an IDCS group for administrators. Make sure the federated user you plan to test federation with is part of that group.
    1. Select Groups from the Resources options.
    2. Click Create IDCS Group.
    3. Enter a name (for example, idcs-visualbuilder-admins).
    4. Click Create.
  14. Copy the IDCS base url (https://<account>.identity.oraclecloud.com) for use next in Adding Oracle Identity Cloud Service as an Identity Provider.

Adding Oracle Identity Cloud Service as an Identity Provider

If your tenancy needs user federation between Oracle Cloud Infrastructure's IAM and Oracle Identity Cloud Service (IDCS), complete steps in the console by adding Oracle Identity Cloud Service as an identity provider.

Note

Follow the steps in this section only if manual federation is needed. You'll need the information you generated in the steps in Getting Required Information from Oracle Identity Cloud Service.
  1. Sign in to the Oracle Cloud Infrastructure Console as an IAM user (use the options on the right side).
  2. Open the navigation menu and click Identity & Security. Under Identity, click Federation.
  3. Click Add Identity Provider and enter data as below. Click Continue.
    1. Name: Enter a name, such as oracleidentitycloudservice.
    2. Description: Enter a description, such as Federated IDCS stripe.
    3. Oracle Identity Cloud Service Base URL: Enter the URL you noted earlier.
    4. Client ID: Enter the application's ID you noted earlier.
    5. Client Secret: Enter the client secret you noted earlier.
    6. Click Continue.
  4. When prompted, map your IDCS group to the OCI administrators group.
    Select your IDCS group in the Identity Provider Group field and your Oracle Cloud Infrastructure group in the OCI Group field.
  5. Sign out and sign back in as one of your federated users. On the Federation page, verify that the Oracle Identity Cloud Service link is now shown. See Is My Tenancy Federated Between Oracle Cloud Infrastructure IAM and Oracle Cloud Identity Service?