Integrate with Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM)
You can establish a connection between Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) and Oracle Access Governance by entering connection details and configuring your cloud service provider environment. To achieve this, use the Connected Systems functionality available in the Oracle Access Governance Console.
Prerequisites
Before you can establish a connection, you need to create a policy in your cloud tenancy that allows the connector to access the target system.
The following prerequisites must be satisfied to integrate with Oracle Access Governance with OCI IAM:
- Your cloud account must use Identity Domains to manage identities on OCI.
- As a cloud administrator, you must be able to manage identities in the Default domain and manage policies in the root compartment of your tenancy.
- If you want to integrate an OCI tenancy to an Oracle Access Governance service instance outside the OCI tenancy's home region, your OCI tenancy must be subscribed to the region where Oracle Access Governance is running. For example, if your OCI tenancy is in Tokyo, and you want to integrate with Oracle Access Governance running in Asburn, the Tokyo tenancy will need to be subscribed to the Ashburn region.
To allow Oracle Access Governance to connect OCI, you must set up the following policy in your cloud tenancy:
ALLOW RESOURCE accessgov-agent resource-scanner to read all-resources IN TENANCYALLOW RESOURCE accessgov-agent resource-scanner resource-manager to manage domains IN TENANCYALLOW RESOURCE accessgov-agent resource-scanner resource-manager to manage policies IN TENANCY
Establish Connection by Adding a New Cloud Service Provider - OCI IAM
Integration with Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) is achieved by configuring a new cloud service provider with the Oracle Access Governance Console.
- In a browser, navigate to the Oracle Access Governance service home page and log in as a user with the Administrator application role.
- On the Oracle Access Governance service home page, click on the
icon and select Administration → Connected Systems. Select
the Add a connected system button from the Connected Systems page.
- Select Add from the Would you like to connect to a cloud service provider? tile. This will navigate you to the Add a Cloud Service Provider workflow, which guides you through the steps required to configure Oracle Access Governance integration with Oracle Cloud Infrastructure Identity and Access Management.
- Select system is the first step of the workflow. Select the Oracle Cloud Infrastructure tile. Once selected, a value of Oracle Cloud Infrastructure is displayed on the right hand side under What I've selected. Click Next.
- Next step is Enter details where you enter name and description for the cloud service provider. Enter values for the following:
- What do you want to call your cloud service provider?: Enter a name for the cloud service provider. Do not add space while naming your connected system.
- How do you want to describe this cloud service provider?: Optionally, enter a description for the cloud service provider.
- Next step is Configure where you add connection
details for your cloud service provider. Enter the following values
for your cloud service provider.
- What is the OCI tenancy OCID?: Enter the OCID for the target tenancy. For further information regarding OCIDs see Oracle Cloud Identifier, OCID Syntax, and Where to Get the Tenancy's OCID and User's OCID.
- What is the OCI tenancy's home
region?: Enter the home region for the target
OCI tenancy. For further information on home region,
see The
Home Region, and How do
I find my tenancy home region?. The home
region will look similar to
us-ashburn-1.
Note:
You cannot create multiple connected systems using the same tenancy ID. Use unique tenancy for each system.