Federate with Oracle Identity Cloud Service Manually

In most cases, Oracle Analytics Cloud is automatically federated with the primary Oracle Identity Cloud Service instance associated with your tenancy. If you want to federate Oracle Analytics Cloud with a secondary Oracle Identity Cloud Service instance or your tenancy is a government region where federation isn't set up automatically, you must federate with Oracle Identity Cloud Service manually.

Does not use identity domains This topic applies only to cloud accounts that don't use identity domains. See Set Up Users.

The way you do this depends whether your Oracle Identity Cloud Service includes the COMPUTEBAREMETAL application. If a COMPUTEBAREMETAL application doesn’t exist in your tenancy, you must perform some additional steps to set up a trusted application that you can use.

Once set up, select the new Oracle Identity Cloud Service provider before you sign-in to Oracle Cloud and then create your Oracle Analytics Cloud instance. The new Oracle Analytics Cloud instance will use the federated Oracle Identity Cloud Service that you're signed-in with. You can't reconfigure Oracle Analytics Cloud to use a different Oracle Identity Cloud Service later on.

  1. Sign-in to your Oracle Identity Cloud Service console with administrator privileges.
  2. In the Oracle Identity Cloud Service console, click Applications.
  3. Determine whether the COMPUTEBAREMETAL application is available.
    • COMPUTEBAREMETAL application in the list

      1. Open the application, and click the Configuration tab.
      2. Expand General Information and make a note of the Client ID.
      3. Click Show Secret to display and then copy the Client Secret.
      4. Skip Step 4 and go to Step 5.
    • No COMPUTEBAREMETAL application in the list

      Continue with Step 4 to set up a trusted application.

  4. Set up a trusted application.
    1. In the Applications tab, click Add Application.
    2. Click Confidential Application.
    3. Enter a suitable Name (for example, OCI_Federation) and Description (for example, Confidential application to enable federation with OCI), and then click Next.
    4. In Allowed Grant Types, select Resource Owner, Client Credentials, and JWT Assertion.
    5. In the App Roles table, add the role Security Administrator.
    6. Click Next, and then click Finish.
    7. When the Application Added dialog is displayed, make a note of the Client ID and Client Secret.
    8. Click Activate and then OK to confirm that you want to activate the application.
  5. Create a group named OCI_Administrators.
    1. Click the Groups tab.
    2. Create a group called OCI_Administrators, and add one or more users to the group.
  6. Federate your Oracle Identity Cloud Service in Oracle Cloud Infrastructure.
    1. Sign-in to your Oracle Cloud Infrastructure Console.
    2. Click Identity & Security. Under Identity, click Federation.
    3. Click Add identity provider.
    4. Enter details about the Oracle Identity Cloud Service instance you want to use.

      Enter a Name (for example, MyOracleIdentityCloudProvider), Description, and for Type select Oracle Identity Cloud Service.

      Enter the Base URL for the Oracle Identity Cloud Service instance you want to use (primary or secondary), and then enter the Client ID and Client Secret values that you recorded earlier.

    5. Click Continue.
    6. Map the Oracle Identity Cloud Service group you created in Step 5 (OCI_Administrators) to the Administrators group in Oracle Cloud Infrastructure.
    7. Click Add Provider.

    The identity provider is displayed with the status Active.

  7. Sign out of your tenancy.

    The Sign In page displays the new federated identity provider. For example myoracleidentitycloudprovider.

    Oracle Identity Cloud Service users who sign in through the federated identity provider inherit permissions based on their Oracle Identity Cloud Service to Oracle Cloud Infrastructure group mappings. This means that users who belong to the Oracle Identity Cloud Service group OCI_Administrators have all the permissions granted to the Oracle Cloud Infrastructure group Administrators.

  8. In the Sign-in page, select the new federated identity provider, click Continue, and sign in.
    Any new Oracle Analytics Cloud instances that you create will use the federated Oracle Identity Cloud Service you signed-in with.