1. Administering Oracle Visual Builder, Gen 1
  2. Add Users and Assign Roles
  3. Add Users to a Traditional Cloud Account

Add Users to a Traditional Cloud Account

Oracle Traditional Cloud Accounts use traditional Identity and Access Management software to manage users and security, as opposed to Cloud Accounts with IDCS, which use Oracle Identity Cloud Service for these tasks.

Oracle Traditional Cloud Accounts use Oracle Shared Identity Manager (SIM) for identity management and authentication to access Oracle Visual Builder and applications developed with Visual Builder. An identity domain administrator can use the options on the Oracle Visual Builder console to manage users and their roles for Oracle Visual Builder applications and services. Roles assigned to users in SIM are used to determine the following:

  • developer access to Oracle Visual Builder

  • user access to applications developed in Oracle Visual Builder that implement role-based security

  • developer and user access to services exposed in Oracle Visual Builder and visual applications

A developer can set the authentication requirements for an application and create application roles that are mapped to custom roles in SIM. After creating the application roles, the developer can configure role-based security for the pages, components and business objects in the application. Authentication to access a visual application is determined by the roles assigned to users in SIM.

A developer’s role in Oracle SaaS determines the content and services in the Oracle SaaS service instance that are available to the Oracle Visual Builder developer. For example, the Oracle Visual Builder services catalog might be empty if the developer is not assigned a role with sufficient privileges. Oracle Visual Builder and other offerings on the Oracle PaaS platform don’t use the same identity management stack as Oracle SaaS services, but support for Single Sign-On (SSO) between Oracle PaaS services using Oracle Shared Identity Manager (SIM) and Oracle SaaS services such as Oracle Sales Cloud can be set up when they are in the same data center and identity domain. For SSO to work, Oracle SaaS identities need to be regularly synchronized to the Oracle PaaS SIM user store. Roles and corresponding role assignments can be synchronized in order to support role-based access used in your applications.

The following table briefly describes the steps for adding users, assigning roles, and synchronizing Oracle Sales Cloud and Oracle Visual Builder user accounts and roles.

Task Description

Add users and assign roles

The identity domain administrator creates user accounts and assigns roles to the users in the instance of Oracle Visual Builder that you access from the Oracle Cloud Infrastructure Classic Console.

Users that will develop applications with Oracle Visual Builder must be assigned the role of Visual Builder Developer or Visual Builder Administrator. See Managing Users with Traditional Cloud Accounts in Managing and Monitoring Oracle Cloud.

The identity domain administrator also creates the custom roles for authenticating user access to applications and assigns roles to users.

Synchronize user identities and roles between associated services

Oracle Visual Builder service instances associated with Oracle Cloud Applications services use Oracle Cloud Applications user roles for authorizing access to REST services in applications. For Single Sign-On (SSO) between Oracle Visual Builder and Oracle applications such as Sales Cloud, the user accounts must be manually synchronized with the users in Oracle Cloud Applications, and the users assigned custom roles that can be used to secure access to applications.

An identity domain administrator can synchronize user identities and roles from Oracle SaaS services to an Oracle PaaS SIM user store. Oracle Sales Cloud can be configured to sync identities and roles once, or automatically sync on a schedule, using the Oracle Enterprise Scheduler Service (ESS).

See Integrate an Oracle SaaS application with Oracle PaaS in Oracle Architecture Center.

Create custom roles that mirror the names of Oracle SaaS roles

An identity domain administrator can create custom roles that are used for authenticating users and securing applications. The custom roles can mirror the names of Oracle SaaS user roles. For example, an administrator can create the custom role Sales Manager, one of the default user roles.

See Managing Custom Roles in Managing and Monitoring Oracle Cloud.

Assign custom roles to users

After the users and custom roles are created, the identity domain administrator can assign custom roles to users in the instance of Oracle Visual Builder that you access from the Oracle Cloud Infrastructure Classic Console according to the user’s Oracle SaaS role. For example, the administrator can assign the custom role Sales Manager to all users assigned that role in Oracle SaaS.

The administrator can assign an existing role to multiple users by creating and uploading a CSV file. See Assigning One Role to Many Users in Getting Started with Oracle Cloud Applications.