Use Oracle Identity Cloud Service with Oracle Application Container Cloud Service

This feature is only available if you have Universal Cloud Credits and subscriptions to both Oracle Identity Cloud Service and Oracle Cloud Infrastructure Load Balancing Classic.

Topics

• What is Oracle Identity Cloud Service?

• Managing Service Administrators

• Managing Application Roles in Oracle Identity Cloud Service

What is Oracle Identity Cloud Service?

Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that your users have with your applications, including with other Oracle Cloud services like Oracle Application Container Cloud Service. With Oracle Identity Cloud Service you can create custom password policies and email notifications, onboard new users, assign users and groups to applications, and run security reports. See these topics in Administering Oracle Identity Cloud Service:

• About Oracle Identity Cloud Service Concepts

• How to Access Oracle Identity Cloud Service

Managing Service Administrators

When your Oracle Cloud account includes Oracle Identity Cloud Service, use it to create users and groups and to give them access to Oracle Application Container Cloud Service. Assign users the APAAS APAASAdministrators role in order to grant them rights to create and manage applications. See these topics in Administering Oracle Identity Cloud Service:

• Creating User Accounts

• Creating Groups

• Adding or Removing a User Account from an Administrator Role

• Assigning Users to Oracle Applications

• Assigning Groups to Oracle Applications

Managing Application Roles in Oracle Identity Cloud Service

After you deploy your application with Basic or OAuth selected, you can go to the Application Overview page and click the Manage Access link. This takes you to Oracle Identity Cloud Service, where you can manage users and roles with access to the application.

For each Oracle Application Container Cloud Service application with OAuth that it manages, Oracle Identity Cloud Service provides the following predefined roles:

• App Administrators

• App Operators

• App Monitors

The application deployer is automatically assigned the App Administrators role.

You can use these roles to implement custom authorization in the application code, which would understand and enforce the role-based grants. Typically, users with the App Administrators role have full access to the application, users with the App Operators role have limited access to the application, and users with the App Monitors role have read-only access to the application.

For example, suppose the Oracle Application Container Cloud Service application performs inventory management. The application code might permit users with the App Administrators role to add and delete items, while users with the App Operators role can only change amounts for existing items and users with the App Monitors role can only view items and amounts.