Prerequisites

To use the Oracle Cloud Infrastructure AI services such as OCI Document Understanding, OCI Generative AI, OCI Generative AI Agents RAG, OCI Language, OCI Speech, and OCI Vision in an integration, you must satisfy the following prerequisites in the Oracle Cloud Infrastructure Console.

• Ensure that your cloud tenancy uses identity domains.

• Create a dynamic group and a policy to grant access to the specific OCI AI service that you want to use (such as OCI Document Understanding, OCI Generative AI, OCI Generative AI Agents RAG, OCI Language, OCI Speech, or OCI Vision).

  Create the required dynamic group and assign a policy to that group to allow your Oracle Integration instance to access the specific OCI AI service that you want to use. The policy defines the permissions for the dynamic group and determines which operations the dynamic group can perform on the OCI AI service.

  1. Log in to the Oracle Cloud Infrastructure Console.
  2. Obtain the client ID of the OAuth application for the Oracle Integration instance.
     1. In the upper right corner, select Profile, then click the identity domain.
     2. In the menu bar, click Oracle Cloud Services.

        
        
        

        The Oracle Cloud Services page for your domain appears.

     3. In the Name column, click your service instance.
     4. Click OAuth configuration.
     5. Scroll down to the General Information section and copy the client ID value to use to create your dynamic group.
     6. Scroll to the top and click Oracle cloud services to return to the main page for the identity domain.

        
        
        

  3. In the menu bar, click Dynamic groups.
  4. Click Create dynamic group.
  5. Enter the following details:
     1. In the Name and Description fields, enter values. These fields are required.
     2. In the Matching rules section, enter the required rule. The resource ID you specify must match the client ID of the OAuth application of your Oracle Integration instance. Ensure that you enclose the value in single quotes. For example:

        resource.id = 'client_ID'

     3. Click Create.
  6. In the left navigation pane, click Policies.
  7. Click Create Policy.
  8. Select the compartment in which to create the policy.
  9. Complete the following details and click Create.
     1. In the Name and Description fields, enter values. These fields are required.
     2. In the Policy Builder section, build the required policy for the dynamic group:

        OCI AI service	Policy
        OCI Document Understanding	allow dynamic-group dynamic_group to manage ai-service-document-family in compartment compartment_name
        OCI Generative AI	allow dynamic-group <dynamic-group_name> to manage generative-ai-family in compartment <compartment-name>
        OCI Generative AI Agents RAG	allow dynamic-group <dynamic-group_name> to manage object-family in compartment <compartment-name> allow dynamic-group <dynamic-group_name> to manage genai-agent-family in tenancy
        OCI Language	allow dynamic-group <dynamic-group_name> to manage ai-service-language-family in compartment <compartment-name>
        OCI Speech	allow dynamic-group <dynamic-group_name> to manage ai-service-speech-family in compartment <compartment-name>
        OCI Vision	allow dynamic-group dynamic_group to manage ai-service-vision-family in compartment compartment_name

        Where:

        • dynamic_group or dynamic-group_name: Is the dynamic group name you specified in Step 6.
        • compartment_name or compartment-name: Is the compartment in which your Oracle Integration instance is located.

        This enables the Oracle Integration instance associated with the dynamic group to call the specific OCI AI service that you want to use in this particular compartment.

        See About Document Understanding Policies, About Vision Policies, and About Speech Policies.