Prerequisites

To use the Oracle Cloud Infrastructure AI services such as OCI Document Understanding, OCI Generative AI, OCI Generative AI Agents RAG, OCI Language, OCI Speech, and OCI Vision in an integration, you must satisfy the following prerequisites in the Oracle Cloud Infrastructure Console.

  • Ensure that your cloud tenancy uses identity domains.
  • Create a dynamic group and a policy to grant access to the specific OCI AI service that you want to use (such as OCI Document Understanding, OCI Generative AI, OCI Generative AI Agents RAG, OCI Language, OCI Speech, or OCI Vision).

    Create the required dynamic group and assign a policy to that group to allow your Oracle Integration instance to access the specific OCI AI service that you want to use. The policy defines the permissions for the dynamic group and determines which operations the dynamic group can perform on the OCI AI service.

    1. Log in to the Oracle Cloud Infrastructure Console.
    2. Obtain the client ID of the OAuth application for the Oracle Integration instance.
      1. In the upper right corner, select Profile, then click the identity domain.
      2. In the menu bar, click Oracle Cloud Services.


        The Domains tab in the Identity & Security navigation pane is selected. The menu bar shows links for Details, User management, Administrators, Dynamic groups, Directory integrations, Integrated applications, and Oracle cloud services.

        The Oracle Cloud Services page for your domain appears.

      3. In the Name column, click your service instance.
      4. Click OAuth configuration.
      5. Scroll down to the General Information section and copy the client ID value to use to create your dynamic group.
      6. Scroll to the top and click Oracle cloud services to return to the main page for the identity domain.


        A back arrow and the label Oracle cloud services are shown.

    3. In the menu bar, click Dynamic groups.
    4. Click Create dynamic group.
    5. Enter the following details:
      1. In the Name and Description fields, enter values. These fields are required.
      2. In the Matching rules section, enter the required rule. The resource ID you specify must match the client ID of the OAuth application of your Oracle Integration instance. Ensure that you enclose the value in single quotes. For example:
        resource.id = 'client_ID'
      3. Click Create.
    6. In the left navigation pane, click Policies.
    7. Click Create Policy.
    8. Select the compartment in which to create the policy.
    9. Complete the following details and click Create.
      1. In the Name and Description fields, enter values. These fields are required.
      2. In the Policy Builder section, build the required policy for the dynamic group:
        OCI AI service Policy
        OCI Document Understanding
        allow dynamic-group dynamic_group to manage ai-service-document-family in compartment compartment_name
        
        OCI Generative AI
        allow dynamic-group <dynamic-group_name> to manage generative-ai-family in compartment
              <compartment-name>
        OCI Generative AI Agents RAG
        allow dynamic-group <dynamic-group_name> to manage object-family in compartment <compartment-name>
        allow dynamic-group <dynamic-group_name> to manage genai-agent-family in tenancy
        OCI Language
        allow dynamic-group <dynamic-group_name> to manage ai-service-language-family in compartment
              <compartment-name>
        OCI Speech
        allow dynamic-group <dynamic-group_name> to manage ai-service-speech-family in compartment
              <compartment-name>
        OCI Vision
        allow dynamic-group dynamic_group to manage ai-service-vision-family in compartment compartment_name
        
        Where:
        • dynamic_group or dynamic-group_name: Is the dynamic group name you specified in Step 6.
        • compartment_name or compartment-name: Is the compartment in which your Oracle Integration instance is located.

        This enables the Oracle Integration instance associated with the dynamic group to call the specific OCI AI service that you want to use in this particular compartment.

        See About Document Understanding Policies, About Vision Policies, and About Speech Policies.