Workflow for Access in an Identity Domain
To give people access to Oracle Integration when your tenancy uses identity domains, complete a few tasks. Your workflow varies, depending on where the user works.
This topic applies only to tenancies that use identity
domains. See Differences
Between Tenancies With and Without Identity
Domains.
Before You Begin
If you are using Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) as your identity system, you must create all users in Oracle Cloud Infrastructure Identity and Access Management.
After creating a user, you grant them IAM policies or assign service roles, depending on where the user works. The following table provides more details.
Where the person works | Typical tasks | How to give the person access |
---|---|---|
In the Oracle Cloud Infrastructure Console OR With the Oracle Integration lifecycle APIs |
Creating and configuring an Oracle Integration instance, and managing the lifecycle of an instance |
Grant them IAM policies. |
In the Oracle Integration instance OR With the Oracle Integration built-in REST APIs |
Designing and monitoring integrations |
Assign them service roles for Oracle Integration. |
Both places | All of the above tasks |
Grant them IAM policies and service roles for Oracle Integration. |
Workflow for Users Who Work in the Oracle Cloud Infrastructure Console or with Its APIs
Order | Task | More information |
---|---|---|
1 |
Determine whether to create additional identity domains |
Every tenancy comes with a default identity domain. An identity domain is a container for users, groups, and other access-related information. You can work exclusively in the default identity domain or create additional identity domains. You typically create additional identity domains for compliance reasons, when you want to maintain isolation among users, policies, and roles. For example, you might create multiple identity domains to maintain the following types of isolation:
|
2 |
Create groups |
Groups save you time when setting up access. You add multiple users to a group and then give the same access to everyone in the group. That way, you don't need to assign roles and policies to individual users. For example, create a group for developers, another for administrators, and so on. Everyone in the group gets the same access. |
3 |
Create policies |
Policies allow the people who are in a specific group to work with instances in specific tenancies and compartments. For example, if your company has multiple tenancies, policies let you specify the tenancies that each group can work in. You include the group name in each policy, so you don't need to assign the policies to groups separately after creating them. To learn about IAM policies in general, see How Policies Work and Example Scenario. To learn about IAM policies for Oracle Integration, see About IAM Policies for Oracle Integration. To create IAM policies, see Create an IAM Policy in an Identity Domain. Note: Your organization might have multiple instances of Oracle Integration. For example, you might have a development instance, as well as testing and production instances. Each IAM policy that you write governs only a single instance. |
4 |
Create users |
Create one user for each person who needs access. You assign users to one or more groups when you create them. |
5 |
Tell everyone they can start working |
After completing all the tasks, inform everyone that they can start working in the Oracle Cloud Infrastructure Console. |
Workflow for Users Who Work in the Oracle Integration Instance or with Its APIs
Order | Task | More information |
---|---|---|
1 |
Determine whether to create additional identity domains |
Every tenancy comes with a default identity domain. An identity domain is a container for users, groups, and other access-related information. You can work exclusively in the default identity domain or create additional identity domains. You typically create additional identity domains for compliance reasons, when you want to maintain isolation among users, policies, and roles. For example, you might create multiple identity domains to maintain the following types of isolation:
|
2 |
Create groups |
Groups save you time when setting up access. You add multiple users to a group and then give the same access to everyone in the group. That way, you don't need to assign roles and policies to individual users. For example, create a group for developers, create another group for administrators, and so on. Everyone in the group gets the same access. |
3 |
Create users |
Create one user for each person who needs access. You assign users to one or more groups when you create them. |
4 |
Assign roles to groups |
You can't create your own roles. Instead, choose from a predefined list of roles. To learn about the service roles that an administrator can assign to groups of users, see Oracle Integration Service Roles. To understand the actions that users can perform in each area of the user interface based upon their roles, see Oracle Integration Roles and Privileges. To assign service roles to users, see Assign Oracle Integration Roles to Groups in an Identity Domain. |
5 |
Tell everyone they can start working |
After completing all the tasks, inform everyone that they can start working in Oracle Integration. |