Typical Workflow for Using Oracle Identity Cloud Service
Oracle Identity Cloud Service has five administrator roles and one user role. To start using Oracle Identity Cloud Service as an administrator, click the following links. Each link provides you with a guide of how to start using Oracle Identity Cloud Service as that administrator or user.
Note:
See Understanding Administrator Roles to learn more about the privileges for each administrator or user role.Identity Domain Administrator
An identity domain administrator has superuser privileges for an identity domain in Oracle Identity Cloud Service. All other Oracle Identity Cloud Service administrators have a subset of these privileges.
To start using Oracle Identity Cloud Service as an identity domain administrator, use the typical workflow below.
Task | Description | Additional Information |
---|---|---|
Customize the interface. | Customize the Sign In page or brand the Identity Cloud Service console and notification templates by adding logos to them. | Customizing the Oracle Identity Cloud Service Interface |
Customize the default settings. | Customize the default settings for both the identity domain and the session between the Oracle Identity Cloud Service client and the server. | |
Manage user settings. | Specify whether the primary email address is required or optional to create a user account. | Change User Settings |
Customize email notifications. | Customize email notifications for users and administrators. | Customize Oracle Identity Cloud Service Notifications |
Customize the password policy. | Tailor the strength of the password policies. | Managing Oracle Identity Cloud Service Password Policies |
Configure Multi-Factor Authentication (MFA) | Enable MFA when you want to require your administrators and users to provide a second type of verification when they log in:
|
|
Configure account recovery. | Configure factors that will help users regain access to their accounts if they have trouble signing in, they’re locked out, or they forget their passwords. | Manage Account Recovery in Oracle Identity Cloud Service |
Onboard users and groups. |
Onboard users and groups by:
|
Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service |
Manage delegated authentication. | Configure delegated authentication for bridges associated with Microsoft Active Directory domains. | Configure Delegated Authentication in Oracle Identity Cloud Service |
Create and manage custom applications. | Add and configure custom applications. | Managing Oracle Identity Cloud Service Applications |
Assign users and groups to applications. | Assign users and groups to Oracle and custom applications. | |
Perform delegated administration. | After you create or import user accounts, you can delegate administrative responsibilities for these accounts. | Managing Oracle Identity Cloud Service Users |
Add and manage identity providers. | Add and manage identity providers to provide identifiers for users who want to interact with Oracle Identity Cloud Service using a website that's external to Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Identity Providers |
Manage identity provider policies. | Manage identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. | Manage Oracle Identity Cloud Service Identity Provider Policies |
Define network perimeters. | Create network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Network Perimeters |
Manage sign-on policies. | Manage sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. | Manage Oracle Identity Cloud Service Sign-On Policies |
Manage Adaptive Security and risk providers. | Activate Adaptive Security, and add, manage, and use risk providers to evaluate risk-based activity for Oracle Identity Cloud Service users, and generate a risk score for these users, based on this activity. This risk score is a number that varies from risk provider to risk provider, reflecting user threat. | Manage Adaptive Security in Oracle Identity Cloud Service |
Import trusted partner certificates. | Import certificates for trusted partners so that any application or organization, remote to Oracle Identity Cloud Service, can communicate with Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Trusted Partner Certificates |
Create Self-Registration Profiles | Add your customized header and footer logos, determine your allowed email domains, and add header, footer, success, and user consent text that will be used for self-registration. | |
Run user and application reports. | Run user and application reports to, for example, review user login attempts or user access to applications. | Running Oracle Identity Cloud Service Reports |
Download SDKs and applications. | Download software development kits (SDKs) to enable your mobile and Web applications to authenticate and integrate with Oracle Identity Cloud Service, the Oracle E-Business Suite (EBS) Asserter to integrate Oracle E-Business Suite with Oracle Identity Cloud Service, or the Secure Form Fill Client to configure Secure Form Fill for your applications. | Download Oracle Identity Cloud Service SDKs and Applications |
Security Administrator
A security administrator can manage Oracle Identity Cloud Service security settings for an identity domain in Oracle Identity Cloud Service.
Security administrators can customize the interface, default settings, notifications, and the password policies, configure Multi-Factor Authentication (MFA), and manage bridges, identity providers, and trusted partner certificates. See Understanding Administrator Roles.
Task | Description | Additional Information |
---|---|---|
Customize the interface. | Customize the Sign In page or brand the Identity Cloud Service console and notification templates by adding logos to them. | Customizing the Oracle Identity Cloud Service Interface |
Customize the default settings. | Customize the default settings for both the identity domain and the session between the Oracle Identity Cloud Service client and the server. | Change Oracle Identity Cloud Service Default Settings |
Manage user settings. | Specify whether the primary email address is required or optional to create a user account. | Manage User Settings in Oracle Identity Cloud Service |
Customize email notifications. | Customize email notifications for users and administrators. | Customize Oracle Identity Cloud Service Notifications |
Customize the password policies. | Tailor the strength of the password policies. | Managing Oracle Identity Cloud Service Password Policies |
Configure Multi-Factor Authentication (MFA) | Enable MFA when you want to require your administrators and users to provide a second type of verification when they log in:
|
Configure Authentication Factors |
Register App Gateway | Register App Gateway to protect access to enterprise applications. | Manage Oracle Identity Cloud Service App Gateways |
Configure account recovery. | Configure factors that will help users regain access to their accounts if they have trouble signing in, they’re locked out, or they forget their passwords. | Manage Account Recovery in Oracle Identity Cloud Service |
Onboard users and groups. | Onboard users and groups by installing, configuring, and running bridges. |
Manage Provisioning Bridges for Oracle Identity Cloud Service Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service |
Manage delegated authentication. | Configure delegated authentication for bridges associated with Microsoft Active Directory domains. | Configure Delegated Authentication in Oracle Identity Cloud Service |
Add and manage identity providers. | Add and manage identity providers to provide identifiers for users who want to interact with Oracle Identity Cloud Service using a website that's external to Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Identity Providers |
Manage identity provider policies. | Manage identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. | Manage Oracle Identity Cloud Service Identity Provider Policies |
Define network perimeters. | Create network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Network Perimeters |
Manage sign-on policies. | Manage sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. | Manage Oracle Identity Cloud Service Sign-On Policies |
Manage Adaptive Security and risk providers. | Activate Adaptive Security, and add, manage, and use risk providers to evaluate risk-based activity for Oracle Identity Cloud Service users, and generate a risk score for these users, based on this activity. This risk score is a number that varies from risk provider to risk provider, reflecting user threat. | Manage Adaptive Security in Oracle Identity Cloud Service |
Import trusted partner certificates. | Import certificates for trusted partners so that any application or organization, remote to Oracle Identity Cloud Service, can communicate with Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Trusted Partner Certificates |
Download SDKs and applications. | Download software development kits (SDKs) to enable your mobile and Web applications to authenticate and integrate with Oracle Identity Cloud Service. Download applications, including the Oracle E-Business Suite (EBS) Asserter to integrate Oracle E-Business Suite with Oracle Identity Cloud Service, the Oracle Identity Cloud Service Linux Pluggable Authentication Module (PAM) to integrate your Linux environment with Oracle Identity Cloud Service to perform user authentication with first-factor and second-factor authentication, Identity Cloud Service App Gateway to integrate your application with Oracle Identity Cloud Service for authentication purposes, the Secure Form Fill Client to configure Secure Form Fill for your applications, the Identity Cloud Service Device Fingerprint Utility to enable the Access for an unknown device event of Adaptive Security for a custom sign-in page, and the Provisioning Bridge client to install, start, and and stop the bridge. The Provisioning Bridge provides a link between your on-premises apps and Oracle Identity Cloud Service. | Download Oracle Identity Cloud Service SDKs and Applications |
Application Administrator
An application administrator can manage Oracle Identity Cloud Service applications.
Application administrators can create, update, activate, deactivate, and delete applications. Application administrators can also grant and revoke access to applications for groups and users. See Understanding Administrator Roles.
Task | Description | Additional Information |
---|---|---|
Create and manage custom applications. | Add and configure custom applications. | Managing Oracle Identity Cloud Service Applications |
Assign users and groups to applications. | Assign users and groups to Oracle and custom applications. | |
Manage identity provider policies. | Manage identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. | Manage Oracle Identity Cloud Service Identity Provider Policies |
Define network perimeters. | Create network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. | Manage Oracle Identity Cloud Service Network Perimeters |
Manage sign-on policies. | Manage sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. | Manage Oracle Identity Cloud Service Sign-On Policies |
Run application reports. | Run operational or historical reports that capture data about Oracle Identity Cloud Service applications. | Running Oracle Identity Cloud Service Reports |
User Administrator
A user administrator can manage users, groups, and memberships for an identity domain in Oracle Identity Cloud Service.
A user administrator can onboard users and groups, assign users and groups to applications, and run user reports. See Understanding Administrator Roles.
Task | Description | Additional Information |
---|---|---|
Onboard users and groups. |
Onboard users and groups by:
|
Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service |
Assign users and groups to applications. | Assign users and groups to Oracle and custom applications. | |
Run user reports. | Run operational or historical reports that capture data about Oracle Identity Cloud Service user accounts. | Running Oracle Identity Cloud Service Reports |
User Manager
A user manager can manage all users or users of selected groups in Oracle Identity Cloud Service.
User managers update, activate, deactivate, remove, and unlock user accounts. User managers can also reset passwords, reset authentication factors, and generate bypass codes for user accounts. See Understand Administrator Roles.
Task | Description | Additional Information |
---|---|---|
Update user accounts. | Modify user accounts using the Users page. | Edit Attribute Values for the User Account |
Activate and deactivate user accounts. | Activate and deactivate user accounts using the Users page. | Activate User AccountsDeactivate User Accounts |
Unlock a user account. | Unlock user accounts using the Users page. | Unlock User Accounts |
Reset passwords for user accounts. | Reset passwords for user accounts using the Users page. | Reset Passwords for User Accounts |
Reset authentication factors for user accounts. | Reset authentication factors for user accounts using the Users page. | Reset Authentication Factors for User Accounts |
Generate bypass codes for user accounts. | Generate bypass codes for user accounts using the Users page. | Generate Bypass Codes for User Accounts |
Remove user accounts. | Remove user accounts using the Users page. | Remove User Accounts |
Help Desk Administrator
A help desk administrator can manage all users or users of selected groups in Oracle Identity Cloud Service.
Help desk administrators can view the details of a user and unlock a user account. Help desk administrators can also reset passwords, reset authentication factors, and generate bypass codes for user accounts. See Understand Administrator Roles.
Task | Description | Additional Information |
---|---|---|
Unlock a user account. | Unlock user accounts using the Users page. | Unlock User Accounts |
Reset passwords for user accounts. | Reset passwords for user accounts using the Users page. | Reset Passwords for User Accounts |
Reset authentication factors for user accounts. | Reset authentication factors for user accounts using the Users page. | Reset Authentication Factors for User Accounts |
Generate bypass codes for user accounts. | Generate bypass codes for user accounts using the Users page. | Generate Bypass Codes for User Accounts |
Audit Administrator
An audit administrator can run reports for an identity domain in Oracle Identity Cloud Service.
See Understanding Administrator Roles.
Task | Description | Additional Information |
---|---|---|
Run user and application reports. | Run operational or historical reports that capture data about Oracle Identity Cloud Service applications or user accounts. | Running Oracle Identity Cloud Service Reports |