Typical Workflow for Using Oracle Identity Cloud Service

Oracle Identity Cloud Service has five administrator roles and one user role. To start using Oracle Identity Cloud Service as an administrator, click the following links. Each link provides you with a guide of how to start using Oracle Identity Cloud Service as that administrator or user.

Note:

See Understanding Administrator Roles to learn more about the privileges for each administrator or user role.

Identity Domain Administrator

An identity domain administrator has superuser privileges for an identity domain in Oracle Identity Cloud Service. All other Oracle Identity Cloud Service administrators have a subset of these privileges.

To start using Oracle Identity Cloud Service as an identity domain administrator, use the typical workflow below.

Task Description Additional Information
Customize the interface. Customize the Sign In page or brand the Identity Cloud Service console and notification templates by adding logos to them. Customizing the Oracle Identity Cloud Service Interface
Customize the default settings. Customize the default settings for both the identity domain and the session between the Oracle Identity Cloud Service client and the server.

Change Oracle Identity Cloud Service Default Settings

Manage user settings. Specify whether the primary email address is required or optional to create a user account. Change User Settings
Customize email notifications. Customize email notifications for users and administrators. Customize Oracle Identity Cloud Service Notifications
Customize the password policy. Tailor the strength of the password policies. Managing Oracle Identity Cloud Service Password Policies
Configure Multi-Factor Authentication (MFA) Enable MFA when you want to require your administrators and users to provide a second type of verification when they log in:
  • Configure overall MFA policy settings such as which users are to use MFA and whether MFA is required.

  • Configure the type of factors that you want to allow and specific policies for those factors.

Configure Authentication Factors

Configure account recovery. Configure factors that will help users regain access to their accounts if they have trouble signing in, they’re locked out, or they forget their passwords. Manage Account Recovery in Oracle Identity Cloud Service
Onboard users and groups.
Onboard users and groups by:
  • Installing, configuring, and running bridges

  • Importing users and groups

  • Creating users and groups

Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service

Managing Oracle Identity Cloud Service Users

Managing Oracle Identity Cloud Service Groups

Manage delegated authentication. Configure delegated authentication for bridges associated with Microsoft Active Directory domains. Configure Delegated Authentication in Oracle Identity Cloud Service
Create and manage custom applications. Add and configure custom applications. Managing Oracle Identity Cloud Service Applications
Assign users and groups to applications. Assign users and groups to Oracle and custom applications.  
Perform delegated administration. After you create or import user accounts, you can delegate administrative responsibilities for these accounts. Managing Oracle Identity Cloud Service Users
Add and manage identity providers. Add and manage identity providers to provide identifiers for users who want to interact with Oracle Identity Cloud Service using a website that's external to Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Identity Providers
Manage identity provider policies. Manage identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. Manage Oracle Identity Cloud Service Identity Provider Policies
Define network perimeters. Create network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Network Perimeters
Manage sign-on policies. Manage sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. Manage Oracle Identity Cloud Service Sign-On Policies
Manage Adaptive Security and risk providers. Activate Adaptive Security, and add, manage, and use risk providers to evaluate risk-based activity for Oracle Identity Cloud Service users, and generate a risk score for these users, based on this activity. This risk score is a number that varies from risk provider to risk provider, reflecting user threat. Manage Adaptive Security in Oracle Identity Cloud Service
Import trusted partner certificates. Import certificates for trusted partners so that any application or organization, remote to Oracle Identity Cloud Service, can communicate with Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Trusted Partner Certificates
Create Self-Registration Profiles Add your customized header and footer logos, determine your allowed email domains, and add header, footer, success, and user consent text that will be used for self-registration.

Create Self-Registration Profiles

Run user and application reports. Run user and application reports to, for example, review user login attempts or user access to applications. Running Oracle Identity Cloud Service Reports
Download SDKs and applications. Download software development kits (SDKs) to enable your mobile and Web applications to authenticate and integrate with Oracle Identity Cloud Service, the Oracle E-Business Suite (EBS) Asserter to integrate Oracle E-Business Suite with Oracle Identity Cloud Service, or the Secure Form Fill Client to configure Secure Form Fill for your applications. Download Oracle Identity Cloud Service SDKs and Applications

Security Administrator

A security administrator can manage Oracle Identity Cloud Service security settings for an identity domain in Oracle Identity Cloud Service.

Security administrators can customize the interface, default settings, notifications, and the password policy, configure Multi-Factor Authentication (MFA), and manage bridges, identity providers, and trusted partner certificates. See Understanding Administrator Roles.

Task Description Additional Information
Customize the interface. Customize the Sign In page or brand the Identity Cloud Service console and notification templates by adding logos to them. Customizing the Oracle Identity Cloud Service Interface
Customize the default settings. Customize the default settings for both the identity domain and the session between the Oracle Identity Cloud Service client and the server. Change Oracle Identity Cloud Service Default Settings
Manage user settings. Specify whether the primary email address is required or optional to create a user account. Manage User Settings in Oracle Identity Cloud Service
Customize email notifications. Customize email notifications for users and administrators. Customize Oracle Identity Cloud Service Notifications
Customize the password policy. Tailor the strength of the password policies. Managing Oracle Identity Cloud Service Password Policies
Configure Multi-Factor Authentication (MFA) Enable MFA when you want to require your administrators and users to provide a second type of verification when they log in:
  • Configure overall MFA policy settings such as which users are to use MFA and whether MFA is required.

  • Configure the type of factors that you want to allow and specific policies for those factors.

Configure Authentication Factors
Register App Gateway Register App Gateway to protect access to enterprise applications. Manage Oracle Identity Cloud Service App Gateways
Configure account recovery. Configure factors that will help users regain access to their accounts if they have trouble signing in, they’re locked out, or they forget their passwords. Manage Account Recovery in Oracle Identity Cloud Service
Onboard users and groups. Onboard users and groups by installing, configuring, and running bridges.

Manage Provisioning Bridges for Oracle Identity Cloud Service

Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service

Manage delegated authentication. Configure delegated authentication for bridges associated with Microsoft Active Directory domains. Configure Delegated Authentication in Oracle Identity Cloud Service
Add and manage identity providers. Add and manage identity providers to provide identifiers for users who want to interact with Oracle Identity Cloud Service using a website that's external to Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Identity Providers
Manage identity provider policies. Manage identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. Manage Oracle Identity Cloud Service Identity Provider Policies
Define network perimeters. Create network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Network Perimeters
Manage sign-on policies. Manage sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. Manage Oracle Identity Cloud Service Sign-On Policies
Manage Adaptive Security and risk providers. Activate Adaptive Security, and add, manage, and use risk providers to evaluate risk-based activity for Oracle Identity Cloud Service users, and generate a risk score for these users, based on this activity. This risk score is a number that varies from risk provider to risk provider, reflecting user threat. Manage Adaptive Security in Oracle Identity Cloud Service
Import trusted partner certificates. Import certificates for trusted partners so that any application or organization, remote to Oracle Identity Cloud Service, can communicate with Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Trusted Partner Certificates
Download SDKs and applications. Download software development kits (SDKs) to enable your mobile and Web applications to authenticate and integrate with Oracle Identity Cloud Service. Download applications, including the Oracle E-Business Suite (EBS) Asserter to integrate Oracle E-Business Suite with Oracle Identity Cloud Service, the Oracle Identity Cloud Service Linux Pluggable Authentication Module (PAM) to integrate your Linux environment with Oracle Identity Cloud Service to perform user authentication with first-factor and second-factor authentication, Identity Cloud Service App Gateway to integrate your application with Oracle Identity Cloud Service for authentication purposes, the Secure Form Fill Client to configure Secure Form Fill for your applications, the Identity Cloud Service Device Fingerprint Utility to enable the Access for an unknown device event of Adaptive Security for a custom sign-in page, and the Provisioning Bridge client to install, start, and and stop the bridge. The Provisioning Bridge provides a link between your on-premises apps and Oracle Identity Cloud Service. Download Oracle Identity Cloud Service SDKs and Applications

Application Administrator

An application administrator can manage Oracle Identity Cloud Service applications.

Application administrators can create, update, activate, deactivate, and delete applications. Application administrators can also grant and revoke access to applications for groups and users. See Understanding Administrator Roles.

Task Description Additional Information
Create and manage custom applications. Add and configure custom applications. Managing Oracle Identity Cloud Service Applications
Assign users and groups to applications. Assign users and groups to Oracle and custom applications.  
Manage identity provider policies. Manage identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. Manage Oracle Identity Cloud Service Identity Provider Policies
Define network perimeters. Create network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. Manage Oracle Identity Cloud Service Network Perimeters
Manage sign-on policies. Manage sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. Manage Oracle Identity Cloud Service Sign-On Policies
Run application reports. Run operational or historical reports that capture data about Oracle Identity Cloud Service applications. Running Oracle Identity Cloud Service Reports

User Administrator

A user administrator can manage users, groups, and memberships for an identity domain in Oracle Identity Cloud Service.

A user administrator can onboard users and groups, assign users and groups to applications, and run user reports. See Understanding Administrator Roles.

Task Description Additional Information
Onboard users and groups.
Onboard users and groups by:
  • Configuring and running bridges

  • Importing users and groups

  • Creating users and groups

Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service

Managing Oracle Identity Cloud Service Users

Managing Oracle Identity Cloud Service Groups

Assign users and groups to applications. Assign users and groups to Oracle and custom applications.  
Run user reports. Run operational or historical reports that capture data about Oracle Identity Cloud Service user accounts. Running Oracle Identity Cloud Service Reports

User Manager

A user manager can manage all users or users of selected groups in Oracle Identity Cloud Service.

User managers update, activate, deactivate, remove, and unlock user accounts. User managers can also reset passwords, reset authentication factors, and generate bypass codes for user accounts. See Understand Administrator Roles.

Task Description Additional Information
Update user accounts. Modify user accounts using the Users page. Edit Attribute Values for the User Account
Activate and deactivate user accounts. Activate and deactivate user accounts using the Users page. Activate User AccountsDeactivate User Accounts
Unlock a user account. Unlock user accounts using the Users page. Unlock User Accounts
Reset passwords for user accounts. Reset passwords for user accounts using the Users page. Reset Passwords for User Accounts
Reset authentication factors for user accounts. Reset authentication factors for user accounts using the Users page. Reset Authentication Factors for User Accounts
Generate bypass codes for user accounts. Generate bypass codes for user accounts using the Users page. Generate Bypass Codes for User Accounts
Remove user accounts. Remove user accounts using the Users page. Remove User Accounts

Help Desk Administrator

A help desk administrator can manage all users or users of selected groups in Oracle Identity Cloud Service.

Help desk administrators can view the details of a user and unlock a user account. Help desk administrators can also reset passwords, reset authentication factors, and generate bypass codes for user accounts. See Understand Administrator Roles.

Task Description Additional Information
Unlock a user account. Unlock user accounts using the Users page. Unlock User Accounts
Reset passwords for user accounts. Reset passwords for user accounts using the Users page. Reset Passwords for User Accounts
Reset authentication factors for user accounts. Reset authentication factors for user accounts using the Users page. Reset Authentication Factors for User Accounts
Generate bypass codes for user accounts. Generate bypass codes for user accounts using the Users page. Generate Bypass Codes for User Accounts

Audit Administrator

An audit administrator can run reports for an identity domain in Oracle Identity Cloud Service.

See Understanding Administrator Roles.

Task Description Additional Information
Run user and application reports. Run operational or historical reports that capture data about Oracle Identity Cloud Service applications or user accounts. Running Oracle Identity Cloud Service Reports