14 Mobile Users and Roles
You can set up users for your apps in one of these ways:
-
In Oracle Identity Cloud Service (IDCS).
-
Through a third-party identity provider (IdP).
-
By using Facebook Login.
For users provisioned in IDCS or a third-party identity provider (IdP), you can set up role-based security by doing the following:
-
Creating user roles in AMCe.
-
Applying roles to backends and APIs.
-
Assigning the roles to the users.
For details on integrating with a third-party IdP or Facebook, see Authentication in AMCe.
Navigate to Your Oracle Identity Cloud Service Application
Oracle Identity Cloud Service is provided as part of your mobile service stack, and you use it to add and edit users, groups, and roles. For each mobile instance, you have an Oracle Identity Cloud Service application.
To navigate to the Oracle Identity Cloud Service application for an instance:
-
Sign in to your Oracle Cloud account.
-
From the Infrastructure Console , click the navigation menu in the top left corner, expand Identity, then click Federation.
-
In the Instance Overview that appears, click the Oracle Identity Cloud Service Console link.
Adding Users and Groups in Oracle Identity Cloud Service
Unless you are using a 3rd-party IdP or Facebook as your identity store, you add users by creating user accounts with Oracle Identity Cloud Service. You can create groups to organize users and assign roles.
Note:
You must have an identity domain administrator role in Oracle Identity Cloud Service to add mobile users. If you don’t have this role, ask your service administrator for help.To add a single user, follow the steps below. Oracle Identity Cloud Service also provides a REST API for creating and managing users and groups, described in REST API for Oracle Identity Cloud Service.
- From Oracle Identity Cloud Service, click and select Users.
- Click Add.
- Enter the first name and last name of the user in the corresponding fields.
- If the user is going to log in with a user name, enter the user name in the User Name field and enter the user’s email address in the Email field.
Be sure to clear the Use the email address as the user name option, which makes the user name the same as the user’s email address.
- If the user is going to log in using an email address, make sure the Use the email address as the user name option is checked and enter the email address for the user account in the User Name/Email field.
- If the user is going to log in with a user name, enter the user name in the User Name field and enter the user’s email address in the Email field.
- Click Next if you want to assign the user to a group or click Finish.
To assign a group, just select the groups that you want to assign to this user account and click Finish.
- From the Details page displayed for the new user, click the Access tab.
- Search for your mobile core application and click Assign.
Repeat this step for each application the user should have access to.
Creating and Managing Mobile Roles
Mobile user roles allow you to define permissions for your backends and APIs. You can define as many roles as you need, and you can assign multiple roles to the same user.
-
In AMCe, click to open the side menu and select Development > Roles.
-
Click + New Role to add a role.
-
Restrict access to a backend as explained in Role-Based Backends.
-
Restrict access to custom APIs as described in Setting Access to the API.
Roles for Users That Are Set Up in IDCS
For mobile users that are set up in IDCS, you assign roles (to individual users or groups of users) through IDCS:
-
From the Users tab, click Applications.
-
Select your AMCe mobile core application, then select the Application Roles tab.
-
For each role, click Action > Assign Users. Select one or more users from the Role window and click Assign.
Roles for Users That Are Set Up in a 3rd-Party IdP
There are several ways to assigns roles to users who provisioned in 3rd-party IdP. See Associating Roles with a SAML Token and Associating Roles with a JWT Token.
Permissions Required for Platform APIs
The types of users that can access a platform API, the way they can access it, and the roles they need to access it vary by API. Here’s a quick rundown:
API | Access and Required Permissions |
---|---|
App Policies |
|
Database Access |
|
Database Management |
|
Location |
|
Location Management |
|
My Profile |
|
Notifications (device registration) |
|
Notifications (create, delete, and return) |
|
Storage |
|