Activating a new Oracle Unity subscription
Overview
Once your organization has signed up for the Oracle Unity service, you will need to provide a point of contact (POC) to Oracle. This person will be assigned as the Oracle Cloud Account Administrator and the first Oracle Unity Instance Administrator.
- Plan and activate your subscription and create service instance(s).
- Receive emails from Oracle Cloud Portal regarding the subscription, such as when new services have been purchased and when the new cloud account is ready.
- Receive the welcome email after Oracle Unity instance has been provisioned. This email contains Oracle Unity Account Administrator login instructions.
If you are the correct person for this role, proceed to the Next steps section below.
To activate Oracle Unity, follow these steps:
- Step 1: Activate your Oracle Public Cloud Services account
- Step 2: Log in to Cloud Portal using the My Services URL
- Step 3: Create your service instance
- Step 4: Log in to the application
- Step 5: Update Instance admin credentials for syncing users
- Step 6: Sync users with a different user
- Step 7: Add group-specific password policy
If you have trouble completing these steps or have other issues with your Oracle Cloud account, review the Oracle Cloud troubleshooting tips.
Step 1: Activate your Oracle Public Cloud Services account
After the product is purchased, the POC should receive an email from Oracle Cloud services. This email has the subject line "Welcome to Oracle Cloud. The Provisioning Process Started." It provides instructions on activating your Oracle Public Cloud Service account.
Note: The Oracle Public Cloud Service account is not for Oracle Unity itself, but for the administrative portal for the Oracle Public Cloud Services to which you have subscribed. You will use the Oracle Cloud - My Services portal to activate Oracle Unity.
To activate your account:
- Click the Activate button in the email that you received.
- New Oracle customers: The Activate My Services! page automatically opens in a web browser window.
- Existing Oracle customers: The Oracle Cloud - My Services Dashboard opens in a web browser window. Open the navigation menu and select Account.
In the Activate tab, click Cloud services account setup. The Activate My Services! page opens in a web browser window.
- In the Cloud Account Name - Create New Account field, enter the name you would like to use for your Oracle Public Cloud account. Oracle recommends that the account name indicate your organization and/or division name. (This name is used only in your Oracle Public Cloud Services account.)
- Optionally, edit the Administrator's First Name and Last Name, as needed.
- Click Activate Account. The Review Summary page informs you that you will receive a welcome email when the activation is completed. Click Close to dismiss the window.
Step 2: Log in to Cloud Portal using the My Services URL
After your Oracle Public Cloud Service account is activated, you will receive an email with the subject line "Setup Complete. You're ready to go.”
To log in to Oracle Cloud - My Services:
- Open the "Setup Complete" email, scroll to the Access Details section, and then click the Oracle Cloud Console: Console URL link. The link opens the Oracle Cloud Account Sign In page.
- To log in, enter the Username and Temporary Password provided in the email. The Set a new password for your user account page is displayed. (Identity Cloud Service manages user access to Oracle Public Cloud Services.)
- Following the instructions on the page, change the temporary password to your new password. When you enter the new password, the Password Criteria checklist icons change to green when you have entered a valid new password. The Reset Password button becomes available when the New Password and Confirm New Password fields match.
- Click Reset Password to continue.
After your password is changed successfully in the system, the Oracle Cloud - My Services Dashboard is displayed in your web browser.
Step 3: Create your service instance
When you create a Oracle Unity service instance, this begins the process of Oracle configuring your Oracle Unity account. When the new service is ready to use, you will receive an email with further details about how to log in to Oracle Unity.
To create your Oracle Unity service instance:
- From the Oracle Cloud - My Services Dashboard page, locate the Identity Domain drop-down list in the top-right corner. Select the option that shows your Oracle Public Cloud Service account name with the text "(classic)" after it. For example, if the options shown are "examplecom" and "examplecom (classic)", select "examplecom (classic)".
- Click the Create Instance tile. On the Create Instance dialog, locate Oracle Unity and then click Create.
- Complete the instance details:
- Name: enter a unique name for your instance.
- The instance name identifies your service only within your “Oracle Cloud - My Services” identity domain on the Oracle Cloud Portal. For example, Oracle does not use it to name your Oracle Unity account.
- The instance name must start with a letter, and it can have up to 25 lower case letters and numbers. You cannot use spaces, upper case letters, special characters, or non-English characters or numbers.
- Plan is pre-selected. You do not need to change this field.
- Hostname: The hostname you enter here will be used as the hostname for your Oracle Unity instance. We recommend you use your company/department name. It must start with a letter, and it can have up to 25 lower case letters and numbers. You cannot use spaces, upper case letters, special characters, or non-English characters or numbers.
- Industry: Use the drop-down list to select the industry that will be provisioned for your Oracle Unity instance. The industry you select determines the default data model that will be installed. You can select from the following: Base B2C (business-to-consumer), Base B2B (business-to-business), or Automotive.
- Name: enter a unique name for your instance.
- Optionally, change the Administrator Details, as needed. This should show your information. Unless you have already set up another Administrator user for your identity domain, we recommend that you do not change the information here.
- The administrator details show the contact information for the person who will be both the service instance administrator in the Oracle Cloud - My Services portal and the first account administrator created in Oracle Unity.
- Oracle Cloud sends the administrator details to Oracle Unity, and the administrator shown here is set up as the Oracle Unity account administrator. This person receives the “Welcome” email after your account is configured in Oracle Unity.
- Review your changes carefully, and then scroll to the bottom of the page and click Create. The Confirmation dialog is displayed.
- On the Confirmation dialog, click Create to submit your "create new instance" request to Oracle. You can also click Cancel to go back without submitting your request and verify that the details are correct. After you create the Oracle Unity service instance, the Service: Oracle Unity page is displayed. The Active status in the Additional Information section only indicates that the subscription is active. You will need to wait to receive an email from Oracle notifying you the new instance is ready and you can log in. When the new instance is ready to be logged in, you will see an Active status in the Service Environments section.
- Log out of Oracle Cloud - My Services: Click the user menu, and then choose Sign Out.
Step 4: Log in to the application
When you receive the notification email that the new instance is ready to use, you will be able to review your Cloud account name, username, and temporary password. Follow the instructions in the email.
Step 5: Update Instance admin credentials for syncing users
You will now need to update your Instance admin credentials for syncing users from Oracle Identity Cloud Service (IDCS) to Oracle Unity. If the instance admin credentials change or reset, then you will need to complete these steps again. This is because any user management changes in IDCS will not be synced to Oracle Unity if the password is invalid.
Note: These steps require a working knowledge of JSON and Postman.
Retrieve required parameters
To update the admin credentials for syncing users, you will need to retrieve the following parameters:
- IDCS URL: Your IDCS URL will look like the following: https://idcs-[IDCS number].identity.oraclecloud.com/.
- Client ID
- Client Secret
- Admin username
- Admin password
Learn more about Retrieving Oracle Identity Cloud Service parameters.
You can now use a postman collection to update the admin username/password.
To use the postman collection:
- Save the following postman collection
- Import, then edit the postman collection.
- Select the Variables tab.
- Update the Host, Client ID, Client Secret, admin username, admin password.
- Run the first request to get the access token.
- Run the second request to update the admin credentials.
- Optionally, you can follow the steps to test your connection to confirm your credentials were successfully updated.
- If the connection was successful, try creating or updating a Oracle Unity user in the Oracle Identity Cloud Service portal, refreshing the Admin page in Oracle Unity, and checking that the user is provisioned.
- If the connection failed or if the user is not provisioned, contact Oracle Support.
Click to view the collection.
{
"info": {
"_postman_id": "0c1c3909-13b1-4a85-8534-01e5ee496754",
"name": "ReplaceCXUnityScimConnectorAdminCredentials",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "1. Obtain access_token (client credentials)",
"event": [
{
"listen": "test",
"script": {
"exec": [
"var jsonData = JSON.parse(responseBody);",
"pm.collectionVariables.set(\"access_token\", pm.response.json().access_token);",
""
],
"id": "c5730837-7ae0-4060-b617-b96368c8a498",
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"id": "b94dfc22-ba60-450b-98d4-dd74c0bac9f1",
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "username",
"value": "{{CLIENT_ID}}",
"type": "string"
},
{
"key": "password",
"value": "{{CLIENT_SECRET}}",
"type": "string"
},
{
"key": "saveHelperData",
"value": true,
"type": "boolean"
},
{
"key": "showPassword",
"value": false,
"type": "boolean"
}
]
},
"method": "POST",
"header": [
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "grant_type",
"value": "client_credentials",
"type": "text"
},
{
"key": "scope",
"value": "urn:opc:idm:__myscopes__",
"type": "text"
}
],
"options": {
}
},
"url": {
"raw": "{{IDCS_URL}}/oauth2/v1/token",
"host": [
"{{IDCS_URL}}"
],
"path": [
"oauth2",
"v1",
"token"
]
}
},
"response": [
]
},
{
"name": "2. ** USE WITH CAUTION ** Update admin credentials",
"request": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Authorization",
"value": "Bearer {{access_token}}"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"command\": \"enableNextFedSyncModes\",\n \"SyncConfig\": {\n \"bundleConfigurationProperties\": [\n {\n \"name\": \"username\",\n \"value\": [\n \"{{username}}\"\n ]\n },\n {\n \"name\": \"password\",\n \"value\": [\n \"{{password}}\"\n ]\n }\n ]\n }\n}\n",
"options": {
}
},
"url": {
"raw": "{{IDCS_URL}}/sm/v1/AppServices/Me",
"host": [
"{{IDCS_URL}}"
],
"path": [
"sm",
"v1",
"AppServices",
"Me"
]
}
},
"response": [
]
}
],
"event": [
{
"listen": "prerequest",
"script": {
"id": "8f5bbe0a-bc82-49d0-a681-f731639c14e1",
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"id": "d0c26ecf-285b-4862-a8bc-1ca37ed7756a",
"type": "text/javascript",
"exec": [
""
]
}
}
],
"variable": [
{
"id": "69a857bb-9b9f-4f67-91a7-073a32e8819d",
"key": "IDCS_URL",
"value": ""
},
{
"id": "1870a354-29c2-4a46-bfb6-fadba7bb7a4d",
"key": "CLIENT_ID",
"value": ""
},
{
"id": "f4b48c72-a6c4-48d0-b55e-1a63250da245",
"key": "CLIENT_SECRET",
"value": ""
},
{
"id": "c98b850a-7b42-4291-a971-2a6c73e494e5",
"key": "access_token",
"value": ""
},
{
"id": "868007d7-2967-4d68-a144-07eb8ccfb230",
"key": "username",
"value": ""
},
{
"id": "f4decf84-0157-42a2-b1b6-ebb20da11fd1",
"key": "password",
"value": ""
}
]
}
Step 6: Sync users with a different user
After updating the admin credentials, you will need to use a different user other than the one used in the previous steps (a generic user) to sync users.
To sync users:
- Log in to IDCS and follow the steps for creating a new user. This will be a generic user for completing the following steps.
- Follow the steps for assigning applications to a user and assign Oracle Unity's IDCS App to the user. If all the steps for activating a new Oracle Unity subscription are successfully completed, then the user will be automatically synced to Oracle Unity.
- Log in to Oracle Unity with your user credentials (not the new generic user's credentials). Follow the steps for Editing user roles and assign the generic user the role of Instance admin.
- Complete these steps again: Step 5: Update Instance admin credentials for syncing users . This will update the IDCS App to use the credentials of the generic user when syncing users.
Step 7: Add group-specific password policy
The final step is to add a group-specific password policy. This allows you to update the default password policy for the user created in the previous steps.
- Log in to IDCS and follow the steps for creating a group.
- Follow the steps for assigning users to a group and assign the user created in the previous steps to this group.
- Follow the steps for setting the password policies for your identity domain.
- Specify a priority and any necessary custom rules.
- Add the group to this password policy.
- When done, click Finish.
- Review the list of password policies and confirm the new one is listed.
If you don't see Add for creating a policy, clear your browser cache or use an incognito/private browser window. If you still don't see Add, contact Oracle Support.
Data privacy and security features
Oracle Unity system requirements