Using Identity Cloud Service Groups to Assign Predefined Roles to Users in Oracle Cloud Identity Console (for OCI (Gen 2) only)

In OCI (Gen 2) environments, you can use Identity Cloud Service (IDCS) groups to assign predefined roles to multiple Oracle Enterprise Performance Management Cloud users. Since IDCS groups can be synced with identity provider (IdP) groups (such as Azure AD groups), you can even add individual users to IdP groups and assign the predefined roles to these groups in Oracle Cloud Identity Console.


Renaming an IDCS group is functionally equal to deleting it and creating a new one.

Create and Add Users to an Identity Cloud Service Group

  1. In the Navigation menu, click Groups.
  2. On the Groups page, click Add.
  3. Enter Name and other optional details, and click Next.
    Screen to create group step 1
  4. To add users to the group, select the check box for each user that you want to add to the group.

    To search for a user, click the text box, enter all or part of the beginning of the user name, first name, or last name of the user, and then press Enter.
    Screen to add users to group

  5. Click Finish.

Assign Groups to Predefined Roles

  1. On the navigation menu, click Oracle Cloud Services to view the default Oracle Identity Cloud Services.

    A list of available EPM Cloud environments is displayed.

  2. Click the name of the EPM Cloud environment for which you want to assign predefined roles to users.
  3. Click the Application Roles tab.

    All predefined roles (Application Roles on UI) are displayed.

  4. Select the menu next to the predefined role that you want to assign. Click Assign Groups.
    Screen for predefined roles
  5. Select the group(s) that you want to assign the predefined role, and click OK.
    Screen to list available groups
  6. All members of this group will be assigned the predefined role. To confirm, click Users Assigned icon next to predefined role.

    The users assigned to the predefined role get listed.

    Screen to list users assigned to predefined role


When you clone an environment with the option to clone users and predefined roles, the cloned users on the target environment will have the predefined roles assigned to them directly, even if they are assigned through IDCS groups. See Cloning EPM Cloud Environments in Administering Migration for Oracle Enterprise Performance Management Cloud.