Features Available only in OCI EPM Cloud Environments
The following table lists some of the features that are available only in OCI Oracle Enterprise Performance Management Cloud Environments.
Table 2-2 New Features in OCI
| Feature | Description |
|---|---|
| Oracle Cloud Identity Console or Oracle Cloud Console (IAM) | Perform user and security management tasks such as creating users, removing users, assigning and unassigning roles, and setting up Single Sign-On (SSO). |
| New audit reports and logs | Role Assignment Audit Report and Invalid Audit Report are available through EPM Automate and REST APIs. |
| Application Role Privileges Report, Successful Login Attempts Report, Unsuccessful Login Attempts Report, and Dormant Users Report are available from Oracle Cloud Identity Console, Oracle Cloud Console (IAM), and through Oracle Cloud Identity Service REST APIs. | |
| Audit log containing information on successful and failed logins, and user management actions (user creation, update, and deletion) is available from Oracle Cloud Identity Console, Oracle Cloud Console (IAM), and through Oracle Cloud Identity Service REST APIs. | |
| OAuth 2 Support for REST API, EPM Automate, and EPM Integration Agent | Use OAuth 2 access tokens to make REST API calls to EPM Cloud and to use EPM Automate and EPM Integration Agent to avoid the use of passwords. |
| Support of multiple SAML 2.0-compliant identity providers for a domain | You can configure SSO for a domain with multiple SAML 2.0-compliant identity providers simultaneously. |
| Support of Identity Provider Groups |
You can add individual users to an Identity Cloud Service (IDCS) group and then assign predefined roles to the group. Since IDCS groups can be synced with Identity Provider groups (such as Azure AD) groups), you can even add individual users to Identity Provider groups and assign the predefined roles to these groups in Oracle Cloud Identity Console or Oracle Cloud Console (IAM). See Using Identity Cloud Service Groups to Assign Predefined Roles to Users in Oracle Cloud Identity Console (for OCI (Gen 2) only) |
| Synchronize IDCS users and groups across identity domains | You can use System for Cross-domain Identity Management (SCIM) to enable automatic provisioning of users and groups between identity domains supported on IDCS. See Using SCIM to Synchronize Users and Groups on Oracle Identity Cloud (for OCI (Gen 2) Only) |
| Ability to rename the instance | You can change the instance name and, consequently, the URLs of your environments using My Services (OCI). See Rename or Relocate an OCI (Gen 2) EPM Cloud Instance. |
| Ability to relocate the instance | You can relocate the instance to a different region using My Services (OCI). See Rename or Relocate an OCI (Gen 2) EPM Cloud Instance. |
| Private access to EPM Cloud | If you have an OCI IaaS subscription in the same data center as your EPM Cloud environments, you can use the Service Gateway Service to avoid having traffic go over internet. See Use of Dedicated VPN Connection to Restrict Access in Oracle Enterprise Performance Management Cloud Operations Guide. |
| Change Password Policy | You can set your own password policy. For details, see Manage Oracle Identity Cloud Service Password Policies in Administering Oracle Identity Cloud Service. |
| Restrict user access | You can deactivate environments so that user cannot sign in to them. For details, see Deactivate Access to OCI (Gen 2) Environments. You can also configure a custom sign-on policy to restrict access to users with specific predefined roles. For details see Sign-On Policies to Restrict Access to OCI (Gen 2) Environments. In addition, you can also deactivate specific user accounts. For details, see Deactivate User Accounts in Administering Oracle Identity Cloud Service. |
| Maximum session duration | You can set the maximum session duration in Oracle Cloud Identity Console or Oracle Cloud Console (IAM) to log out the user, even if the user is actively using the environment. See Maximum Session Duration in OCI (Gen 2) Environments |
| Virus scan on uploaded files | OCI (Gen 2) environments provide an option to enable the virus scan on uploaded files. When this option is enabled, each uploaded file is scanned for virus. If a virus is detected, the file is not uploaded. |
| Disallow Service Administrator to assign predefined roles |
You can request Oracle to disallow Service Administrator to assign predefined roles. After Oracle implements this request, only Identity Domain Administrator will be able to assign predefined roles. For details, see Prevent Service Administrators from Granting Predefined Roles in Oracle Enterprise Performance Management Cloud Operations Guide. |
| Database encryption using AES-256 | OCI (Gen 2) uses AES-256 to encrypt the master key as well as tablespace to satisfy the requirement to encrypt data at rest in relational database. The master key is rotated regularly. |
| OCI Block Volume Encryption | To encrypt data at rest, OCI (Gen 2) uses Block Volume Encryption using AES-256 to encrypt file system data including Oracle Essbase data. |
| Self-service option to list and restore available backup maintenance snapshots | Artifact snapshots resulting from daily maintenance of OCI (Gen 2) environments are archived to Oracle Object Storage daily. Production environment backups are retained for 60 days while test environment backups are retained for 30 days. OCI (Gen 2) environments support self-service operations using the listBackups and the restoreBackup EPM Automate commands to check for and copy available backup snapshots from Object Storage to your environment. |
| Encryption Keys stored in FIPS 140-2 compliant Hardware Security Module (HSM) |
In OCI (Gen 2) environments, all encryption master keys including the following are stored in FIPS 140-2 compliant HSM:
|
| Web Application Firewall (WAF) support | In OCI (Gen 2) environments, Web Application Firewall (WAF) is available out-of-the-box and protects EPM Cloud from many application layer attacks. |
| DKIM (DomainKeys Identified Mail) support | EPM Cloud on OCI (Gen 2) environments supports DKIM for outgoing messages for default or custom sender email address. See DKIM Support for EPM Cloud OCI (Gen 2) Environments. |
| Customization of Sign-in Page | You can customize the Oracle Identity Cloud Service sign-in page using the Authentication REST API. See Customize the Oracle Identity Cloud Service Sign-In Page Using the Authentication API for instructions. |
| Customization of Notifications | You can modify the notification templates for the email notifications Identity Cloud Service sends for activities, such as user addition, role assignment, and password expiry. You can select the notification language, the activities for which notifications are to be sent, the email sender, subject, and body. |