Using IDCS Groups to Assign Application Roles to Users

You can use Identity groups to assign application roles to multiple users. Since Identity groups can be synced with identity provider (IdP) groups (such as Entra ID groups), you can even add individual users to IdP groups and assign the application roles to these groups in IAM Interface.

Note:

Renaming an Identity group is functionally equal to deleting it and creating a new one.

To assign groups to an application role:

1. Click Oracle Cloud Services under Identity Domain.

   A list of available environments is displayed.
   
   

2. Click the name of the environment for which you want to assign application roles to users.
3. Click Application Roles tab.
   
   
4. Click the ellipses next to the role you want to assign and select Manage groups.
   
   
   
   
5. On the Manage group assignments page, click Assign groups.
6. On the Assign groups page, select the groups you want to assign to the current application role.

   To search for a user, click the text box, enter all or part of the beginning of the user name, first name, or last name of the user, and then press Search.

7. Click Assign.
   
   

When you clone an environment with the option to clone users and application roles, the cloned users on the target environment will have the application roles assigned to them directly, even if they are assigned through IDCS groups. See Cloning EPM Cloud Environments in Administering Migration for Oracle Enterprise Performance Management Cloud.