1. Implementing Risk Management
  2. Set Up the OCI Data Source

Set Up the OCI Data Source

You must set up an OCI data source if you want Risk Management to evaluate access data from Oracle Cloud Infrastructure. Setup involves establishing a connection to an OCI server and running a synchronization job that refreshes OCI data in Risk Management.

One step in connecting to an OCI server is to use a setup page to provide authentication-detail values specific to your organization. Before you begin the setup procedure, you should determine what these values are. They include:

  • API Credentials > API Key: The client ID set up for an OAuth2 client in an Oracle Identity Cloud Service (IDCS) instance integrated with the OCI deployment.

  • API Credentials > Secret Key: The secret key paired with the client ID for the Oauth2 client in IDCS.

  • Authorization Protocol Type: The correct protocol type is Open authorization 2.0. It's the default value and can't be changed.

  • Authorization > Authorization Scope: The authorization scope for the OCI instance.

  • Authorization > Token URL: The https URL of the OCI server, with the following value added: /oauth2/v1/token

  • Authorization > Grant Type: The correct grant type is client_credentials. It's the default value and can't be changed.

  • Authorization > Host: The https URL of the OCI server, with the following value added: /admin/v1

  • Ignore any other fields in the API Credentials and Authorization sections of the setup page.

Complete the following steps to set up the OCI data source for which you want to perform Risk Management analysis.

  1. Navigate to Risk Management > Setup and Administration > Advanced Controls Configuration.

  2. In the Non-Fusion data sources panel, locate the row for the OCI data source. Initially, it displays a Not set up sync status. Click the Edit Credentials icon.

  3. An Enter Authorization Details page opens. In it, the Authorization > Protocol Type field defaults to the value Open authorization 2.0. Accept that value and enter the authentication details you've determined are correct for your OCI data source.

  4. Click the Test Connection button. When a message confirms that your authentication details are valid, click the Update button.

  5. The focus returns to the Advanced Controls Configuration page. In the row for the OCI data source, the sync-status field now reads Not started. In that row, expand the Actions menu. In it, select the Run Access Sync option.

  6. A message displays a job number. Make a note of the number and close the message. Click the Go back icon and, in the Monitor Jobs page, locate the row for your job number to track the progress of the job.

  7. When the job has finished running, click the Advanced Controls Configuration tab. In the OCI row, the sync-status value for the job you ran is now Completed.

Two fields in the OCI row show when access synchronization succeeded and was attempted most recently. (The successful and attempted dates are initially the same, but they may differ if a later job run results in errors.)