8 Configure OCI IAM for Application-Mediated Access

Register applications, create users, and configure groups in Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) to support authentication and authorization for application-mediated access to the database.

In OCI IAM, groups serve the same authorization function that application roles serve in Microsoft Entra ID. When OCI IAM issues a token, the user’s group memberships appear as claims in the token. Oracle AI Database reads these group claims and activates the corresponding data roles.

Note:

• This chapter covers only the OCI IAM configuration required for IAM-managed users connecting through an application. For the full range of OCI IAM capabilities, see Managing Identity Domains in Oracle Cloud Infrastructure documentation. For OAuth flow details, see Using OAuth 2 to Access the REST API.
• The OCI console interface may be updated over time. If a specific label or navigation path differs from the instructions provided here, look for the closest matching option.

Topics:

• Register the Database in OCI IAM

• Register the Application in OCI IAM

• Configure Custom Claims for Group Information in OCI IAM

• Create Users and Assign Groups in OCI IAM

• Validate the OCI IAM Configuration