Changes to Cloud Identity for Essbase

When you deploy Essbase on Oracle Cloud Infrastructure using the Essbase Marketplace listing, cloud identity may be managed by OCI Identity and Access Management (IAM) or by Oracle Identity Cloud Service (IDCS), depending on your tenancy.

If you are not sure which identity management is used on your tenancy, refer to Documentation to Use for Cloud Identity.

If you already use Essbase on OCI, and your tenancy has been updated to use IAM identity domains, you don't need to create a new confidential application. Your identity application is migrated as an integrated application within an identity domain named OracleIdentityCloudService.

If you are starting a new cloud deployment on an OCI tenancy with IAM, Oracle recommends creating a unique identity domain for Essbase instead of using the default identity domain. Create the dynamic groups, the initial Essbase administrator user, and the confidential identity application all within this identity domain.

You can create two custom applications per identity domain without incurring any added cost. Each Essbase stack deployed from Marketplace is considered one custom-developed application on the OCI tenancy, as is any non-Oracle application you create. For information about identity domain limits, refer to IAM Identity Domain Types. For information about Marketplace stacks, refer to Overview of Marketplace.

To configure clients to be able to access the signing certificate for the identity domain, go to the Settings for the identity domain you created for Essbase. Under Access signing certificate, select Configure client access.

Policies are global to the tenancy (not domain specific), but the syntax for specifying dynamic group names in policy statements may need to be updated if you are using a non-default identity domain. Refer to the Note in Set Up Policies.