Identity and Access Management Integration Overview

Oracle Cloud Infrastructure Identity and Access Management (IAM) provides identity and access management functionality for the Oracle Utilities cloud services and supports single sign on (SSO) and identity federation capabilities.

It protects both online and webservices API access to the Oracle Utilities cloud service. Refer to the Detailed Oracle Cloud Services Administration guide for the instructions on how to configure and manage online and API access and maintain users, groups, application roles and integration OAuth clients.

In IAM, an Identity Domain is provided with each service subscription. Once provisioned, the Identity Domain is administered exclusively by the client.

Security administrator uses Identity Domain to manage application users, who are given access to a one or multiple application environment(s). The security administrator may also assign another user to an administrative role in the Identity Domain and delegate user management privileges.

Newly created users receive an account activation email from IAM, and must reset their password.

The integration with IAM supports Just-In-Time User Provisioning.

When a user attempts to access the utility application URL, the user is redirected to Identity Domain for authentication. Once the user is successfully authenticated, they are redirected back to the application and the authentication token is evaluated and validated. The system then checks if the user already exists in the application, and if not, it triggers the Just-In-Time User Provisioning logic that creates and activates the new user.

The F1-IDMUser business object is used for creation of new user records sourced from the external identity management integrations.

For the integration with Oracle Cloud Infrastructure Identity and Access Management, the algorithm is defined on the F1-IDMUser business object to determine the Template User whose information should be copied to the newly created user.