Quick Start Guide

Activate Security Administrator Account

Access the Oracle Cloud Infrastructure console and perform the verification of the provisioned environments. Follow the steps described in Security Administrator Account.

Evaluate Federated Single Sign-On Requirements

If you are using Identity and Access Management (IAM) as your only identity management system, proceed with adjusting the identity domains settings and perform the user community setup.

If the user identities are managed by an existing enterprise identify management system, evaluate the Single Sign-On (SSO) requirements. If the federation is required for all user accounts, including the implementation team, immediately proceed with the federated SSO setup as described in Using Federated Single Sign-On.

Otherwise, if the federation is required for the actual production users only, it may be configured in later stages.

Adjust the Default Oracle Identity Cloud Service Settings

Locate the Settings menu and review and/or modify Identity Domain settings. Below are suggestions regarding some settings:

Domain settings: Review the default settings; specify whether the primary email address will be also used as a user name (login)
Notifications: You may want to include user names in communication emails. Update notification(s) accordingly.
Update the notifications further to include additional details, for example the contact information of the technical support team.
Password Policy: Evaluate the default Password Policy and amend according to your organization's requirements. You may return and modify it later and also create multiple policies for different groups of users.
Branding: customize the look of the login page with your company's branding elements (optional).

Prepare User Community

Explore the Users list. Beside the Security Administrator account you may find a Process Automation group and user. This account is created as part of the service provisioning and is usually linked to the Security Administrator's email address. Process Automation is an internal user for inter-domain communications.

Take advantage of the user import feature to quickly establish user access to the provisioned environments, using the following steps:

Compose initial lists of users who'll be accessing the environment(s), including:
- Key members of the implementation team who are likely to have access to the non-production environments
- Preliminary list of production environment users
Define Group(s) for Just-In-Time Provisioning (if required). See Setting Up Groups for Provisioning - Identity Domain for more information).
Browse the Oracle Cloud Services, locate the Application for each environment, and determine the Application Roles that users will be assigned to.
Download the bulk upload template files and create import files for:
- Users
- Groups
- Application Roles

See Bulk Upload and Download for more detailed information about uploading and downloading template files.

Setup Process Summary

Note that he following assumes the Security Administrator account has been activated.

If you wish to delegate the just-in-time provisioning and access/authorization setup, assign administrator role to at least one user per environment (see Updating Security Privileges).
Access the environment and configure Just-In-Time provisioning according to the product's specifications (see Configuring User Provisioning Rules - OUAF).
- Setup the Identity Management Integration Master Configuration for Customer Cloud Services. Make sure the IAM Groups are the same Groups that were used for the User/Group import files.
Perform import of Users, Groups and Application Roles using the import files prepared above (see Bulk Upload and Download).
Setup at least one integration (non-human) user or OAuth client for integration per environment and communicate the credentials to the implementation team (see Setting Up an Integration User for REST/SOAP Web Services)
Setup access to production environment for those users who are responsible for legacy data migration

3 Quick Start Guide