Components

OPERA Cloud Identity Management consist of following components:

• Customer OCI IAM Identity Domains: The Oracle Cloud Infrastructure (OCI) Identity Domain is a container for managing users and roles, federating and provisioning users, securing application integration through Oracle Single Sign-On (SSO) configuration, and registering clients and resources through OAuth administration. It represents a user population in Oracle Cloud Infrastructure and its associated configurations and security settings (such as Multi-Factor Authentication).

  Each OPERA Cloud customer is provided with an Oracle Cloud Infrastructure (OCI) tenancy under the Hospitality Identity Cloud Service (HGBUHIM SKU - CPQ SKU: B94442). The customer is entitled to two dedicated OCI IAM Oracle Apps identity domains within this OCI tenancy: one for non-production environments and one for production environments. This setup allows customers to manage user access to their OPERA Cloud environments through OCI IAM Identity Domains.

  The OCI IAM Oracle Apps identity domain includes the essential Identity and Access Management (IAM) capabilities needed to manage users and their access to OPERA Cloud services. If additional features or higher limits are required, the customer may choose a different identity domain type, which incurs usage-based charges. For details on available identity domain types, refer to the IAM Identity Domain Types page.

  Note:

  Breaching the limits of the OCI IAM APPS Identity Domain type can negatively impact the performance of OPERA Cloud services. Customers are strongly advised to adhere to the prescribed limits for this domain type; refer to the IAM Identity Domain Types page for detailed information on these limits. The OCI IAM APPS Identity Domain provided for the customer's usage is restricted to the following features only:

  • Storing users and groups specific to OPERA Cloud services.

  • Managing user passwords (for non-federated users).

  • Configuring identity providers to establish single sign-on with the customer’s identity system for OPERA Cloud service portals.

  • Enabling multi-factor authentication and setting network perimeters for OPERA Cloud service portals.

  • Using OAuth 2.0 features for OHIP API authentication and authorisation.

  • Utilizing auditing and reporting functions to monitor access to OPERA Cloud services.

• Oracle Hospitality IAM: The OCI IAM Identity domain is where Oracle users are stored and managed through the Oracle corporate identity management system. Customer users are never part of this identity domain and authorized Oracle users can access approved customer environments using Oracle Corporate Single Sign-On (SSO).
• OPERA Cloud Identity Management Portal: The OPERA Cloud Identity Management Portal is a user and group administration portal for OPERA Cloud Identity Management where OPERA Cloud customers can manage their user and group memberships (role memberships). The OPERA Cloud Identity Management Portal is a user interface which connects with the respective customer dedicated OCI IAM Identity Domain.

  Note:

  The OPERA Cloud Identity Management Portal is used by a federated customer only for managing Admin Roles, managing custom groups, copying custom groups across multiple chains or properties, and managing Oracle user access to sensitive data and data access roles in OPERA Cloud.

• OPERA Cloud Identity Management SCIM API: The System for Cross-domain Identity Management (SCIM) is an open specification that standardizes user and group management across applications and allows for the automation of user and group provisioning. Through the SCIM API available in the Oracle Hospitality Integration Platform (OHIP), OPERA Cloud customers can provision and synchronize data for their users and groups. The OPERA Cloud Identity Management SCIM API is an abstraction of the OCI IAM Identity Domain API with OPERA Cloud specific specifications.

  Note:

  SCIM API Usage: The SCIM APIs for OPERA Cloud services should only be accessed through OHIP as OHIP publishes the OPERA Cloud Identity Management SCIM APIs. OCI IAM Identity Domain APIs are not to be used for SCIM API access.