1. Administration Guide
  2. Appendix: Provisioning a New System with IDCS

B Appendix: Provisioning a New System with IDCS

This appendix summarizes the cloudification process for provisioning an environment with IDCS integration for a new installation, an upgrade of an existing system, and the refresh of data in a staging/UAT test environment.

Figure B-1 Provisioning Process

This figure shows the provisioning process.

Notes:

  • Raising the order in the Tenant Automation System creates a JSON file containing the necessary configuration settings.

  • AMS completes the configuration of the Web Tier Security Service (WTSS) and the IDCS tenant.

    If a new installation, the Brand Compliance portal (including Global Network Bus if appropriate) is installed.

  • For new installations and upgrades, the CSM should include steps in the project plan for the client to manage communications with their user base, with regard to the activation of their IDCS profiles. This may be a combination of a mail-merge type mailing program, or use of the News and Alerts facilities during the run-up to go-live.

    The CSM will liaise with the client to identify the individual the initial client super user administrator; AMS creates for them the IDCS Administrator profile. The corresponding Brand Compliance User record is assigned the ORACLE AUTHORIZED USER, POWER USER and SYSTEM ADMINISTRATOR permissions.

    The client administrator can then configure the IDCS tenant's branding, emailing rules, and user groups as required.

  • For upgrades, the migration process is run (using the runbooks/installation scripts provided by Development), to create an IDCS profile for all existing Brand Compliance users. The migration may be run multiple times; subsequent runs will create IDCS profiles for any new users since the previous run, and any updates to existing users' roles.

    The migration process disables the IDCS email templates, so no automated emails are generated during migration. The emailing remains disabled after migration until the client chooses to enable it.

    Reasons for having the automated emailing disabled during migration include:

    • Users may be being introduced in stages.

    • The user may not be permitted to access the environment (staging/UAT).

    • A failure of the migration or implementation process results in a roll-back, with the environment not being available.

  • When refreshing staging/UAT with Live data, IDCS profiles will be automatically created for new users; existing users will have their profiles updated with any changes to their roles. The migration tool is used to create the staging/UAT user profiles in IDCS.

  • Subsequent new users are then manually created in Brand Compliance, with their IDCS profile being automatically created. If emailing is enabled, notifications will be automatically generated.

    If IDCS emailing is enabled, the client administrator can choose to manually send notification emails to users individually, to notify that their IDCS profile has been created.

    As part of the administration of users in Brand Compliance, the client administrator will need to configure any external systems that are to access the Brand Compliance APIs, assigning an email address and a unique login id.