6 OCI IAM Usage for Startup
For managing users and application access to the Oracle Retail Cloud Services, the users are configured with Oracle Identity Cloud Service (OCI IAM).
The “Default” individual is the person who activates the service into their Oracle Cloud Account, and that individual is initially the cloud administrator designated by Oracle Sales in their cloud service order.
OCI IAM is Oracle's cloud-native security and identity platform. It provides a powerful set of hybrid identity features to maintain a single identity for each user across cloud, mobile, and on-premises applications. OCI IAM enables single sign on (SSO) across all applications in your Oracle Cloud tenancy. You can also integrate OCI IAM with other on-premises applications to extend the scope of this federated identity management. For more information, see the following link:
https://docs.oracle.com/en-us/iaas/Content/Identity/home.htm
Note:
This guide contains a small subset of the OCI IAM Service. Always refer to the OCI IAM Documentation for the latest usage. https://docs.oracle.com/en/cloud/paas/identity-cloud/ index.html
Note:
It is recommended that you create additional OCI IAM and Oracle Retail cloud service administrators once you have validated access. For OCI IAM guidance on creating users and adding additional administrators see the links below:
Understand Administrator Roles (OCI IAM)
Add or Remove a User Account from an Administrator Role (OCI IAM)
Create User Accounts (OCI IAM)
When prompted enter your username (email address) and password which will be the password set when activating your Oracle Cloud Account.
OCI IAM User Creation
Before users can access the Oracle Retail Cloud Service applications, it is necessary to provision access to the system for each user and to assign roles to each user to control what functionality will be available to the user. The access provisioning is done using OCI IAM.
The OCI IAM Application URL and login with the required administrator access are needed to perform the steps. The welcome email sent by Oracle includes the URL.
After creating the user in OCI IAM, the Administrator can create the same user with the same user group (that is, the role in OCI IAM) in the Oracle Retail Cloud Service application.
For Oracle Retail Cloud Service implementations, all the default roles will be created for you in OCI IAM for both production and non-production environments, including the administration roles. The non-production version of the roles will include a "_PREPROD" extension. This is because a single instance of OCI IAM will hold both production and non-production roles for your cloud solutions, so the names need to be differentiated. These roles should not be removed.
Note:
For the full list of groups/roles that are seeded for each of the cloud services, see the Application-Specific Section in this document: Applications in ScopeA user account represents a user in an identity domain and enables the user to access the Oracle Cloud service to which they belong. In an identity domain, there is a one-to-one relationship between a user and a user account. By default, all users can use their accounts to perform self-service capabilities. Users can update their profiles, reset their passwords, unlock their accounts, and change their email preferences.
All application user maintenance is performed via OCI IAM. It is also where users can be assigned to groups, which are equivalent to roles (or job roles) in each application.
It is recommended to create additional administrators for each Oracle Retail Service. The groups for each cloud service that represent the administrator will vary by application.
See the Application-Specific Section in this document for each service subscribed to for a list of the groups for that service that represents the administrator. For details on adding Groups to users see:
Managing Users
For Oracle Retail Cloud Service guidance on managing users for the services with OCI IAM, see the following links:
Oracle Retail Oracle Cloud Infrastructure Identity & Access Mgmt
Oracle Retail Cloud Service Documentation: There is a Security guide for each Oracle Retail Cloud Service