1. Microservices Architecture Documentation
  2. Deploy
  3. Delegate User Authentication to an External ID Provider
  4. Configure IAM for Oracle GoldenGate

Configure IAM for Oracle GoldenGate

Identity and Access Management (IAM) uses identity domains to provide identity and access management features such as authentication, single sign-on (SSO), and identity lifecycle management for Oracle Cloud as well as for Oracle and non-Oracle applications, including SaaS, cloud hosted, or on premises.

To set up an IAM application, perform the following tasks on the IAM side:

  1. Create a domain to set up the application.

  2. Create a user account for a user in an OCI IAM identity domain. See Create Users in OCI Documentation.

  3. Create a group. A group has no permissions until you do one of the following:

    • Write at least one policy that gives that group permission to either the tenancy or a compartment. When writing the policy, you can specify the group by using either the unique name or the group's OCID. For information about writing policies, see Managing Policies.

    • Assign the group to an application.

    See Create Groups,

  4. Add an application. Confidential applications run on a protected server. See Add Applications

    Integrating your applications makes it easy for users to sign in with single sign on and gives you a central place to manage their permissions. Application integration includes securing your users, protecting the resources within the applications, and enabling users to access your applications through single sign-on (SSO). Confidential applications run on a protected server.

  5. Configure OAuth to protect resources of the confidential application. Authorized resources define the way a client can access the resources in a Confidential application. Specify the following values to set up OAuth for Oracle GoldenGate. The values that are specified here will be used when creating the authorization profile in Oracle GoldenGate.

    • Access token expiration (seconds): This defines how long the access token associated with your confidential application remains valid.

    • The primary audience (recipient): This is where the access token for the confidential application is processed.

    • Scopes: These are used to specify which parts of other applications that you want your application to access.T The scope is fixed (oggServiceToService)

  6. Add Application Roles.

  7. Add Resources.

  8. Activate Application.

  9. After configuring the confidential application in IAM, create the authorization profile in Oracle GoldenGate. See Create an Authorization Profile.

For an example of how the Authorization Profile would be configured with the values from the IAM application, see Example IAM Application and Oracle GoldenGate Authorization Profile Configured for an IAM Application.