Thursday 9 February 2023

Provisioning Oracle Integration Cloud Service

 OIC Provisioning.

  • Provision Identity Cloud Service domain.
    • Login into the OCI console.
    • Go to Identity and Security Menu
    • Select Domains under Identity. This option will be available for the OCI accounts created after December 2018
    • Click Create Domains
    • Provide Name.  Example - Development
    • Provide Description.  Example - Development Domains
    • Select Domain Type. Example - Free / Premium /etc.
    • If we want to create a new administrator for the domain then we can provide the user name and password.
    • Otherwise we can use the OCI admin user credentials by un-selecting Create Admin User option.
    • Select the compartment - Development .  If not created then create a new compartment and use it.
  • Create an IAM group in the IDCS domain.
    • Go to the IDCS console.
    • Select the groups menu
    • Create a new group called Administrator group
    • Provide a description.
  • Create an IAM policy in the IDCS domain.
    • Go to the OCI console.
    • Select Identity and Security
    • Select Policies under Identity
    • Click Create policy.
    • Provide a name - OICIntegrationGroupPolicy
    • Use the policy builder to create policy.
    • Sample : allow group Development/Administrator to manage integration-instance in compartment Development
    • Development/Administrator - DomainName/GroupName
    • If we don't provide the Domain Name then it will take the default domain present in the root compartment.
    • NOTE: User Federation refers to linking user's identity and attributes across multiple identity management systems.
    • Oracle Integration Federation means that identities are linked in IDCS and Oracle Identity And Access Management(IAM).
  • Create an Oracle Integration Instance
    • NOTE :  Instance will be associated with the IDCS instance to which we login while provisioning the OIC.
    • Use the proper Identity domain while login.
    • In this case , use the Development domain to login.
    • After Signing into the OCI console, select the region.
    • Got to Developer Service Menu on OCI console
    • Under Application Integration select Integration
    • Select the Compartment in which you want to provision the OIC.  In this case it will be the Development compartment.
    • Click CREATE.
    • Provide Name.
    • Select Version - Gen 2 or Gen 3
    • Consumption Model -- Universal Credit Limit
    • Edition -- Standard or Enterprise.
    • Shape -- Development or Production
    • NOTE : Based on the shape patches will be applied. Development shapes will receive the patches two weeks early.
    • Production shapes will receive the patches two weeks after the Development shapes.
    • Advance Options :
      • Network Access :
        • Only Gen 2 version will allow us to define and configure Allow list.
      • Custom Endpoint :
        • Available only for Gen 2
        • We can provide the custom endpoint.
        • It must already be registered on a DNS provider.
        • Its SSL certificates must be stored as secret in an OCI vault.
  • Email Configurations.
    • Sender Policy Framework (SPF) :
    • It lets domain owners (InfiniteCloud) identify servers (External Servers) they have approved to send emails on behalf of their domain.
    • In Oracle Integration's case, domain owners(InfiniteCloud) need to approve OCI as an approved sender and to add a record for it in their domain.
at No comments:
Subscribe to: Posts (Atom)

IDCS - Identity Federation with Azure and Google (SAML IDP & Social IDP)

The setup involves Identity Cloud Service (IDCS) acting as the central identity provider, facilitating seamless authentication and authoriza...