docs.oracle.com
Open in
urlscan Pro
2600:141b:13:7a7::af5
Public Scan
Submitted URL: http://www.oracle.com/pls/topic/lookup?ctx=cloud&id=CSGSG170
Effective URL: https://docs.oracle.com/cloud/131/trial_paid_subscriptions/CSGSG/cloud-manage-user-accounts.htm
Submission: On November 02 via manual from CA — Scanned from CA
Effective URL: https://docs.oracle.com/cloud/131/trial_paid_subscriptions/CSGSG/cloud-manage-user-accounts.htm
Submission: On November 02 via manual from CA — Scanned from CA
Form analysis 2 forms found in the DOM
Name: searchForm — javascript:submitSearch();
<form id="searchForm" action="javascript:submitSearch();" name="searchForm"><label for="word" class="searchlabel">Search:</label> <select name="partno">
<option value="">Search this Library</option>
<option value="e38749">Search this Book</option>
</select><input type="text" name="word" id="word" size="15" onfocus="if(this.value=='Enter Keyword')this.value=''" value="Enter Keyword"><input type="hidden" id="Version" value="cloud131"><input type="submit" id="gosearch" value="submit"
title="submit"></form><form action=""><label for="Version" class="hidden">Release</label>
<select name="Version" id="Version" onchange="window.location=this.value;">
<option value="http://docs.oracle.com/cloud">Cloud Services</option>
<option value="http://docs.oracle.com/cloud/132/appmarket/index.html">Cloud Marketplace</option>
</select>
</form>Text Content
Search: Search this Library Search this Book
Advanced Search
Oracle Cloud Learning Center
Release Cloud ServicesCloud Marketplace
Home > Release 13.1 > Trial and Paid Subscriptions > Oracle Database Cloud
Service
*
*
Oracle® Cloud Getting Started with Oracle Cloud
PDF | Mobi | ePub
August 2013
4 MANAGING USERS AND ROLES
Collapse All | Expand All
*
1 Oracle Cloud Overview
* About the Oracle Cloud Website
* Currently Available Oracle Cloud Services
* Oracle Cloud Terminology
* Oracle Cloud User Roles and Privileges
* Web Browser Requirements
* Getting an Oracle.com Account
*
Getting Help
* Chatting Online with an Oracle Support Representative
* Contacting Us
* Signing In to an Oracle Cloud Service
*
2 Requesting a Trial Subscription to an Oracle Cloud Service
* Oracle Cloud Services Available as a Trial Subscription
*
Trial Subscriptions Requested through the Oracle Cloud Portal
* Requesting a Trial Subscription
* Checking the Status of Your Trial Request
* Activating Your Trial Subscription
* Monitoring the Status of Your Activation Request
* Verifying Your Oracle Cloud Service Is Up and Running
* Managing Your Oracle Cloud Service
* Trial Subscriptions for Oracle RightNow Cloud Service
* Trial Subscriptions for Oracle Taleo Business Edition Cloud Service
* Extending a Trial
*
3 Purchasing a Subscription to an Oracle Cloud Service
* Overview of Purchasing an Oracle Cloud Service
* Ordering an Oracle Cloud Service
* Activating Your Order for an Oracle Cloud Service
* Monitoring the Progress of an Activation Request
* Verifying a Service Is Up and Running
* What to Do Once Your Oracle Cloud Service Is Active
*
Changing Your Paid Subscription to an Oracle Cloud Service
* Requirements and Restrictions for Changing a Subscription
* Starting from Oracle Store to Change a Paid Subscription
* Starting from My Account to Change a Paid Subscription
*
Terminating Your Paid Subscription to an Oracle Cloud Service
* Termination Requirements and Restrictions
* Starting from Oracle Store to Terminate a Paid Subscription
* Starting from My Account to Terminate a Paid Subscription
*
4 Managing Users and Roles
*
About Oracle Identity Console
* What Is Oracle Identity Console?
* Who Uses Oracle Identity Console and Why?
* What Can You Access with an Oracle Identity Console User Account?
*
Roles and User Accounts Predefined in Oracle Identity Console
* About the Predefined Roles and Accounts
* Identity Domain Administrator Role
* Service Administrator Role
* Service-specific Non-administrative Roles
* Taking Care of the Predefined Roles
*
Signing In to Oracle Identity Console
* Sign-in Credentials
* How You Receive Your Sign-in Credentials
* Signing In for the Initial Identity Domain Administrator
* Opening Oracle Identity Console and Signing In
* Accessing Oracle Identity Console from the My Services Application
* Accessibility Preferences in Oracle Identity Console
*
Adding and Deleting User Accounts
* Creating One User Account at a Time
* Adding a Batch of User Accounts
* Deleting a User Account
*
Assigning and Revoking Roles
* About Assigning and Revoking Roles
* Assigning a Role to a User
* Revoking a Role from a User
*
Creating and Deleting Custom Roles
* About Custom Roles
* Viewing Existing Roles
* Creating a New Role
* Deleting a Role
*
Displaying Roles and User Assignments
* Displaying All Roles Assigned to a User
* Displaying the Users Assigned to a Role
*
Managing Your Password and Password Challenge Questions
* Changing Your Password
* Changing Your Password Challenge Questions
* What to Do When You Forget Your Password
* What to Do If Your Account Gets Locked
* Resetting Another User's Password
*
Setting Up the Secure FTP User Accounts for Oracle Cloud Services
* About the Predefined SFTP User Accounts
* Locating the Details for the SFTP User Accounts
* Configuring the Passwords for the SFTP User Accounts
*
5 Managing and Monitoring Cloud Services
* Overview of Monitoring and Operating Cloud Services
*
Using My Account
* Signing In to My Account
* About the Services Page in My Account
* Using the Toolbar in My Account
* Viewing Service Details in My Account
* Managing Account Administrators
*
Using My Services
* About My Services
* Signing In to My Services
* About the Services Page in My Services
* Using the Toolbar in My Services
* Viewing Service Details in My Services
* Accessing Consoles and Services from the Service Details Page
* About the Overview Tab on the Service Details Page in My Services
* Accessing a Service Interface or Console from My Services
* Monitoring Status History
* Monitoring Service Utilization
* Monitoring Service Notifications
* Editing Service Descriptions
*
Locking and Unlocking a Service
* Locking a Service
* Unlocking a Service
*
Associating and Disassociating Services
* Associating Services
* Disassociating Services
*
Application-specific Tools for Monitoring Oracle Cloud Services
* Additional Monitoring Tools for Oracle Java Cloud Service
* Additional Monitoring Tools for Oracle Database Cloud Service
*
6 Securing Oracle Cloud
* About Security in a Cloud-based Environment
* General Oracle Cloud Security Awareness
* Identity Management and Access Control Best Practices
* HTTP Cookie Security in Custom Applications
This section describes how to use Oracle Identity Console to manage users,
roles, and passwords.
Topics:
* About Oracle Identity Console
* Roles and User Accounts Predefined in Oracle Identity Console
* Signing In to Oracle Identity Console
* Adding and Deleting User Accounts
* Assigning and Revoking Roles
* Creating and Deleting Custom Roles
* Displaying Roles and User Assignments
* Managing Your Password and Password Challenge Questions
* Resetting Another User's Password
* Setting Up the Secure FTP User Accounts for Oracle Cloud Services
ABOUT ORACLE IDENTITY CONSOLE
Topics:
* What Is Oracle Identity Console?
* Who Uses Oracle Identity Console and Why?
* What Can You Access with an Oracle Identity Console User Account?
WHAT IS ORACLE IDENTITY CONSOLE?
Oracle Identity Console is a web-based self-service and administration tool of
the identity management system for managing users and their roles for certain
Oracle Cloud applications and services.
Oracle Identity Console stores the user accounts in an identity management
repository that is dedicated to your enterprise. An identity domain
administrator must manage these user accounts.
WHO USES ORACLE IDENTITY CONSOLE AND WHY?
Your reason for using Oracle Identity Console depends on your Oracle Cloud
service. The following table describes the function of Oracle Identity Console
for each service available in Oracle Cloud 13.1.
Oracle Cloud Service How the Service Uses Oracle Identity Console
Oracle Database Cloud Service
Oracle Java Cloud Service
For these Oracle Cloud services, you use Oracle Identity Console to:
* Manage the users who can access the service
* Manage the users who can access Oracle Identity Console
* Manage the users who can access the My Services application in Oracle Cloud
* Manage the SFTP predefined user accounts
Oracle Enterprise Resource Planning Cloud Service
Oracle Human Capital Management Cloud Service (Oracle HCM Cloud Service)
Oracle Sales Cloud Service
Oracle Talent Management Cloud Service
For these Oracle Cloud services, you use Oracle Identity Console to:
* Manage the users who can access Oracle Identity Console
* Manage the users who can access the My Services application in Oracle Cloud
* Manage the SFTP predefined user accounts
For information about how to create accounts for users who need access to one of
these Oracle Cloud services, see the documentation specific to your Oracle Cloud
service.
Oracle RightNow Cloud Service
Oracle Taleo Business Edition Cloud Service (Oracle TBE Cloud Service)
These Oracle Cloud services do not use Oracle Identity Console.
WHAT CAN YOU ACCESS WITH AN ORACLE IDENTITY CONSOLE USER ACCOUNT?
A user account in Oracle Identity Console lets a user:
* Sign in to Oracle Identity Console. The user role defines the features that
the user can access in Oracle Identity Console.
* Sign in to the My Services application in Oracle Cloud if the user is
assigned either the identity domain administrator role or a service
administrator role.
* Sign in to an Oracle Cloud service provided the service uses the Oracle
Identity Console to verify its users. For Oracle Cloud 13.1, these services
are Oracle Database Cloud Service and Oracle Java Cloud Service.
ROLES AND USER ACCOUNTS PREDEFINED IN ORACLE IDENTITY CONSOLE
Topics:
* About the Predefined Roles and Accounts
* Identity Domain Administrator Role
* Service Administrator Role
* Service-specific Non-administrative Roles
* Taking Care of the Predefined Roles
ABOUT THE PREDEFINED ROLES AND ACCOUNTS
When Oracle Cloud services are provisioned in an identity domain, Oracle Cloud
automatically populates Oracle Identity Console with several roles and several
user accounts.
The predefined roles:
* Correspond to the type of Oracle Cloud service being provisioned.
* Include both administrative roles and non-administrative roles.
* Give certain privileges to the users based on the role assigned to them.
Users can be assigned more than one role.
The predefined roles include:
* Identity Domain Administrator Role
* Service Administrator Role
* Service-specific Non-administrative Roles
Administrative individuals are automatically granted the predefined roles that
correspond to their administrator role and the type of service they are assigned
to manage.
For example, the service administrator for an Oracle Java Cloud Service is given
the Service-name Java Administrator predefined role and the service
administrator for an Oracle Database Cloud Service is given the Service-name
Database Administrator predefined role.
In addition, an identity domain administrator is granted the Identity Domain
Administrator predefined role when an identity domain is first set up. If an
individual is both the identity domain administrator and the service
administrator, then the individual is automatically assigned the Identity Domain
Administrator and the Service-name Service-type Administrator predefined roles.
Note:
If an individual is both the service administrator and the identity domain
administrator, Oracle Cloud creates only one user account in Oracle Identity
Console for that individual and then assigns multiple roles to the user.
In addition to the predefined roles, Oracle Cloud automatically creates several
user accounts in Oracle Identity Console and assigns the appropriate role to the
user. The user accounts created depends on the type of Oracle Cloud service
being provisioned. Each user account includes the user's name, password, email
address, and roles assigned to the user.
Oracle Cloud also creates several SFTP accounts in Oracle Identity Console. You
use the SFTP account to upload and download files related to your Oracle Cloud
service. For more information, see Setting Up the Secure FTP User Accounts for
Oracle Cloud Services.
IDENTITY DOMAIN ADMINISTRATOR ROLE
Topics:
* Privileges for Identity Domain Administrators
* If You Are Assigned to Manage More than One Identity Domain
PRIVILEGES FOR IDENTITY DOMAIN ADMINISTRATORS
As an identity domain administrator, you use Oracle Identity Console to manage
your own users and their roles. Your view in Oracle Identity Console is limited
to the users and roles in the identity domains that you have been assigned to
manage. You see all the roles at the domain and service levels.
The identity domain administrator role gives a user the following privileges:
* Access to all user and role management functions in Oracle Identity Console,
including:
* Adding and Deleting User Accounts
* Assigning and Revoking Roles
* Creating and Deleting Custom Roles
* Displaying Roles and User Assignments
* Resetting Another User's Password
* Access to the My Services application in Oracle Cloud. For more information,
see Managing and Monitoring Cloud Services.
IF YOU ARE ASSIGNED TO MANAGE MORE THAN ONE IDENTITY DOMAIN
If you are assigned as the identity domain administrator for more than one
identity domain, you must sign in to each identity domain separately to manage
users and roles in that identity domain.
SERVICE ADMINISTRATOR ROLE
Topics:
* Privileges for Service Administrators
* If You Are Assigned to Manage Services in More Than One Domain
* Format of Predefined Roles for Service-Specific Administrators
PRIVILEGES FOR SERVICE ADMINISTRATORS
As a service administrator, your view in Oracle Identity Console is limited to
the users and roles for the services that you are assigned to manage. You see
only the roles at the service level.
In addition, you are limited to mostly search, view, and read-only functions.
For example, you cannot create roles or user accounts, but you can assign an
existing role to an existing user account.
The service administrator role gives a user the following privileges:
* Access to some features in Oracle Identity Console, including:
* Assigning and Revoking Roles
* Displaying Roles and User Assignments
* Access to the My Services application in Oracle Cloud. For more information,
see Managing and Monitoring Cloud Services.
* Access to the necessary service-specific tools and application components.
See the documentation specific to your Oracle Cloud service for more
information.
IF YOU ARE ASSIGNED TO MANAGE SERVICES IN MORE THAN ONE DOMAIN
Note that the services you are assigned to manage can be in one or more identity
domains. If your services are in more than one identity domain, you must sign in
to each identity domain separately to manage the users in that identity domain.
FORMAT OF PREDEFINED ROLES FOR SERVICE-SPECIFIC ADMINISTRATORS
The name of the service administrator role is prefixed by name of the service
instance and the type of service. The format is as follows:
service-name service-type Administrator
For example:
* If myservice1 is the name for an Oracle Database Cloud Service, then the
fully qualified name for the service administrator role for that service is:
myservice1 Database Administrator
* If trial295 is the name for an Oracle Java Cloud Service, then the fully
qualified name for the service administrator role for that service is:
trial295 Java Administrator
SERVICE-SPECIFIC NON-ADMINISTRATIVE ROLES
Topics:
* Format of Predefined Roles for Service-specific Users
* Service-specific User Roles for an Oracle Database Cloud Service
* Service-specific User Roles for an Oracle Java Cloud Service
FORMAT OF PREDEFINED ROLES FOR SERVICE-SPECIFIC USERS
In addition to the administrative roles, Oracle Cloud automatically populates
Oracle Identity Console with several non-administrative roles. The roles created
depends on the type of Oracle Cloud service being provisioned.
All names for predefined roles related to a specific service are prefixed by the
name of the service instance and the type of service. The format is as follows:
service-name service-type role-name
For example, if myservice1 is the name for an Oracle Database Cloud Service,
then the fully qualified names of the roles for that service are:
myservice1 Database Developer
myservice1 Database User
SERVICE-SPECIFIC USER ROLES FOR AN ORACLE DATABASE CLOUD SERVICE
For an Oracle Database Cloud Service, Oracle Cloud creates the following service
user roles in Oracle Identity Console:
* service-name Database Developer: Assign this predefined role to any user who
needs access to this instance of an Oracle Database Cloud Service to develop
and deploy applications. These users can develop and edit Oracle Application
Express applications using the Application Builder and SQL Workshop. For more
information about these tasks, see the Using Oracle Database Cloud Service
guide.
* service-name Database User: Assign this predefined role to any user who needs
to use the applications that have been deployed on this instance of an Oracle
Database Cloud Service.
Note:
An access control list (ACL) is used to further restrict access to an
application or to features within an application.
SERVICE-SPECIFIC USER ROLES FOR AN ORACLE JAVA CLOUD SERVICE
For an Oracle Java Cloud Service, Oracle Cloud creates the service-name Java
User role in Oracle Identity Console. Assign this predefined role to any user
who needs to use the applications that have been deployed on this instance of an
Oracle Java Cloud Service.
TAKING CARE OF THE PREDEFINED ROLES
Be careful when managing the predefined roles and user accounts.
Your account must always have at least one user with identity domain
administration privileges. If you delete your only identity domain
administrator, or remove the administration role from this user, you cannot
access Oracle Identity Console.
If you accidentally disable or delete one of the predefined accounts, contact
Oracle Support for assistance. See Contacting Us for details.
SIGNING IN TO ORACLE IDENTITY CONSOLE
Topics:
* Sign-in Credentials
* How You Receive Your Sign-in Credentials
* Signing In for the Initial Identity Domain Administrator
* Opening Oracle Identity Console and Signing In
* Accessing Oracle Identity Console from the My Services Application
* Accessibility Preferences in Oracle Identity Console
SIGN-IN CREDENTIALS
To sign in to Oracle Identity Console, you need:
* Your user name.
* Your password.
* The name of your identity domain.
* The URL for either the Oracle Identity Console or the My Services
application. If you are an identity domain administrator or a service
administrator, you can access Oracle Identity Console from the My Services
application. You use your account credentials defined in Oracle Identity
Console to sign in to either application.
HOW YOU RECEIVE YOUR SIGN-IN CREDENTIALS
How you receive your sign-in credentials and URL information depends on your
role:
* During the process of activating an Oracle Cloud service, the account
administrator specifies who will be the initial identity domain administrator
and service administrator. One individual can be assigned both roles.
If you are the initial identity domain administrator or service
administrator, Oracle Cloud sends you an email that contains your user name,
your temporary password, the identity domain, and the URL for the My Services
application. You can access the Oracle Identity Console from My Services.
Oracle Cloud sends the email after your assigned service in an identity
domain is activated. If you did not receive any post-activation email
messages, contact Oracle Support for clarification (see Contacting Us).
* The identity domain administrator uses Oracle Identity Console to create
accounts for other users and to assign roles to these users. In these cases,
Oracle Identity Console sends you an email with your user name and identity
domain when your user account is created.
The email contains your user name and your identity domain. Depending on the
method used to create the account, the email may also contain a temporary
password. Your identity domain administrator must provide you with the
remaining sign-in information, including the URL for the Oracle Identity
Console, separately. If you did not receive your sign-in information, contact
your identity domain administrator.
SIGNING IN FOR THE INITIAL IDENTITY DOMAIN ADMINISTRATOR
If you are the initial identity domain administrator, Oracle Cloud sends you an
email that contains your user name, your temporary password, the identity
domain, and the URL for the My Services application. Initially, you must access
the Oracle Identity Console from My Services.
To sign in to My Services and then access Oracle Identity Console:
1. Open your web browser and go to the Oracle Cloud website:
https://cloud.oracle.com
2. Click Sign In. In the Sign In to My Services box:
1. Select the data center where your service is located. Oracle provided the
name of your data center in the post-activation email.
2. Click Sign In to My Services.
Note:
Alternatively, you can click the My Services URL in your post-activation
email to sign in to My Services directly.
3. Enter your sign-in credentials in the dialog box. The first time you sign
in, use the user name, temporary password, and identity domain provided in
the post-activation email.
4. Click Sign In.
When you sign in to My Services the first time, you must change your
temporary password for security and register three password challenge
questions.
When you sign in successfully, the My Services application opens.
5. Click Identity Console on the Services page to open Oracle Identity Console.
As the identity domain administrator:
* You must make note of the URL for Oracle Identity Console. You need to
provide this URL to your Oracle Database Cloud Service users and your Oracle
Java Cloud Service users who do not have access to My Services. These users
need to access Oracle Identity Console to change their password and challenge
questions.
Identity domain administrators and service administrators can access Oracle
Identity Console either from My Services or by entering the URL.
* You use Oracle Identity Console to create users accounts and assign the
appropriate role to your users. For more information, see Adding and Deleting
User Accounts and Assigning and Revoking Roles.
OPENING ORACLE IDENTITY CONSOLE AND SIGNING IN
To open Oracle Identity Console and sign in:
1. Open your web browser and enter your URL for the Oracle Identity Console.
For example:
https://host-name/identity
2. Enter your user name, password, and identity domain.
3. Click Sign In.
If this is your first time signing in, Oracle Identity Console prompts you
to change your temporary password.
In addition, you must set three password challenge questions and answers. If
you ever forget your password and need to reset it, the system prompts for
the answers to your challenge questions. You must supply the correct answers
before the system resets your password.
Continue as follows:
1. Enter your old password, enter new password, and then enter the new
password again.
2. Select a question from the Question 1 drop-down list, then enter your
answer in the associated field.
3. Repeat the procedure for Question 2 and Question 3.
4. Click Submit.
Note that you can change your password and password challenge questions any
time you are signed in to Oracle Identity Console. For more information, see
Changing Your Password and Changing Your Password Challenge Questions.
When you sign in successfully, the Oracle Identity Console opens. Your view in
Oracle Identity Console depends on the roles you are assigned:
* All users can access information about their user account, change their
password, and set their password challenge questions.
* If you are assigned an administrative role, you also have access to the
Manage Users and Manage Roles options.
Note:
You are automatically signed out of Oracle Identity Console after a period of
inactivity in the console. You need to reenter your account credentials when the
system registers activity in the console.
ACCESSING ORACLE IDENTITY CONSOLE FROM THE MY SERVICES APPLICATION
If you are an identity domain administrator or a service administrator and if
you are already signed in to the My Services application, you can click Identity
Console on the Services page to go to Oracle Identity Console directly. The
system does not prompt for your sign-in credentials because you are already
signed in to the identity management system.
Description of the illustration ic_servpage_access1.gif
ACCESSIBILITY PREFERENCES IN ORACLE IDENTITY CONSOLE
Oracle Identity Console supports various special modes for accessibility.
To set your accessibility preferences, click Accessibility at the top of the
page. You can select any combination of screen reader mode, high contrast colors
mode, and large fonts mode.
Description of the illustration accessibility.jpg
ADDING AND DELETING USER ACCOUNTS
Only identity domain administrators can add user accounts, and they are allowed
to add, modify, and delete user accounts only in the identity domains that they
have been designated to administer.
To add a user account in Oracle Identity Console, an identity domain
administrator needs the following information:
* A valid business email address for the user
* The first and last names of the user
* The services that the user is allowed to access
Select one of the following methods to create user accounts:
* Creating One User Account at a Time
* Adding a Batch of User Accounts
After a user account has been created, either an identity domain administrator
or a service administrator must explicitly assign at least one role to the user.
For information about managing roles, see Roles and User Accounts Predefined in
Oracle Identity Console and Assigning and Revoking Roles.
CREATING ONE USER ACCOUNT AT A TIME
As the identity domain administrator, you can use the Create button in Oracle
Identity Console to create one user account at a time.
Video
When you create a user account, you manually assign a temporary password to the
user. After the user account is created:
* Oracle sends an email notifying the user that an account was created. The
email provides only the user's sign-in name (user name) and the name of the
identity domain.
* You must provide the user with the temporary password you specified when
creating the account and any appropriate URLs to applications and services.
To add one user account at a time:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Users.
3. Click Create on the toolbar.
Description of the illustration ic_userstoolbar.gif
4. Enter the following details in the Create User dialog box:
* First Name: Enter the user's first name.
* Last Name: Enter the user's last name.
* Email: Enter a valid business email in standard format. For example,
johndoe@somecompany.com.
* User ID (User Name): Enter a user name. The user name, along with the
password and the name of the identity domain, define a user's sign-in
credentials.
Entering a value into the User ID field is optional. If you do not enter a
value, the system makes the user name the same as the email address unless
the user name is currently in use or had previously been in use within the
current domain. For these cases, the system adds a number to the email
address to create a unique value for the user name.
The maximum length of the user name is 80 characters.
* Password: Enter a password. This password is temporary. Users are forced
to change their temporary password when they sign in the first time.
Note:
Make a note of the temporary password you assign to the user. The system
does not include this password in the automated email sent to the new
user. You must communicate this password to the new user yourself. If you
forget or lose this password, you can reset it. For information, see
Resetting Another User's Password.
* Confirm Password: Reenter the password.
5. Click Create. The system adds an account for the user and displays a message
if the user account was created successfully.
6. Click OK to close the message and return to the Manage Users page.
To display the user account you just added, enter search criteria and click
Search.
After the user account is created, either an identity domain administrator or a
service administrator must explicitly assign one or more roles to the user. The
role controls access to applications, resources, and services. For more
information, see Assigning and Revoking Roles.
In addition, the identity domain administrator must:
* Provide the temporary password to the user.
* Provide the URL for the Oracle Identity Console to the user.
* Provide one or more service URLs to the user, depending on the service type
the user is allowed to access.
ADDING A BATCH OF USER ACCOUNTS
Topics:
* Task 1, "Create a Comma-Separated Values File"
* Task 2, "Upload the Comma-Separated Values File"
* Task 3, "Review and Fix Any Reported Errors"
* Task 4, "Assign Roles and Provide Access Details to Users"
Video
Task 1 Create a Comma-Separated Values File
If you are an identity domain administrator, you can add a batch of user
accounts by uploading a comma-separated values (CSV) file that lists the
information required to set up each user account.
The CSV file is a simple text file in a tabular format (rows and columns). The
header row, which defines the columns (fields) in your table, must have these
exact column headings:
* First Name
* Last Name
* Email
* User Login
For each user account, you create a new row (line) and enter data into each
column (field). Each row equals one record.
To create a CSV file, you can use a standard spreadsheet application, such as
Microsoft Excel or Google Spreadsheet, or you can use a text editor, such as
Notepad or TextPad. You must be sure to save the file in a valid CSV format.
Spreadsheet applications make it easy to create, edit, and save CSV files. You
can use standard features to add and delete rows of data, edit individual
fields, search for certain records, or sort the list using various options. The
following illustration shows an example of user account data defined in a
Microsoft Excel file. The layout lets you easily review the data.
Description of the illustration ic_csv1.gif
When you save your spreadsheet as type CVS (Comma delimited) (*.csv), a comma
separates each field in each row. For example, the following illustration shows
the data from the Microsoft Excel spreadsheet, saved as a CSV file, and opened
in Notepad:
Description of the illustration ic_csv2.gif
The CSV file must adhere to the following requirements:
* Must be ANSI or UTF-8 encoded.
* Must not be larger than 256 KB (maximum file size).
* Must use a comma as the delimiter between the values.
* Must include three columns with these exact headings: First Name, Last Name,
and Email.
* May include an optional fourth column with this exact heading: User Login.
Note:
In the CSV file, the column heading is User Login. However, the value you
enter in the User Login column maps to the User ID column on the Manage Users
page in Oracle Identity Console. This value, also called the user name, is
the name the user enters on the Sign In page.
The user name (that is, the value in the User Login column), along with the
password and the name of the identity domain, define a user's sign-in
credentials.
If you do not include a value in the User Login column, the system makes the
user name the same as the email address unless the user name is currently in
use or had previously been in use within the current domain. For these cases,
the system adds a number to the email address to create a unique value for
the user name.
The maximum length of the user name is 80 characters.
Task 2 Upload the Comma-Separated Values File
To upload a comma-separated values (CSV) file and automatically add a batch of
user accounts to the identity management system:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Users.
3. Click Load Users on the toolbar.
4. Enter the name of the file to upload. Alternatively, you can click Browse to
locate and select the CSV file to use.
5. Click Upload. The system confirms that the file uploaded successfully.
6. Click OK.
The system begins the process of creating the user accounts. The time
required to create the user accounts depends on several factors such as
system load, upload requests in progress, and number of user entries in the
CSV file.
When the processing of the CSV file is finished, Oracle sends you an email
with the following subject line:
User Loading completed
The email provides the following information:
* The total number of user records processed in the CSV file
* The number of user records successfully uploaded
* The number of user records that failed
* Details about failure and errors, if any
Task 3 Review and Fix Any Reported Errors
In the User Loading completed email that you receive from Oracle, review the
list of errors, if any. Some of the reasons the system could not create a user
account include:
* Invalid email format
* Missing information
* User account already exists
* Invalid CSV file
If there are only a few invalid accounts, you may want to create these user
accounts manually (see Creating One User Account at a Time). If there are many
invalid accounts, you may want to create a new CSV file and upload the file
again.
On the Manage Users page, use the Search options to find the user accounts you
uploaded from the CSV file.
Task 4 Assign Roles and Provide Access Details to Users
After the user accounts are created, you must explicitly assign one or more
roles to the users. The role controls access to applications, resources, and
services. For more information, see Assigning and Revoking Roles.
When you use the batch function in Oracle Identity Console to add user accounts,
the system automatically generates a temporary password for each user. After the
processing of the CSV file is finished and the user accounts are created, Oracle
automatically sends your users an email with details about the account created
for them. The email includes the user's sign-in credentials:
* User ID (also referred to as user name or user login)
* Temporary password, which the user must change on first sign-in
* Identity domain
You must provide:
* The URL for the Oracle Identity Console to the user.
* One or more URLs to the user, depending on the applications and services the
user is allowed to access.
DELETING A USER ACCOUNT
Only identity domain administrators can delete a user account, and only in the
identity domains that they have been designated to administer.
To delete a user account:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Users.
3. Enter all or part of the user's first name, last name, user name, or email
address in the field, and then click Search.
4. Select the user whose account you want to delete.
5. Click Delete User on the toolbar.
6. Click OK to confirm that you want to delete the selected user.
ASSIGNING AND REVOKING ROLES
Topics:
* About Assigning and Revoking Roles
* Assigning a Role to a User
* Revoking a Role from a User
Roles control access to applications, resources, and services.
For information about the predefined roles, see Roles and User Accounts
Predefined in Oracle Identity Console.
ABOUT ASSIGNING AND REVOKING ROLES
After a user account is created in Oracle Identity Console, an identity domain
administrator or a service administrator must explicitly assign the appropriate
roles to the user depending on the services the user is allowed to access. For
example, a developer must be assigned the Database Developer role to develop and
deploy applications using the Oracle Database Cloud Service.
Note:
A user account must have at least one role that grants user or administration
privileges for a service. Until you assign such a role, the user will receive an
error message when attempting to sign in to the service.
When assigning and revoking roles, note that:
* Identity domain administrators can assign and revoke roles only to the users
in the identity domains that they manage.
* Service administrators can assign and revoke roles only to the users for the
services that they manage. Because service administrators cannot add users or
roles, the users and roles must already be in the system before service
administrators can assign a specific role to a user.
* Non-administrative users cannot assign or revoke roles.
ASSIGNING A ROLE TO A USER
To assign a role to a user:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Roles.
3. Click Search to display the roles defined in the current identity domain.
Alternatively, enter all or part of the role name or description in the
field and then click Search to filter the results.
Description of the illustration ic_manageroles.gif
4. Select a role that you want to assign to a user. Note that:
* You can grant multiple roles to a user. However, you can grant only one
role at a time.
* You grant the appropriate service role to individual users according to
the service type and service instance they are allowed to access. For
example, for the developer of an Oracle Database Cloud Service named
mydbservice1, you would assign the mydbservice1 Database Developer role.
* You must grant either the Identity Domain Administrator role or a specific
service administrator role to any user who needs to use the My Services
application in Oracle Cloud to monitor and manage the usage of an Oracle
Cloud service.
For more information about roles, see Roles and User Accounts Predefined in
Oracle Identity Console.
Description of the illustration ic_assign.gif
5. Click Assign. The Grant Role dialog box opens:
Description of the illustration ic_grantrole.gif
6. Click Search. The system finds only those users who have not been assigned
the role you selected.
Note:
When granting roles, users that already possess the role you selected do not
display in the Search results.
Alternatively, enter all or part of a user's first name, last name, or email
in the field and click Search to filter the results.
7. Select one user to whom you want to assign the selected role. You can assign
a role to only one user at a time.
8. Click Assign.
9. Click OK to confirm you want to assign this role to the user.
REVOKING A ROLE FROM A USER
Caution:
Be careful when revoking the role of Identity Domain Administrator from your
users. It is possible to revoke the role from all users, including yourself. You
will then have no user with the role of Identity Domain Administrator and no way
to create new accounts, add new roles, or reset passwords for the users in your
domain. You will need to contact Oracle Support for help with restoring the role
of Identity Domain Administrator.
To revoke an assigned role from a user:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Roles.
3. Click Search display the roles defined in the current identity domain.
Alternatively, enter all or part of the role name or description in the
field and then click Search to filter the results.
4. Select the role you want to revoke from a user and click Revoke. The Revoke
Role dialog box opens.
5. Click Search. The system lists only those users who are currently assigned
the role.
6. Select the user from whom you want to revoke the selected role. You can
revoke a role from only one user at a time.
7. Click Revoke.
8. Click OK to dismiss the confirmation message.
CREATING AND DELETING CUSTOM ROLES
Topics:
* About Custom Roles
* Viewing Existing Roles
* Creating a New Role
* Deleting a Role
ABOUT CUSTOM ROLES
Only identity domain administrators can create and delete custom roles, and only
in the identity domains that they have been assigned to administer.
Custom roles are used by application developers to secure applications.
For example, with Java EE applications deployed to an Oracle Java Cloud Service,
the application roles specified in application deployment descriptors are mapped
to the enterprise roles created in the identity management system. The mapping
is based on matching fully qualified role names. For information about securing
applications for a Java service, see Using Oracle Java Cloud Service.
VIEWING EXISTING ROLES
To view the predefined and custom roles already available in the current
identity domain:
1. Sign in to Oracle Identity Console (see Signing In to Oracle Identity
Console).
2. Navigate to the Manage Roles page.
3. Click Search to list the roles currently defined in the identity domain.
For information about the predefined roles, see Roles and User Accounts
Predefined in Oracle Identity Console.
CREATING A NEW ROLE
To create a role:
1. Sign in to Oracle Identity Console. Be sure to specify the identity domain
in which you want to add roles.
2. Click Manage Roles.
3. Click Create on the toolbar. The Create Role dialog box opens:
Description of the illustration ic_create_role.gif
4. Enter a name and a description for the new role.
5. Click Create.
6. Click OK to confirm that you want to create the role.
To display the role you just added, click Search on the Manage Roles page.
DELETING A ROLE
If you are an identity domain administrator, you can delete roles from Oracle
Identity Console. The following restrictions apply:
* You cannot delete the predefined roles. If you select one of these roles, the
Delete button on the toolbar is grayed out.
* You cannot delete a role if users are currently assigned the role. In this
case, you must first revoke the role from the users. Once the role has no
members, you can delete the role.
To delete a role:
1. Sign in to Oracle Identity Console. Be sure to specify the identity domain
that has the role you want to delete.
2. Click Manage Roles.
3. Click Search to display the roles in the identity domain.
Alternatively, enter all or part of a role name or description in the field
and click Search to filter the results.
4. Select the role you want to remove, and then click Delete on the toolbar.
Description of the illustration ic_selectrole.gif
Note:
You cannot delete the predefined roles. If you select one of these roles,
the Delete button is grayed out.
5. Click OK to confirm that you want to delete the selected role.
Note:
The system returns an error if there are existing members in the role or if
there is a problem removing the role.
You cannot delete a role if users are currently assigned the role. In this case,
you must first revoke the role from the users. Once the role has no members, you
can delete the role.
DISPLAYING ROLES AND USER ASSIGNMENTS
Identity domain administrators and service administrators have two options for
displaying roles and user assignments:
* Displaying All Roles Assigned to a User
* Displaying the Users Assigned to a Role
However, the identity domain administrators' view in Oracle Identity Console is
limited to users in the identity domains that they have been designated to
manage, and the service administrators' view is limited to users of the services
that they been assigned to manage.
DISPLAYING ALL ROLES ASSIGNED TO A USER
To display the roles assigned to a user:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Users.
3. Click Search to display the users in the identity domain.
Alternatively, you can enter all or part of a user's first name, last name,
or email in the field and then click Search to filter the results.
4. Click the link in the Last Name column to view detailed information for the
selected user.
Description of the illustration ic_lastname.gif
The User Details dialog box opens. The User Membership Roles section lists
the roles that have been granted to the selected user:
Description of the illustration ic_userroles.gif
DISPLAYING THE USERS ASSIGNED TO A ROLE
Oracle Identity Console does not have an explicit way to display a list of all
users assigned to a particular role. You can, however, use the Revoke Role
feature to view the list you need.
To display the users assigned to a particular role:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Roles.
3. Click Search to display the roles in the identity domain. Alternatively,
enter all or part of a role name or description in the field and click
Search.
4. Select a role.
5. Click Revoke to open the Revoke Role dialog box. Note that you will not
actually remove the role from any user.
6. Click Search. The system displays a list of only those users who are
assigned the selected role.
7. Click Cancel to close the dialog box without making any changes.
MANAGING YOUR PASSWORD AND PASSWORD CHALLENGE QUESTIONS
Topics:
* Changing Your Password
* Changing Your Password Challenge Questions
* What to Do When You Forget Your Password
* What to Do If Your Account Gets Locked
When you sign in to Oracle Identity Console for the first time, the system
prompts you to change your temporary password and set your password challenge
questions.
You can change your password and password challenge questions any time you are
signed in to Oracle Identity Console.
CHANGING YOUR PASSWORD
All users can use Oracle Identity Console to change their own password.
To change your password:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain. Your view of the console opens.
If necessary, click My Profile to view your personal details.
2. Expand Change Password.
Description of the illustration ic_changepw1.gif
3. Enter your old password in the Old password field.
4. Enter a new password in the New password field.
For password guidelines, see the Password Policy information displayed on
the screen.
5. Reenter your new password in the Confirm new password field.
6. Click Apply.
CHANGING YOUR PASSWORD CHALLENGE QUESTIONS
When you sign in to Oracle Identity Console for the first time, the system
prompts you to select your password challenge questions and answers. If you ever
forget your password, you must provide the answers to your challenge questions
before the system will reset your password.
To change your password challenge questions and answers:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain. Your view of the console opens.
If necessary, click My Profile to view your personal details.
2. Expand Challenge Questions.
Description of the illustration ic_chalquest.gif
3. Select a question from the drop-down list, then enter your answer in the
associated field.
4. Repeat the procedure for the second and third question.
5. Click Apply.
WHAT TO DO WHEN YOU FORGET YOUR PASSWORD
If you forget your own password, you can reset the password yourself provided
you:
* Remember your identity domain and user name
* Answer correctly the three password challenge questions you registered in the
identity management system
To reset your own password:
1. Navigate to the Sign In page.
2. Click the Forgot Password link. The Password Management wizard opens:
Description of the illustration ic_forgotpw.gif
3. On the User Login page, enter your identity domain and user name (for
example, oracleusa1trial and user@somecompany.com). Click Next.
4. On the Challenge Questions page, enter your answer for each of the three
password challenge questions. Click Next.
5. On the Reset Password page, enter and confirm your new password. For
guidelines, see the Password Policy information displayed on the screen.
6. Click Save. The system displays a confirmation message if your password was
changed successfully.
7. Click OK to close the message dialog box. You are automatically signed in.
WHAT TO DO IF YOUR ACCOUNT GETS LOCKED
The system automatically locks your user account if there are multiple incorrect
sign-in attempts using your user name, password, and identity domain.
To unlock your account, follow the instructions in What to Do When You Forget
Your Password.
RESETTING ANOTHER USER'S PASSWORD
All users can use Oracle Identity Console to change their own password. Only
identity domain administrators can reset the passwords of other users, and only
the passwords of users in their designated identity domains.
If an identity domain administrator resets your password, the password is
temporary. The system prompts you to change your temporary password on your next
sign-in.
To reset another user's password:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Users.
3. Enter all or part of the user's first name, last name, user name, or email
address in the field, and then click Search.
4. Select the row for the user whose password you want to reset.
Notes:
When you select the row, be careful not to click the active link in the Last
Name column. Clicking the link opens a new page with details about the user.
5. Click Reset Password on the toolbar.
6. Select one of the following methods to create the new password:
* To have Oracle Identity Console generate a new password automatically and
mail the password directly to the user, select Auto-generate the password
(Randomly generated). This method is the default option.
* To specify the new password yourself, select Manually change the password
and then enter the new password in both the New password and Confirm new
password fields.
By default, Oracle Identity Console mails the new password directly to the
user. If you do not want the new password to be mailed to the user,
unselect the Email the new password to the user check box. In this case,
you must give the new password to the user.
7. Click Reset Password.
If the password change is successful, the system displays a confirmation
message. Click OK to close the message dialog box.
SETTING UP THE SECURE FTP USER ACCOUNTS FOR ORACLE CLOUD SERVICES
Topics:
* About the Predefined SFTP User Accounts
* Locating the Details for the SFTP User Accounts
* Configuring the Passwords for the SFTP User Accounts
Video
ABOUT THE PREDEFINED SFTP USER ACCOUNTS
You use the secure FTP (SFTP) user accounts to sign in to the SFTP server so you
can upload and download files related to your Oracle Cloud service.
Oracle Cloud automatically creates the necessary SFTP user accounts in Oracle
Identity Console for you. Note that:
* For every new identity domain established, Oracle Cloud automatically creates
one SFTP account for the domain. You use the Identity Domain SFTP user
account to retrieve the data that Oracle automatically archives when you
terminate a paid subscription to an Oracle Cloud service.
* For every instance of a service activated in the same identity domain, Oracle
Cloud automatically creates one SFTP account for the service instance. You
use the Service SFTP account to retrieve archives when performing service
operations.
Each account has a first name, a last name, an email, and a user name
automatically generated by Oracle Cloud. You cannot change this information.
To activate the SFTP user accounts, an identity domain administrator must sign
in to Oracle Identity Console and configure the password for each SFTP user
account.
LOCATING THE DETAILS FOR THE SFTP USER ACCOUNTS
In both the My Account application and the My Services application, the Overview
tab displays details about the Service SFTP and the Identity Domain SFTP user
accounts. The details include the SFTP host, the SFTP port, and the user name.
To view the details about the SFTP user accounts:
1. Sign in to either My Accounts or My Services. The Services page opens.
2. Click a service name to view additional information for that service.
3. Scroll the Overview tab until you see the details for the Service SFTP user
account and the Identity Domain SFTP user account. For example:
Description of the illustration sftp_details.gif
4. Note the user name for each account. You will need this information to set
or change the password for this account. For details, see Configuring the
Passwords for the SFTP User Accounts.
In addition, note the SFTP host and port. You will need this information,
along with the user name and password, to sign in to the SFTP server.
CONFIGURING THE PASSWORDS FOR THE SFTP USER ACCOUNTS
Oracle Cloud automatically:
* Creates one Identity Domain SFTP user account per identity domain
* Creates one Service SFTP user account per service instance activated in the
domain
To activate the SFTP user accounts, an identity domain administrator must
configure the password whenever a new identity domain is established or a new
service instance is activated.
Only identity domain administrators can configure the password for the SFTP user
accounts, and only for the SFTP user accounts in their designated identity
domains.
Note:
When you configure the password for SFTP user accounts, the password is set. It
is not temporary. The system does not prompt the SFTP user to change the
password on the next sign-in.
To configure the password for an SFTP user account:
1. Sign in to Oracle Identity Console. Be sure to specify the appropriate
identity domain.
2. Click Manage Users.
3. Enter sftp in the field and then click Search to display only the SFTP
accounts.
4. Select the row for the SFTP user account for which you want to set or change
the password.
Notes:
When you select the row, be careful not to click the active link in the Last
Name column. Clicking the link opens a new page with more details.
5. Click Reset Password on the toolbar.
6. Select Manually change the password.
7. Enter the new password in both the New password and Confirm new password
fields.
Make a note of the password you assign to this SFTP user account. You must
communicate this password to any administrator who will be using the
account.
8. Click Reset Password.
If the password change is successful, the system displays a confirmation
message. Click OK to close the message dialog box.
Be sure to give the new password, along with the other SFTP sign-in
information (host, port number, and user name), to the appropriate
administrators.
For more information about using SFTP to import, export, or archive your data,
see the documentation specific to your Oracle Cloud service.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal
Notices | Cookie Preferences | Ad Choices.