How is Identity Cloud Service Group (IDCS) Group security managed in Enterprise Performance Management (EPM) Cloud

How is Identity Cloud Service Group (IDCS) Group security managed in Enterprise Performance Management (EPM) Cloud?

Thank you to Aditi Gangrade and Venugopal Krishna Murthy for their presentation on the following topics:

• How IDCS Groups are available in EPM UI
• How to assign IDCS Group to EPM Group
• How to assign application roles to an IDCS Group
• How to view Role Assignment Report for an IDCS Group
• How to view Role Assignment report for a User who is a member of IDCS Group
• How to assign ACL to an IDCS Group

Why manage security through IDCS Group?

Customers can maintain all users and groups centrally in the Identity Management system of choice and control their EPM access through these central groups by assigning IDCS Group to

• Pre-Defined Role
• Application Role
• EPM Group
• ACL

What is currently not supported with IDCS Group in EPM?

• epmautomate doesn’t support
  • any CRUD operation on IDCS Group.
  • assigning/unassigning Pre-Defined role on IDCS Group.
  • assigning/unassigning Application role on IDCS Group.
  • assigning/unassigning IDCS Group to EPM Group.
  • migrating IDCS Group and its members.
• Role Assignment Report UI doesn’t generate report with all IDCS Groups but can be generated for selected IDCS Group.

What are the common behaviors of the IDCS Groups feature in EPM?

• IDCS Groups are created in IDCS (Identity Cloud Service) as similar to Users.
• IDCS Groups are loaded into EPM only if it is assigned to pre-defined role.
• IDCS Group name restriction is managed by IDCS.
• IDCS Groups behave the same was a native groups but they are no editable and only Viewable
• IDCS Group are ignored in EPM,
  • If an Native group exists with the name of an IDCS group.
  • If an IDCS Groups exists with the name of an Pre-Defined Group.
  • If an IDCS Groups exists with the name longer length than 256 characters.
• IDCS groups will not get imported with LCM Import Users option
• Renaming an IDCS group is functionally equivalent to deleting it and creating a new one.

For more information:

• Managing Groups
• Assigning Application Roles to a Group or a User
• Using Identity Cloud Service Groups to Assign Predefined Roles to Users in Oracle Cloud Identity Console (for OCI (Gen 2) only)
• Using Identity Cloud Service Groups to Assign Predefined Roles to Users in Oracle Cloud Console (IAM) (for OCI (Gen 2) only)