How to Use EPM Cloud Deployed with Identity and Access Management (IAM)

How to Use EPM Cloud Deployed with Identity and Access Management (IAM)

Watch the Customer Connect recording presented by Venkat Maddipati and Vinay Gupta. A copy of the presentation can be downloaded from this link, too.

With all Commercial Cloud EPM environments migrated to OCI and all new Commercial Cloud EPM environments being provisioned in OCI, it is important to know how to perform the tasks that were performed through My Services in Classic environments. This includes user management and SSO, as well as many new tasks, such as setting password policies. In this session, the presenters provided details of these differences in user interfaces. The session also covered different user interfaces for IDCS versus IAM, with live a live demonstration and your questions answered as part of the interactive Q&A.

Session topics:

• What is IAM? How is it different from IDCS?
• EPM Cloud with IAM
• Unique features of EPM Cloud Coming from IDCS/IAM
• Support of multiple domains within tenancy
• IDCS group support
• Live Demo

What is IAM?

• Manage user access and entitlements for Oracle Cloud Infrastructure (OCI) and across a wide range of cloud and on-premises applications using a cloud native, identity as a service (IDaaS) platform.
• Oracle offers a unified cloud identity solution that centers user identity as the security perimeter and helps organizations pursue a zero trust strategy.

How is IAM different from IDCS

• With EPM Cloud on IDCS, managing users and assigning roles were managed in both My Services and in Identity Console.
• With EPM Cloud on IAM, managing users and assigning roles is centrally managed only in OCI Console.

EPM Cloud OCI Environments on IAM

• All net-new commercial EPM Cloud orders are provisioned to OCI regions with IAM.
• All existing EPM Cloud environments on OCI were either migrated to IAM from IDCS or in the process of getting migrated to IAM.

Features Available only in OCI EPM Cloud Environments

Support of Multiple domains within tenancy

• IAM Supports multiple domains. This gives the flexibility to manage users in different domains and configure sign-on policies.
• At this time, EPM Cloud supports only one domain within the tenancy (aka cloud account).
  • We have support of multiple domains in EPM Cloud on roadmap.

IDCS Groups

• IDCS Groups can be used to assign users and pre-defined roles.
• These groups can be synchronized from external Identity sources, such as Azure AD, a centralized IDCS, etc.
• Thus, the complete user management can be performed using a central identity management solution and synced with EPM Cloud.

IDCS Group Support in EPM Cloud

• EPM Cloud already supports IDCS groups.
  • Users can be added to IDCS groups. Predefined roles can be assigned to IDCS groups. The users in the IDCS groups automatically get assigned the same predefined roles.
• However, currently, application roles and ACLs cannot be assigned to IDCS groups.
  • This functionality is planned in 24.03 monthly update.