People who need access

Authentication method:

Several methods

One of the following methods:

• User interface authentication: User logins

  To access the user interface of Oracle Integration or the Oracle Cloud Infrastructure Console, people must sign in. To sign in, a user must be a member of an identity domain. The identity domain authenticates the user.

• API authentication: Several methods

  An API, rather than the client that accesses it, is the sole determiner of its authentication methods. To learn about the authentication methods, see OCI SDK Authentication Methods in the Oracle Cloud Infrastructure documentation.

  To review your options for accessing the API, see Accessing Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.

Authorization method:

IAM (identity and access management) policies

Users access the Oracle Cloud Infrastructure Console using its user interface, its APIs, and its CLI. IAM policies govern access to these resources. IAM policies apply to a single tenancy and govern outbound access, which is access from an Oracle Integration instance to another application or resource.

IAM policies determine the types of operations that someone can perform on a resource. For example, a user with a READ policy for a resource cannot update the resource.

IAM policies provide immense flexibility in declaring the individuals or groups who have access to Oracle Cloud Infrastructure resources and the level of access that they have. Every IAM policy contains a verb that describes the actions the group is allowed to do. The following verbs are available and are ordered from the least amount of access to the most amount of access:

To learn more about IAM policies in general, see the following pages in the Oracle Cloud Infrastructure documentation:

• Getting Started with Policies
• How Policies Work
• Example Scenario

To learn about IAM policies for Oracle Integration, including the verbs to use when writing an IAM policy, see About IAM Policies for Oracle Integration in Provisioning and Administering Oracle Integration 3.

Understand your responsibilities and Oracle's responsibilities for various administrative tasks

The tenancy administrator receives the welcome email from Oracle and is responsible for managing the lifecycle operations on the instance.

See Oracle and Customer Responsibilities in Oracle Integration 3 in Provisioning and Administering Oracle Integration 3.

Determine whether your tenancy uses identity domains

Some tenancies use identity domains, while others don't. You have different requirements, depending on whether your tenancy uses identity domains.

To understand the differences between tenancies with and without identity domains, and to determine whether your tenancy uses identity domains, see Differences Between Tenancies With and Without Identity Domains in Provisioning and Administering Oracle Integration 3.

Configure access to the Oracle Integration instance

If you configure Oracle Integration to send data to Oracle Cloud Infrastructure Logging or Oracle Cloud Infrastructure Monitoring, restrict the people who can look at the data

You can send activity stream data to Oracle Cloud Infrastructure Logging. See Logging in the Oracle Cloud Infrastructure documentation.

You can send message pack data to Oracle Cloud Infrastructure Monitoring. See Monitoring in the Oracle Cloud Infrastructure documentation.

Ensure that you authorize only the correct people to view the logs and other data.

Associate a policy with the log or log group. The policy should allow only select viewers.

Periodically audit users' access to the Oracle Integration instance