When you deploy Essbase on Oracle Cloud Infrastructure using the Essbase Marketplace listing, cloud identity may be managed by OCI Identity and Access Management (IAM) or by Oracle Identity Cloud Service (IDCS), depending on your tenancy.

If you are not sure which identity management is used on your tenancy, refer to Documentation to Use for Cloud Identity.

If you already use Essbase on OCI, and your tenancy has been updated to use IAM identity domains, you don't need to create a new confidential application. Your identity application is migrated as an integrated application within an identity domain named OracleIdentityCloudService.

If you are starting a new cloud deployment on an OCI tenancy with IAM, Oracle recommends creating a unique identity domain for Essbase instead of using the default identity domain. Create the dynamic groups, the initial Essbase administrator user, and the confidential identity application all within this identity domain.

For licensing information, refer to IAM Identity Domain Object Limits.

To configure clients to be able to access the signing certificate for the identity domain, go to the Settings for the identity domain you created for Essbase. Under Access signing certificate, select Configure client access.

Policies are global to the tenancy (not domain specific), but the syntax for specifying group names or dynamic group names in policy statements may need to be updated if your group or dynamic group is in an identity domain other than Default. Review the Oracle Cloud Infrastructure documentation on policy syntax: Create an IAM Policy in an Identity Domain.