Oracle Identity and Access Management (IAM) Integration

Overview

Customers can leverage Oracle Identity and Access Management (IAM)'s Identity Domains and Oracle Identity Cloud Service (IDCS), as an integrated identity management solution. The integration simplifies the identity services requirements common to Enterprise customers. With the integration, administrators delegate user management activities such as user creation, activation, revocation, and password management for host company users to IDCS.

The Oracle CPQ Administrative Online Help references IDCS, IAM/IDCS, or IAM to refer to the Oracle Identity and Access Management (IAM)'s Identity Domains and Oracle Identity Cloud Services (IDCS) platforms.

The following functionality is available in Oracle CPQ:

Use IDCS to perform user management activities

Use IDCS as the single location for performing the following user management activities for all Oracle and non-Oracle applications integrated with IDCS.
- Provision Oracle CPQ users from IDCS
- Revoke Oracle CPQ user access from IDCS
- User activation and deactivation
- Password management from IDCS
Provide a Single Sign-On (SSO) solution for all applications integrated with IDCS

Use the IDCS integration to provide an SSO solution for all Oracle and non-Oracle applications integrated with IDCS.
Edit user attributes using modified Oracle CPQ administration pages

After provisioning Oracle CPQ users from IDCS, view the newly created users and update their user attributes using modified Oracle CPQ administration pages.

Administration

You must have the proper IAM credentials to complete this procedure.

Complete the following procedures to register an external application client in IAM (also known as IDCS).

Navigate to the IAM console URL (for example, https://<your-idcs-domain>.identity.oraclecloud.com/ui/v1/adminconsole).
Log in to IAM with your administrator credentials.

Create an OAuth Client

Navigate to Identity and Security page > Domains > Integrated applications tab.
Click Add application to create a new application.
Select Confidential Application as the application type and click Launch Workflow.
Enter a Name and Description for the OAuth client and click Submit.
Select the OAuth Configuration tab and click Edit OAuth Configuration.
Under Client configuration, select Configure this application as a client now.
Under Authorization > Allowed grant types, select Client credentials.
Scroll down and enable the Add resources toggle.
Click Add scope under Resources.

A list of resources registered with this IAM instances displays.
Enter Oracle CPQ Applications Cloud in the search and click Search.
Select the CPQ resource listed and click Add.
Click Submit to save the changes to this application. The OAuth client is created successfully.

Take note of the Scope value as it is required later to obtain the OAuth token from IDC.
From the Actions drop-down at top of the page and click Activate.
Select Activate application in the confirmation dialog.

The OAuth client is active and ready for use.

Locate and Note the Client ID and Client Secret

Select the OAuth configuration tab.
Note the Client ID under General Information.
For security, the Client secret is hidden. Click on the Client secret ellipsis and select Copy.

The client secret is copied. Store the value in a secure location. This information is necessary when creating an integration user or migration center connection.

The Client ID and Client secret are extremely sensitive information. They MUST be stored securely.

NOTES

For more information on Oracle CPQ - IDCS integration, refer to OAuth Provider Integration, IDCS and Oracle CPQ Integration documentation and the Oracle Identity Cloud Service web site.
Refer to OpenID Connect Single Sign-On for Oracle CPQ with Oracle Identity Cloud Service Integration Guide for the steps to setup OpenID Connect SSO between Oracle CPQ Cloud & Oracle Identity Cloud Service (IDCS).

Oracle Identity and Access Management (IAM) Integration

Overview

Administration

NOTES

Related Topics