I'm trying to federate IDCS users and groups into Oracle Cloud Infrastructure (OCI) platform. Unable to import the users into OCI

Question

I have a bunch of users created in IDCS console. Now I want to import/map them into OCI instead of manually create those users again in OCI.

I followed this doc to federate users into OCI but no luck so far. https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/addingidcsusersandgroups.htm#

Can someone help?

Answer 1

You have to login again to IDCS, where in Applications menu you will find COMPUTEBAREMETAL application. Under Configuration tab you will see Client ID and Client Secret. You will only need to set these values once, afterwards the federation will work for all new mappings you create on OCI Console under Federation.

Answer 2

If OCI is correctly configured to use IDCS (along with the needed group mappings between IDCS and OCI groups), users managed by IDCS will be visible in OCI (they will show as federated) but these same IDCS users will not show in the OCI groups. Go to Menu > Identity > Users to see these users. You will not see these same IDCS users as members in OCI groups (Menu > Identity > Groups), even though they might be mapped to those groups in IDCS. This doesn't mean that the users are not members of the group, it's just that they're not shown in the OCI service console (administration user interface). You'll need to look at IDCS for IDCS-managed users (including to see the groups that they're a member of).

To find the IDCS users in an OCI group, you'll need to look at the OCI<->IDCS group mappings, finding the IDCS group that is mapped to the OCI group in question. Then look in IDCS to see the users that are a part of the mapped IDCS group.