Best Practices from Oracle Development's A‑Team

Provisioning Oracle Analytics Cloud Natively in Oracle Cloud Infrastructure

Validated May 17, 2021 with OAC 6.0


The latest releases of Oracle Analytics Cloud (OAC) now include the ability to provision it natively in OCI in select geographies.

The Oracle document Administering Oracle Analytics Cloud lists the currently available geographies.

See Get Started with Administration for the official OCI Native documentation.

This post is a step-by-step guide to provision Oracle Analytics Cloud (OAC) Natively in Oracle Cloud Infrastructure (OCI). The Tokyo region is used for the provisioning. Note: This post is for OAC instances with public end-points. For a post on provisioning instances with a private end-point refer here.


May 17, 2021 with OAC 6.0

October 12, 2020 with OAC 5.8

July 23, 2020 with OAC 5.7

May 19, 2020 with OAC 5.6

March 2, 2020 with OAC 5.5 in EMEA

February 14, 2020 with OAC 5.5 in NA

February 13, 2020 with OAC 5.5 in APAC

January 31 with OAC 5.4


  • Before You Begin

  • Provisioning OAC in OCI

  • Validating and Connecting to the OAC instance

  • Viewing the OAC Application in IDCS

 Before You Begin

The following prerequisites must be in place before provisioning OAC natively. Various administrator privileges are required to perform the tasks.

After the prerequisite tasks are performed the OCI topology looks like this:

IDCS Prerequisites

The following tasks must be completed by an IDCS administrator.

Creating an IDCS User

Create an IDCS user to perform the provision. Refer here for documentation.

Note: The provisioning user must be an IDCS federated user and not a local OCI user. During the provisioning process this user is granted the Service Administrator role in the provisioned IDCS OAC application.

Creating an IDCS Group

Create an IDCS group for the IDCS user. Refer here for documentation. This group is mapped to an OCI group in the next section.

Assigning the IDCS User to the IDCS Group

Add the IDCS user to the IDCS group. Refer here for documentation.

OCI Prerequisites

The following tasks must be completed by an OCI Identity and Access Management (IAM) administrator.

Creating an IAM Group

Create an IAM Group. Refer here for documentation. This group is mapped to the IDCS group and granted the OCI privileges to provision OAC.

Mapping the IDCS Group to the IAM Group

Map the IDCS group to the IAM group. Refer here for documentation. This mapping provides the IDCS user/group the privileges to provision OAC.

Creating a Compartment

Create a compartment. Refer here for documentation. This compartment isolates and secures OAC instances.

Preparing the IAM Group Privileges in the Compartment

Prepare the IAM group privileges in the compartment. Refer to Policy Basics and Policy Syntax for documentation. See here for the example privileges required to provision OAC.  These privileges are granted via statements in the compartment policy below. This post uses the example policy statement: 

allow group <IAM Group> to manage analytics-instances in compartment <Compartment>

Creating a Compartment Policy

Create a Compartment PolicyRefer here for documentation. The policy contains the statement above that grants privileges to OAC resources within the compartment. 

 Provisioning OAC in OCI

The provisioning process below creates an OAC instance in the OCI compartment. It also creates an IDCS application with the standard OAC IDCS application roles. The provisioning user is granted the ServiceAdministrator application role. After the provisioning the OCI topology looks like this:

Connecting to the OAC Console

If you are new user, open your e-mail address, find the welcome email, and change your password. Connect to the OCI console. Refer here for documentation. The URL should be in the format

https://console.< home region >.oraclecloud.com e.g. https://console.us-ashburn-1.oraclecloud.com

You may be prompted to enter your tenancy name. Enter it and press Continue.

Selecting the Region

If your home region is not enabled for OAC Native, then switch to a region that is e.g. Japan East (Tokyo). Refer here for documentation.

Your current region is displayed at the top of the Console. If your tenancy is subscribed to multiple regions, you can switch regions by selecting a different region from the Region menu. 

Image of the Console with the region selector highlighted.

Navigating to the Analytics Cloud

Navigate to the Analytics Cloud. Refer to Navigating to Oracle Cloud Infrastructure Services for documentation.

Open the navigation menu in the upper left  , scroll down and hover over Analytics and click Analytics Cloud

Selecting the Compartment

Select the Compartment. Refer to Understanding Compartments for documentation.

From the Compartment dropdown, choose the compartment you have access to for Analytics.

Creating the OAC Instance

Create the OAC Instance. Refer here for documentation. From this documentation is the following:

Click Create Instance.

Ensure the Compartment is the one you chose.

Enter an Instance Name and a brief description. The name must start with a letter and can contain only letters and numbers.

Optionally enter a Description.

Select the Feature Set you want to deploy.

Self Service Analytics: Deploys an instance with data visualization. Select this option if you subscribe to Professional Edition.

Enterprise Analytics: Deploys an instance with enterprise modeling, reporting, and data visualization. Select this option if you subscribe to Enterprise Edition.

For Capacity, select the number of OCPUs that you want for the service.

For production services, select the number of OCPUs you want to deploy (between 2 and 52). If you want to create an instance for trial purposes, you can select 1 OCPU.

For License Type, select whether you want to use your Oracle Middleware on-premises license with Oracle Analytics Cloud and be charged the Bring Your Own License (BYOL) rate or subscribe to a new Oracle Cloud license for Oracle Analytics Cloud.

Select Public for Network Access Type 

Optionally select Configure Access Control Rules to create rules that restrict access to the OAC instance. Leaving the box unchecked (the default) allows unrestricted access to OAC. Access Control Rules may also be configured after provisioning via the OCI console.

Optionally enter Tags.

Verify that the details are correct and click Create.

The Instance Details page shows the initial status Creating. It takes about 20 minutes to create the service. The status to Active when the process is complete.

 Validating and Connecting to the OAC instance

Validate the provisioning by connecting to the OAC instance.

On the Instance Details page click Open URL

A successful connection displays the OAC home page.

 Viewing the OAC Application in IDCS

The provisioning process also creates an IDCS application and assigns the provisioning user to the application's ServiceAdministrator application role.

There are two methods to view the IDCS Identity Console

♦ Navigating to the IDCS Identity Console using the Identity Federation Page

If you or your group has the inspect identity-providers in tenancy privilege then open the navigation menu in the upper left  , scroll down and hover over Identity then click Federation

Click on the Oracle Identity Cloud Service Console link e.g. 

https://idcs-< IDCS ID >.identity.oraclecloud.com/ui/v1/adminconsole/

♦ Navigating to the IDCS Identity Console using the Service User Console

Click on the  Icon and click Service User Console.

Click on the  Icon again and click My Profile.

Click Identity Console.

♦ Viewing the IDCS Application and Application Role

Open the IDCS navigation menu in the upper left   and click Applications

Click on the Application created via the provisioning process. Note the OCI instance name is the suffix of the Application name.

View the application details. Click on Application Roles.

Note the ServiceAdministrator role and click on 1 User Assigned.

Note that you are the user assigned to the role.

 Set Up Users, Groups, and Application Roles

One of the first jobs you do after setting up a service with Oracle Analytics Cloud is to add user accounts in Oracle Identity Cloud Service for everyone you expect to use the service and then assign them suitable permissions in Oracle Analytics Cloud. The topic is not covered in this blog but refer here for details.


This post described provisioning Oracle Analytics Cloud Natively in Oracle Cloud Infrastructure.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha