Subscription of PaaS services in Fusion Cloud Applications Identity Domain

Many of our Fusion Application (FA) customers are now aware that they can leverage the OCI IAM identity domain which comes with every FA instance for Fusion Application extension and integration use cases.

This identity domain comes with a couple of advantages:

• The FA identity domain has an identity domain type of “Oracle Apps” which is free of extra charge for FA extension and integration use cases, has increased limits and should allow for most of the FA uses cases.
• OOTB Identity and access management for all FA users, no extra user and role synchronisation is needed.
• OAuth setup for accessing FA REST API is preconfigured.
• Provisioning of extra OCI services into this identity domain is allowed.
• As many of you might be aware we’re currently in progress of migrating the FA identity management (FA IDM) to OCI Identity and Access Management (OCI IAM) for our whole FA fleet until end of CY 2025. Pre-migration SSO between FA IDM and the FA identity domain is preconfigured. Post-migration FA is using OCI IAM natively for authentication and SSO is no longer needed between FA and the FA identity domain.
• Visual Builder (VB) (as also other PaaS service instances) can be provisioned into the FA identity domain. FA UI extensions built and deployed as VB applications in that VB instance can now easily be embedded as HTML iframe into FA.

The final question might be the subscription management for any newly provisioned OCI PaaS service (like Visual Builder or Integration Cloud) if the current service subscription is associated with a different tenancy.

The good news is that all OCI services in the FA tenancy/FA identity domains can reuse the subscriptions (like Universal Credit Model/UCM credits) from other OCI tenancies (like a previous PaaS tenancy) by inviting the FA tenancy into the other tenancy through the OCI Organisation Management feature (https://docs.oracle.com/en-us/iaas/Content/General/organization/home.htm) and by mapping the needed subscriptions to the FA tenancy.

Make sure the FA tenancy is entitled to use the same OCI regions as the inviting tenancy and that you have raised the service limits for your needed OCI services in the FA tenancy. Otherwise you might see an notification or error message.

Hope this helps to make your implementation of FA extensions and integration use cases now easier and more seamless as ever before.

max@ateam