Friday 8 March 2019

OAC - Bulk Importing Users & Groups via the IDCS UI

A key part of Cloud SaaS is integrating with your existing systems. This blog will show you how to bulk import users manually via the IDCS UI. The second part of the blog (here) will show you how to do this in an automated way using CURL and the IDCS REST API.

IDCS User Federation

All user/group security and roles for the Oracle Analytics Cloud are managed within the Oracle Identity Cloud Service. IDCS allows you to add users natively or use federation to authenticate your users with an external identity provider. In my case we used Microsoft Active Directory Federation Server (ADFS) as our authentication provider.

The setup is relatively simple and it worked first time! It also gave us true Single Sign-On SSO (the users just open their browser to access BI without having to login, user security is still maintained). This tutorial from Oracle is very good and all we needed to configure the security integration: Oracle Identity Cloud Service: Integrating with Microsoft Active Directory Federation Services (AD FS).

With the IDCS - ADFS integration your users can login to OAC with their Windows username and password. However, you still need to create the user account in IDCS in order for the account to be mapped or federated with your ADFS account. This can be done manually in the IDCS User console and it's fine if you have a limited number of users but you would not want to create 100s of users manually.

Creating a User Manually

The manual user creation process is simple:
  • Open the IDCS Admin Console:


  • Select users:

  • Click Add:

  • Enter the user details:



Note the 'Federated' button. Make sure this is enabled if you want your user to authenticate against your external provider:



Your user should now be able to login using their Windows password authenticated by your ADFS identity provider.

IDCS Bulk User Import using a CSV File

As I mentioned earlier, you wouldn't want to create 100s of users manually. Thankfully there's a really easy to use bulk import feature available in IDCS for both users and groups and the documentation supplied by Oracle is very good. Brilliant documentation is an unexpected benefit of Oracle's move to the cloud! Here is the link:

https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/import-user-accounts.html

Download the CSV template from the link above. Note the 'Federated' and 'Active' columns, I've set these both to true so that the user is authenticated against my ADFS identity provider and can login immediately.

  • Enter your user details into the CSV file. In this example I'm entering the minimum amount of details:

  • Login to the IDCS Admin Console
  • Click on Users
  • Click on Import:

  • Browse for your CSV file and import:

  • You should see a notification that the import job was started. Check the IDCS Job Console to see whether the import was successful:

  • Job Console details:



  • Click on View Details to see more detailed information on the job:

The screenshot above is from a different import (we would see 3 users listed if we used my example CSV file above). We can see the list of users that were imported successfully and the status. It's a very simple and intuitive tool to use.

IDCS Bulk Group Import Using a CSV File

The process of creating new groups and assigning users to those groups is also very easy.

  • Download the Groups CSV template from the same link further up the blog.
  • Enter the user/group mappings:

Here all the users will be added to my OBI_Viewer group but only Timothy will be added to the ESB_Read group.
  • Click on Groups
  • Click on Import
  • Check the IDCS Job Console to see whether the import was successful:


Ok, so far so good. But what if we wanted to automate this process? Well that's where the REST API comes into play. The documentation is again very good and we shall cover this in the next post.

No comments:

Post a Comment