Oracle Cloud Infrastructure Documentation

Create Your Service Instance

As the primary account administrator (the person who created the Oracle Cloud subscription), you perform the following steps to create an Oracle Content and Experience instance from the Infrastructure Console.

  1. Optionally, create a compartment for Oracle Content and Experience.
  2. If you want to delegate creation of Oracle Content and Experience instances to other users, see one of the following topics:
  3. If you want to create multiple Oracle Content and Experience instances in separate environments, you need to create a secondary Oracle Identity Cloud Service (IDCS) domain and collect some IDCS values before you create your Oracle Content and Experience instance.
  4. If you want to create your instance in another region, you need to extend your subscription to that region and federate IDCS from the new region with Oracle Cloud Infrastructure (OCI).
  5. If you want to create a private instance that can be viewed only within your intranet, you need to set up Oracle Cloud Infrastructure FastConnect and perform some additional prerequisite steps. FastConnect provides a dedicated private connection with higher bandwidth and a more reliable and consistent networking experience when compared to internet-based connections.
  6. Create your Oracle Content and Experience instance.

You can create multiple instances within the same subscription.

Create a Compartment for Oracle Content and Experience

Compartments are used to organize cloud resources for the purposes of isolation (separating one project or business unit from another), access (through the use of policies), and measuring usage and billing. A common approach is to create a compartment for each major part of your organization (for example, Sales, Human Resources, and so on).

When you create an Oracle Content and Experience instance, you'll be asked to select a compartment. You can use the root compartment, though, for the reasons mentioned above, you might want to create a new compartment for it. If you want to use the root compartment, you can skip this procedure and move on to creating your Oracle Content and Experience instance.

To create a new compartment for Oracle Content and Experience:

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Infrastructure Console, click Navigation menu icon,on the top left to open the navigation menu, then, click Identity, and then click Compartments. You might need to use the scroll bar on the left to scroll down to see the menu option.
  3. On the Compartments page, click Create Compartment.
  4. Enter a name and description for the compartment. Make clear in your name and description the purpose of the compartment, whether it's specifically for Oracle Content and Experience, for a project, for a department, or some other purpose.
  5. Click Create Compartment.

You don't need to create a new compartment for every instance. You can use the same compartment for multiple instances.

If you don't want to delegate creation of Oracle Content and Experience instances to other users, create multiple instances in separate environments, or create your instance in another region, you can skip to creating your instance.

Delegate Creation of Oracle Content and Experience Instances to SSO Users

To delegate creation of Oracle Content and Experience instances to users who sign in with single sign-on (SSO), the primary account administrator must add the users to the OCI_Administrators group. The OCI_Administrators group is created automatically when you have an Oracle Cloud account running on Oracle Cloud Infrastructure (OCI).

  1. If you're not already in the Infrastructure Console, sign in to Oracle Cloud as the primary account administrator.
  2. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Federation. You might need to use the scroll bar on the left to scroll down to see the menu option.
  3. On the Federation page, click the link to the Oracle Identity Cloud Service Console. This opens the IDCS Console in a new window.
  4. In the IDCS Console, click Navigation menu icon, and then click Groups.
  5. Click OCI_Administrators.
  6. Click Assign.
  7. Select the users you want to delegate to, and then click OK.

Users you added to the OCI_Administrators group can now sign in to Oracle Cloud and create Oracle Content and Experience instances.

If you don't want to create multiple instances in separate environments or create your instance in another region, you can skip to creating your instance.

Delegate Creation of Oracle Content and Experience Instances to Non-Federated Users

To delegate creation of Oracle Content and Experience instances to non-federated users (users that don't sign in through SSO), the primary account administrator must create a group, add users to the group, create a policy, create a confidential application, and generate an access token for the users.

Note

Even if you are creating an instance in a secondary Oracle Identity Cloud Service (IDCS) domain, you perform the steps described in this topic in the primary IDCS domain.
  1. Create a group of users you want to delegate to.
    1. Sign in to Oracle Cloud as the primary account administrator.
    2. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Groups. You might need to use the scroll bar on the left to scroll down to see the menu option.
    3. Click Create Group.
    4. Enter a name and description, then click Create.
  2. Add users to the group.
    1. Open the group you created.
    2. Click Add User to Group.
    3. Start typing the name of the user, then select the user, and click Add.
  3. Create a policy to allow the group to manage Oracle Content and Experience instances.
    1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Policies. You might need to use the scroll bar on the left to scroll down to see the menu option.
    2. Select a compartment. You can apply the policy to all compartments by selecting the root compartment, or you can select a specific compartment.
    3. Click Create Policy.
    4. Enter a name and description.
    5. In the Statement box, enter one of the following, replacing YourGroupName with the name of the group you created, and, if necessary, replacing compartment_id with the ID of the specific compartment you selected:
      • If you selected the root compartment: allow group YourGroupName to manage oce-instance-family in tenancy
      • If you selected a specific compartment: allow group YourGroupName to manage oce-instance-family in compartment_id
    6. Click Create.
  4. Create a confidential application.
    1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Federation. You might need to use the scroll bar on the left to scroll down to see the menu option.
    2. On the Federation page, click the link to the Oracle Identity Cloud Service Console. This opens the IDCS Console in a new window.
    3. In the IDCS Console, click Navigation menu icon, and then click Applications. If you don't see the Applications option, you don't have the Application Administrator role.
    4. Click Add, then select Confidential Application.
    5. On the Details page, enter OCE Trusted App as the name, and then click Next.
    6. On the Client page:
      1. Select Configure this application as a client now.
      2. For Allowed Grant Types, select Resource Owner, Client Credentials, and JWT Assertion.
      3. Under Grant the client access to Identity Cloud Service Admin APIs, click Add, select Application Administrator, then click Add.
      4. Click Next.
    7. On the Resources page, select Skip for later, and then click Next.
    8. On the Web Tier Policy page, select Skip for later, and then click Next.
    9. On the Authorization page, click Finish.
    10. After the app is created, click Activate.

      Stay on this page to complete the next step.

  5. Generate an IDCS access token.
    1. If you're not already in the IDCS Console, viewing the confidential application you created, go to the console (using steps 1 through 4 above), and open the application.
    2. On the App Details page, click Generate Access Token, select Customized Scopes, choose Application Administrator, then click Download Token. Give the token to the users you delegated creation to. They'll need to enter this access token when they create an Oracle Content and Experience instance.
      Note

      The token expires after one hour, so you may need to generate the token more than once, for example, if you later wants to create another Oracle Content and Experience instance. If you want the user to be able to regenerate the access token on their own, you must create an IDCS user account for them, and give them the Application Administrator role.

To allow delegated users to regenerate their own access tokens:

  1. In the IDCS Console, click Navigation menu icon, and then click Users.
  2. Click Add. See Creating User Accounts in Administering Oracle Identity Cloud Service.
  3. Click Navigation menu icon, click Security, then click Administrators.
  4. Expand the Application Administrator section.
  5. Click Add.
  6. Select the user you want, and then click OK.

Now the users can sign in with their IDCS account and follow step 5 above to regenerate an IDCS access token when they need to.

If you don't want to create multiple instances in separate environments or create your instance in another region, you can skip to creating your instance.

Create an Instance in a Secondary Oracle Identity Cloud Service (IDCS) Domain

If you want to create multiple Oracle Content and Experience instances in separate environments, you need to create a secondary IDCS domain before you create those additional Oracle Content and Experience instances.

You might want to create multiple Oracle Content and Experience instances in separate environments to accommodate different identity and security requirements (for example, one environment for development and one for production). You can accomplish this by creating multiple instances of IDCS. By having separate IDCS environments, the users who work in one environment won't impact the work of users in another environment. Using multiple instances can also help you maintain the isolation of administrative control over each environment. This is necessary if, for example, your security standards prevent development user IDs from existing in the production environment, or require that different administrators have control over different environments. When multiple instances are utilized, you'll have a primary instance, the instance which comes with your Oracle Cloud account, and one or more secondary (additional) instances.

To create an Oracle Content and Experience instance in a secondary IDCS domain, perform these preliminary steps before you create the Oracle Content and Experience instance:

  1. Create a secondary Oracle Identity Cloud Service (IDCS) domain.
  2. Note the identity domain name and the service instance URL of the secondary IDCS instance. You'll use these values when you create your Oracle Content and Experience instance.
    1. If you're not already in the Infrastructure Classic Console, sign in.

      If you are using Infrastructure Console, complete the following steps to access Infrastructure Classic Console.

      1. Open the user menu in the top left in Infrastructure Console. and note the name of the Tenancy.
      2. Use the following syntax to construct the URL to access Infrastructure Classic Console.

        https://myservices-mytenenancyname.console.oraclecloud.com/mycloud/cloudportal/dashboard

        Where, mytenenancyname is the name that you have noted in the previous step.

    2. On the dashboard, open the Identity Cloud service.
    3. On the Service Instances page, note the Identity Domain (1) and the domain ID (in the format idcs-xxxxxxxxxxxx, after "https://" and before the first ".") in the Service Instance URL (2).
      Service instance details highlighting values described in text

If you don't want to create your instance in another region, you can skip to creating your instance.

Create an Instance in Another Region

If you want to create an Oracle Content and Experience instance in a region other than your primary region, there are some preliminary steps you need to perform before you create the instance.

Note

If you're creating an instance in your primary region, you can skip this step and go straight to creating your instance.

Oracle Infrastructure and Platform Cloud Services (Oracle IaaS/PaaS) are enabled in different data centers. These data centers are grouped into data regions based on their geographic locations. When you purchase these services or sign up for a free promotion, you typically choose the data region closest to your location to access them. This becomes your primary data region. However, if required, you can extend your subscription to other geographical regions (within the same cloud account) and use the services there. For example, if you selected North America as your primary data region during your purchase, you can extend your subscription to the EMEA (Europe, Middle East, and Africa) data region. By doing so, you’ll enable your users to use services available in the EMEA data centers.

To create an instance in another region, perform these preliminary steps:

  1. Extend your subscription to another region.
  2. Federate Oracle Identity Cloud Service (IDCS) from the new region with Oracle Cloud Infrastructure (OCI).

Next, create your instance. When you create your instance, make sure to sign in to OCI Console with the new federated provider and select the appropriate region during instance creation.

Create a Private Instance Using Oracle Cloud Infrastructure FastConnect

If you want to create a private instance that can be viewed only within your intranet, you need to set up Oracle Cloud Infrastructure FastConnect and perform some additional prerequisite steps. FastConnect provides a dedicated private connection with higher bandwidth and a more reliable and consistent networking experience when compared to internet-based connections.

Before you can create a private instance, you need to perform the following prerequisite steps:

  1. Set up FastConnect on the tenancy.
  2. Get your tenancy OCID and name.
  3. Create a local peering gateway.
  4. Create a requestor group.
  5. Create a requestor policy.
  6. Create a support request.

Get Your Tenancy OCID

To get your tenancy's OCID, perform the following steps:

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Infrastructure Console, click Navigation menu icon , expand Administration, and then click Tenancy Details.
  3. Next to the OCID, click Copy. Save this tenancy OCID to include with your support request later.

Create a Local Peering Gateway

For information on peering, see Local VCN Peering (Within Region).

To create a local peering gateway, perform the following steps:

  1. In the Infrastructure Console, click Navigation menu icon , expand Networking, Virtual Cloud Networks, Virtual Cloud Network Details, and then click Local Peering Gateways.
  2. Click Create Local Peering Gateway.
  3. Enter a name for the gateway (for example, customer-to-oce-lpg).
  4. Select the compartment in which you want to store the peering.
  5. Click Create Local Peering Gateway.
  6. In the list of Local Peering Gateways, click More icon, and then click Copy OCID. Save this local peering gateway OCID to include with your support request later.

Create a Requestor Group

To create a requestor group and add the Oracle Cloud Infrastructure tenancy administrator, perform the following steps:

  1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Groups. You might need to use the scroll bar on the left to scroll down to see the menu option.
  2. Click Create Group.
  3. Enter a name for the requestor group (for example, RequestorGrp).
  4. Click Create.
  5. Click the group name to open the group details.
  6. Click Add User to Group.
  7. In the Users drop-down list, select a user with Oracle Cloud Infrastructure tenancy administrator privileges, and then click Add.
  8. On the group details page, copy the OCID. Save this requestor group OCID to include with your support request later.

Create a Requestor Policy

To create a requestor policy, perform the following steps:

  1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Policies. You might need to use the scroll bar on the left to scroll down to see the menu option.
  2. If necessary, select a different compartment for the policy.
  3. Click Create Policy.
  4. Enter the following details:
    • Policy: RequestorPolicy
    • Description: Requestor policy for peering
    • Statement:
      Define tenancy Acceptor as ocid1.tenancy.oc1..aaaaaaaa4yafecztqbebznfxpjzwm52wuaeornzgzqrujpbkmeez6zuigv7a
      Allow group RequestorGroup to manage local-peering-from in compartment GroupCompartmentName
      Endorse group RequestorGroup to manage local-peering-to in tenancy Acceptor
      Endorse group RequestorGroup to associate local-peering-gateways in compartment PeeringCompartmentName with local-peering-gateways in tenancy Acceptor

      Replace the following values:

      • RequestorGroup: Replace with the name of the requestor group you created.
      • GroupCompartmentName: Replace with the name of the compartment in which you created the requestor group.
      • PeeringCompartmentName: Replace with the name of the compartment in which you created the peering.

      For more information, see Set up the IAM policies (VCNs in different tenancies).

  5. Click Create.

Create a Support Request

Create a request with Oracle Support stating you want to create a private service instance. Make sure to include the following information that you collected earlier in your request:

  • Tenancy OCID
  • Local peering gateway OCID
  • Requestor group OCID

Oracle Support will reply with a validation URL for you to test.

Create a Private Instance Using Oracle Cloud Infrastructure FastConnect

If you want to create a private instance that can be viewed only within your intranet, you need to set up Oracle Cloud Infrastructure FastConnect and perform some additional prerequisite steps. FastConnect provides a dedicated private connection with higher bandwidth and a more reliable and consistent networking experience when compared to internet-based connections.

Before you can create a private instance, you need to perform the following prerequisite steps:

  1. Set up FastConnect on the tenancy.
  2. Get your tenancy OCID and name.
  3. Create a local peering gateway.
  4. Create a requestor group.
  5. Create a requestor policy.
  6. Create a support request.

Get Your Tenancy OCID

To get your tenancy's OCID, perform the following steps:

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Infrastructure Console, click Navigation menu icon , expand Administration, and then click Tenancy Details.
  3. Next to the OCID, click Copy. Save this tenancy OCID to include with your support request later.

Create a Local Peering Gateway

For information on peering, see Local VCN Peering (Within Region).

To create a local peering gateway, perform the following steps:

  1. In the Infrastructure Console, click Navigation menu icon , expand Networking, Virtual Cloud Networks, Virtual Cloud Network Details, and then click Local Peering Gateways.
  2. Click Create Local Peering Gateway.
  3. Enter a name for the gateway (for example, customer-to-oce-lpg).
  4. Select the compartment in which you want to store the peering.
  5. Click Create Local Peering Gateway.
  6. In the list of Local Peering Gateways, click More icon, and then click Copy OCID. Save this local peering gateway OCID to include with your support request later.

Create a Requestor Group

To create a requestor group and add the Oracle Cloud Infrastructure tenancy administrator, perform the following steps:

  1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Groups. You might need to use the scroll bar on the left to scroll down to see the menu option.
  2. Click Create Group.
  3. Enter a name for the requestor group (for example, RequestorGrp).
  4. Click Create.
  5. Click the group name to open the group details.
  6. Click Add User to Group.
  7. In the Users drop-down list, select a user with Oracle Cloud Infrastructure tenancy administrator privileges, and then click Add.
  8. On the group details page, copy the OCID. Save this requestor group OCID to include with your support request later.

Create a Requestor Policy

To create a requestor policy, perform the following steps:

  1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Policies. You might need to use the scroll bar on the left to scroll down to see the menu option.
  2. If necessary, select a different compartment for the policy.
  3. Click Create Policy.
  4. Enter the following details:
    • Policy: RequestorPolicy
    • Description: Requestor policy for peering
    • Statement:
      Define tenancy Acceptor as ocid1.tenancy.oc1..aaaaaaaa4yafecztqbebznfxpjzwm52wuaeornzgzqrujpbkmeez6zuigv7a
      Allow group RequestorGroup to manage local-peering-from in compartment GroupCompartmentName
      Endorse group RequestorGroup to manage local-peering-to in tenancy Acceptor
      Endorse group RequestorGroup to associate local-peering-gateways in compartment PeeringCompartmentName with local-peering-gateways in tenancy Acceptor

      Replace the following values:

      • RequestorGroup: Replace with the name of the requestor group you created.
      • GroupCompartmentName: Replace with the name of the compartment in which you created the requestor group.
      • PeeringCompartmentName: Replace with the name of the compartment in which you created the peering.

      For more information, see Set up the IAM policies (VCNs in different tenancies).

  5. Click Create.

Create a Support Request

Create a request with Oracle Support stating you want to create a private service instance. Make sure to include the following information that you collected earlier in your request:

  • Tenancy OCID
  • Local peering gateway OCID
  • Requestor group OCID

Oracle Support will reply with a validation URL for you to test.

Create Your Oracle Content and Experience Service Instance

To create an Oracle Content and Experience service instance you must be the primary account administrator or the account administrator must have set up your user account with the proper permissions.

To create an Oracle Content and Experience instance:

  1. If you're not already in the Infrastructure Console, navigate to the Infrastructure Console by returning to the window or signing in to Oracle Cloud.
  2. Click Navigation menu icon , expand Application Integration, and click Content and Experience. This opens the Content and Experience Instances page.
  3. In the Compartment menu on the left, select the compartment you want to use for OCI object storage. You can use the root compartment or another compartment you created for Oracle Content and Experience.
  4. Make sure that the region that's selected in the menu in the top right of the Infrastructure Console is the one in which you want to create your instance. If you're selecting a region other than your primary data region, you must have performed the prerequisite steps.
  5. Click Create Instance.
  6. Enter the following information.
    Field Description
    Instance Name Specify a unique name for your service instance. If you intend to create multiple instances, make sure your instance name makes clear what the instance will be used for. If you specify a name that already exists, the system displays an error and the instance is not created.
    Description Optionally, enter a description of the instance.
    Notification Email Make sure this is the email address to which you want provisioning status updates to be sent.
    Access Token (only appears for non-SSO users)

    If you're not the primary account administrator and you signed in with an Oracle Cloud Infrastructure (OCI) user account, not using single sign-on (SSO), enter the IDCS access token you were given. Access tokens expire after one hour.

    Note: If you're creating this Oracle Content and Experience instance in a secondary Oracle Identity Cloud Service (IDCS) domain, this access token should still be for the primary IDCS domain.

  7. If you need to enter additional details (for example, if you're creating your instance in a secondary domain or you're creating a non-primary instance), click Show Advanced Options, and enter the following information:
    Field Description
    Compartment This is the compartment you previously selected. If you need to, you can change it.
    Instance Type By default, the instance type is primary (for example, your production instance). You must have at least one primary instance. If this instance is a non-primary instance (for example, for development, testing, or disaster recovery), select Non-Primary in the drop-down list. Primary and non-primary instances are billed at different rates.

    If this is a non-primary instance, you might want to include a tag to specify what the instance is used for.

    IDCS Domain Name If you're creating this Oracle Content and Experience instance in a secondary Oracle Identity Cloud Service (IDCS) domain, enter the identity domain value you noted in the prerequisite steps.
    IDCS Domain ID Enter the domain ID value of the secondary IDCS domain that you got from the service instance URL and noted in the prerequisite steps. Don't include "https://".
    Upgrade Schedule Control whether your instance is upgraded immediately (as soon as a new release of Oracle Content and Experience is available) or on a delayed schedule (one release behind the latest release). For example, let's assume you have stage (non-primary) and production (primary) instances. You would set your stage instance to upgrade immediately and your production instance as delayed upgrade. This allows you to test the upgrade on the stage instance, making sure it doesn't interfere with any sites you've deployed. If you find any issues, you can report them to Oracle Support so they can be fixed before the upgrade is applied to your production instance.

    If you want to use this feature, but you don't see it, contact Oracle Support.

    Select one of the following options:

    • Upgrade immediately: Upgrade this instance as soon as a new release of Oracle Content and Experience is available.
    • Delay upgrade: Delay the upgrade of this instance, so that it is one release behind the latest release of Oracle Content and Experience.

    Once you create this instance, you can't change this setting.

    Instance Access Type Control whether your instance is accessible by public internet or through a dedicated private connection using Oracle Cloud Infrastructure FastConnect. You must have completed the prerequisite steps to create a private instance.

    If you want to use this feature, but you don't see it, contact Oracle Support.

    Select one of the following options:

    • Public: Select this option if you want your instance to be viewed over public internet.
    • Private: Select this option to create a private instance that can be viewed only within your intranet.

    Once you create this instance, you can't change this setting.

    Tags Optionally, add tags to categorize this instance with metadata. You can then filter your list of instances by tag.
  8. Click Create.
Note

If the creation of your service instance is not successful, contact Oracle Support.

After creating your Oracle Content and Experience instance, you're brought to the Content and Experience Instances page, where you'll see the status of your instance. The instance will take some time to be provisioned, and the page will update automatically to show the current status. The Oracle Content and Experience instance will be created in the region and compartment you selected, with the tags you entered, and an email will be sent to the notification email address you provided to let you know when the service instance is successfully created. When the instance is successfully created, you can click the instance name to view the details, then clickOpen Instance to open the Oracle Content and Experience web interface.

Note

A security policy named OCE_Internal_Storage_Policy, allowing Oracle Content and Experience to access object storage, will automatically be created and added to the root compartment. This security policy applies to all compartments in the root compartment, including any new compartment you created for Oracle Content and Experience. Do not delete this policy or Oracle Content and Experience will no longer be able to access object storage.

After your service instance is successfully created, set up users and groups.