Oracle Cloud Infrastructure Documentation

Create Your Service Instance

As the primary account administrator (the person who created the Oracle Cloud subscription), you perform the following steps to create an Oracle Content and Experience instance from the Infrastructure Console.

  1. Optionally, create a compartment for Oracle Content and Experience.
  2. Create your Oracle Content and Experience instance.

You can create multiple instances within the same subscription.

If you want to delegate creation of Oracle Content and Experience instances to other users, see one of the following topics:

Create a Compartment for Oracle Content and Experience

Compartments are used to organize cloud resources for the purposes of isolation (separating one project or business unit from another), access (through the use of policies), and measuring usage and billing. A common approach is to create a compartment for each major part of your organization (for example, Sales, Human Resources, and so on).

When you create an Oracle Content and Experience instance, you'll be asked to select a compartment. You can use the root compartment, though, for the reasons mentioned above, you might want to create a new compartment for it. If you want to use the root compartment, you can skip this procedure and move on to creating your Oracle Content and Experience instance.

To create a new compartment for Oracle Content and Experience:

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Infrastructure Console, click Navigation menu icon,on the top left to open the navigation menu, then, click Identity, and then click Compartments. You might need to use the scroll bar on the left to scroll down to see the menu option.
  3. On the Compartments page, click Create Compartment.
  4. Enter a name and description for the compartment. Make clear in your name and description the purpose of the compartment, whether it's specifically for Oracle Content and Experience, for a project, for a department, or some other purpose.
  5. Click Create Compartment.

You don't need to create a new compartment for every instance. You can use the same compartment for multiple instances.

Create Your Oracle Content and Experience Service Instance

To create an Oracle Content and Experience service instance you must be the primary account administrator or the account administrator must have set up your user account with the proper permissions.

To create an Oracle Content and Experience instance:

  1. If you're not already in the Infrastructure Console, navigate to the Infrastructure Console by returning to the window or signing in to Oracle Cloud.
  2. Click Navigation menu icon , expand Application Integration, and click Content and Experience. This opens the Content and Experience Instances page.
  3. In the Compartment menu on the left, select the compartment you want to use for OCI object storage. You can use the root compartment or another compartment you created for Oracle Content and Experience.
  4. Make sure that the region that's selected in the menu in the top right of the Infrastructure Console is the one in which you want to create your instance.
  5. Click Create Instance.
  6. Enter the following information, and then click Create.
    Field Description
    Instance Name Specify a unique name for your service instance. If you intend to create multiple instances, make sure your instance name makes clear what the instance will be used for. If you specify a name that already exists, the system displays an error and the instance is not created.
    Description Optionally, enter a description of the instance.
    Notification Email Make sure this is the email address to which you want provisioning status updates to be sent.
    Access Token (only appears for non-SSO users) If you're not the primary account administrator and you signed in with an Oracle Cloud Infrastructure (OCI) user account, not using single sign-on (SSO), enter the IDCS access token you were given. Access tokens expire after one hour.

    If you need to add tags to categorize this instance with metadata (for example, you might want to add a tag to differentiate a production instance from a training instance), click Show Advanced Options, and enter the tags before clicking Create.

    Field Description
    Compartment This is the compartment you previously selected. If you need to, you can change it.
    Tags Optionally, add tags to categorize this instance with metadata. You can then filter your list of instances by tag.
Note

If the creation of your service instance is not successful, contact Oracle Support.

After creating your Oracle Content and Experience instance, you're brought to the Content and Experience Instances page, where you'll see the status of your instance. The instance will take some time to be provisioned, and the page will update automatically to show the current status. The Oracle Content and Experience instance will be created in the region and compartment you selected, with the tags you entered, and an email will be sent to the notification email address you provided to let you know when the service instance is successfully created. When the instance is successfully created, you can click the Open Instance button to open the Oracle Content and Experience web interface.

Note

A security policy named OCE_Internal_Storage_Policy, allowing Oracle Content and Experience to access object storage, will automatically be created and added to the root compartment. This security policy applies to all compartments in the root compartment, including any new compartment you created for Oracle Content and Experience. Do not delete this policy or Oracle Content and Experience will no longer be able to access object storage.

After your service instance is successfully created, set up users and groups.

Delegate Creation of Oracle Content and Experience Instances to SSO Users

To delegate creation of Oracle Content and Experience instances to users who sign in with single sign-on (SSO), the primary account administrator must add the users to the OCI_Administrators group. The OCI_Administrators group is created automatically when you have an Oracle Cloud account running on Oracle Cloud Infrastructure (OCI).

  1. If you're not already in the Infrastructure Console, sign in to Oracle Cloud as the primary account administrator.
  2. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Federation. You might need to use the scroll bar on the left to scroll down to see the menu option.
  3. On the Federation page, click the link to the Oracle Identity Cloud Service Console. This opens the IDCS Console in a new window.
  4. In the IDCS Console, click Navigation menu icon, and then click Groups.
  5. Click OCI_Administrators.
  6. Click Assign.
  7. Select the users you want to delegate to, and then click OK.

Users you added to the OCI_Administrators group can now sign in to Oracle Cloud and create Oracle Content and Experience instances.

Delegate Creation of Oracle Content and Experience Instances to Non-Federated Users

To delegate creation of Oracle Content and Experience instances to non-federated users (users that don't sign in through SSO), the primary account administrator must create a group, add users to the group, create a policy, create a confidential application, and generate an access token for the users.

  1. Create a group of users you want to delegate to.
    1. Sign in to Oracle Cloud as the primary account administrator.
    2. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Groups. You might need to use the scroll bar on the left to scroll down to see the menu option.
    3. Click Create Group.
    4. Enter a name and description, then click Create.
  2. Add users to the group.
    1. Open the group you created.
    2. Click Add User to Group.
    3. Start typing the name of the user, then select the user, and click Add.
  3. Create a policy to allows the group to manage Oracle Content and Experience instances.
    1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Policies. You might need to use the scroll bar on the left to scroll down to see the menu option.
    2. Select a compartment. You can apply the policy to all compartments by selecting the root compartment, or you can select a specific compartment.
    3. Click Create Policy.
    4. Enter a name and description.
    5. In the Statement box, enter one of the following, replacing YourGroupName with the name of the group you created, and, if necessary, replacing compartment_id with the ID of the specific compartment you selected:
      • If you selected the root compartment: allow group YourGroupName to manage oce-instance-family in tenancy
      • If you selected a specific compartment: allow group YourGroupName to manage oce-instance-family in compartment_id
    6. Click Create.
  4. Create a confidential application.
    1. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Federation. You might need to use the scroll bar on the left to scroll down to see the menu option.
    2. On the Federation page, click the link to the Oracle Identity Cloud Service Console. This opens the IDCS Console in a new window.
    3. In the IDCS Console, click Navigation menu icon, and then click Applications. If you don't see the Applications option, you don't have the Application Administrator role.
    4. Click Add, then select Confidential Application.
    5. On the Details page, enter OCE Trusted App as the name, and then click Next.
    6. On the Client page:
      1. Select Configure this application as a client now.
      2. For Allowed Grant Types, select Resource Owner, Client Credentials, and JWT Assertion.
      3. Under Grant the client access to Identity Cloud Service Admin APIs, click Add, select User Administrator, then click Add.
      4. Click Next.
    7. On the Resources page, select Skip for later, and then click Next.
    8. On the Web Tier Policy page, select Skip for later, and then click Next.
    9. On the Authorization page, click Finish.
    10. After the app is created, click Activate.

      Stay on this page to complete the next step.

  5. Generate an IDCS access token.
    1. If you're not already in the IDCS Console, viewing the confidential application you created, go to the console (using steps 1 through 4 above), and open the application.
    2. On the App Details page, click Generate Access Token, select Customized Scopes, choose User Administrator, then click Download Token. Give the token to the users you delegated creation to. They'll need to enter this access token when they create an Oracle Content and Experience instance.
      Note

      The token expires after one hour, so you may need to generate the token more than once, for example, if you later wants to create another Oracle Content and Experience instance. If you want the user to be able to regenerate the access token on their own, you must an IDCS user account for them, and give them the Application Administrator role.

To allow delegated users to regenerate their own access tokens:

  1. In the IDCS Console, click Navigation menu icon, and then click Users.
  2. Click Add. See Creating User Accounts in Administering Oracle Identity Cloud Service.
  3. Click Navigation menu icon, click Security, then click Administrators.
  4. Expand the Application Administrator section.
  5. Click Add.
  6. Select the user you want, and then click OK.

Now the users can sign in with their IDCS account and follow step 5 above to regenerate an IDCS access token when they need to.