Who Are You?

Photo by CHUTTERSNAP on Unsplash

Who Are You?


3 min read

This article is part of a series called "Who Are You?". View all articles in the series here. You can also download the slides that were presented here.

In reality, APEX should not be used to manage users & roles. This should be delegated to an external source to adhere to a federated identity management strategy. While any identity provider will work, this post will take a look at using either Oracle IDCS or IAM to manage users, roles and role membership.

This series will walk the reader through how to integrate IDCS or IAM with APEX and delegate both Authentication and Authorization services to IDCS or IAM. It will also cover how to enable MFA as well as some other more advanced features - all with little to no code.

The outline of this series is as follows:

  • Overview (this article)


    • IDCS Applications & Groups

    • IDCS Multi-Factor Authentication

    • IDCS Other Features

  • IAM & APEX

    • IAM Domains, Applications & Groups

    • IAM Multi-Factor Authentication

    • IAM Other Features

Keep in mind that each section is specific for either IDCS or IAM. They are nearly identical and only differ by the specific steps required.

How to Tell if you have IDCS or IAM

But before we begin, it's best to determine which identity provider your OCI tenancy uses. Depending on when you created your OCI Free Tier tenancy, you may have either IDCS (Identity Cloud Service) or IAM (Identity and Access Management) installed.

The easiest way to do determine which one you have is to log in to your OCI Console and see what items are listed under Identity & Security.

If yours looks like this:

Then you have IDCS.

If yours looks more like this:

Then you have IAM.

If you're still on IDCS, it will be automatically upgraded to IAM at some point in the future. See this note for the specifics.

Creating an APEX Application

Regardless of whether you have IDCS or IAM, we need to create a simple APEX application that we will integrate. This application only needs to have a single page and use APEX users for its Authorization Scheme.

  1. Login to your APEX workspace.

  2. Click App Builder.

  3. Click Create.

  4. Click New Application.

  5. Enter a Name and click Create Application.

Now, run your application, log in, and note the URL. It should look something like this:


When creating an Application in IDCS or IAM, you will need to use a portion of the URL for the Application URL & Post Logout Redirect URL. Use only the portion in BOLD when asked for those URLs.

Be sure to replace [your-apex-server-name] with your APEX server name.

Next up: IDCS Applications & Groups