Who Are You?
In reality, APEX should not be used to manage users & roles. This should be delegated to an external source to adhere to a federated identity management strategy. While any identity provider will work, this post will take a look at using either Oracle IDCS or IAM to manage users, roles and role membership.
This series will walk the reader through how to integrate IDCS or IAM with APEX and delegate both Authentication and Authorization services to IDCS or IAM. It will also cover how to enable MFA as well as some other more advanced features - all with little to no code.
The outline of this series is as follows:
Overview (this article)
IDCS & APEX
IDCS Applications & Groups
IDCS Multi-Factor Authentication
IDCS Other Features
IAM & APEX
IAM Domains, Applications & Groups
IAM Multi-Factor Authentication
IAM Other Features
Keep in mind that each section is specific for either IDCS or IAM. They are nearly identical and only differ by the specific steps required.
How to Tell if you have IDCS or IAM
But before we begin, it's best to determine which identity provider your OCI tenancy uses. Depending on when you created your OCI Free Tier tenancy, you may have either IDCS (Identity Cloud Service) or IAM (Identity and Access Management) installed.
The easiest way to do determine which one you have is to log in to your OCI Console and see what items are listed under Identity & Security.
If yours looks like this:
Then you have IDCS.
If yours looks more like this:
Then you have IAM.
If you're still on IDCS, it will be automatically upgraded to IAM at some point in the future. See this note for the specifics.
Creating an APEX Application
Regardless of whether you have IDCS or IAM, we need to create a simple APEX application that we will integrate. This application only needs to have a single page and use APEX users for its Authorization Scheme.
Login to your APEX workspace.
Click App Builder.
Click New Application.
Enter a Name and click Create Application.
Now, run your application, log in, and note the URL. It should look something like this:
When creating an Application in IDCS or IAM, you will need to use a portion of the URL for the Application URL & Post Logout Redirect URL. Use only the portion in BOLD when asked for those URLs.
Next up: IDCS Applications & Groups