Oracle Cloud
Installing P0 IAM management on Oracle Cloud Infrastructure (OCI).
Experimental Feature: Oracle Cloud integration is in an experimental phase. Some features may be limited or require manual configuration. Please contact [email protected] for help.
This guide walks you through installing and configuring P0's Oracle Cloud Infrastructure (OCI) integration for Just-in-Time (JIT) access to OCI groups.
Overview
P0's Oracle Cloud integration enables:
Just-in-Time access to OCI groups
Group membership management
Routing rules using human-readable labels (group names, domain names, compartment names)
Before You Begin
Ensure you have the following:
A valid P0 account at p0.app
Oracle Cloud Infrastructure account with administrative access
A user with Super Admin or IAM User Management permissions in OCI
API key credentials for the administrative user
This integration currently requires manual installation using an API key. We plan to support self-service installation in a future release.
Prerequisites
OCI User Requirements
The OCI user used for the integration must have one of the following:
Super Admin role in the identity domain
IAM User Management permissions at minimum
Required Information
Before starting the installation, gather the following:
Tenancy OCID: Your OCI tenancy identifier
Domain OCID: The identity domain OCID
User OCID: The OCID of the user with administrative permissions
API Key: Private key and fingerprint for API authentication
Region: The OCI region where your resources are located
Installation
Step 1: Generate API Key
Log into the Oracle Cloud Console.
Navigate to Identity & Security > Users.
Select the administrative user.
Under Resources, click API Keys.
Click Add API Key and either generate or upload a key pair.
Download the private key and note the fingerprint.
Step 2: Configure P0
Navigate to Integrations on p0.app.
Select Oracle Cloud from the available integrations.
Enter the required configuration:
Tenancy OCID
Domain OCID
User OCID
API Key fingerprint
Private key content
Region
Click Finish to complete the installation.
Contact [email protected] if you need help with the installation process.
User Provisioning
Users must manually provision users in OCI IAM before they can use P0 to request group access.
Ensure that users who request access through P0 have:
An existing user account in your OCI identity domain.
The appropriate email matching their P0 identity.
Requesting Access
See the Requesting Access guide for details on how to request access to OCI groups.
Routing Rules
Oracle Cloud routing rules support human-readable labels instead of OCIDs, making policy configuration more intuitive.
Available Filters
You can create routing rules based on:
Group Name: The display name of the OCI group
Domain Name: The identity domain name
Compartment Name: The compartment name
Example Routing Rule
Instead of using OCIDs like:
ocid1.group.oc1..aaaaaaaacyl5j2mn3y2tp5ivhcbrufcfaneeavnemphialfdrfe7uzio6lnq
You can use friendly labels like:
Group: Database Admins Domain: Production Compartment: Database Resources
Limitations
The current experimental release has the following limitations:
Manual installation required (no self-service installer)
Users must be manually provisioned in OCI IAM
Group access only (specific resource requests coming in future releases)
API key authentication only (workload identity federation planned)
Support
For questions or issues with the Oracle Cloud integration, please contact [email protected].
Last updated