Create IAM Policies

You must create the following IAM policies to allow your Oracle Integration instance to manage the DNS resources.

• A policy to grant your Oracle Integration instance to manage dns-zones and dns-records resources in your tenancy:

  ALLOW dynamic-group group-Name TO READ dns-zones IN compartment compartment-name

  ALLOW dynamic-group group-Name TO USE dns-records IN compartment compartment-name WHERE ALL {target.dns-zone.name='dns-zone-name'}

  where:

  • group-Name is the name of the dynamic group that defines the compartment that stores your Oracle Integration instance.
  • compartment-name is the name of the compartment that stores the DNS resources.
  • dns-zone-name is the public DNS zone you created.
  Note
  
  

  • The dynamic group is defined in the domain in which the Oracle Integration instance was created.
  • The matching rule of the dynamic group definition should point to the IDCS application ID. For example:

    Matching rule: any {resource.id='service-instance-IDCS-app-client-ID'}

• A generic endorse policy to allow your Oracle Integration instance to manage certificate resources in the Oracle Integration tenancy. This is the endorse part of the cross-tenant policy.

  ENDORSE any-user TO MANAGE certificate-authority-family IN any-tenancy

For more information, see Managing DNS Resources Across Tenancies.

After completing the prerequisites, perform the following steps to configure an Oracle-managed custom endpoint:

1. If you're not already on the Integration instances page, open it.
   1. Open the Oracle Cloud Infrastructure Console.
   2. Open the navigation menu and click Developer Services. Under Application Integration, click Integration.
2. Open your instance.
3. On the left, under Resources, click Custom Endpoint.
4. Click Create custom endpoint.
5. Select Oracle managed.
6. Make sure the correct compartment is selected.
7. Select the DNS zone you created as a prerequisite.
8. Enter your custom host name for the instance.
9. Click Create.

After configuring your Oracle-managed custom endpoint, you must complete some post-configuration tasks.

After creating your Oracle-managed custom endpoint, perform the following post-configuration tasks:

• Modify your custom hostname IP record to point to the Oracle Integration origin. If you use a CNAME record, you must enter the FQDN for your load balancer's public IP address.
• If you're using three-legged OAuth with third-party identity providers (such as Google, Facebook, etc.), update the redirect URL in your identity provider (IdP) application with the custom hostname. If the custom hostname for your Oracle Integration instance is mycustom.example.org, your redirect URL must be, for example, https://mycustom.example.org/icsapis/agent/oauth/callback.

  After updating the redirect URL in the IdP application, you must reacquire the access token by providing consent on the connection page.

• If you created integration flows prior to mapping a custom endpoint to your instance, they will continue to work without any issues. However, if you want to update your integrations to use the custom endpoint:
  • For triggers, deactivate and re-activate those integrations to regenerate the WSDLs.
  • For parent-child integrations, edit the existing connection to replace the hostname with the custom host; test and save the connection; then reactivate the integration.