Onboard an Oracle Cloud Account
Copy link

A couple methods for onboarding your OCI Accounts are available depending on whether you’re a non-admin or admin user.

Resuming cloud onboarding to Cloud Security (InsightCloudSec)

If you close the interface before completing Account onboarding, you can resume onboarding from the page you were on last.

Non-Admin User Instructions

Ask an admin for required information
Copy link

As a non-admin user, you need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information needed to complete onboarding.

First-time Users

  1. Login to Cloud Security (InsightCloudSec) using one of the methods below:
    • In the Insight Platform, click * Cloud Security (InsightCloudSec)** to launch the onboarding wizard.
    • Open a browser window to your unique Cloud Security (InsightCloudSec) URL and login. The onboarding wizard will appear automatically.
  2. On the Welcome screen, review key features and capabilities, then click Onboard a Cloud Account.
  3. On the Cloud Service Providers screen, select Oracle Cloud.
  4. Select No - Help me identify the details needed, then click Next.
  5. Click the Copy button in the Oracle Cloud Admin Instructions text box and share them with the admin.

Returning Users

  1. Login to Cloud Security (InsightCloudSec) using one of the methods below:
    • In the Insight Platform, click the * Cloud Security (InsightCloudSec)** tile.
    • Open a browser window to your unique Cloud Security (InsightCloudSec) URL and login.
  2. Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
  3. Click the + Add Cloud button in the top right-hand corner.
  4. Click the Oracle Cloud button.
  5. Click Don’t have admin access? in the bottom right-hand corner of the window.
  6. Click the Copy button in the Oracle Cloud Admin Instructions text box and share them with the admin.

Finalize the Connection
Copy link

When your admin has completed their steps and provided the information to you, you can now connect the Account.

First-time Users

  1. Log in to Cloud Security (InsightCloudSec) using one of these methods:
    • From the Command Platform, select Cloud Security (InsightCloudSec) to launch the onboarding wizard.
    • Navigate to your unique Cloud Security (InsightCloudSec) URL and log in.
  2. Go to Cloud > Cloud Accounts in the left-hand navigation menu.
  3. Click the + Add Cloud button in the top right-hand corner.
  4. Click the Oracle Cloud button.
  5. Click Don’t have admin access? in the bottom right-hand corner of the window.
  6. Enter the account information provided by your administrator:
    • Nickname
    • User ID
    • Tenancy ID
    • Key Content
    • Fingerprint
  7. Specify the Home Region where your services are hosted. Refer to the OCI commercial documentation for a list of valid regions.
    • If you’re using Government or Sovereign Cloud, specify the correct region from the OCI Government Cloud documentation.
    • If you’re using a Dedicated Realm (DRCC), leave the Home Region field blank.
  8. Select Connect Account to complete the setup.

Returning Users

  1. Log in to Cloud Security (InsightCloudSec) using one of these methods:

    • From the Command Platform, select Cloud Security (InsightCloudSec) to launch the onboarding wizard.
    • Navigate to your unique Cloud Security (InsightCloudSec) URL and log in. The onboarding wizard appears automatically.

    The onboarding wizard should take you back to the Oracle Cloud Admin Instructions page.

  2. Enter the account information provided by your administrator:

    • Nickname
    • User ID
    • Tenancy ID
    • Key Content
    • Fingerprint

  3. Specify the Home Region where your services are hosted. Refer to the OCI commercial documentation for a list of valid regions.

    • If you’re using Government or Sovereign Cloud, specify the correct region from the OCI Government Cloud documentation.
    • If you’re using a Dedicated Realm (DRCC), leave the Home Region field blank.

  4. Select Connect Account to complete the setup.

Admin User Instructions

As an admin, you must prepare your Account(s) for the connection with Cloud Security (InsightCloudSec) by creating a group, adding a new user and API key to it, and creating a new policy for the user. For more information on the custom roles that Cloud Security (InsightCloudSec) provides, review OCI Overview & Support.

⚠️

Providing details to a non-admin user?

If you are providing details to a non-admin user to onboard the Account, ensure that the credentials you share with the non-admin user will include the appropriate access and enable them to connect your account with Cloud Security (InsightCloudSec) successfully. We recommend using a secure file sharing system to provide credentials to your non-admin user.

OCI Admin Onboarding Prerequisites
Copy link

  • Domain Admin permissions within Cloud Security (InsightCloudSec)
  • An existing OCI account with the appropriate access to grant Cloud Security (InsightCloudSec) access to your cloud account(s)

Prepare OCI for Onboarding
Copy link

To enable your user to onboard a cloud account for Oracle Cloud Infrastructure you need to complete the following steps in OCI:

Step 1: Create a group

Create a new group to enable the creation of the required user. Groups are required because IAM permissions are linked to groups and not individual accounts.

  1. Login to the Oracle console using the tenant you would like to connect to Cloud Security (InsightCloudSec).
  2. From the main navigation menu icon at the top left, select Identity & Security and then select Domains.
  3. Select your domain from the list.
  4. Select Groups from the side navigation and then click Create group.
  5. Enter a name for your group (example: Cloud Security (InsightCloudSec)), and then click Create.

Step 2: Create a user and add an API key

Create a new user for the new group and create a new API key for the user. In OCI, an API Key is an RSA key pair in PEM format used for signing API requests.

  1. From the main domain page in the Oracle Console, select Users and then click Create user.
  2. Complete the required user details, ensuring that the user is included in the group you just created.
  3. Click Create. Once created, you will be redirected to the newly-created user’s page.
  4. From the new user page, select API keys and click Add API key. This generates the key pair for signing API requests.
  5. Click Download private key, and then click Add.
  6. In the Configuration file preview, copy the contents and save them in a safe location. The preview contains the User ID, Tenancy ID, and Fingerprint, which are necessary for connecting the account in Cloud Security (InsightCloudSec).

Step 3: Create a policy

  1. From the main menu icon at the top left, go to Identity & Security > Policies, and then click Create Policy.
  2. Complete the required policy details and enable the Show manual editor option.
    1. In the Policy Builder section, paste in the text for the policy. Cloud Security (InsightCloudSec) provides policies on the OCI Overview & Support page.
    2. Ensure that the group name matches that of the group created in Step 1.
  3. Click Create to submit the completed form.

Connect the account in Cloud Security (InsightCloudSec)
Copy link

After you generate the details necessary in OCI for onboarding, connect the account in Cloud Security (InsightCloudSec).

First-time Users

  1. Login to Cloud Security (InsightCloudSec) using one of the methods below:
    • In the Insight Platform, click Cloud Security (InsightCloudSec) to launch the onboarding wizard.
    • Open a browser window to your unique Cloud Security (InsightCloudSec) URL and login. The onboarding wizard will appear automatically.
  2. On the Welcome screen, review key features and capabilities, then click Onboard a Cloud Account.
  3. On the Cloud Service Providers screen, select Oracle Cloud.
  4. Select Yes - I have root user access…, then click Next.
  5. On the 1. Authentication tab, enter the following:
    1. User ID
    2. Tenancy ID
    3. Key Content
    4. Fingerprint
  6. Click Next.
  7. Click Next again to skip to 3. Finalize Connection.
  8. Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
  9. Specify the Home Region where your services are hosted. Refer to the OCI commercial documentation for a list of valid regions.
    • If you’re using Government or Sovereign Cloud, specify the correct region from the OCI Government Cloud documentation.
    • If you’re using a Dedicated Realm (DRCC), leave the Home Region field blank.
  10. Click Connect Account.

Returning Users

  1. Login to Cloud Security (InsightCloudSec) using one of the methods below:
    • In the Insight Platform, click the Cloud Security (InsightCloudSec) tile.
    • Open a browser window to your unique Cloud Security (InsightCloudSec) URL and login.
  2. Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
  3. Click the + Add Cloud button in the top right-hand corner.
  4. Click the Oracle Cloud button.
  5. On the 1. Authentication tab, enter the following:
    1. User ID
    2. Tenancy ID
    3. Key Content
    4. Fingerprint
  6. Click Next.
  7. Click Next again to skip to 3. Finalize Connection.
  8. Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
  9. Specify the Home Region where your services are hosted. Refer to the OCI commercial documentation for a list of valid regions.
    • If you’re using Government or Sovereign Cloud, specify the correct region from the OCI Government Cloud documentation.
    • If you’re using a Dedicated Realm (DRCC), leave the Home Region field blank.
  10. Click Connect Account.

Success! You onboarded an Account

Congratulations on successfully onboarding an Oracle Cloud Account! Cloud Security (InsightCloudSec) will now detect if there are any missing permissions that could cause impaired visibility into your Account. For information about modifying an existing onboarded account, check out the Cloud Account Setup & Management page.