Connect an Oracle Cloud Infrastructure (OCI) Account
After InsightCloudSec is successfully installed, you're ready to start harvesting data from your Accounts, which requires configuring Oracle Cloud to "talk" with InsightCloudSec securely. As your inventory grows and your cloud accounts are fully visible, you can then begin to leverage the rest of InsightCloudSec, including Insights, Bots, Layered Context, and more.
This page and the functionality detailed here refer to the provider-specific Accounts capability available under Cloud > Cloud Accounts.
Opening the Cloud Account Onboarding Interface
Before you can begin the onboarding process, you'll need to navigate to the Cloud Account Onboarding interface, which provides a different experience depending on the type of user you are:
User | Description | Experience |
---|---|---|
First-time User | InsightCloudSec is freshly deployed and this will be the first time a Cloud Service Provider (CSP) has been onboarded. | Platform Users: Onboarding wizard launched from Platform Home by clicking the InsightCloudSec tile. InsightCloudSec Only Users: The onboarding wizard appears automatically after logging in using your unique InsightCloudSec URL. |
Returning User | InsightCloudSec has one or more CSPs already onboarded and you would like to add a new account. | Launched from within InsightCloudSec. Not a wizard. |
Admin User | You can login to the cloud provider and have the appropriate access to grant InsightCloudSec access to your account(s). | As an admin, you will need to complete some specific tasks within your Cloud Service Provider's (CSP) console to generate details needed for onboarding that either you or a non-admin user can input to InsightCloudSec. |
Non-Admin User | You can interact with InsightCloudSec and would like to onboard an account(s) but do not have the appropriate CSP access to grant InsightCloudSec access to your account(s). | You will need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information you need to complete onboarding. |
Connect an Oracle Cloud Account
A couple methods for onboarding your OCI Accounts are available depending on whether you're a non-admin or admin user.
Resuming cloud onboarding to InsightCloudSec
If you close the interface before completing Account onboarding, you can resume onboarding from the page you were on last.
Non-Admin User Instructions
Ask an admin for required information
As a non-admin user, you need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information needed to complete onboarding.
First-time Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click InsightCloudSec to launch the onboarding wizard.
- Open a browser window to your unique InsightCloudSec URL and login. The onboarding wizard will appear automatically.
- On the Welcome screen, review key features and capabilities, then click Onboard a Cloud Account.
- On the Cloud Service Providers screen, select Oracle Cloud.
- Select No - Help me identify the details needed, then click Next.
- Click the Copy button in the Oracle Cloud Admin Instructions text box and share them with the admin.
Returning Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click the InsightCloudSec tile.
- Open a browser window to your unique InsightCloudSec URL and login.
- Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
- Click the + Add Cloud button in the top right-hand corner.
- Click the Oracle Cloud button.
- Click Don't have admin access? in the bottom right-hand corner of the window.
- Click the Copy button in the Oracle Cloud Admin Instructions text box and share them with the admin.
Finalize the Connection
When your admin has completed their steps and provided the information to you, you can now connect the Account.
First-time Users
- Return to InsightCloudSec using one of the methods below:
- In the Insight Platform, click InsightCloudSec to launch the onboarding wizard.
- Open a browser window to your unique InsightCloudSec URL and login. The onboarding wizard will appear automatically.
- The wizard should automatically return you to the Oracle Cloud Admin Instructions page.
- Enter the following information (provided by your admin):
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Copy/paste the following:
- User ID
- Tenancy ID
- Key Content
- Fingerprint
- Optionally, adjust the Home Region.
- Click Connect Account.
Returning Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click the InsightCloudSec tile.
- Open a browser window to your unique InsightCloudSec URL and login.
- Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
- Click the + Add Cloud button in the top right-hand corner.
- Click the Oracle Cloud button.
- Click Don't have admin access? in the bottom right-hand corner of the window.
- Enter the following information (provided by your admin):
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Copy/paste the following:
- User ID
- Tenancy ID
- Key Content
- Fingerprint
- Optionally, adjust the Home Region.
- Click Connect Account.
Admin User Instructions
As an admin, you must prepare your Account(s) for the connection with InsightCloudSec by creating a group, adding a new user and API key to it, and creating a new policy for the user. For more information on the custom roles that InsightCloudSec provides, review OCI Overview & Support.
Providing details to a non-admin user?
If you are providing details to a non-admin user to onboard the Account, ensure that the credentials you share with the non-admin user will include the appropriate access and enable them to connect your account with InsightCloudSec successfully. We recommend using a secure file sharing system to provide credentials to your non-admin user.
OCI Admin Onboarding Prerequisites
- Domain Admin permissions within InsightCloudSec
- An existing OCI account with the appropriate access to grant InsightCloudSec access to your cloud account(s)
Prepare OCI for Onboarding
To enable your user to onboard a cloud account for Oracle Cloud Infrastructure you need to complete the following steps in OCI:
Step 1: Create a group
Create a new group to enable the creation of the required user. Groups are required because IAM permissions are linked to groups and not individual accounts.
- Login to the Oracle console using the tenant you would like to connect to InsightCloudSec.
- From the main navigation menu icon at the top left, select Identity & Security and then select Domains.
- Select your domain from the list.
- Select Groups from the side navigation and then click Create group.
- Enter a name for your group (example:
InsightCloudSec
), and then click Create.
Step 2: Create a user and add an API key
Create a new user for the new group and create a new API key for the user. In OCI, an API Key is an RSA key pair in PEM format used for signing API requests.
- From the main domain page in the Oracle Console, select Users and then click Create user.
- Complete the required user details, ensuring that the user is included in the group you just created.
- Click Create. Once created, you will be redirected to the newly-created user's page.
- From the new user page, select API keys and click Add API key. This generates the key pair for signing API requests.
- Click Download private key, and then click Add.
- In the Configuration file preview, copy the contents and save them in a safe location. The preview contains the User ID, Tenancy ID, and Fingerprint, which are necessary for connecting the account in InsightCloudSec.
Step 3: Create a policy
- From the main menu icon at the top left, go to Identity & Security > Policies, and then click Create Policy.
- Complete the required policy details and enable the Show manual editor option.
- In the Policy Builder section, paste in the text for the policy. InsightCloudSec provides policies on the OCI Overview & Support page.
- Ensure that the group name matches that of the group created in Step 1.
- Click Create to submit the completed form.
Connect the account in InsightCloudSec
After you generate the details necessary in OCI for onboarding, connect the account in InsightCloudSec.
First-time Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click InsightCloudSec to launch the onboarding wizard.
- Open a browser window to your unique InsightCloudSec URL and login. The onboarding wizard will appear automatically.
- On the Welcome screen, review key features and capabilities, then click Onboard a Cloud Account.
- On the Cloud Service Providers screen, select Oracle Cloud.
- Select Yes - I have root user access..., then click Next.
- On the 1. Authentication tab, enter the following:
- User ID
- Tenancy ID
- Key Content
- Fingerprint
- Click Next.
- Click Next again to skip to 3. Finalize Connection.
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Optionally, adjust the Home Region.
- Click Connect Account.
Returning Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click the InsightCloudSec tile.
- Open a browser window to your unique InsightCloudSec URL and login.
- Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
- Click the + Add Cloud button in the top right-hand corner.
- Click the Oracle Cloud button.
- On the 1. Authentication tab, enter the following:
- User ID
- Tenancy ID
- Key Content
- Fingerprint
- Click Next.
- Click Next again to skip to 3. Finalize Connection.
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Optionally, adjust the Home Region.
- Click Connect Account.
Success! You onboarded an Account
Congratulations on successfully onboarding an Oracle Cloud Account! InsightCloudSec will now detect if there are any missing permissions that could cause impaired visibility into your Account. For information about modifying an existing onboarded account, check out the Cloud Account Setup & Management page.