From 1b3390cff0efe289ba21b446967fce5ad8cb5751 Mon Sep 17 00:00:00 2001 From: Bryce Eadie Date: Thu, 4 Jun 2026 12:47:31 -0700 Subject: [PATCH 1/2] [DOCS-14639] Update Oracle Fusion integration setup guide --- .../guide/oracle-fusion-integration-setup.md | 58 ++++++++----------- 1 file changed, 24 insertions(+), 34 deletions(-) diff --git a/content/en/integrations/guide/oracle-fusion-integration-setup.md b/content/en/integrations/guide/oracle-fusion-integration-setup.md index b9f65a8339b..04dabe2a1f8 100644 --- a/content/en/integrations/guide/oracle-fusion-integration-setup.md +++ b/content/en/integrations/guide/oracle-fusion-integration-setup.md @@ -19,8 +19,6 @@ Datadog queries Oracle Fusion REST APIs, including enterprise service scheduler 2. [**Integration User**](#create-a-fusion-integration-user): A dedicated Fusion user with read-only and ESS-related roles, created in Fusion Security Console. 3. [**Role Assignments**](#assign-required-roles): Permissions for Datadog to read job logs and REST resources, granted to the integration user. 4. [**Datadog tile configuration**](#configure-the-datadog-tile): The credentials and URLs collected during setup, entered in the Oracle Fusion integration tile. -5. [**Confidential application user assignment**](#link-the-confidential-application-to-the-integration-user-optional) (optional): Associates the integration user with the confidential application so that OAuth tokens carry the correct identity and roles. - After configuration is complete, Datadog obtains OAuth access tokens from your Fusion Identity Domain and uses them to call your Fusion REST APIs. ## Prerequisites @@ -36,17 +34,21 @@ After configuration is complete, Datadog obtains OAuth access tokens from your F Create an OAuth client that Datadog uses to authenticate against your Fusion Identity Domain. -1. Navigate to **Identity & Security** > **Domains** and open the Identity Domain Console. -2. Navigate to **Applications** > **Add Application** > **Confidential Application**. -3. Enter a name such as `Datadog Fusion Integration`. -4. Under **Resources**, add your Fusion Applications resource server. -5. Select the appropriate scope; for example, `urn:opc:resource:fa:instanceid=urn:opc:resource:consumer::all`. This grants the confidential client access to call REST APIs for the Fusion instance. -6. Save and **Activate** the application. -7. Copy the following values to enter in Datadog later: - - **Client ID** - - **Client Secret** - - **Scope** - - **Token Endpoint (OAuth URL)**: `https:///oauth2/v1/token` +1. Navigate to **Identity & Security** > **Domains** and open the Identity Domain associated with your Oracle Fusion instance. +2. Navigate to **Integrated Applications** > **Add Application** > **Confidential Application**. +3. Enter a name such as `Datadog Fusion Integration` and click **Create**. +4. Navigate to **OAuth Configuration** > **Edit OAuth configuration** and configure the following settings: + 1. Select **Configure this application as a client now** and check **Client credentials** under **Allow grant types**. + 1. Enable **Bypass consent** and allow client IP addresses from anywhere. + 1. Under **Token Issuance Policy**, select **Specific** and toggle **Add Resources** on. + 1. Under **Resources**, select **Add scope** and choose your Fusion application, typically called **Fusion Applications Cloud Service**. + 1. Leave all other fields as default. +5. Save the OAuth configuration changes, then activate the application under **Actions** at the top of the screen. +6. Copy the following values to enter in Datadog later: + - **Client ID**: Found under **OAuth Configuration** > **General Information** + - **Client Secret**: Found under **OAuth Configuration** > **Client Secret** + - **Scope**: Found under **OAuth Configuration** > **Resources** > **Scope** + - **Token Endpoint (OAuth URL)**: `https://idcs-.identity.oraclecloud.com/oauth2/v1/token`. The identity domain value is found under **Domain Details** > **Domain URL**. For more information, see [Configure OAuth Using Client Credentials Grant Type][1] in the Oracle documentation. @@ -66,11 +68,13 @@ Grant the following roles to the integration user so that Datadog can read ESS l 1. In Fusion, navigate to **Security Console** > **Users** > **Edit User** > **Roles** > **Add Role**. 2. Assign the following roles: -| Role | Purpose | -|------|---------| -| ESS Monitor | Read ESS job requests and job logs | -| Integration Specialist | Access ERP Integration REST endpoints | -| Internal Auditor | Read-only access to audit data | +| Role | Code | Purpose | +|------|------|---------| +| ESS Monitor | `ESSMonitor` | Read ESS job requests and job logs | +| Integration Specialist | `ORA_FND_INTEGRATION_SPECIALIST_JOB` | Access ERP Integration REST endpoints | +| Internal Auditor | `ORA_FND_INTERNAL_AUDITOR_JOB` | Read-only access to audit data | + +
The ESS Monitor role cannot be assigned directly to a user. To assign it, navigate to Security Console > Roles > Create Role, add ESSMonitor under Role Hierarchy, then assign the new role to the integration user.
## Configure the Datadog tile @@ -84,28 +88,14 @@ In the Datadog UI, enter the following values in the Oracle Fusion integration t ## Validation -If you enabled ESS and audit logs during account creation, Datadog automatically validates your credentials and displays error messages with suggested remedies if the connection fails. +Datadog automatically validates your credentials and displays error messages with suggested remedies if the connection fails. To confirm the integration is working after your account is created: - In the [Log Explorer][2], filter by `source:oracle-fusion` to view ESS and audit logs. - In the [Metrics Explorer][3], search for `oracle.fusion.*` to view Oracle Fusion metrics, such as `oracle.fusion.ess.jobs`. -If the integration is not returning data, see the [optional linking step](#link-the-confidential-application-to-the-integration-user-optional) below. - -## Link the confidential application to the integration user (optional) - -This step may not be required for all environments. - -To associate the integration user with the confidential application so that OAuth tokens correctly represent the user: - -1. In the Identity Domain Console, navigate to **Applications** > **Datadog Fusion Integration** (your confidential application). -2. Select **Users**. -3. Click **Assign Users**. -4. Select the user created in Fusion Security Console. If the user is not present in the Identity Domain, create a new user with the username set to the client ID from the previous step. Users in the Security Console and the Identity Domain must have the same username. -5. Save. - -This association confirms that tokens issued when Datadog authenticates using client credentials carry the identity and roles of the integration user. +If the integration is not returning data, verify that you have enabled logging in Fusion. Navigate to **Setup and Maintenance** > **Manage Audit Policies** and set all audit levels to **High**. ## Further reading From 258af1114d7bc6848fca73939dc16c729eb93440 Mon Sep 17 00:00:00 2001 From: Bryce Eadie Date: Thu, 4 Jun 2026 14:34:36 -0700 Subject: [PATCH 2/2] Update content/en/integrations/guide/oracle-fusion-integration-setup.md Co-authored-by: EamonBrady1 --- .../en/integrations/guide/oracle-fusion-integration-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/integrations/guide/oracle-fusion-integration-setup.md b/content/en/integrations/guide/oracle-fusion-integration-setup.md index 04dabe2a1f8..00558cfebd0 100644 --- a/content/en/integrations/guide/oracle-fusion-integration-setup.md +++ b/content/en/integrations/guide/oracle-fusion-integration-setup.md @@ -74,7 +74,7 @@ Grant the following roles to the integration user so that Datadog can read ESS l | Integration Specialist | `ORA_FND_INTEGRATION_SPECIALIST_JOB` | Access ERP Integration REST endpoints | | Internal Auditor | `ORA_FND_INTERNAL_AUDITOR_JOB` | Read-only access to audit data | -
The ESS Monitor role cannot be assigned directly to a user. To assign it, navigate to Security Console > Roles > Create Role, add ESSMonitor under Role Hierarchy, then assign the new role to the integration user.
+
The ESS Monitor role cannot be assigned directly to a user. To assign it, navigate to Security Console > Roles > Create Role to create a custom role, add ESSMonitor under Role Hierarchy, then assign the new role to the integration user.
## Configure the Datadog tile