Oracle® Cloud

Administering Oracle Visual Builder

F35575-03
December 2020
Oracle Cloud Administering Oracle Visual Builder,

F35575-03

Copyright © 2018, 2020, Oracle and/or its affiliates.

Primary Author: Oracle Corporation

This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
any programs embedded, installed or activated on delivered hardware, and modifications of such programs)
and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government
end users are "commercial computer software" or "commercial computer software documentation" pursuant
to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such,
the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works,
and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs
embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle
computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the
license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud
services are defined by the applicable contract for such services. No other rights are granted to the U.S.
Government.

This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,
and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered
trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise
set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not
be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,
products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents

1 Preface
Audience 1-1
Related Resources 1-1
Conventions 1-1

2 Getting Started
Set Up Oracle Visual Builder 2-1

3 Create Your Service Instance

Create a QuickStart Instance with a Single Click 3-1
Create a Custom Instance 3-2
Start or Stop an Oracle Visual Builder Instance 3-3

4 Add Users and Assign Roles

Oracle Visual Builder Roles and Privileges 4-1
Predefined Roles in PaaS and Application Layers 4-1
Privileges Available to Roles in Oracle Visual Builder 4-2
Roles Required for Git Integration 4-3
Add Users to a Cloud Account with IDCS 4-3
Add Users 4-3
Assign Roles to Users 4-4
Add Users to a Traditional Cloud Account 4-6

5 Administrative Tasks
Manage Applications in the Service Instance 5-1
Access Instance Settings 5-2
Configure Security Options for Applications 5-4
Assign Roles for Users to Access an Application 5-4
Set Page Messages for Access Denied Errors 5-5

iii
Allow Other Domains Access to Services 5-6
Switch to Your Own Oracle DB Instance 5-6
Reset an Expired Password or ATP Wallet for Your Oracle DB Instance 5-9
Add a Connection to Integration Applications 5-10
Add a Connection to Oracle Cloud Applications 5-11
Add a Connection to Process Cloud Service 5-13
Manage Self-signed Certificates 5-14
Manage Your Component Exchange 5-15
What is a Component Exchange? 5-16
About Component Exchanges Hosted in VB Studio Projects 5-16
Add a Connection to a Component Exchange 5-18
Configure Support for a Custom Domain 5-19
Create a WAF Policy 5-20
Create and Configure a Subdomain and Configure SSL in the WAF Policy 5-22

iv
1
Preface
Describes tasks for administrators of Oracle Visual Builder.

Audience
Administrator’s Guide for Oracle Visual Builder Cloud Service is intended for
administrators who will set up and configure the service.

Related Resources
For more information, see these Oracle resources:
• Oracle Public Cloud
http://cloud.oracle.com
• About Oracle Visual Builder in Developing Applications with Oracle Visual Builder
• Oracle Cloud Infrastruture Documentation

Conventions
The following text conventions are used in this document:

Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.

1-1
2
Getting Started
To set up an Oracle Visual Builder service, tasks such as creating service instances
and user accounts need to be performed by Oracle Cloud service administrators with
specific roles.
If you are a Visual Builder administrator you might not have sufficient privileges to
perform the tasks described in this section, but you should be familiar with the steps
for setting up the service and the various roles, processes and tools for administering
Oracle Cloud services and users.

Set Up Oracle Visual Builder

Here are the steps for signing up for an Oracle Visual Builder promotion or
subscription and creating a service instance:
1. Sign up for a free credit promotion or purchase a subscription. For details about
the options, see Sign Up for the Free Oracle Cloud Promotion and Buy an Oracle
Cloud Subscription in Oracle Cloud Infrastructure Documentation.
After you sign up for an account you will receive an email message with details
about your Oracle Cloud account and how to access your services.

Note:
After signing up, it typically takes approximately 30 minutes before your
services are available in the Oracle Cloud Infrastructure Console. You
can start creating instances after your services are available.

2. Sign in to Oracle Cloud.

If you received a welcome email, use it to identify the URL, your user name, and
your temporary password. After signing in, you will be prompted to change your
password.

3. In the Oracle Cloud Infrastructure Console, click the navigation menu in the top
left corner, expand Platform Services in the list and then click Visual Builder.

The Oracle Visual Builder console opens in a new tab.

4. When you access the Oracle Visual Builder console the first time, you see the
Welcome page. Click Instances.

2-1
 Chapter 2
Set Up Oracle Visual Builder

5. From the Instances page, you can create a new Oracle Visual Builder instance, or
you can click an existing instance to view or manage it.
6. Provision your service instance. See Create Your Service Instance.
7. Create accounts for your users and assign them appropriate privileges and roles.
See Add Users and Assign Roles.

2-2
3
Create Your Service Instance
After subscribing to Oracle Visual Builder, you can provision instances of Oracle Visual
Builder using the Quick Start or using the custom template.

Topics:
• Create a QuickStart Instance with a Single Click
• Create a Custom Instance
• Start or Stop an Oracle Visual Builder Instance

Create a QuickStart Instance with a Single Click

After you sign up for your Oracle Cloud account and your services are available, you
can create a QuickStart instance of Oracle Visual Builder with a single click from
the Oracle Visual Builder console. If want to select the instance's region or identity
domain, you'll need to create a custom instance instead of using the QuickStart.
When your services are available, a link for creating a new instance is provided in
the Oracle Visual Builder console. If you have already created some services for your
account it might be more convenient for you to access the page for creating instances
from the Dashboard in the Oracle Visual Builder console.
This QuickStart template automatically creates an instance with the following features:
• Oracle Visual Builder.
• Oracle-managed instance.
• Two-node cluster.
• An embedded database.
The instance's region and identity domain are selected for you based on your account.
To create new instances using QuickStarts:
1. Sign in to Oracle Cloud.

2. From the Infrastructure Console, click the navigation menu in the top left
corner, expand Platform Services, and then click Visual Builder.
3. Click QuickStarts at the top of the Instances page.
The Create Instance page contains a field where you enter the name of the new
instance and a description of the features of the QuickStart instance.

3-1
 Chapter 3
Create a Custom Instance

4. Type the instance name in the Instance Name field. Click Create.
If you do not change the default generated value for the Instance Name, you will
encounter an error when you attempt to create the instance.
5. Wait for the instance creation process to finish.

Create a Custom Instance

You can get started quickly by using a brief template that provides you with a pre-
provisioned Oracle Visual Builder instance.
To create an instance:
1. Sign in to Oracle Cloud.

2. From the Infrastructure Console, click the navigation menu in the top left
corner, expand Platform Services, and then click Visual Builder to open the
Instances page.
The Instances tab displays a list of your service instances and the resources
allocated to the instances. If you do not have any service instances you will see a
message with links to information on creating an instance.
3. Click Create Instance to open the Create Instance page.

3-2
 Chapter 3
Start or Stop an Oracle Visual Builder Instance

4. In the Details section:

a. Specify the Instance Name, Description and Notification Email.
b. Select the compute region from which to perform the installation.
c. Select or define tags for the service instance.
d. Select the identity domain you'll use to verify users and resources for this
instance.
5. In the Special Instructions section:
a. Select the I have special instructions from Oracle checkbox if you have
received a special code from Oracle after filing a Service Request (SR). In
some atypical circumstances, Oracle may provide you with a special code to
be used during the automated provisioning flow. If you have been issued a
special provisioning code, select the checkbox, and enter the code exactly as
provided to you.
b. In the Special Tag field, enter the special code that Oracle communicated to
you through the SR that you filed.
6. Click Next, confirm your selections, then click Create.
When the instance is ready to use it appears in the Oracle Visual Builder console.

Start or Stop an Oracle Visual Builder Instance

You can start or stop an Oracle Visual Builder instance in the Infrastructure Console.
Billing is stopped for the duration that the instance is stopped.
To start or stop an Oracle Visual Builder instance:
1. Sign in to the Oracle Cloud Infrastructure Console.

2. From the Infrastructure Console, click the navigation menu in the top left
corner, expand Platform Services, and then click Visual Builder to open the
Instances page.
3. Identify the instance to start or stop.

3-3
 Chapter 3
Start or Stop an Oracle Visual Builder Instance

To start an instance:

a. From the menu to the right of the instance name, select Start.
b. Click Yes when prompted to confirm your selection.
To stop an instance:

a. From the menu to the right of the instance name, select Stop.

b. Click Yes when prompted to confirm your selection.

3-4
4
Add Users and Assign Roles
User roles define the privileges available to a user and the tasks that the user can
perform. You can grant users various roles to enable them to access, administer, and
use Oracle Visual Builder.

Topics:
• Oracle Visual Builder Roles and Privileges
• Add Users to a Cloud Account with IDCS
• Add Users to a Traditional Cloud Account

Oracle Visual Builder Roles and Privileges

A role includes privileges that allow users to perform various tasks. All Oracle
Cloud services have some predefined roles for performing tasks when setting up,
administering, managing, and using a service. There are predefined roles for the PaaS
layer, the application layer and Oracle Visual Builder.
The PaaS-layer roles govern access to WebLogic Server. The application-layer
predefined roles include ServiceAdministrator, ServiceMonitor, ServiceDeveloper,
ServiceDeployer, and ServiceUser, but only some of these roles are used and mapped
to the predefined roles used in Oracle Visual Builder. To perform tasks in Oracle Visual
Builder, the user must be assigned to one of the Oracle Visual Builder predefined
roles. Users can hold multiple roles depending on their responsibilities. For example, a
user might be granted both the ServiceAdministrator and ServiceMonitor roles, but any
privileges granted by the role of ServiceMonitor are ignored in Oracle Visual Builder.

Predefined Roles in PaaS and Application Layers

The following table describes the predefined roles available in the PaaS layer and the
application layer.

Predefined Roles Description

PaaS-Layer Predefined Roles Govern access to WebLogic Server
Administrators A user with the Administrators role can:
• View the server configuration, including the encrypted value of
some encrypted attributes
• Modify the entire server configuration
• Deploy Enterprise Applications and Web application, EJB, Java
EE Connector, and Web Service modules
• Start, resume, and stop servers

4-1
 Chapter 4
Oracle Visual Builder Roles and Privileges

Predefined Roles Description

Deployers A user with the Deployers role can:
• View the server configuration, including some encrypted
attributes related to deployment activities
• Change startup and shutdown classes, Web applications,
JDBC data pool connections, EJB, Java EE Connector, Web
Service, and WebLogic Tuxedo Connector components. If
applicable, edit deployment descriptors.
• Access deployment operations in the Java EE Deployment
Implementation (JSR-88)
Monitors A user with the Monitors role can:
• View the server configuration, except for encrypted attributes
• Get read-only access to WebLogic Server Administration
Console, WLST, and MBean APIs
Operators A user with the Operators role can:
• View the server configuration, except for encrypted attributes
• Start, resume, and stop servers
Application-Layer Predefined Roles Govern access to the various Oracle Visual Builder features:
ServiceAdministrator A user with the ServiceAdministrator role is a super user who
can manage and administer the administrator settings of an Oracle
Visual Builder instance.
ServiceMonitor This role is not used in Oracle Visual Builder
ServiceDeveloper A user with the ServiceDeveloper role can develop applications in
an Oracle Visual Builder instance.
ServiceDeployer This role is not used in Oracle Visual Builder.
ServiceUser A user with the ServiceUser role has privileges to utilize only the
basic functionality of a feature such as access to the staged and
published applications.

Privileges Available to Roles in Oracle Visual Builder

There are three predefined roles in Oracle Visual Builder, and these roles are mapped
to specific application-layer roles. The following table lists Oracle Visual Builder
predefined roles and the tasks that users granted those roles can perform.

Oracle Visual Mapped Role Tasks Users Can Perform in Oracle Visual Builder
Builder Predefined Role
Visual Builder Administrator ServiceAdministrator A user with this role can:
• Use the visual design tool
• Create, manage, and change the owners of applications
• Create associations with other services
• Configure security options for applications in an instance
• Specify error messages for Access Denied pages
Visual Builder Developer ServiceDeveloper A user with this role can:
• Use the visual design tool
• Create, manage, secure, and publish web and mobile
applications
• Design pages, work with business objects, build and test
applications

4-2
 Chapter 4
Add Users to a Cloud Account with IDCS

Oracle Visual Mapped Role Tasks Users Can Perform in Oracle Visual Builder
Builder Predefined Role
Visual Builder User ServiceUser A user with this role can only access staged and published
applications. The default permission is enforced only when the
service administrator adjusts security settings for the entire
service instance to restrict all access to runtime applications
to the users granted this role.

Roles Required for Git Integration

Oracle Visual Builder can be integrated with Git repositories hosted in Oracle Visual
Builder Studio projects. When configuring integration with a Git repository, to access
the Git repository the user will need to supply the credentials of a user in IDCS with the
DEVELOPER_USER role for authentication.
If you have configured Single Sign-On (SSO) so that IDCS federates to another
identity provider (IdP), the SSO user credentials can't be used to access the Git
repository. You'll need to define a new user in IDCS with the DEVELOPER_USER role
and use the new user's credentials when configuring the Git integration.

Add Users to a Cloud Account with IDCS

If you are using an Oracle Cloud Account with Oracle Identity Cloud Service (IDCS),
then you can use Users tab on the Oracle Visual Builder console to access the
features of IDCS to manage users and security for your Oracle Cloud services.

Add Users
After Oracle Visual Builder is provisioned, you need to create the required user
accounts in the identity domain of your Oracle Visual Builder instance.
Only a user with the Identity Domain Administrator role or the User Administrator
role through delegated administration can create user accounts. When Oracle
Visual Builder is provisioned, the Identity Domain Administrator account is created
automaticatlly.
To add a user account, you need to know the first name, last name, and email address
of the user.
1. Sign in to Oracle Cloud.

2. From the Infrastructure Console, click the navigation menu in the top left
corner, expand Platform Services, and then click Visual Builder to open the
Instances page.
3. In the Oracle Visual Builder console, click Users.
4. On the User Management page in the Oracle Visual Builder console, click Identity
Console.
5. On the User Management page in the Oracle Identity Cloud Service console, click
Add.
6. In the First Name and Last Name fields of the Add User dialog, enter the user’s
first and last name.

4-3
 Chapter 4
Add Users to a Cloud Account with IDCS

To have the user log in to Oracle Visual Builder with their email address:
a. Leave the Use the email address as the user name check box selected.
b. In the User Name/Email field, enter the email address for the user account.
To have the user log in to Oracle Visual Builder with their user name:
a. Clear the Use the email address as the user name check box.
b. In the User Name field, enter the user name that the user is to use to log in to
the Oracle Identity Cloud Service console.
c. In the Email field, enter the email address for the user account.

7. To assign the user account to a group, click Next. Otherwise, click Finish.
8. In the Add User window, select the check box for each group that you want to
assign to the user account. Click Finish.
After the user account is created, the user receives an email with the sign-in
credentials.
For more details about creating and managing users, see Managing Users with
Identity Cloud Service Accounts in Managing and Monitoring Oracle Cloud.

Assign Roles to Users

The Identity Domain Administrator must assign roles to users to specify the tasks they
can perform in Oracle Visual Builder. A user can have more than one role.
The role assigned to the user determines the privileges and tasks the user can
perform in Oracle Visual Builder. See Oracle Visual Builder Roles and Privileges for a
description of the various predefined roles available in Oracle Visual Builder.
1. Sign in to Oracle Cloud.

2. From the Infrastructure Console, click the navigation menu in the top left
corner, expand Identity, and then click Federation.
3. In the Federation page, click the Oracle Identity Cloud Service Console link.

4-4
 Chapter 4
Add Users to a Cloud Account with IDCS

If multiple instances are listed, click the Oracle Identity Cloud Service Console
link for the console instance you want to open.

4. From the Oracle Identity Cloud Service console, click the navigation menu in
the top left corner, and then click Applications.
5. Click the link for your Oracle Visual Builder instance.
You can use the filter to help you locate your instance. For Oracle Visual Builder
instances you might want to search for the name of your instance appended with
“vb” (for example, “Testvb”, or “VISUALBUILDERAUTO_Testvb”.
6. Click the Application Roles tab.
7. To grant a role to users:
a. Click the menu options icon shown next the role, and select Assign Users. If
you want to assign the role to a group, you need to select Assign Groups.
b. Select the check box next to the name of each user that you want to add to the
role, and then click Assign.

4-5
 Chapter 4
Add Users to a Traditional Cloud Account

Add Users to a Traditional Cloud Account

Oracle Traditional Cloud Accounts use traditional Identity and Access Management
software to manage users and security, as opposed to Cloud Accounts with IDCS,
which use Oracle Identity Cloud Service for these tasks.
Oracle Traditional Cloud Accounts use Oracle Shared Identity Manager (SIM)
for identity management and authentication to access Oracle Visual Builder and
applications developed with Visual Builder. An identity domain administrator can use
the options on the Oracle Visual Builder console to manage users and their roles for
Oracle Visual Builder applications and services. Roles assigned to users in SIM are
used to determine the following:
• developer access to Oracle Visual Builder
• user access to applications developed in Oracle Visual Builder that implement
role-based security
• developer and user access to services exposed in Oracle Visual Builder and visual
applications
A developer can set the authentication requirements for an application and create
application roles that are mapped to custom roles in SIM. After creating the application
roles, the developer can configure role-based security for the pages, components and
business objects in the application. Authentication to access a visual application is
determined by the roles assigned to users in SIM.
A developer’s role in Oracle SaaS determines the content and services in the Oracle
SaaS service instance that are available to the Oracle Visual Builder developer. For
example, the Oracle Visual Builder services catalog might be empty if the developer is
not assigned a role with sufficient privileges. Oracle Visual Builder and other offerings
on the Oracle PaaS platform don’t use the same identity management stack as Oracle
SaaS services, but support for Single Sign-On (SSO) between Oracle PaaS services
using Oracle Shared Identity Manager (SIM) and Oracle SaaS services such as Oracle
Sales Cloud can be set up when they are in the same data center and identity
domain. For SSO to work, Oracle SaaS identities need to be regularly synchronized
to the Oracle PaaS SIM user store. Roles and corresponding role assignments can be
synchronized in order to support role-based access used in your applications.
The following table briefly describes the steps for adding users, assigning roles, and
synchronizing Oracle Sales Cloud and Oracle Visual Builder user accounts and roles.

4-6
 Chapter 4
Add Users to a Traditional Cloud Account

Task Description
Add users and assign roles The identity domain administrator creates
user accounts and assigns roles to the users
in the instance of Oracle Visual Builder
that you access from the Oracle Cloud
Infrastructure Classic Console.
Users that will develop applications with Oracle
Visual Builder must be assigned the role of
Visual Builder Developer or Visual Builder
Administrator. See Managing Users with
Traditional Cloud Accounts in Managing and
Monitoring Oracle Cloud.
The identity domain administrator also creates
the custom roles for authenticating user
access to applications and assigns roles to
users.
Synchronize user identities and roles between Oracle Visual Builder service instances
associated services associated with Oracle Cloud Applications
services use Oracle Cloud Applications user
roles for authorizing access to REST services
in applications. For Single Sign-On (SSO)
between Oracle Visual Builder and Oracle
applications such as Sales Cloud, the user
accounts must be manually synchronized with
the users in Oracle Cloud Applications, and
the users assigned custom roles that can be
used to secure access to applications.
An identity domain administrator can
synchronize user identities and roles from
Oracle SaaS services to an Oracle PaaS
SIM user store. Oracle Sales Cloud can be
configured to sync identities and roles once,
or automatically sync on a schedule, using the
Oracle Enterprise Scheduler Service (ESS).
See Integrate an Oracle SaaS application with
Oracle PaaS in Oracle Architecture Center.
Create custom roles that mirror the names of An identity domain administrator can create
Oracle SaaS roles custom roles that are used for authenticating
users and securing applications. The custom
roles can mirror the names of Oracle SaaS
user roles. For example, an administrator can
create the custom role Sales Manager, one of
the default user roles.
See Managing Custom Roles in Managing and
Monitoring Oracle Cloud.

4-7
 Chapter 4
Add Users to a Traditional Cloud Account

Task Description
Assign custom roles to users After the users and custom roles are created,
the identity domain administrator can
assign custom roles to users in the instance of
Oracle Visual Builder that you access from the
Oracle Cloud Infrastructure Classic Console
according to the user’s Oracle SaaS role.
For example, the administrator can assign
the custom role Sales Manager to all users
assigned that role in Oracle SaaS.
The administrator can assign an existing role
to multiple users by creating and uploading a
CSV file. See Assigning One Role to Many
Users in Getting Started with Oracle Cloud
Applications.

4-8
5
Administrative Tasks
After an Oracle Visual Builder service instance is created, an identity domain
administrator assigns one or more users the Visual Builder Administrator role for the
service instance. A Visual Builder Administrator can manage and set general options
for applications in the service instance.

Topics
• Manage Applications in the Service Instance
• Access Instance Settings
• Configure Security Options for Applications
• Set Page Messages for Access Denied Errors
• Allow Other Domains Access to Services
• Switch to Your Own Oracle DB Instance
• Reset an Expired Password or ATP Wallet for Your Oracle DB Instance
• Add a Connection to Integration Applications
• Add a Connection to Oracle Cloud Applications
• Add a Connection to Process Cloud Service
• Manage Self-signed Certificates
• Manage Your Component Exchange
• Configure Support for a Custom Domain

Manage Applications in the Service Instance

An Oracle Visual Builder administrator can manage any application in the service
instance and does not need to be a team member to see an application on the Home
page. Administrators can perform all the tasks of a developer, including adding and
removing team members, and opening, staging and publishing applications.
The Home page displays a list of the applications in the service instance. Developers
can only see and manage an application when they are a member of the application’s
team. Administrators can select the Administered by me checkbox if they want the
list of applications to include all the applications in the instance, even the applications
where they are not a team member. The checkbox is not visible to developers who do
not have the role of administrator.

5-1
 Chapter 5
Access Instance Settings

Note:
On the Home page for classic applications, administrators can select the
Applications I administer checkbox in the Filter by pane to display the
applications where they are not a team member.

Access Instance Settings

Administrators can access a page for managing the instance’s global settings. The
settings page contains panels for configuring security settings, specifying Access
Denied messages and specifying Oracle Process Cloud Service details.
You can access the instance settings page from any Visual Builder page, but the steps
for opening the page will depend on if you are developing visual applications or classic
applications.
To open an instance’s settings page:
1. Click Home in the Visual Builder title bar to open the main menu.
2. Click Settings in the main menu.
If you are developing visual applications, open the main navigation pane on the
Home page and select Settings.

5-2
 Chapter 5
Access Instance Settings

If you are developing classic applications, select Administer Visual Builder in the
Administration Options menu and then click Global Settings.

The settings available for the instance are grouped on the page.

5-3
 Chapter 5
Configure Security Options for Applications

Configure Security Options for Applications

Administrators can use the Security panel in the settings page to require
authentication for all applications in the instance.
When an administrator enables the Allow only secure applications to be created
option, all published and staged applications in the instance will require user
authentication. When the option is enabled, users must be assigned a role by the
identity domain administrator and log in to access an application. When the option is
not enabled, applications can be created that allow access to anonymous users.
When an application has the default security settings, any user with a valid login
can access the pages in an application. A developer can modify the default security
settings to define the roles that can access applications, pages and components.
When the secure application option is enabled, an administrator can enable an option
that users must be assigned the role of Visual Builder User in addition to any other
roles used to secure access to staged and published applications. For example,
security can be configured so that users assigned the role Visual Builder Developer
can access the designer but can’t access the published application and data because
they are not assigned the role Visual Builder User.
To block access by anonymous users to all applications in the instance:
1. Open the instance’s settings page.
2. In the Security panel, enable Allow only secure applications to be created.
Anonymous users can’t access the applications when this option is enabled.

When the secure applications option is enabled, administrators can enable the
Only Visual Builder Users can access secure applications option.

Assign Roles for Users to Access an Application

Administrators must assign roles to users, so they have the permissions required to
access Visual Builder applications.
Privileges associated with a user role determine what tasks users assigned those roles
can perform. See Privileges Available to Roles in Oracle Visual Builder.

To assign roles to users: See this:

For Oracle Integration Cloud Generation 1 Assign Roles to Users
For Oracle Integration Cloud Generation 2 Configuring Access to Oracle Integration
Instances

5-4
 Chapter 5
Set Page Messages for Access Denied Errors

Set Page Messages for Access Denied Errors

Administrators can use the instance’s settings page to specify a URL that users are
navigated to when they are denied access to an application or page.
Authenticated users might see an Access Denied page or message when they attempt
to access an application or page in an application that their user role is not permitted
to access. Administrators can set the default page or message that users see when
they are denied access to an application or page. Access Denied messages that
are set at the application level in the General Settings of an application will override
messages set in the instance’s settings page. The default Access Denied page and
message is used if the message options in this panel are not set.
To specify an Access Denied page or message for applications in the instance:
1. Open the instance’s settings page.
2. In the Security panel, type a URL that users are directed to when denied access
to an application.
The URL that you specify is used as the Access Denied page for all applications in
the instance and should be accessible to users who are not logged in.

Note:
If you are configuring settings for classic applications, the Access Denied
settings are set in the Messages panel.

3. Type the message that you want users to see when they are denied access to a
page.
The message that you enter will be displayed in the Access Denied page for all
applications in the instance except for those where a message was set at the
application level in the application’s General Settings page.

5-5
 Chapter 5
Allow Other Domains Access to Services

Allow Other Domains Access to Services

Use the Global Settings page to specify the domains that are permitted to interact with
services in your instance.
Cross-Origin Resource Sharing (CORS) is a mechanism that enables you to specify
the domains that are allowed to exchange data with applications in your instance. By
default, incoming requests from domains not on your instance’s list of allowed origins
are blocked from accessing application resources.
To add a domain to the list of allowed origins:
1. Open the instance’s settings page.
2. In the Allowed Origins panel, click New Origin and type the URL of the domain
that you want to allow. Click Submit.
The Allowed Origins panel lists all origins that are permitted to retrieve information
from the instance.

Switch to Your Own Oracle DB Instance

If the 5GB limit of the database provisioned with your Visual Builder instance is
insufficient for your tenant schema, you can configure your instance to use an Oracle
DB instance that has more space instead of the default database.
To use a different Oracle DB instance, you use a wizard in the Tenant Settings to
create a connection to the database instance and export the applications stored in
tenant's current database. You can connect to an Oracle DBaaS or Autonomous
Transaction Processing Database (ATP) instance.
If you decide to use JDBC to connect to your DBaaS instance, you must include the
privileges required to enable the ADMIN user to create a tenant schema. The following
SQL shows the grants that are needed:

CREATE USER [adminuser] IDENTIFIED BY [password];

GRANT CONNECT, RESOURCE, DBA TO [adminuser];

GRANT SELECT ON SYS.DBA_PROFILES TO [adminuser] WITH GRANT OPTION;

GRANT SELECT ON SYS.DBA_USERS TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_DATA_FILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_SEGMENTS TO [adminuser] WITH GRANT OPTION;

5-6
 Chapter 5
Switch to Your Own Oracle DB Instance

If you decide to use ATP, you might want to create a new ATP ADMIN user with the
correct admin privileges. The following SQL statement shows how to create a second
ATP ADMIN user in SQL*Plus or SQL Developer.

DROP USER [adminuser] CASCADE;

CREATE USER [adminuser] IDENTIFIED BY [password];
GRANT CREATE USER, ALTER USER, DROP USER, CREATE PROFILE TO [adminuser]
WITH ADMIN OPTION;
GRANT CONNECT TO [adminuser] WITH ADMIN OPTION;
GRANT RESOURCE TO [adminuser] WITH ADMIN OPTION;
GRANT CREATE SEQUENCE, CREATE OPERATOR, CREATE SESSION,ALTER SESSION,
CREATE PROCEDURE, CREATE VIEW, CREATE JOB,CREATE DIMENSION,CREATE
INDEXTYPE,CREATE TYPE,CREATE TRIGGER,CREATE TABLE,CREATE PROFILE TO
[adminuser] WITH ADMIN OPTION;
GRANT UNLIMITED TABLESPACE TO [adminuser] WITH ADMIN OPTION;
GRANT SELECT ON SYS.DBA_PROFILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_USERS TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_DATA_FILES TO [adminuser] WITH GRANT OPTION;
GRANT SELECT ON SYS.DBA_SEGMENTS TO [adminuser] WITH GRANT OPTION;

In the wizard you need to select and export all the applications in your instance that
you want to keep. After confirming that your instance is using the new database
instance, you must import the exported applications into Visual Builder to save them in
the new database instance.
To switch to a different Oracle DB instance:
1. Open the instance’s Tenant Settings page.
2. Click Use Different Database in the Tenant Database panel to open the Change
Tenant Database wizard.
In the Change Tenant Database wizard you supply the details for the connection to
your Oracle DB instance.

5-7
 Chapter 5
Switch to Your Own Oracle DB Instance

3. Select a Connection Type in the drop-down list.

You can connect to your Oracle DB instance using either JDBC or an ATP Cloud
Wallet.
4. Provide the details for connecting to your database. Click Next.
The details you need to provide will depend upon the type of connection you
selected.
5. Select all the applications that you want to export. Click Finish.

5-8
 Chapter 5
Reset an Expired Password or ATP Wallet for Your Oracle DB Instance

You must select and export all the applications that you want to keep. Any
applications that are not exported will be lost.

When you click Finish, the applications that you selected are downloaded to your local
file system. Exported application archives include the details about the application's
user roles, and they will be available when the app is re-imported into the new
database.

Reset an Expired Password or ATP Wallet for Your Oracle

DB Instance
If you switch to use your own Oracle DB instance and the credentials you use to
access the instance expire, you can renew the expired credentials using the Update
Tenant Database Connection dialog.
To regenerate the expired values, you need to provide the ADMIN user credentials that
you provided when you first switched to your own Oracle DB instance. Visual Builder
uses the ADMIN user credentials to generate new Visual Builder tenant credentials
to replace the expired credentials. Visual Builder does not store the ADMIN user
credentials that you supply.

5-9
 Chapter 5
Add a Connection to Integration Applications

To reset expired credentials:

1. Open the General tab of the instance’s Tenant Settings page.
2. In the Tenant Database field, click the Edit icon to open the Update Tenant
Database Connection wizard.

3. In the Update Tenant Database Connection wizard, supply the ADMIN user
credentials that Visual Builder will use to reset the expired credentials for your
Oracle DB instance.

4. Click Finish.

Add a Connection to Integration Applications

Administrators can use the Services tab in the Tenant Settings page to add a
connection to an instance of Oracle Integration as a backend service.
To add a connection to an instance of Oracle Integration as a backend service, the
instance of Oracle Integration should be co-hosted with Visual Builder because the

5-10
 Chapter 5
Add a Connection to Oracle Cloud Applications

authentication types that Visual Builder supports for this configuration is Oracle Cloud
Account or Propagate Current User Identity. In most cases, this backend service
(Oracle Integration) will be preconfigured for your Visual Builder instance.
If you are using multiple Visual Builder instances, for example, development and
production instances, you might need to add connections to Oracle Integration in more
than one instance.
To add a connection to an Oracle Integration instance:
1. Open the instance’s Tenant Settings page.
2. In the Services tab, click Create Backend and choose Integrations in the
Backend Service Type dialog.

3. In the dialog, type the Server URL of the backend service, configure other settings,
such as security, as needed, and click Create.

Add a Connection to Oracle Cloud Applications

The list of REST services in the service catalog of a visual application is retrieved from
an Oracle Cloud Applications backend service. Specify the instance URL of the Oracle
Cloud Applications backend service in the Tenant Settings page or in the Settings
page of a visual application.
All visual applications in the tenant will use the Oracle Cloud Applications instance
URL specified in Tenant Settings, but a visual application can be configured to use a
different Oracle Cloud Applications backend service by specifying a different instance
URL in the visual application’s Settings page. The tenant-level backend configuration
is ignored if you or a visual application developer configures a different Oracle Cloud
Applications backend service in a visual application’s Settings page.

5-11
 Chapter 5
Add a Connection to Oracle Cloud Applications

The authentication choices available to configure a tenant-level Oracle Cloud

Applications backend are:
• Oracle Cloud Account: Needs federation between Oracle Cloud Applications and
Visual Builder.
• Propagate Current User Identity: Same as Oracle Cloud Applications. That is, it
needs federation between Oracle Cloud Applications and Visual Builder.
• None: This assumes your Oracle Cloud Applications REST API can be called
without any authentication, which is not usually the case.
If the necessary pre-requisites for setting a tenant-level Oracle Cloud Applications
backend service are not available, then a visual application developer can set up
a backend service at the visual application level where more options are available.
Another option is for you (the service administrator) to configure the Oracle Cloud
Applications backend with None and let the visual application developer override the
authentication setting at the visual application level.
To specify an Oracle Cloud Applications service for the tenant:
1. Open the instance’s Tenant Settings page.
2. In the Services tab, click Create Backend and choose Oracle Cloud
Applications in the Backend Service Type dialog.
When specifying the URL in the Tenant Settings, you (the service administrator)
only need to provide the instance URL of the Oracle Cloud Applications backend
service to retrieve the list of services.

5-12
 Chapter 5
Add a Connection to Process Cloud Service

3. In the dialog, type the Server URL of the backend service, and configure other
settings, such as security, as needed.
4. (Optional) After you configure settings for the backend, add headers to the
backend.
Backend headers that you add will be applicable for any service connection to this
backend, irrespective of the server or application profile that is used.
5. Click Create.
Visual Builder automatically discovers the interfaceCatalogs endpoint of the
Oracle Cloud Applications backend, which retrieves the list of services and their
metadata. This endpoint is typically in the form:
https://<My Oracle Cloud Applications Instance URL >
This endpoint is publicly accessible without any authentication.
If there is a problem creating the connection, verify the instance URL of the Oracle
Cloud Applications instance.

Add a Connection to Process Cloud Service

Administrators can use the instance’s Tenant Settings page to add a connection to an
instance of Oracle Process Cloud Service as a backend service.
To add a connection to an instance of Oracle Process Cloud Service as a backend
service, the instance of Oracle Process Cloud Service should be co-hosted with
Visual Builder because the authentication types that Visual Builder supports for this
configuration is Oracle Cloud Account or Propagate Current User Identity. In most
cases, this backend service (Oracle Process Cloud Service) will be preconfigured for
your Visual Builder instance.
If you are using multiple Visual Builder instances, for example, development and
production instances, you might need to add connections to Oracle Process Cloud
Service in more than one instance.
To add a connection to an Oracle Process Cloud Service instance:
1. Open the instance’s Tenant Settings page.
2. In the Services tab, click Create Backend and choose Process in the Backend
Service Type dialog.

5-13
 Chapter 5
Manage Self-signed Certificates

3. In the dialog, type the Server URL of the backend service, configure other settings,
such as security, as needed, and click Create.

Manage Self-signed Certificates

Administrators can use the Certificates page to upload and manage the self-
signed certificates used by the instance to enable inbound and outbound SSL
communications to a service’s REST APIs
When creating connections to REST services that use self-signed certificates, you
might need to add an API’s certificate to your Visual Builder instance to validate
SSL connections to that service. You can use the Certificates page to upload and
remove certificate files (.pem) for services. Uploading a service’s certificate file to the
keystore will allow all applications in the instance to communicate with that service.
The Certificates page displays a list of certificates that have been added. You can click
the Delete button in a row to remove the certificate.
To upload a self-signed certificate:
1. Open the Visual Builder main menu and click Certificates.
The Certificates page displays a list of the certificates already uploaded to the
instance.

5-14
 Chapter 5
Manage Your Component Exchange

2. Click Upload to open the Upload Certificate dialog box.

You use the Upload Certificate dialog box to create an alias for the certificate and
upload the service’s certificate file from your local system.

3. Type the alias in the Certificate Alias Name field.

The alias is used to identify the certificate in the table in the Certificates page.
The Certificate Type dropdown list is read-only because only Trust Certificates are
supported.
4. Drag the certificate file from your local system into the upload target area, or click
the upload target area to browse your local system.
5. Click Upload to add the certificate to the service keystore.

Manage Your Component Exchange

If your team develops custom components for visual applications and want the
components to be available to all users in the Visual Builder Components tab, you'll
need to first set up a component exchange. This chapter tells you how to set up the
Component Exchange in Visual Builder.

5-15
 Chapter 5
Manage Your Component Exchange

What is a Component Exchange?

A component exchange is a repository of custom components available in VB Studio.
You can use these components in your visual applications, such as web components
and application templates. Many of the components provided by Oracle can be
installed from a component exchange.
To integrate a component exchange with a Visual Builder instance, you provide the
exchange's URL and credentials in the Tenant Settings. The exchange can be a
private exchange in a VB Studio project or one of the exchanges maintained by
Oracle.
If your organization develops or uses proprietary components, these components can
be published to a private exchange hosted by a VB Studio project. For example, if you
have a web component designed to be used in applications in your tenant, you can
set up your own exchange and use it to distribute the component to developers in the
tenant. Additionally, components provided by Oracle are automatically available from
all private component exchanges.
Oracle maintains two component exchanges containing components validated by
Oracle that are publicly available to all developers. If you don't have a private
exchange but you want to give developers access to these Oracle components, you
can add one of the following exchanges maintained by Oracle. If your instance is in the
US, use the following details.

Field Value
URL https://devinstance4wd8us2-wd4devcs8us2.uscom-
central-1.oraclecloud.com/profile/devinstance4wd8us2-
wd4devcs8us2/s/devinstance4wd8us2-
wd4devcs8us2_compcatalog_3461/compcatalog/0.2.0
Username comp.catalog
Password bXwphh6RMFjn#g

If your instance is in Europe, use the following details.

Field Value
URL https://devinstance4wd8em2-wd4devcs8em2.eucom-
north-1.oraclecloud.com/profile/devinstance4wd8em2-
wd4devcs8em2/s/devinstance4wd8em2-
wd4devcs8em2_compcatalog_1681/compcatalog/0.2.0
Username comp.catalog
Password !!MWtu4jsQ56wM

About Component Exchanges Hosted in VB Studio Projects

A VB Studio project can host a secure component exchange to store and distribute
components only available to developers in the instance.
Each VB Studio project includes the component exchange 'compcatalog', which is the
service used to access components stored in the project. The compcatalog service is
provisioned by default with each project. Any project can be used to host an exchange
if storage is enabled for the VB Studio instance. Component developers can use the
service's APIs to publish components to the exchange.

5-16
 Chapter 5
Manage Your Component Exchange

To integrate a private exchange in a VB Studio project with a Visual Builder instance,

an administrator specifies the URL for the project's compcatalog service and the
credentials for a user that can access the project. The credentials used to connect
to the exchange must be an owner or member of the VB Studio project hosting
the exchange. All developers in the tenant use these credentials to connect to the
exchange to get the components and application templates they want to use in their
projects.
The URL for the project's compcatalog service has the following form: https://
<hostname>/<org_id>/s/<project_id>/compcatalog/0.2.0/

In the URL, "compcatalog" is the exchange service and "0.2.0" is the API version of
the service.
To determine the URL for the compcatalog service, you need to know the following
details about the VB Studio project:
• <hostname>. This is the VB Studio server where the project is hosted.
• <org_id>. This is the organization (tenant) name.
• <project_id>. This is a project identifier unique to the tenant. This is not the same
as the project display name entered by the project owner and is not displayed in
the VB Studio UI.
If you do not know the <project_id> for the project hosting the exchange, you can get
it from the Git or Maven configuration, or by using the VB Studio Projects API. The
following table describes how to get the <project_id>.

Method Steps
From a Git or Maven 1. In VB Studio, open the project and locate the
configuration Repositories tab on the project's Home Page.
2. Expand the the Git or Maven section and copy the
repository URL.
The Git repository URL will be similar
to the following: https://{user_id}@{hostname}/
{org_id}/s/my-org_testproject_5/scm/my-repo.git
The Maven repository URL will be similar
to the following: http://{hostname}/{org_id}/s/my-
org_testproject_5/maven/
In these examples, "my-org_testproject_5" is the project
identifier. In this case, the URL for the 'compcatalog' service
will be similar to https://{hostname}/my-org/s/my-
org_testproject_5/compcatalog/0.2.0/

5-17
 Chapter 5
Manage Your Component Exchange

Method Steps
Using VB Studio Projects API If you know the name of the project sharing your exchange
instance, you can get the project metadata using a REST call
to the VB Studio API.
For example, you can use cURL to send a REST call similar
to the following:
curl -X GET -
u '{username}:{password}'https://{hostname}/
{org_id}/api/v2/projects/info/name:TestProject
The return should be similar to the following:

[
{
"organization":"my-org",
"identifier":"my-org_testproject_5",
"name":"TestProject",
"urlId":"testproject",
"description":null,
"accessibility":"PRIVATE",
"template":false,
"state":"READY",
"locked":false,
"relation":
{"membership":"OWNER","favorite":false}
}
]

In this example, the identifier property in the return is the

project identifier that is needed for the "compcatalog" service
URL.

Add a Connection to a Component Exchange

When an instance is integrated with a component exchange, all developers using the
instance can access and install components stored there.
After an exchange is added to the instance, all developers can use the Components
tab in the Navigator to install and manage the components from the exchange that
they want to use in their applications. When creating an application in the Create
Application wizard, developers can also select any of the application templates that
have been published to the exchange.
To add a connection to the Component Exchange:
1. Open the instance’s Tenant Settings page.
2. In the Component Exchange panel, enter the URL and credentials for the
component exchange.

5-18
 Chapter 5
Configure Support for a Custom Domain

If you are adding a connection to a private component exchange, it is

recommended that the credentials you provide are for an administrator who is
a member of the VB Studio project hosting the exchange or the project owner.

Configure Support for a Custom Domain

When a custom domain (for example, mycustom.example.org) is mapped to your
instance, customers can use it to access a web application instead of using the default
URL generated by Visual Builder.
A custom domain is a customer-provided hostname and domain (FQDN)
created by adding a subdomain to your domain. After configuring your instance
to use a custom domain, app users accessing the app using the custom
domain will not see the typical Oracle domain (for example, myvbinstance-
accountname.builder.ocp.oraclecloud.com) in the URL, and instead could see and
use, for example, mycustom.example.org.

After configuring a custom domain:

• Users can access a single web app by typing just the custom domain URL in
the browser, for example, mycustom.example.org. The app is loaded from the
custom domain root ("/"), and no additional path information or query parameters
are required in the URL.
• http can be redirected to https, so if a user types "mycustom.example.com", this
will resolve to https://mycustom.example.com, and load the default web app.
• For applications that contain business objects, the Business Object REST API can
also use the custom domain configuration.
You can configure multiple custom domains for your instance, but each custom
domain must be mapped to a different visual application. For example, if the visual
application myvisualapp1 is mapped to the subdomain mysubdomain1, if you want to
map mysubdomain2 to an application it must be mapped to a different visual application
(myvisualapp2).

Custom domains are also subject to other limitations:

• You can't access the Visual Builder design-time using a custom domain. You'll
need to use the original Oracle Cloud URL to access the Visual Builder designer.

5-19
 Chapter 5
Configure Support for a Custom Domain

• A custom domain can only access a published app. It will not work for apps that
are only staged.
• A custom domain can only be used to access one live app (in the visual
application configured for the root URL). You can access other live apps in
the same instance only by using the full Oracle Cloud URL or by creating and
configuring a different custom domain and visual application.
• If a visual application contains more than one web app, only one of them can be
accessed using the custom domain. It's not possible to specify which app in a
visual application will be available at the custom domain because the domain is
configured in the Settings for the visual application, not for individual web apps.
If you are going to use a custom domain, it is recommended that the visual
application only contain one web app to ensure that the correct app is loaded.
• If you publish a different web app in your visual application, it immediately
becomes the default app for the custom domain, and the previous web app will
no longer be available at the custom domain.
• Mobile and PWA apps are not supported at this time. Custom domains can only be
used for web apps.
To configure a custom domain for your instance, you must be the registered owner
of the domain and have access to its SSL certificate bundle information. You must
also have an Oracle Visual Builder or Oracle Integration instance (the following tasks
do not apply to Visual Builder in Oracle Integration Generation 2 on Oracle Cloud
Infrastructure). You'll also need the ability to configure Oracle Cloud Infrastructure Web
Application Firewall (WAF) for your OCI account.

Note:
If your Visual Builder instance was provisioned as part of a SaaS order, you
may not have access to the OCI Console for configuring WAF. In this case,
you'll need to open a service request with Oracle Support to configure a
custom domain.

To use a custom domain you need to perform the following tasks:

• Create and configure a WAF policy
• Through your DNS provider, create a subdomain, and add a CNAME record for
the subdomain which points to the WAF policy
• Log a Service Request through your Oracle Support Representative to configure
the server backend to handle requests for the subdomain.
• Set the custom domain in the visual application's Settings editor and publish the
app.

Create a WAF Policy

To create and edit a policy you'll need to have the ability to configure Oracle Cloud
Infrastructure Web Application Firewall (WAF) for your OCI account.
To create the WAF policy:
1. Sign in to the Oracle Cloud Infrastructure Console and open WAF Policies under
Security.

5-20
 Chapter 5
Configure Support for a Custom Domain

2. Select the compartment you want the WAF policy to be created in and click Create
WAF Policy.
3. Enter the details for the policy in the Create WAF Policy dialog box.

In the Create WAF Policy dialog box you need to enter a policy name, primary
domain, WAF origin name and URI.
• Policy Name: provide a name for the WAF policy (for example,
mycustom_example_com_waf_policy)
• Primary Domain: the customer's chosen DNS name (for example,
mycustom.example.com)
• Additional Domains: (empty, or additional (sub)domains)
• Origin Name: provide a name for the primary origin (for example,
mycustom_vb_waf_origin)

5-21
 Chapter 5
Configure Support for a Custom Domain

• URI: the URI of the Visual Builder service (for example, myvbcsinstance-
example.builder.ocp.oraclecloud.com)

Note:
If you would like to have more than one custom domain pointing
to different applications on the same Visual Builder instance
(for example, mysubdomain1.example.com pointing to myvisualapp1,
and mysubdomain2.example.com pointing to myvisualapp2), you can
configure this in a single WAF policy by adding additional (sub)domains
in the Domains section of the WAF policy dialog box.

4. Click Create WAF Policy.

After you click Create WAF Policy, it might take several minutes to create the
policy. The CNAME target is displayed after the policy is created.
5. Note the CNAME Target for the WAF policy.
At the top of the WAF policy view you'll see a message with the name. You'll need
this CNAME when you configure your domain's DNS record at your DNS provider
to map the subdomain to your instance. The CNAME Target will look similar to
this:
mycustom-example-com.b.waas.oci.oraclecloud.net
You still need to upload the SSL certificate for your domain to your WAF policy so you
can enable HTTPS. You can get the SSL certificate when you configure your domain's
DNS record.

Create and Configure a Subdomain and Configure SSL in the WAF

Policy
To use a custom URL for your app you'll need to use your domain provider's tools to
create a subdomain that points to the WAF CNAME target for your instance that was
generated for you after you created the WAF policy.
Using the tools for administering your domain, you will need to edit your domain's
DNS record to create or identify the subdomain and map it to the WAF CNAME
of your Visual Builder instance. Your WAF CNAME will look similar to mycustom-
example-com.b.waas.oci.oraclecloud.net. If you are unsure about how to create
a subdomain and CNAME entry with your domain provider, please check with your
organization's network administrator.
After editing the DNS record, you'll need to get the SSL certificate for the domain so
you can upload it to your WAF policy. You'll then need to log a Service Request to
configure the instance backend.
To create and configure a subdomain for your instance:
1. Open the tool of your domain provider for creating a subdomain.
2. Create the subdomain you want to use (for example, mycustom.example.com) and
edit it's CNAME record to point to the WAF CNAME of your WAF policy.
3. Confirm there is a valid SSL certificate that applies to the subdomain.

5-22
 Chapter 5
Configure Support for a Custom Domain

The certificate might be provided by your domain provider or through a valid

certifying authority (CA) (for example, Comodo, DigiCert). It shouldn't be a self-
signed certificate. You will need to provide the CA-signed SSL certificate in the
WAF policy, so you might want to consider an SSL certificate specifically for the
subdomain rather than a wildcard SSL cert (*.example.com).
4. Extract or export the bundle containing the certificate and private key.

Depending on your domain provider, you may need to indicate that you want to
use the certificate on your own server in order to download the bundle.

5. In the OCI Console, locate and open the policy you created to view the WAF policy
details.
6. Click Settings for your WAF policy, and then click Edit.
7. Select Enable HTTPS Support and upload the SSL Certificate and Private Key
for your DNS name (for example, mycustom.example.com).
Keep the HTTP to HTTPS Redirect option enabled.
8. Click Save.
It will take some time for the configuration change for the SSL certificate to
complete.
9. Log a Service Request through your Oracle Support representative to request that
your Visual Builder instance be configured to handle requests for your custom
subdomain.
When you file the service request you will need to provide the following
information:

5-23
 Chapter 5
Configure Support for a Custom Domain

• your IDCS GUID

• name of your Oracle Visual Builder or Oracle Integration instance
• domain/subdomain created in the DNS CNAME record and mapped to the
WAF policy (for example, mycustom.example.com)
After these setup steps have been completed by you and Oracle, you can map your
visual application to the custom domain.

5-24