OCI Troubleshooting and Validation
This section provides validation steps and troubleshooting procedures for the Oracle Cloud Infrastructure integration.
Validation Steps
After clicking Connect, verify the following:
-
Account Status: Ensure the status shows Verified in the SailPoint Entro Console.
- If an Error status is shown, click on it to see the error message.
-
Initial Scan: Confirm that OCI users appear in the NHI Inventory section.
-
Sync Timestamp: Check the Last Sync time on the OCI integration card.
Common Issues
| Issue | Potential Cause | Resolution |
|---|---|---|
| Status: Error (401 error) | Incorrect OCID or Fingerprint. | Double-check the Tenancy OCID and User OCID from the OCI Console. |
| Invalid Signature | Private Key mismatch. | Ensure the pasted PEM content includes the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- headers. |
| Permission Denied | Missing IAM Policies. | Verify that the entro-readers group has all five required policy statements applied at the tenancy level. |
| Region Error | Mismatched region. | Ensure the region provided (e.g., us-phoenix-1) matches the home region where the API key was generated. |
Advanced Diagnostics
When connection fails, SailPoint Entro performs a "smoke test" by attempting to ListCompartments. A 401 Unauthorized response indicates the API key or signature is invalid. A 403 Forbidden response suggests the IAM policies are likely missing.