> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up an Oracle Field Service connector

> C1 provides identity governance for Oracle Field Service. Integrate your Oracle Field Service instance with C1 to run user access reviews (UARs) and enable just-in-time access requests.

## Capabilities

| Resource             | Sync                                                          | Provision                                                     |
| :------------------- | :------------------------------------------------------------ | :------------------------------------------------------------ |
| Accounts             | <Icon icon="square-check" iconType="solid" color="#c937ae" /> | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |
| Collaboration groups | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |                                                               |
| Resources            | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |                                                               |
| Roles                | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |                                                               |

The Oracle Field Service connector supports [automatic account provisioning and deprovisioning](/product/admin/account-provisioning).

When a new account is created by C1, the account's password will be sent to a [vault](/product/admin/vaults).

## Gather Oracle Field Service credentials

Configuring the connector requires you to pass in credentials generated in Oracle Field Service. Gather these credentials before you move on.

<Warning>
  A user with the **Administrator** role in Oracle Field Service must perform this task.
</Warning>

### Register a client application

<Steps>
  <Step>
    In the OFS Manage interface, navigate to **Configuration** > **Applications**.
  </Step>

  <Step>
    In the left pane, click the **+** icon to add a new application.
  </Step>

  <Step>
    In the **New application** window, provide the following details:

    * Application Name: A descriptive name you can easily recognize (for example, "C1 Connector").
    * Application ID: A unique identifier (for example, "c1-connector").
  </Step>

  <Step>
    Click **Save**. The application is created.
  </Step>
</Steps>

### Configure authentication and get credentials

<Steps>
  <Step>
    From the application list on the left, select the application you just created.
  </Step>

  <Step>
    In the **General info** tab, ensure the **Active** checkbox is selected.
  </Step>

  <Step>
    From the **Token service** dropdown menu, select **OFS**.
  </Step>

  <Step>
    Under the **Authentication settings** section, check the box for **Authenticate using Client ID/Client Secret**.
  </Step>

  <Step>
    Click the **Show Client ID/Client Secret** button. Carefully copy and save the client ID and client secret.
  </Step>

  <Step>
    Click **Save** to apply the settings.
  </Step>
</Steps>

### Enable API access and permissions

<Steps>
  <Step>
    In the same application configuration screen, find the **API access** section and click **Add new**.
  </Step>

  <Step>
    A window will appear with a list of available APIs. Select the following APIs:

    * Core API
    * Metadata API
  </Step>

  <Step>
    After adding these APIs, you must grant specific permissions for each one. Navigate to an API's **Available entities** and select the following entities:

    * **Core API**
      * User entity: Read/write (or Read if you do not want C1 to provision access)
      * Resource entity: Read

    * **Metadata API**
      * User type entity: Read
  </Step>

  <Step>
    Review the **Additional Restrictions** section below the API list.

    Do not check "Allow access only to certain resources" or "Allow access only for certain IP-addresses" unless you have a specific security requirement to do so, as it may interfere with the connector's operation.
  </Step>

  <Step>
    Once you have set the permissions for both APIs, click **Save** on the main application screen to finalize the configuration.
  </Step>
</Steps>

**Done.** Next, move on to the connector configuration instructions.

## Configure the Oracle Field Service connector

<Warning>
  To complete this task, you'll need:

  * The **Connector Administrator** or **Super Administrator** role in C1
  * Access to the set of Oracle Field Service credentials generated by following the instructions above
</Warning>

<Tabs>
  <Tab title="Cloud-hosted">
    **Follow these instructions to use a built-in, no-code connector hosted by C1.**

    <Steps>
      <Step>
        In C1, navigate to **Integrations** > **Connectors** and click **Add connector**.
      </Step>

      <Step>
        Search for **Oracle Field Service** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new Oracle Field Service connector:

        * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)

        * Add the connector to a managed app (select from the list of existing managed apps)

        * Create a new managed app
      </Step>

      <Step>
        Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.

        If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        Find the **Settings** area of the page and click **Edit**.
      </Step>

      <Step>
        If your Oracle Field Service tenant uses full emails as login names, click to enable the **Login has email** option. Leave this option unchecked if your tenant uses usernames without email domains.
      </Step>

      <Step>
        Paste the client ID and client secret into the relevant fields.
      </Step>

      <Step>
        Enter your Oracle Field Service instance domain in the **Instance URL** field.
      </Step>

      <Step>
        Click **Save**.
      </Step>

      <Step>
        The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
      </Step>
    </Steps>

    **Done.** Your Oracle Field Service connector is now pulling access data into C1.
  </Tab>

  <Tab title="Self-hosted">
    **Follow these instructions to use the Oracle Field Service connector, hosted and run in your own environment.**

    When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with C1, automatically syncing and uploading data at regular intervals. This data is immediately available in the C1 UI for access reviews and access requests.

    ### Resources

    * [Official download center](https://dist.conductorone.com/ConductorOne/baton-oracle-field-service): For stable binaries (Windows/Linux/macOS) and container images.

    ### Step 1: Set up a new Oracle Field Service connector

    <Steps>
      <Step>
        In C1, navigate to **Integrations** > **Connectors** > **Add connector**.
      </Step>

      <Step>
        Search for **Baton** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new Oracle Field Service connector:

        * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)

        * Add the connector to a managed app (select from the list of existing managed apps)

        * Create a new managed app
      </Step>

      <Step>
        Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.

        If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        In the **Settings** area of the page, click **Edit**.
      </Step>

      <Step>
        Click **Rotate** to generate a new Client ID and Secret.

        Carefully copy and save these credentials. We'll use them in Step 2.
      </Step>
    </Steps>

    ### Step 2: Create Kubernetes configuration files

    Create two Kubernetes manifest files for your Oracle Field Service connector deployment:

    #### Secrets configuration

    ```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}}
    # baton-oracle-field-service-secrets.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: baton-oracle-field-service-secrets
    type: Opaque
    stringData:
      # C1 credentials
      BATON_CLIENT_ID: <C1 client ID>
      BATON_CLIENT_SECRET: <C1 client secret>
      
      # Oracle Field Service credentials
      BATON_OFS_CLIENT_ID: <Oracle Field Service client ID>
      BATON_OFS_CLIENT_SECRET: <Oracle Field Service client secret>
      BATON_OFS_INSTANCE_URL: <Oracle Field Service tenant URL, in the form "https://instance.fs.ocs.oraclecloud.com">

      #Optional: Include if you want to use login as email. If set to false (default), emails will be fetched  from Resources (this is a slower option).
      BATON_LOGIN_HAS_EMAIL: true

      # Optional: Include if you want C1 to provision access using this connector
      BATON_PROVISIONING: true
    ```

    See the connector's README or run `--help` to see all available configuration flags and environment variables.

    #### Deployment configuration

    ```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}}
    # baton-oracle-field-service.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: baton-oracle-field-service
      labels:
        app: baton-oracle-field-service
    spec:
      selector:
        matchLabels:
          app: baton-oracle-field-service
      template:
        metadata:
          labels:
            app: baton-oracle-field-service
            baton: true
            baton-app: oracle-field-service
        spec:
          containers:
          - name: baton-oracle-field-service
            image: ghcr.io/conductorone/baton-oracle-field-service:latest
            imagePullPolicy: IfNotPresent
            env:
            - name: BATON_HOST_ID
              value: baton-oracle-field-service
            envFrom:
            - secretRef:
                name: baton-oracle-field-service-secrets
    ```

    ### Step 3: Deploy the connector

    <Steps>
      <Step>
        Create a namespace in which to run C1 connectors (if desired), then apply the secret config and deployment config files.
      </Step>

      <Step>
        Check that the connector data uploaded correctly. In C1, click **Apps**. On the **Managed apps** tab, locate and click the name of the application you added the Oracle Field Service connector to. Oracle Field Service data should be found on the **Entitlements** and **Accounts** tabs.
      </Step>
    </Steps>

    **Done.** Your Oracle Field Service connector is now pulling access data into C1.
  </Tab>
</Tabs>