OIC Whitelisting Explained

Share

Introduction

In any enterprise integration landscape, Oracle Integration Cloud Whitelisting plays a critical role in ensuring secure communication between systems. Whether you’re integrating Oracle Fusion HCM, ERP, or third-party applications, network-level security is one of the first checkpoints during implementation.

From a consultant’s perspective, whitelisting is not just a networking task handled by infrastructure teams—it directly impacts integration design, connectivity, and go-live timelines. Many integration failures during SIT/UAT are actually due to missing whitelist configurations rather than faulty mappings or logic.

In this blog, we will break down Oracle Integration Cloud (OIC Gen 3) whitelisting in a practical, implementation-focused way, including real project scenarios, architecture, configuration steps, and troubleshooting tips.

What is Oracle Integration Cloud Whitelisting?

Oracle Integration Cloud whitelisting refers to the process of allowing specific IP addresses or domains so that communication between OIC and external systems (or vice versa) is permitted through firewalls.

In simple terms:

  • Inbound Whitelisting → External systems calling OIC endpoints

  • Outbound Whitelisting → OIC calling external systems (like REST/SOAP APIs, DB, FTP, etc.)

Without proper whitelisting:

  • APIs will fail

  • Connections will timeout

  • Scheduled integrations won’t trigger

Real-World Integration Use Cases

1. Payroll Integration with Third-Party Vendor

A US-based company integrates Oracle Fusion HCM with a payroll provider.

  • OIC sends employee data → Payroll system

  • Payroll system sends results back → OIC REST endpoint

👉 Required:

  • Payroll vendor must whitelist OIC public IP

  • Client must whitelist payroll API endpoint for outbound calls

2. On-Premise Database Integration

An organization uses an on-prem Oracle DB for legacy applications.

  • OIC connects via Connectivity Agent

  • Firewall must allow OIC IPs to communicate with agent

👉 Required:

  • Outbound internet access from agent machine

  • No direct inbound exposure needed

3. Bank File Transfer via SFTP

ERP payment files are sent to a bank server.

  • OIC generates file → sends to SFTP server

👉 Required:

  • Bank must whitelist OIC IP

  • Or allow access via SSH key authentication

Architecture / Technical Flow

Understanding the flow is critical for proper whitelisting.

OIC Communication Patterns

  1. OIC as Server (Inbound Calls)

    • External apps call OIC REST/SOAP endpoint

    • Requires OIC endpoint to be reachable

  2. OIC as Client (Outbound Calls)

    • OIC calls APIs, DBs, FTP servers

    • Target system must allow OIC IP

  3. Hybrid Connectivity (Connectivity Agent)

    • OIC communicates via agent installed on-prem

    • Outbound-only secure channel

Key Components

  • OIC Instance (Gen 3)

  • Public IP ranges (region-specific)

  • Connectivity Agent (for private systems)

  • Firewall / Network Security Groups

Prerequisites

Before configuring whitelisting, ensure:

  • OIC Gen 3 instance is active

  • You know your Oracle Cloud region (e.g., Mumbai, Ashburn)

  • Access to firewall/network team

  • List of:

    • External endpoints (URLs/IPs)

    • Required ports (usually 443, 22)

Step-by-Step Whitelisting Process

Step 1 – Identify OIC IP Ranges

Oracle provides public IP ranges for each region.

👉 For example:

  • Mumbai region → Specific CIDR ranges

Where to find:

  • Oracle Cloud documentation

  • Service: Oracle Integration Cloud → Networking details

Step 2 – Share Details with Network Team

Prepare a document like:

Parameter Value
Source OIC IP range
Destination Target system IP
Port 443 (HTTPS)
Protocol TCP

Step 3 – Configure Outbound Whitelisting

If OIC is calling external system:

  • External firewall must allow:

    Source: OIC IP Destination: Target API Port: 443

Step 4 – Configure Inbound Whitelisting

If external system calls OIC:

  • OIC endpoint URL:

    https://<instance>.integration.ocp.oraclecloud.com/ic/api/integration/v1/flows/rest/…

  • Allow:

    Source: External system IP Destination: OIC endpoint Port: 443

Step 5 – Configure Connectivity Agent (if needed)

Navigation:

Navigator → Integrations → Connectivity Agents

Steps:

  1. Install agent on on-prem server

  2. Register agent with OIC

  3. Ensure outbound HTTPS (443) is open

Step 6 – Validate DNS and SSL

  • Ensure DNS resolution works

  • SSL certificates are valid

  • No proxy blocking requests

Testing the Whitelisting Setup

Test Scenario 1 – REST API Call from OIC

  • Create simple integration

  • Use REST adapter

  • Call external API

Expected Result:

  • HTTP 200 response

  • No timeout errors

Test Scenario 2 – External System Calling OIC

  • Use Postman or third-party app

  • Hit OIC endpoint

Expected Result:

  • Successful response from integration

Validation Checklist

  • No connection timeout

  • No SSL handshake failure

  • Correct authentication

Common Errors and Troubleshooting

1. Connection Timeout

Cause:

  • IP not whitelisted

Fix:

  • Recheck firewall rules

2. SSL Handshake Failure

Cause:

  • Certificate mismatch

Fix:

  • Import certificates into OIC or server

3. 403 Forbidden

Cause:

  • Firewall blocking request

4. Connectivity Agent Not Reachable

Cause:

  • Port 443 blocked outbound

5. Intermittent Failures

Cause:

  • Partial IP range whitelisting

👉 Always whitelist full CIDR block

Common Implementation Challenges

From real projects:

  • Network team delays whitelisting → impacts timelines

  • Incorrect IP ranges used

  • Forgetting DR (Disaster Recovery) IPs

  • Proxy/firewall conflicts

  • Miscommunication between infra and integration teams

Best Practices

1. Always Whitelist Full IP Range

Avoid single IP assumptions.

2. Plan Early in Project

Do this during:

  • Design phase

  • Not during UAT

3. Maintain Whitelisting Document

Track:

  • Source IP

  • Destination

  • Purpose

  • Owner

4. Use Connectivity Agent for On-Prem

Avoid exposing internal systems.

5. Validate with Simple Integration

Before building complex flows.

6. Monitor Logs in OIC

Use:

  • Activity Stream

  • Integration Insight

Real Consultant Tip

In one implementation, integration between Oracle ERP and a bank failed repeatedly.

After 2 days of debugging mappings and payloads, the issue was:

👉 Bank had whitelisted only one IP, while OIC used multiple IPs in the region

Fixing this resolved everything instantly.

Summary

Oracle Integration Cloud whitelisting is a foundational step in any integration project. While it may seem like a simple networking task, it directly affects integration success.

Key takeaways:

  • Understand inbound vs outbound communication

  • Always use correct OIC IP ranges

  • Involve network teams early

  • Test connectivity before building integrations

  • Use Connectivity Agent for secure hybrid setups

For more details, refer to Oracle’s official documentation:
https://docs.oracle.com/en/cloud/saas/index.html

FAQs

1. How do I find OIC IP ranges?

You can find them in Oracle Cloud Infrastructure documentation based on your region. Always use official CIDR blocks.

2. Do I need whitelisting if I use Connectivity Agent?

No inbound whitelisting is needed. Only outbound HTTPS (443) access is required.

3. Can I whitelist domain instead of IP?

Some systems allow domain-based whitelisting, but IP-based is more reliable and recommended.


Share

Leave a Reply

Your email address will not be published. Required fields are marked *