OIC Troubleshooting: 401: Unable to create integration instance

Yesterday I was helping a customer in provisioning OIC, just after he activated his user account in a new OCI tenancy.

I have done this many times and there is never an issue, but the customer ran into an error immediately:

401: Unable to create integration instance, the principal is NOT authorized.

The message is quite clear and points out in to user permissions, so I asked the customer to check if his user was part of the group: OCI_Administrators -> he was.

The second thought was about entitlement roles, so we went and verified if the user was allowed to access/create that specific service -> he was.

The next step took some time to figure out since we were doing this via the phone, but it turns out that he was trying to create an OIC instance in the default compartment - ManagedCompartmentForPaaS. 

It turns out this is a special compartment dedicated to all the PSM based platform services.

Once the compartment was changed, the provisioning went smooth as always :)