Configure IDCS for SSO
Using the IDCS Administrative Console you must configure the OAuth Configuration tab of the JDE Application used for single sign-on. The EnterpriseOne SSO integration with IDCS uses the Resource Owner Password Credentials Grant provided by IDCS (see doc https://docs.oracle.com/en/cloud/get-started/subscriptions-cloud/ocuid/resource-owner-password-credentials-grant.html). The steps below describe the configuration for this type of authentication in IDCS.
For more information on the REST APIs in IDCS see:
https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/op-oauth2-v1-introspect-post.html
All configurations below should be done on the existing Enterprise Application in IDCS that is used for EnterpriseOne single sign-on. It is recommended that SSO be configured and working for single sign-on before performing this additional configuration.
- In the IDCS administrative console navigate to the JDE application and select it.
- Navigate to the OAuth Configuration tab.
Refer to these links to IDCS documentation for more information about OAuth configuration:
https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/add-enterprise-application.html
- Generate Client ID and Secret
If you have not done so already in the General Information tab, choose to generate a client id and secret.
- Client Configuration
Navigate to the Client Configuration section.
- In the Allowed Grant Types section, check the box for Resource Owner .
- Check the box for Introspect in Allowed Operations.
- In the Token Issuance Policy – Resources section, add the respective scope for this IDCS service. Make a note of the scope for use in configuration of the HTML Server, which is described in the following section.
- Save your changes to the Application.