1. Security Administration Guide
  2. Configure OCI IAM with Microsoft Entra ID as an External IdP for SSO

Configure OCI IAM with Microsoft Entra ID as an External IdP for SSO

Using the Oracle Cloud Infrastructure (OCI) Identity Access Management (IAM) Administrative Console you must configure the OAuth Configuration tab of the JDE Application used for single sign-on (SSO). The EnterpriseOne SSO integration with OCI IAM uses the JWT Assertion provided by OCI IAM to set the same under the Client Configuration’s Authorization section. Moreover, the Client type must be Trusted and the public certificate has to be uploaded. Use Server Manager to configure OCI IAM with Microsoft Entra ID as an External Identity Provider for AIS clients that intend to utilize AIS REST API Calls.

  1. In the Server Manager Console, select an AIS Server instance, Configuration (left side panel), Advanced (from the drop-down menu), Security Information, Application Interface Services Security Settings.
  2. Ensure that Allow JWT Token Login check box is selected.
  3. In the Server Manager Console, select an HTML Server instance, Configuration (left side panel), Advanced (from the drop-down menu), Security.
  4. Ensure the Enable Oracle Access Manager check box is selected.
  5. For Oracle Access Manager Version or IDCS, use the pull-down menu to select Identity Cloud Service.
  6. Ensure the Enable External IDP check box is selected. This option enables OCI IAM as an External Identity Provider for AIS REST API Calls.
  7. Complete the following fields:
    1. OAuth Resource Server Scope:

      Enter the Scope used in the OCI IAM application setup.

    2. OAuth ClientId:

      Enter the OCI IAM application client id.

    3. OAuth Secret:

      Enter the OCI IAM application client secret.

    4. OAuth Authentication URL:

      Enter the URL for creating Access Token in OCI IAM Runtime Token API. For example:

      https://<OCI-IAM-Service-Instance>.identity.oraclecloud.com/oauth2/v1/token

    5. OAuth Validation URL:

      Enter the URL for validating Access Token in OCI IAM Runtime Introspect API. For example:

      https://<OCI-IAM-Service-Instance>.identity.oraclecloud.com/oauth2/v1/introspect

  8. Complete the configuration by performing the steps in the following sections as depicted in the screenshot below, after which AIS Clients can use OCI IAM with Microsoft Entra ID as an External Identity Provider to perform AIS REST API calls.
configuring oci iam