1. Using Oracle CASB Cloud Service
  2. Administrative Tasks
  3. Performing Miscellaneous Administrative Tasks
  4. Setting Up Single Sign-on for Oracle CASB Cloud Service

Setting Up Single Sign-on for Oracle CASB Cloud Service

If you use SAML 2.0-based single sign-on (SSO) in your company, then you can enable this option for logging in to Oracle CASB Cloud Service.

Prerequisite: You must be the root tenant administrator (RTA) in order to set up SSO.

Oracle CASB Cloud Service supports single sign-on through Oracle Identity Cloud Service. To enable single sign-on, you must:

  1. Copy Oracle CASB Cloud Service metadata that you will need to create a single sign-on application in your identity provider.

  2. To use Oracle Identity Cloud Service, create a SAML application in Oracle Identity Cloud.

  3. Configure SSO settings in Oracle CASB Cloud Service.

Copying Oracle CASB Cloud Service Metadata

Copy the metadata from Oracle CASB Cloud Service that you will need to create a single sign-on application in an identity provider.

  1. Log in to Oracle CASB Cloud Service.
  2. Select Configuration, SSO Settings from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  3. Go to the ORACLE CASB SERVICE PROVIDER METADATA section at the top.
  4. Copy these values somewhere that will be easily accessible when you need the information:

    • Assertion Consumer URL

    • Logout URL (if you want to enable single logout)

    • Entity ID

    • Tenant name: In the Entity ID value, this is the final portion after the equals sign.

      For example, if the Entity ID value is https://mycompany.com?t=Saml2Sso, then the tenant name is Saml2Sso.

  5. Click the Download icon next to the Oracle CASB Certificate heading.

    Copy this file (CASBSSOCertificate.pem) somewhere that will be easily accessible when you need the information.

What to Do Next

Set up Oracle CASB Cloud Service single sign-on in Oracle Identity Cloud Service. See Creating a SAML Application in Oracle Identity Cloud Service.

Creating a SAML Application in Oracle Identity Cloud Service

Create and configure a SAML application in Oracle Identity Cloud Service to support single sign-on for Oracle CASB Cloud Service.

Prerequisite:

Ensure that you have completed the steps in Copying Oracle CASB Cloud Service Metadata.

  1. Log in to Oracle Identity Cloud Service as a user with privileges to create a new application. account.
  2. Select the Applications tab, and then click + Add.
  3. In the Add Application dialog box, select SAML Application.
  4. On the Details part of the Add SAML Application page:
    1. In the Name field, enter a name for this application.

      For example, casb-sso-idcs-app.

    2. (Optional) Enter a Description for this application.
    3. (Optional) Under Application Icon, click Upload to upload an image to use as the icon for this application.

      If you do not supply your own icon, a generic application icon will be used by default.

    4. For Application URL / Relay State, enter the Tenant name from the Oracle CASB Cloud Service metadata.
    5. If you want this application to appear in the applications list, ensure that Display in My Apps is selected.
    6. Click Next.
  5. On the SSO Configuration part of the Add SAML Application page:
    1. In the Entity ID field, enter the Entity ID value from Oracle CASB Cloud Service metadata.
    2. In the Assertion Consumer URL field, enter the Assertion Consumer URL from Oracle CASB Cloud Service metadata.
    3. For the Signing Certificate field, enter the path to the Oracle CASB Cloud Service Certificate you downloaded and click Upload to upload the certificate here.
    4. For Email Address, select NameID Format.
    5. For Primary Email, select NameID Value.
    6. Click Advanced Settings.
  6. On the Advanced Settings part of the of the Add SAML Application page:
    1. Set Signed SSO to Assertion.
    2. Select Include Signing Certificate in Signature.
    3. Set Signature Hashing Algorithm to SHA-256.
  7. At the top of the Add SAML Application page:
    1. Click Download Signing Certificate.

      Save this certificate where it will be accessible to upload as the IDP Certificate in the next task.

    2. Click Download Identity Provider Metadata.

      You will need this metadata later to complete the single sign-on setup process.

    3. Click Finish.
  8. Click Activate in the upper-right corner.
  9. Assign users and groups.

    • To assign users, click the Users tab for your application, and then click Assign Users.

    • To assign groups, click the Groups tab for your application, and then click Assign Groups.

What to Do Next

Continue with Configuring Single Sign-on in Oracle CASB Cloud Service.

Configuring Single Sign-on in Oracle CASB Cloud Service

Connect the applications you created in Oracle Identity Cloud Service to Oracle CASB Cloud Service to finish setting up single sign-on.

  1. Log in to Oracle CASB Cloud Service, and select Configuration, SSO Settings from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. If you are using Oracle Identity Cloud Service, specify these settings in the YOUR SAML IDENTITY PROVIDER CONFIGURATION section:

    • Service Provider Issuer: Enter the Entity ID from the ORACLE CASB SERVICE PROVIDER METADATA section.

    • Single Sign-On URL: Copy this from the Oracle Identity Cloud Service Identity Provider Metadata XML file.

      Note:

      The correct URL contains /idp/sso.

    • Logout URL: If you are enabling single logout, copy this from the Oracle Identity Cloud Service Identity Provider Metadata XML file.

      Note:

      The correct URL contains /idp/slo.

    • idP Certificate: Click the Upload icon and navigate to your Oracle Identity Cloud Service signing certificate.

  3. Click Save.
  4. At the top of the page, drag the slider to the right to enable SSO.