Enable Single Sign-On (SSO)

If you use Federated Single Sign-On (SSO) for your Oracle Content and Experience environment, you can enable it to customize sign-in procedures. When Single Sign-On (SSO) is enabled, users can sign in to one instance using corporate security credentials and access another instance in the same domain without signing in again. For example, perhaps you are an administrator for your company which has two Oracle Cloud services and you must provision these services to your company’s organization, roles, and users. Your company may also have on-premise applications and cloud services from other vendors. It’s important that communication between these services and applications is done in a secure fashion. With SSO, users can sign in to all of them using the same set of credentials that are managed by using your identity domain system.

OAuth provides secure access to all services in Oracle Cloud. It provides an access token for communication between services. The token is valid for a limited time and contains the security credentials for a sign-in session. It identifies the user and the user's groups.

See Role of the Identity Domain in Understanding Identity Concepts to learn about how the identity domain is used to manage many features of Oracle Cloud.

Overview of SSO Configuration

Oracle Cloud uses the SAML 2.0 standard to enable secure cross-domain communication between Oracle Cloud and other SAML-enabled sites located on-premise or in a different cloud. The administrator must configure SAML 2.0 SSO between Oracle Cloud and the identity provider. When SSO is enabled, the identity provider performs authentication for Oracle Cloud.

Perform the following steps to configure SSO:

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Infrastructure Console, click Navigation menu icon on the top left to open the navigation menu, click Identity, then click Federation. You might need to use the scroll bar on the left to scroll down to see the menu option.
  3. On the Federation page, click the link to the Oracle Identity Cloud Service Console. The IDCS Console opens in a new window.
  4. In the IDCS Console, add a SAML application, and configure SSO details. See Add a SAML Application in Administering Oracle Identity Cloud Service.