Anodot

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for Anodot using SAML.

About Anodot

Anodot provides real time analytics and automated anomaly detection, discovering outliers in vast amounts of data and turning them into valuable business insights.

After integrating the Anodot app with Oracle Identity Cloud Service:

  • Users can access Anodot using their Oracle Identity Cloud Service login credentials.
  • Users can start Anodot using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the Anodot app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage applications and users (Identity Domain Administrator or Application Administrator).
  • An Anodot account with authorization rights to configure federated authentication.
  • An Anodot account with a verified domain to include when you register the Anodot app in Oracle Identity Cloud Service.
  • Make sure that the email ID of each user in Anodot matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the Anodot App in Oracle Identity Cloud Service

Use this section to register and activate the Anodot app, and then assign users to the application.

Prerequisite Steps

A dedicated domain name and sign in ID are required before you can register and activate the Anodot app. You obtain that domain name from Anodot.

The Anodot domain name appears in the Anodot home URL: https://<Domain_Name>.anodot.com.

To obtain the sign in ID:

  1. Log in as an administrator to Anodot using the URL: https://<Domain_Name>.anodot.com.
  2. In the upper-right corner, click the Settings icon, and then click Authentication.
  3. Select Assertion Consumer Service URL, and then copy the last part of the URL.

Registering and Activating the Anodot App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Anodot, and then click Add.

  4. In the App Details section, enter details for the Sign In ID and Domain Name fields, and then click Next.

  5. Click Download Identity Provider Metadata, and then click Download Signing Certificate.

    Tip: Use these files later during the Anodot configuration in the "Configuring SSO for Anodot" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the Anodot App

  1. On the Anodot app page in Oracle Identity Cloud Service, select the Users tab, and then click Assign. The Assign Users window appears.

  2. Select the users that you want to assign to Anodot, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the Anodot app is assigned to the users that you selected.

Configuring SSO for Anodot

  1. Access Anodot as an administrator using the URL: https://<Domain_Name>.anodot.com.

  2. In the upper-right corner, click the Settings icon, and then select Authentication.

  3. Click the SAML slider to enable SAML.

  4. On the Single Sign-On Configuration page, enter the following attribute settings, and then click Save.

    Attribute Settings
    Login URL Enter the Login URL and SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.
    509 Certificate Paste the certificate into the 509 Certificate box that you downloaded during the Anodot registration in Oracle Identity Cloud Service. See the "Registering and Activating the Anodot App" section.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the Anodot app. Oracle Identity Cloud Service displays a shortcut to Anodot under My Apps.

  3. Click Anodot. The Anodot home page appears.

  4. Confirm that the user that is logged in is the same for both Anodot and Oracle Identity Cloud Service.

This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Anodot displays the message, “Username or password for app.anodot.com is incorrect."

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in Anodot.

Solution: Ensure that the user that you assign to the Anodot app has an account in both Oracle Identity Cloud Service and Anodot with the same email address.

Oracle Identity Cloud Service displays the message, “You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service Anodot app and Anodot is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Anodot.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user is trying to access the Anodot app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Anodot.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.