Microsoft Azure

Before You Begin

Introduction

This document describes how to synchronize users, groups, and group memberships from Microsoft Azure to Oracle Identity Cloud Service.

About Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) services, and supports different programming languages, tools, and frameworks, including both Microsoft-specific and third-party software and systems.

After integrating Microsoft Azure with Oracle Identity Cloud Service, administrators can create and maintain a user in Oracle Identity Cloud Service automatically for each managed identity in Microsoft Azure.

What Do You Need?

  • An Oracle Identity Cloud Service administrator account with authorization rights to manage apps and users (by being assigned to the identity domain administrator or application administrator role).
  • A Microsoft Azure administrator account with authorization rights to configure authoritative synchronization.

Configure Microsoft Azure in Oracle Identity Cloud Service

Use this section to register and activate the Microsoft Azure app in Oracle Identity Cloud Service, and to enable provisioning and synchronization for Microsoft Azure. You can then synchronize users or groups from Microsoft Azure to Oracle Identity Cloud Service.

Register and Activate Microsoft Azure

  1. From the Identity Cloud Service console that you're accessing as an identity domain administrator or application administrator, expand the Navigation Drawer, click Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Microsoft Azure, click Add, and then click Next.

  4. To enable provisioning and synchronization for Microsoft Azure, click Next. For details, see Enable Provisioning and Synchronization for Microsoft Azure.

  5. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  6. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Enable Provisioning and Synchronization for Microsoft Azure

Use this section to enable provisioning and synchronization for managing user accounts in Microsoft Azure through Oracle Identity Cloud Service.

Enable Provisioning

  1. In the Provisioning tab of the Microsoft Azure app, turn on the Enable Provisioning switch.

  2. To establish a connection to Microsoft Azure through Oracle Identity Cloud Service, click Authorize with Microsoft Azure. The Microsoft Azure login page appears.

  3. Enter the Microsoft Azure administrator account credentials, click Sign in, and then click Allow at the prompt requesting offline access to Microsoft Azure.

  4. From the Actions drop-down list, select Test to verify the connection to Microsoft Azure. Oracle Identity Cloud Service displays a confirmation message.

  5. To view predefined attribute mappings between the user account fields defined in Microsoft Azure and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, click the Application to Identity Cloud tab, and then click OK.

    Note: To add a new attribute mapping for authoritative synchronization, click the Application to Identity Cloud tab, click Add Row, specify the attributes in the Microsoft Azure Account and User columns, and then click OK. For example, if you want to add the onPremisesImmutableId attribute, enter $(account.onPremisesImmutableId) in the Microsoft Azure Account column, and then select the corresponding Oracle Identity Cloud Service field from the drop-down list in the User column.

  6. In the Select Provisioning Operations area, select the Authoritative Sync check box.

    Note: By selecting this check box, you're configuring Microsoft Azure as an authoritative source for Oracle Identity Cloud Service. When users, groups, and user group memberships are created or modified in Microsoft Azure, this information is synchronized into Oracle Identity Cloud Service.

Enable Synchronization

  1. In the Provisioning tab of the Microsoft Azure app, turn on the Enable Synchronization switch.

  2. Click Save.

After enabling provisioning and synchronization for Microsoft Azure, you can synchronize existing account details from Microsoft Azure and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Import User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.

Troubleshooting

Use this section to locate solutions to common integration issues.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.