Add an Identity Provider

There are two ways that you can add a SAML 2.0 identity provider in Oracle Identity Cloud Service:

  • You can import metadata for the identity provider. Identity provider metadata summarizes the basic information about data associated with the identity provider. This metadata makes finding and working with this data easier.

  • You can enter metadata for the identity provider.

If a CRL checking error occurs, see Create a SAML Partner and CRL Validation to resolve the issue

Oracle Identity Cloud Service provides you with a wizard to add a SAML 2.0 identity provider. This wizard contains six panes:
  • Details: Provide a name, description, and icon for the SAML identity provider.

  • Configure: Configure SSO for the identity provider by either importing metadata for it or entering metadata for it.

  • Map: Map a user's attribute value received from the identity provider to a corresponding attribute value for the user in Oracle Identity Cloud Service.

    After providing information in the Map pane of the wizard, Oracle Identity Cloud Service adds and deactivates the identity provider. You may want to export metadata for the identity provider, test it, or activate it. The wizard has the Export, Test, and Activate panes.

  • Export: Export metadata for Oracle Identity Cloud Service and import this metadata into the identity provider. The identity provider requires this information to communicate with Oracle Identity Cloud Service for authentication purposes.

    Tip:

    If the identity provider doesn't support importing metadata, then the information for Oracle Identity Cloud Service appears in the Export pane. You can enter this metadata into the identity provider manually.
  • Test: Test the configuration settings for the identity provider to confirm that the identity provider is working properly. You can use the credentials of the identity provider to log in to Oracle Identity Cloud Service through an external website.

  • Activate: Activate the identity provider.

Tip:

Suppose you want a user to use their single sign-on (SSO) credentials to authenticate against Oracle Identity Cloud Service, but you want the user to use the password that's provided by the SAML identity provider (instead of their Oracle Identity Cloud Service password). To do this, turn on the Federated switch for the user's account. See Edit Attribute Values for the User Account to learn how to turn on or off this switch.

Oracle Identity Cloud Service also provides you with a wizard to add a social identity provider. This wizard contains two panes:

  • Details: Provide a name, description, and icon for the social identity provider.

  • Configure: Configure SSO for the identity provider by entering metadata for it.

To add an identity provider, you must be assigned to either the identity domain administrator role or the security administrator role. See Add or Remove a User Account from an Administrator Role.

Important:

After you add the identity provider, you must add it to the default identity provider policy. By doing so, it will appear in the Sign In page and can be used by a user who's trying to sign in to Oracle Identity Cloud Service, either when they're accessing a specific app or attempting to access resources that are protected by Oracle Identity Cloud Service, such as the My Profile console or the Identity Cloud Service console. See Add an Identity Provider Policy.