Application integration reduces the time to develop new applications because you offload the business logic to secure applications to Oracle Identity Cloud Service. This logic includes securing your users, protecting the resources within the applications, and enabling users to access your applications through single sign-on (SSO). Integrating your applications with Oracle Identity Cloud Service provides the user with a seamless experience. Because of SSO, the user doesn't have to remember different IDs and passwords for each application. When your applications are integrated with Oracle Identity Cloud Service, your administrative overhead is reduced greatly because you can manage the policies and users for your applications from one central place. From a compliance perspective, Oracle Identity Cloud Service provides you with a single location where you can manage the access that your users have to your applications.
As part of application integration, Oracle Identity Cloud Service is commonly used as either an identity provider or a service provider for applications. An identity provider, known as an Identity Assertion provider, provides identifiers for users who want to interact with Oracle Identity Cloud Service using a website that's external to Oracle Identity Cloud Service. A service provider is a website that hosts applications. You can enable an identity provider and define one or more service providers. Your users can then access the applications hosted by the service providers directly from the identity provider.
For example, a website can allow users to log in to Oracle Identity Cloud Service with their Google credentials. Google acts as the identity provider and Oracle Identity Cloud Service functions as the service provider. Google verifies that the user is an authorized user and returns information to Oracle Identity Cloud Service (for example, the user name and the email address of the user, if the email address differs from the user name).
Some applications may require a user account to exist in their local identity store before the user can sign in to access these applications.
When users aren't created in Oracle Identity Cloud Service or imported into Oracle Identity Cloud Service from a flat file, they need to be synchronized from an authoritative source, such as an HR application or a corporate LDAP directory. For this scenario, the authoritative source and the application have to be integrated with Oracle Identity Cloud Service for provisioning and synchronization purposes.