Associating services such as Oracle Sales Cloud and Oracle Java Cloud Service - SaaS Extension enable single sign-on between them, thus allowing one service to act as the identity provider for both. There are certain prerequisites and restrictions that govern association.
What is Association?
Association is the process of enabling authentication across an Oracle Application Cloud Services, in this case, Oracle Sales Cloud, and Oracle Java Cloud Service - SaaS Extension (or other Platform as a Service application). Association is necessary if you want to integrate your Sales Cloud application with Oracle Java Cloud Services - SaaS Extension and unify the authentication mechanisms by enabling single sign-on (SSO) across the two services. Association is automatic when the services are provisioned in the same identity domain. Although association is required for SSO, they are not inclusive: two services can be associated but still not have SSO set up.
By enabling single sign-on across multiple services, users and applications are not required to sign-on each time they change the application context. Also, the application or web services that you develop in Java Cloud Services - SaaS Extension will be able to switch context from one environment to the other without having to provide credentials each time a switch occurs.
Additionally, association enables Security Assertion Markup Language (SAML)-based identity propagation for Oracle Sales Cloud and Java Cloud Service - SaaS Extension web service interactions. For example, if you are logged into Oracle Sales Cloud and invoke a web service running on Java Cloud Service - SaaS Extension, you can use SAML-based security policies that will automatically use the current logged-in user in Oracle Sales Cloud to invoke the web service in Java Cloud Service - SaaS Extension. Similar behavior can be achieved when Java Cloud Service - SaaS Extension invokes Oracle Sales Cloud web services. Associated services have this SAML trust pre-established by Oracle.
What are the Prerequisites?
Customers who already have Oracle Sales Cloud Services and would like to purchase Oracle Java Cloud Services - SaaS Extension can enable SaaS – PaaS association when Java Cloud Services - SaaS Extension is being provisioned. Customers who plan to purchase Oracle Sales Cloud and Java Cloud Services - SaaS Extension services together newly can also enable the association. Currently the SaaS - PaaS association can be enabled only when both the service instances of the tenant are provisioned in the same identity domain.
Association between services is required before you can enable SSO.
Single Sign-On requires user accounts to be synchronized. The user synchronization is a manual procedure. To do this, you must export user accounts from your Oracle Sales Cloud application and then import them into your Oracle Cloud identity domain. You must re-import accounts whenever there are changes with accounts, such as when a new user is added or an existing user is removed. See Creating a Fusion User Account Report.
What are the Restrictions?
To associate instances, they must be provisioned in the same identity domain.
You cannot readily associate two instances with each other if they were provisioned in different identity domains. When this occurs, you should contact your Oracle representative and raise a service request to evaluate the feasibility of such an association.