Setting up single sign-on
You can set up single-sign on capability for your Oracle Unity account. Instance admins will need to complete these tasks to set up single sign-on.
About single sign-on and SAML
Single sign-on gives users the ability to sign in once to your corporate account to establish their credentials. As a result, users who are logged into your corporate account will not have to provide login credentials again to log into Oracle Unity.
Oracle Unity uses Security Assertion Markup Language (SAML) for single sign-on. SAML is an XML-based solution for exchanging user security information between a SAML identity provider and service providers in your organization (in this case, Oracle Unity is the service provider). The service provider uses the user credentials supplied by the identity provider to grant access to the application.
Learn more about Oracle Single SIgn-On and SAML from the Oracle Cloud Portal Help Center.
Before you begin
Make sure you meet the following prerequisites before configuring single-sign on:
-
A subscription to Oracle Identity Cloud Service.
-
Users who need single sign-on access were created in Oracle Identity Cloud Service.
-
Users who need single sign-on access were created and provisioned in the identity domains being configured for single sign-on.
Learn how to Create Users and Assign Roles from the Oracle Cloud Help Center.
Enabling single sign-on
Follow the tasks below for enabling single sign-on for your Oracle Unity account.
Step 1: Add Oracle Unity as a SAML application
You will need to add Oracle Unity as a SAML application. Application links in the Oracle Identity Cloud Service SAML application should point to the test or production environment of a service. Learn how to Add a SAML Application from the Administering Oracle Identity Cloud Service Help Center.
Complete these steps when creating the application:
-
Configure the SAML application for single sign-on.
-
The entity id and assertion consumer URL must specify the identity domain for which single sign-on is being configured.
-
Download Oracle Identity Cloud Service application metadata and store it in a secure location. You will need to load this metadata into the Oracle Enterprise Performance Management Cloud while configuring the identity domain for single sign-on.
-
Assign users to the SAML application.
-
Activate the SAML application.
Step 2: Import signing certificates
After creating and configuring the SAML application, import the signing certificates of the identity domain referenced by SAML applications. The signing certificate is generated from the identity domain that Oracle Enterprise Performance Management Cloud service uses. Learn how to Import Metadata for a SAML Identity Provider from the Administering Oracle Identity Cloud Service Help Center.
Step 3: Add and provision users
You can now give users access to Oracle Identity Cloud Service and Oracle Unity. Follow the steps for Adding users to Oracle Unity. You can also Import a Batch of Users into Cloud Account with Identity Cloud Service.
Step 4: Enable single sign-on Oracle Enterprise Performance Management Cloud
Refer to Managing Oracle Single Sign-On from the Administering Oracle Cloud Identity Management Help Center on the steps for enabling single sign-on.
When enabling single sign-on, you will need to do the following:
-
Import the metadata of the Oracle Identity Cloud Service SAML application into the identity domain.
-
Export the signing certificate of the identity domain by selecting Signing Certificate from the drop-down list in the Configure your Identity Provider Information section.
-
You must import the signing certificate into Oracle Identity Cloud Service.
-
Test the single sign-on configuration.
-
Start single sign-on.
Step 5: Test the single sign-on configuration
Verify that single sign-on is configured correctly by accessing Oracle Unity through single sign-on.