You can establish SSO between Oracle Enterprise Performance Management Cloud and NetSuite deployments using user identities stored in a SAML 2.0 compliant identity provider.
Note:The procedures in this section have been tested using Okta as the identity provider that stores user identities. You can use any SAML 2.0 compliant identity provider to enable SSO.
SSO access between NetSuite and EPM Cloud is permitted only for users who have accounts in the user directories of NetSuite, Okta, and EPM Cloud identity domain.
For step-by-step instructions on configuring SSO between EPM Cloud and Oracle Fusion Cloud, see "Configuring Single Sign-On Between EPM Cloud and NetSuite" in Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud.
All users of NetSuite and EPM Cloud are available in the SAML 2.0 compliant identity provider that you are using.
EPM Cloud users who need SSO access were created and provisioned in the identity domain that services EPM Cloud. For detailed instructions to create and provision users, see "Adding Users and Assigning Roles" in Getting Started with Oracle Cloud.
After enabling SSO, all EPM Cloud users will be able to navigate to NetSuite without being challenged for credentials. For these users, functional access is controlled by NetSuite roles and permissions.
Users who need SSO access have been created and provisioned in NetSuite. For detailed information, see NetSuite documentation.
After enabling SSO, only the users in NetSuite who have been granted a NetSuite role that assigns
SAML Single Sign-onaccess will be able to navigate to EPM Cloud without going through an additional sign in process.
Before starting the SSO configuration process, make sure that all users who need SSO access to EPM Cloud can access and work in NetSuite.
Tasks to complete in the Identity Provider (for example, Okta)
Note:Use the documentation of the identity provider to complete these steps.
Create and activate users who need SSO access between NetSuite and EPM Cloud resources as users in your organization's identity provider.
Add NetSuite as an application, and provision the users who can use SSO.
Add EPM Cloud as an application, and provision the users who can use SSO.
Tasks to complete in NetSuite
Note:Use NetSuite documentation to complete these steps.
Configure and enable SAML SSO.
For Okta-specific instructions, see How to Configure SAML 2.0 for Netsuite.
Create a SAML role that allow users to perform SAML SSO.
Provision NetSuite users with the SAML role.
Import the identity provider's (for example, Okta's) metadata file. You created this file as a part of creating the NetSuite application in Okta.
Tasks to complete in EPM Cloud
Enable SSO in EPM Cloud.
See "Managing Oracle Single Sign-On" in Administering Oracle Cloud Identity Management.
In the identity domain that supports the EPM Cloud environment, create and provision an account for each user who needs SSO access to NetSuite.
The Identity Domain Administrator can create users individually or use an upload file containing user data to create many users at once. See these topics in Getting Started with Oracle Cloud:
Users who need to work with EPM Cloud client components; for example, EPM Automate, must be configured to maintain identity domain credentials. See Ensuring that Users Can Run EPM Cloud Utilities After Configuring SSO.
Test SSO configuration by accessing NetSuite and then navigating to EPM Cloud, and vice versa.