1. Getting Started with Oracle Enterprise Performance Management Cloud for Administrators
  2. Securing EPM Cloud
  3. Configuring Single Sign-On
  4. Configuring Single Sign-On Between EPM Cloud and Oracle Fusion Cloud

Configuring Single Sign-On Between EPM Cloud and Oracle Fusion Cloud

You can establish SSO between EPM Cloud and Oracle Fusion Cloud deployments that use Oracle Identity Federation as the identity provider (IdP).

For step-by-step instructions on configuring SSO between Classic Oracle Enterprise Performance Management Cloud and Oracle Fusion Cloud, see "Configuring Single Sign-On Between EPM Cloud and Oracle Fusion Cloud" in Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud.

Note:

To establish SSO between Strategic Workforce Planning and Oracle Human Capital Management Cloud, use an SSO Federation (SAML 2) server that is approved for use with Fusion Cloud (many major ones are). An additional fee may be incurred if you use an uncertified server. See "Non-Certified Federation Server SSO Enablement for Oracle Fusion Cloud Service Setup Fee" in Oracle Fusion Service Descriptions for a list of SAML2 providers that are certified for Oracle HCM Cloud.

Prerequisites

  • The IdP must be SAML2 compliant (if you are using your own IdP).
  • User accounts must exist in the Oracle Fusion Cloud identity store and the EPM Cloud identity domain. Both must be configured for SSO.

    If you use an IdP such as Okta, instead of the Oracle Identity Federation of Oracle Fusion Cloud, you must configure your users in the IdP as well.

Configuration Steps

Use these configuration steps.
  • Open a service request with Oracle Support to configure Oracle Identity Federation as the IdP for SSO with Oracle Fusion Cloud. Oracle imports the required metadata to enable Oracle Fusion Cloud to work with Oracle Identity Federation.

    Note:

    Be sure to provide the metadata of your IdP in the service request if you are not using the Oracle Identity Federation of Oracle Fusion Cloud as the IdP. In this scenario, Oracle will provide the metadata of Oracle Fusion Cloud service provider to your IdP administrator to import it into your IdP.
  • In the Oracle Identity Federation that supports Oracle Fusion Cloud, or in the IdP that you are using, create an account for each user who needs SSO access to Oracle Fusion Cloud.

    You can create users by importing user details from a file or by accessing the Oracle Identity Management (OIM) console of the Oracle Identity Federation that supports Oracle Fusion Cloud. See Oracle Fusion Cloud documentation for information on creating users.

  • Enable SSO in EPM Cloud.
  • OCI (Gen 2) EPM Cloud only: Create an IDP Policy and assign EPM Cloud application to the policy.
    1. Sign into the Oracle Cloud Identity Console or Oracle Cloud Console (IAM).
    2. Click Security and then IdP policies.
    3. Create an IdP Policy with the necessary rules and assign EPM Cloud to the policy.
      1. If you are using the Oracle Cloud Identity Console, see Add an Identity Provider Policy in Administering Oracle Identity Cloud Service.
      2. For Oracle Cloud Console (IAM), see Add an Identity Provider Policy in Oracle Cloud Infrastructure Documentation.
  • In the identity domain that supports the EPM Cloud environment, create and provision an account for each user who needs SSO access to EPM Cloud.

    The Identity Domain Administrator can create users individually or use an upload file containing user data to create many users at once. See these topics in Getting Started with Oracle Cloud:

    Users who need to work with EPM Cloud client components; for example, EPM Automate, must be configured to maintain identity domain credentials. See Managing User Credentials in SSO-Enabled EPM Cloud Environments.

  • Test SSO configuration by accessing Oracle Fusion Cloud and then navigating to EPM Cloud, and vice versa.

Troubleshooting

Resolving Login Issues in Oracle Enterprise Performance Management Cloud Operations Guide.