Configuring Single Sign-On Between EPM Cloud and Oracle Fusion Cloud

You can establish SSO between Oracle Enterprise Performance Management Cloud and Oracle Fusion Cloud deployments that use Oracle Identity Federation as the identity provider.

For step-by-step instructions on configuring SSO between EPM Cloud and Oracle Fusion Cloud, see "Configuring Single Sign-On Between EPM Cloud and Oracle Fusion Cloud" in Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud.

Note:

To establish SSO between Oracle Strategic Workforce Planning Cloud and Oracle Human Capital Management Cloud, use an SSO Federation (SAML 2) server that is approved for use with Fusion Cloud (many major ones are). An additional fee may be incurred if you use an uncertified server. See "Non-Certified Federation Server SSO Enablement for Oracle Fusion Cloud Service Setup Fee" in Oracle Fusion Service Descriptions for a list of SAML2 providers that are certified for Oracle HCM Cloud.

Prerequisites

  • The identity provider must be SAML2 compliant (if you are using your own identity provider).

  • User accounts must exist in the Oracle Fusion Cloud identity store and the EPM Cloud identity domain. Both must be configured for SSO.

    If you use an identity provider such as Okta, instead of the Oracle Identity Federation of Oracle Fusion Cloud, you must configure your users in the identity provider as well.

Configuration Steps

  • Open a service request with Oracle Support to configure Oracle Identity Federation as the identity provider for SSO with Oracle Fusion Cloud. Oracle imports the required metadata to enable Oracle Fusion Cloud to work with Oracle Identity Federation.

    Note:

    Be sure to provide the metadata of your identity provider in the service request if you are not using the Oracle Identity Federation of Oracle Fusion Cloud as the identity provider. In this scenario, Oracle will provide the metadata of Oracle Fusion Cloud service provider to your identity provider administrator to import it into your identity provider.
  • In the Oracle Identity Federation that supports Oracle Fusion Cloud, or in the identity provider that you are using, create an account for each user who needs SSO access to Oracle Fusion Cloud.

    You can create users by importing user details from a file or by accessing the Oracle Identity Management (OIM) console of the Oracle Identity Federation that supports Oracle Fusion Cloud. See Oracle Fusion Cloud documentation for information on creating users.

  • Enable SSO in EPM Cloud.

    See "Managing Oracle Single Sign-On "in Administering Oracle Cloud Identity Management.

  • In the identity domain that supports the EPM Cloud environment, create and provision an account for each user who needs SSO access to EPM Cloud.

    The Identity Domain Administrator can create users individually or use an upload file containing user data to create many users at once. See these topics in Getting Started with Oracle Cloud:

    Users who need to work with EPM Cloud client components; for example, EPM Automate, must be configured to maintain identity domain credentials. See Ensuring that Users Can Run EPM Cloud Utilities After Configuring SSO.

  • Test SSO configuration by accessing Oracle Fusion Cloud and then navigating to EPM Cloud, and vice versa.