Steps to Complete in Azure AD
To configure Azure AD as an identity provider (IdP), complete these actions:
- Add Oracle Cloud Infrastructure Console as an enterprise application in Azure AD.
- Assign Azure AD users to the Oracle IDCS enterprise application.
- Setup SSO for the enterprise application inOracle Identity Cloud Service.
Refer to Azure documentation for detailed steps and explanation related to completing these configuration steps.
Add Oracle Cloud Infrastructure Console as an enterprise application in Azure AD.
- Access Azure Sign in page and sign in.
- On the Home page, click Azure Active Directory.
- Click Enterprise applications under Manage on the left navigation pane.
- Click New application. Browse Azure AD Gallery screen, which lists Oracle as a cloud platform, is displayed.
- Click Oracle to display a list of available Oracle cloud platforms.
- Click Oracle Cloud Infrastructure Console.
- In Name, enter a name and then click
Create to add an instance of Oracle Cloud Infrastructure
as an Azure enterprise application.
An Overview of the enterprise application properties is displayed.
Assign Azure AD users to the Oracle IDCS enterprise application
Only these users can login into Azure AD and be federated to Oracle Enterprise Performance Management Cloud. You may also assign groups of users. These users or groups must exist in Azure Active Directory.- In the left navigation pane of your Oracle Cloud Infrastructure Console application, click Users and groups under Manage. Alternatively, in the Overview page of your enterprise application, click Assign users and groups
- Click Add user/group.
- Under Users, click None Selected to open the Users screen. Select Azure AD users to assign to the application and click Select.
- Click Assign to assign the selected users to the application.
Setup SSO for the enterprise application in Oracle Identity Cloud Service
- In the left navigation pane, click Single sign on
- In Select a single sign-on method, click
SAML.
The Set up Single Sign-on with SAML screen opens.
- Enter Basic SAML Configuration details.
The information that you should enter in this step is generated while configuring SAML in Oracle Identity Cloud Service.
- Click Edit in Basic SAML Configuration section.
- In Basic SAML Configuration page, enter settings
to SSO with your Oracle Identity Cloud Service.
Note:
The Oracle Identity Cloud Service settings that you need to enter as basic SAML settings follow this predictable pattern.
https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fedThe CUSTOMER_IDENTIFIER is a unique alphanumeric string specific to your tenancy. It is a part of your Oracle Identity Cloud Service URL. For example, if the sign in URL is https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com/ui/v1/signin, the CUSTOMER_IDENTIFIER is 01e711f676d2e4a3e456a112cf2f031a9, which you use to derive the SAML configuration settings. In this hypothetical example, the Identifier (Entity ID) would then be https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com:443/fed
To view all well known Oracle Identity Cloud Service configuration settings for your tenancy, enter your Oracle Identity Cloud Service URL appended with /.well-known/idcs-configuration. For example, https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com/.well-known/idcs-configuration.- Identifier (Entity ID): The Provider ID that was set
while provisioning Oracle Identity Cloud Service for your organization.
Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed
Note:
Select the Default check box to indicate that this is the default identifier. - Reply URL: The endpoint in Oracle Identity Cloud Service that will
process incoming SAML assertions from Azure AD. Also known as
Assertion Consumer Service URL, this value is set while
configuring Oracle Identity Cloud Service.
Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/sso
- Sign on URL: The URL of the EPM Cloud sign
on page that performs the SSO initiated by Azure
AD.
Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/sso
- Logout URL: The Logout Service URL from Oracle Identity Cloud Service.
Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/slo
- Identifier (Entity ID): The Provider ID that was set
while provisioning Oracle Identity Cloud Service for your organization.
- Click Save.
- Close the Basic SAML Configuration page
- In Set up Single Sign-On with SAML screen, enter User
Attributes and Claims:
- Click Edit in Attributes & Claims.
- Under Claim name, click Unique User
Identifier (Name ID), select a source attribute value,
for example, user.mail. This value should match
the Requested NameID Format specified in Oracle Identity Cloud Service.
- Click Save.
- Close the Manage claim and Attributes & Claims pages.
- Download the Azure metadata file.
- In the Set up Single Sign-On with SAML screen, in
the SAML Signing Certificate section, click
Download next to Federation
Metadata XML.
- Follow the on-screen prompts to save the metadata file to a local directory that is accessible from Oracle Identity Cloud Service.
- In the Set up Single Sign-On with SAML screen, in
the SAML Signing Certificate section, click
Download next to Federation
Metadata XML.