1. Getting Started with Oracle Enterprise Performance Management Cloud for Administrators
  2. Securing EPM Cloud
  3. Configuring Single Sign-On
  4. Configuring SSO with OCI EPM Cloud Using Azure AD as the Identity Provider
  5. Steps to Complete in Azure AD

Steps to Complete in Azure AD

To configure Azure AD as an identity provider (IdP), complete these actions:

  1. Add Oracle Cloud Infrastructure Console as an enterprise application in Azure AD.
  2. Assign Azure AD users to the Oracle IDCS enterprise application.
  3. Setup SSO for the enterprise application inOracle Identity Cloud Service.

Refer to Azure documentation for detailed steps and explanation related to completing these configuration steps.

Add Oracle Cloud Infrastructure Console as an enterprise application in Azure AD.

  1. Access Azure Sign in page and sign in.
  2. On the Home page, click Azure Active Directory.
  3. Click Enterprise applications under Manage on the left navigation pane.
  4. Click New application. Browse Azure AD Gallery screen, which lists Oracle as a cloud platform, is displayed.
  5. Click Oracle to display a list of available Oracle cloud platforms.
  6. Click Oracle Cloud Infrastructure Console.
    Oracle Cloud Infrastructure Console

  7. In Name, enter a name and then click Create to add an instance of Oracle Cloud Infrastructure as an Azure enterprise application.

    An Overview of the enterprise application properties is displayed.
    Overview of Oracle Cloud Infrastructure Console Enterprise Application

Assign Azure AD users to the Oracle IDCS enterprise application

Only these users can login into Azure AD and be federated to Oracle Enterprise Performance Management Cloud. You may also assign groups of users. These users or groups must exist in Azure Active Directory.
  1. In the left navigation pane of your Oracle Cloud Infrastructure Console application, click Users and groups under Manage. Alternatively, in the Overview page of your enterprise application, click Assign users and groups
  2. Click Add user/group.
  3. Under Users, click None Selected to open the Users screen. Select Azure AD users to assign to the application and click Select.
  4. Click Assign to assign the selected users to the application.

Setup SSO for the enterprise application in Oracle Identity Cloud Service

  1. In the left navigation pane, click Single sign on
  2. In Select a single sign-on method, click SAML.

    The Set up Single Sign-on with SAML screen opens.
    Basic SAML Configuration Settings for Oracle Cloud Infrastructure Console Enterprise Application

  3. Enter Basic SAML Configuration details.

    The information that you should enter in this step is generated while configuring SAML in Oracle Identity Cloud Service.

    • Click Edit in Basic SAML Configuration section.
    • In Basic SAML Configuration page, enter settings to SSO with your Oracle Identity Cloud Service.

      Note:

      The Oracle Identity Cloud Service settings that you need to enter as basic SAML settings follow this predictable pattern.

      https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed

      The CUSTOMER_IDENTIFIER is a unique alphanumeric string specific to your tenancy. It is a part of your Oracle Identity Cloud Service URL. For example, if the sign in URL is https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com/ui/v1/signin, the CUSTOMER_IDENTIFIER is 01e711f676d2e4a3e456a112cf2f031a9, which you use to derive the SAML configuration settings. In this hypothetical example, the Identifier (Entity ID) would then be https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com:443/fed

      To view all well known Oracle Identity Cloud Service configuration settings for your tenancy, enter your Oracle Identity Cloud Service URL appended with /.well-known/idcs-configuration. For example, https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com/.well-known/idcs-configuration.
      • Identifier (Entity ID): The Provider ID that was set while provisioning Oracle Identity Cloud Service for your organization.

        Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed

        Note:

        Select the Default check box to indicate that this is the default identifier.
      • Reply URL: The endpoint in Oracle Identity Cloud Service that will process incoming SAML assertions from Azure AD. Also known as Assertion Consumer Service URL, this value is set while configuring Oracle Identity Cloud Service.

        Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/sso

      • Sign on URL: The URL of the EPM Cloud sign on page that performs the SSO initiated by Azure AD.

        Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/sso

      • Logout URL: The Logout Service URL from Oracle Identity Cloud Service.

        Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/slo


      SAML Basic Configuration Settings for Oracle Cloud Infrastructure Console Enterprise Application

    • Click Save.
    • Close the Basic SAML Configuration page
  4. In Set up Single Sign-On with SAML screen, enter User Attributes and Claims:
    • Click Edit in Attributes & Claims.
    • Under Claim name, click Unique User Identifier (Name ID), select a source attribute value, for example, user.mail. This value should match the Requested NameID Format specified in Oracle Identity Cloud Service.
      Sample Manage Claim settings to enable SSO

    • Click Save.
    • Close the Manage claim and Attributes & Claims pages.
  5. Download the Azure metadata file.
    • In the Set up Single Sign-On with SAML screen, in the SAML Signing Certificate section, click Download next to Federation Metadata XML.
      Basic SAML Configuration Settings for Oracle Cloud Infrastructure Console Enterprise Application

    • Follow the on-screen prompts to save the metadata file to a local directory that is accessible from Oracle Identity Cloud Service.