Steps to Complete in Microsoft Entra ID

To configure Microsoft Entra ID as an identity provider (IdP), complete these actions:

1. Add Oracle Cloud Infrastructure Console as an enterprise application in Azure AD.
2. Assign Azure AD users to the Oracle IDCS enterprise application.
3. Setup SSO for the enterprise application inOracle Identity Cloud Service.

Refer to Microsoft Entra documentation for detailed steps and explanation related to completing these configuration steps.

Add Oracle Cloud Infrastructure Console as an enterprise application in Microsoft Entra ID.

1. Access Microsoft Entra ID Sign-In page and sign in.
2. On the Home left-navigation pane, click Applications, and then click Enterprise applications.
3. Click New application. Browse Mirosoft Entra Gallery screen, which lists Oracle as a cloud platform.
4. Click Oracle to display a list of available Oracle cloud platforms.
5. Click Oracle Cloud Infrastructure Console.
   
   
   
   
6. Enter a Name, and then click Create to add an instance of Oracle Cloud Infrastructure enterprise application.

   An Overview of the enterprise application properties is displayed.
   
   

Assign Microsoft Entra ID users to Oracle Cloud Infrastructure Console Enterprise Application

Only the specified users can log in to Microsoft Entra ID and be federated with Oracle Enterprise Performance Management Cloud. You can also assign user groups. Ensure that these users or groups are already present in Microsoft Entra ID.

1. In the left navigation pane of your Oracle Cloud Infrastructure Console application, click Users and groups under Manage. Alternatively, in the Overview page of your enterprise application, click Assign users and groups.
2. Click Add user/group.
3. Under Users, click None Selected to open the Users screen. Select the users to assign to the application and click Select.
4. Click Assign to assign the selected users to the application.

Setup SSO for the Oracle Cloud Infrastructure Console Enterprise Application

1. In the left navigation pane, click Single sign-on
2. In Select a single sign-on method, click SAML.

   The Set up Single Sign-on with SAML screen opens.
   
   

3. Enter Basic SAML Configuration details.

   The information that you should enter in this step is generated while configuring SAML in Oracle Identity Cloud Service.

   • Click Edit in Basic SAML Configuration section.
   • In Basic SAML Configuration page, enter settings to SSO with your Oracle Identity Cloud Service.

     Note:

     The Oracle Identity Cloud Service settings that you need to enter as basic SAML settings follow this predictable pattern.

     https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed

     The CUSTOMER_IDENTIFIER is a unique alphanumeric string specific to your tenancy. It is a part of your Oracle Identity Cloud Service URL. For example, if the sign in URL is https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com/ui/v1/signin, the CUSTOMER_IDENTIFIER is 01e711f676d2e4a3e456a112cf2f031a9, which you use to derive the SAML configuration settings. In this hypothetical example, the Identifier (Entity ID) would then be https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com:443/fed

     To view all well known Oracle Identity Cloud Service configuration settings for your tenancy, enter your Oracle Identity Cloud Service URL appended with /.well-known/idcs-configuration. For example, https://idcs-01e711f676d2e4a3e456a112cf2f031a9.identity.oraclecloud.com/.well-known/idcs-configuration.
     • Identifier (Entity ID): The Provider ID that was set while provisioning Oracle Identity Cloud Service for your organization.

       Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed

       Note:

       Select the Default check box to indicate that this is the default identifier.
     • Reply URL: The endpoint in Oracle Identity Cloud Service that will process incoming SAML assertions from Microsoft Entra ID. Also known as Assertion Consumer Service URL, this value is set while configuring Oracle Identity Cloud Service.

       Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/sso

     • Sign on URL: The URL of the EPM Cloud sign on page that performs the SSO initiated by Microsoft Entra ID.

       Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/sso

     • Logout URL: The Logout Service URL from Oracle Identity Cloud Service.

       Example: https://idcs-CUSTOMER_IDENTIFIER.identity.oraclecloud.com:443/fed/v1/sp/slo

     
     
     
     
     
   • Click Save.
   • Close the Basic SAML Configuration page
4. In Set up Single Sign-On with SAML screen, enter User Attributes and Claims:
   • Click Edit in Attributes & Claims.
   • Under Claim name, click Unique User Identifier (Name ID), select a source attribute value, for example, user.mail. This value should match the Requested NameID Format specified in Oracle Identity Cloud Service.
     
     
     
     
   • Click Save.
   • Close the Manage claim and Attributes & Claims pages.
5. Download the Microsoft Entra ID metadata file.
   • In the Set up Single Sign-On with SAML screen, in the SAML Signing Certificate section, click Download next to Federation Metadata XML.
     
     
     
     
   • Follow the on-screen prompts to save the metadata file to a local directory that is accessible from Oracle Identity Cloud Service.