Steps to Complete in Oracle Cloud Identity Console
For each Oracle Enterprise Performance Management Cloud account for which you want to set up SSO, complete these actions:
- Manage EPM Cloud users.
- Set up Azure AD as a SAML IdP.
- Create an IdP Policy and assign Azure AD to the policy.
Manage EPM Cloud users
- Sign into Oracle Cloud Identity Console as an Identity Domain Administrator. See Accessing the Oracle Cloud Identity Console (IDCS).
- Create EPM Cloud users. See Creating Users Using Oracle Cloud Identity Console.
- Assign users to predefined roles. See Assigning Roles Using Oracle Cloud Identity Console.
Set up Microsoft Entra ID as a SAML IdP in Oracle Cloud Identity Console
For detailed instructions on this task, see Add a SAML Identity Provider in Administering Oracle Identity Cloud Service.- In Oracle Cloud Identity Console, expand the
Navigation Drawer, click
Security, and then Identity
Providers to open the Identity Providers
screen.
- Click Add SAML IDP.
- In Add Identity Provider Details, enter a name and an optional description for the Microsoft Entra ID identity provider.
- Optional: Click Upload to upload a custom icon to
identify this provider.
- Click Next.
- In Add Identity Provider Configure page, upload the
Microsoft Entra ID metadata file.
- Click Upload.
- Browse and select the Microsoft Entra ID metadata file that you
downloaded in the preceding section.
- Click Next.
- In Add Identity Provider Map, map the user attributes
used in Microsoft Entra ID and Oracle Cloud Identity Console.
- For Identity Provider User Attribute select the Microsoft Entra ID attribute that uniquely identifies the user. To use an attribute other than user ID (for example, email ID), select SAML Attribute. Otherwise select Name ID.
- For Oracle Identity Service User Attribute, select the Oracle Cloud Identity Console attribute to which you want to map the Microsoft Entra ID attribute that you selected.
- For Requested NameID Format, select the format in
which Microsoft Entra ID forwards the user attribute to Oracle Identity Cloud Service.
- Click Next.
- In Add Identity Provider Export, click Next.
- In Add Identity Provider Test, click Test
Login.
For this test to be successful, the test user must be present in both Oracle Cloud Identity Console and Microsoft Entra ID. On establishing a connection, the following message is displayed:
- Return to Oracle Cloud Identity Console, and click Next.
- Click Activate to activate the identity provider (IdP)
that you created and tested.
- Click Finish.
The IdP listing now shows the new SAML provider as activated.
Create an IdP Policy and assign IdP to the policy
For detailed steps, see Add an Identity Provider Policy in Administering Oracle Identity Cloud Service.
- Expand the Navigation Drawer.
- Click Security, and then IDP Policies.
- In Identity Provider Policies, click Add.
- In Details enter a policy name, and then click Next.
- In Add Identity Provider Rules, click
Add.
- Enter a rule name.
- In Assign Identity Providers, select Microsoft Entra
ID that you activated previously.
- Click Save.
- Click Next.
- On Apps, click Assign and select the EPM Cloud environments to which the IDP policy should be applied.
- Click Finish.