1. Getting Started with Oracle Enterprise Performance Management Cloud for Administrators
  2. Securing EPM Cloud
  3. Configuring Single Sign-On
  4. Configuring SSO with OCI EPM Cloud Using Microsoft Entra ID as the Identity Provider
  5. Steps to Complete in Oracle Cloud Identity Console

Steps to Complete in Oracle Cloud Identity Console

For each Oracle Enterprise Performance Management Cloud account for which you want to set up SSO, complete these actions:

  1. Manage EPM Cloud users.
  2. Set up Azure AD as a SAML IdP.
  3. Create an IdP Policy and assign Azure AD to the policy.

Manage EPM Cloud users

  1. Sign into Oracle Cloud Identity Console as an Identity Domain Administrator. See Accessing the Oracle Cloud Identity Console (IDCS).
  2. Create EPM Cloud users. See Creating Users Using Oracle Cloud Identity Console.
  3. Assign users to predefined roles. See Assigning Roles Using Oracle Cloud Identity Console.

Set up Microsoft Entra ID as a SAML IdP in Oracle Cloud Identity Console

For detailed instructions on this task, see Add a SAML Identity Provider in Administering Oracle Identity Cloud Service.
  1. In Oracle Cloud Identity Console, expand the Navigation Drawer, click Security, and then Identity Providers to open the Identity Providers screen.
    Oracle Cloud Identity Service Console Identity Providers Screen

  2. Click Add SAML IDP.
  3. In Add Identity Provider Details, enter a name and an optional description for the Microsoft Entra ID identity provider.
  4. Optional: Click Upload to upload a custom icon to identify this provider.
    Add Identity Provider Details Screen

  5. Click Next.
  6. In Add Identity Provider Configure page, upload the Microsoft Entra ID metadata file.
    • Click Upload.
    • Browse and select the Microsoft Entra ID metadata file that you downloaded in the preceding section.
      Add Identity Provider Configure Screen

    • Click Next.
  7. In Add Identity Provider Map, map the user attributes used in Microsoft Entra ID and Oracle Cloud Identity Console.
    • For Identity Provider User Attribute select the Microsoft Entra ID attribute that uniquely identifies the user. To use an attribute other than user ID (for example, email ID), select SAML Attribute. Otherwise select Name ID.
    • For Oracle Identity Service User Attribute, select the Oracle Cloud Identity Console attribute to which you want to map the Microsoft Entra ID attribute that you selected.
    • For Requested NameID Format, select the format in which Microsoft Entra ID forwards the user attribute to Oracle Identity Cloud Service.
      Add Identity Provider Map Screen

    • Click Next.
  8. In Add Identity Provider Export, click Next.
  9. In Add Identity Provider Test, click Test Login.

    For this test to be successful, the test user must be present in both Oracle Cloud Identity Console and Microsoft Entra ID. On establishing a connection, the following message is displayed:
    Add Identity Provider Map Screen

  10. Return to Oracle Cloud Identity Console, and click Next.
  11. Click Activate to activate the identity provider (IdP) that you created and tested.
    Add Identity Provider Map Screen

  12. Click Finish.

    The IdP listing now shows the new SAML provider as activated.
    Oracle Cloud Identity Service Console Identity Providers Screen

Create an IdP Policy and assign IdP to the policy

For detailed steps, see Add an Identity Provider Policy in Administering Oracle Identity Cloud Service.

  1. Expand the Navigation Drawer.
  2. Click Security, and then IDP Policies.
  3. In Identity Provider Policies, click Add.
  4. In Details enter a policy name, and then click Next.
  5. In Add Identity Provider Rules, click Add.
    1. Enter a rule name.
    2. In Assign Identity Providers, select Microsoft Entra ID that you activated previously.
      Add Rule Screen

    3. Click Save.
  6. Click Next.
  7. On Apps, click Assign and select the EPM Cloud environments to which the IDP policy should be applied.
  8. Click Finish.