Steps to Complete in Oracle Cloud Console

For each account for which you want to set up SSO, complete these actions:

  1. Manage Oracle Fusion Cloud Enterprise Performance Management users
  2. Setup Azure AD as a SAML IdP and Assign to an IdP Policy

Manage Users

  1. Create users. See Creating User
  2. Assign users to predefined roles. See Assigning Roles.

Setup Microsoft Entra ID as a SAML IdP and Assign to an IdP Policy

For detailed instructions on this task, see Add a SAML Identity Provider in Oracle Cloud Infrastructure Documentation.

  1. Sign into IAM Interface as an Identity Domain Administrator. See Accessing the IAM Interface.
  2. Navigate to the Federation tab.
  3. Click Actions, select Add SAML IdP and submit the tasks in the workflow.
    Add SAML IdP

  4. Task 1 - Add details:
    • Name: Enter the name of the SAML IdP.
    • (Optional) Description: Enter a description of the IdP.
    • (Optional) Identity provider icon: Drag and drop a supported image, or click select one to browse for the image.
      Add details screen
  5. Click Next.
  6. Task 2 - Exchange metadata:
    1. Click Export SAML metadata button to send the SAML metadata to Microsoft Entra ID.
    2. Select Import IdP metadata.
    3. Browse and select the Microsoft Entra ID metadata file that you downloaded. See Steps to Complete in Microsoft Entra ID.
      Configure metadata screen
  7. Click Next.
  8. Task 3- Map user identity. map user's identity attributes received from Microsoft Entra ID to an Oracle Cloud Infrastructure identity domain.
    Map user identity

    • For Requested NameID Format, select the format in which Microsoft Entra ID forwards the user attribute to Oracle Identity Cloud Service.
    • For Test identity provider, select the Microsoft Entra ID attribute that uniquely identifies the user. To use an attribute other than user ID (for example, email ID), select SAML Attribute. Otherwise select Name ID.
    • For OracleIdentityCloudService identity domain, select the Oracle Identity Cloud Service attribute to which you want to map the Microsoft Entra ID attribute that you selected.
  9. Click Next.
  10. On the Review and Create page, verify the entered details. Click Create IdP.
  11. Under Identity Providers, click Microsoft Entra ID
  12. On the Microsoft Entra ID details page, verify SAML SSO.
    1. Using the Identity Provider's Actions menu, select Test Login from the menu.
      Action menu

    2. Authenticate with your credentials to test the connection.

      If successful, a message will appear: "Your connection is successful."
      Successful connection

  13. Activate Microsoft Entra ID so that the identity domain can use it. Using Actions menu, select Activate IdP.
  14. Assign Microsoft Entra ID to an existing policy rule you have created. Using Actions menu, select Add to IdP policy. If you plan to create a policy and then assign a rule, see Create an IdP Policy and Assign Rule.

Create an IdP Policy and Assign Rule

  1. On the Federations tab, scroll-down to Identity providers policies.
  2. Click Create IdP policy.
    Create IdP Policy

  3. On the Create identity provider policy page, enter the Name and then click Create identity provider policy.
    Create identity provider policy
  4. Navigate to Identity provider rules tab.
  5. Click Add IdP rule to define rules for this policy.
    Add IdP rule
  6. On Add identity provider rule page:
    1. Enter a Rule name.
    2. Use the Assign identity providers menu to assign Microsoft Entra ID to this rule.
    3. Configure conditions.
    4. Click Add IdP rule.
  7. Assign application to this policy. Navigate to Applications tab.
  8. Click Add apps.
    Assign applications to policy

  9. On the Add app page:
    1. Search and select the apps to assign to this IdP policy.
    2. Click Add App.

      You can now SSO to these environments using any of the configured IdPs.