Synchronizing Users and Groups from Microsoft Entra ID to IAM

Using SCIM, Identity Domain Administrators can smoothly integrate Microsoft Entra ID with IAM, enabling automatic synchronization of users and groups between the two systems. This section outlines the steps:

Step 1: Setting Up SSO with Cloud EPM Using Microsoft Entra ID

  1. Add IAM as an enterprise application in Microsoft Entra ID. See Steps to Complete in Microsoft Entra ID.
  2. Set up Microsoft Entra ID as the IdP in the IAM Interface. See Steps to Complete in Oracle Cloud Console.

Step 2: Creating a Confidential Application to Configure Authorization

  1. Sign into IAM Interface as an Identity Domain Administrator in the source domain. See: Accessing IAM Interface.
  2. Click Integrated applications under Identity domain.
  3. Click Add application.
  4. On the Add application page, select Confidential Application, and then click Launch workflow.
    Screen to add Confidential application
  5. On Add application details, enter application name and other optional details, and then click Next.
    Screen to add Confidential application name and details
  6. On Configure OAuth, select Configure this application as a client now.
  7. Select Client Credentials for Authorization.
    Screen to add client authorization details for confidential application
  8. Select Confidential for Client type.
  9. Scroll-down to Token Issuance Policy, and click Specific for Authorized resources.
    Confidential application configure Oauth details
  10. Click Next.
  11. For Configure policy, keep the default setting Skip and do later, and then click Finish.

    The application is added


    Screen to configure policy information
  12. Click Activate.
    Screen to note client details and activate
  13. On the Activate Application page, click Activate application to confirm activation.
    Screen to confirm activate application

Step 3: Configuring Connectivity for Synchronization with Microsoft Entra ID

  1. Click Integrated applications under Identity domain.
  2. Click Application Catalog, and then click Launch app catalog.
    Screen to add app catalog
  3. Search for Microsoft in the App Catalog, and click Add next to Oracle Identity Domain.
    Screen to search and select Microsoft application
  4. Add application details, and click Next.
    Screen to add Microsoft Entra ID application details
  5. Click Enable Provisioning. and then click Confirm to close the confirmation message.
    Screen to Enable provisioning confirmation
  6. Under Configure Connectivity, click Authorize with Microsoft Entra ID Application Name.
    Screen to Enable provisioning and Authorize with Microsoft Entra ID application
  7. After authorizing Microsoft Entra ID, scroll-down and click Enable synchronization.
  8. Under Configure synchronization, select Synchronization schedule.
  9. Click Finish.
    Screen to Configure Synchronization Schedule
  10. On the application page, click Activate to activate the Microsoft Entra ID application.

    Users and groups will sync automatically between Microsoft Entra ID and IAM based on the configured schedule.


    Screen to activate Microsoft application