3.3.2 Use Oracle IDCS as Identity Provider

You can use Oracle IDCS as identity provider to manage access to your application.

1. In the Oracle Cloud Infrastructure console, add your application as a confidential application. See Adding a Confidential Application in Administering Oracle Identity Cloud Service.

   While adding a confidential application, perform the following tasks:

   1. On the Add Confidential Application wizard's Client page, click Configure this application as a client now.
   2. In the Authorization section, select the following options:
      • Resource owner
      • Client credentials
      • JWT assertion
      • Refresh token
      • Authorization code
      • Redirect URL: Enter the application URL where the user is redirected after authentication.
   3. Skip the next steps. Use the default selections, and then click Finish. The application has been added in a deactivated state.
   4. Record the Client ID and Client Secret that appear in the Application Added dialog box. You will need to provide this information later.
   5. Click Close.

      The new application's details page is displayed.

   6. At the top of the page, to the right of the application name, click Activate to activate the application.
   7. In the Activate Application? dialog box, click Activate Application.
2. Click Users, and then assign users to the application. See Assign Applications to the User Account in Administering Oracle Identity Cloud Service.
3. Enable client access for the signing certificate. By default, access is restricted to only the signed-in users. To allow clients to access the tenant signing certificate and the SAML metadata without logging in to Oracle Identity Cloud Service, perform the following steps.
   1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Default Settings.
   2. Turn on the Access Signing Certificate option.
   3. Click Save to save the default settings.