Set Up Fusion Applications Identity Domain as the Identity Provider in Customer Cloud Service Identity Domain

Your system administrator completes this task.

  1. Log in to your Customer Cloud Service identity domain in your Oracle Cloud Infrastructure account. You can get this link from your welcome email. If you have questions about which tenancy and domain to log in to, contact your Oracle Support team.

  2. In the navigation pane, select Security, and then select Identity providers.

  3. Click the Add IdP dropdown button and select Add SAML IdP.

  4. On the Add SAML identity provider screen, complete these fields, and then click Next:

    • Name

    • Description (optional)

    • Icon (optional)

  5. Choose Import Metadata and upload the metadata file from the previous task.

  6. In the Configure IdP section, select the Import identity provider metadata button, and then select the file you downloaded in the previous task.

  7. Click Next.

  8. Under Map attributes, complete the following fields as described:

    • In the Identity provider user attribute area, select Name ID.

    • In the Identity domain user attribute field, select Username.

    • In the Requested NameID format field, select Unspecified.

  9. Click the Create IdP button.

  10. In the Export screen, click the Download button next to Service provider signing certificate, and save the file.

  11. Click Next and do not click anything else before completing the next steps. You will return to this screen later in the process.

  12. In a new browser window, log in to your Fusion application identity domain in the Oracle Cloud Infrastructure Console.

  13. In the navigation pane, click Applications.

  14. In the Applications screen, click the hyperlink for the Customer Cloud Service application (as service provider) you created previously.

  15. Under the SSO configuration section, click the Edit SSO Configuration button.

  16. On the Edit SSO configuration screen, scroll down to the Signing Certificate field and upload the signing certificate you downloaded in the previous task.

  17. Click Save changes.

  18. Click the Users link in the navigation panel under Resources.

  19. In the Users section of the screen, click the Assign users button.

  20. Select the users you want to assign, and then click the Assign button.

  21. Scroll to the top of the screen and verify that the application is active. If it is not, click the Activate button.

  22. Return to the browser window with your Customer Cloud Service identity domain.

  23. On the Test IdP screen, click the Test login button. You will receive a message indicating whether your test is successful. If there is an error, contact My Oracle Support for assistance. If it is successful, click Next.

  24. On the Activate IdP screen, click Activate.

  25. Click Finish. You will see a list of identity providers.

  26. In the navigation pane, select IdP policies.

  27. Click the hyperlink for the default identity provider policy.

  28. In the Identity provider rules section, click the action menu (3 dots) on the record, and select Edit IdP rule.

  29. On the Edit identity provider rule screen, in the Assign identity providers field, click inside the field and select the provider you just created. It will appear in the field next to Username-Password.

  30. Click the Save changes button.

Later, you will test your SSO and verify that it is working as expected. Once you are satisfied with your test, you will return to this screen and remove Username-Password from the Assign identity providers field. This removes the ability to log in with your local username and password.

Parent topic: Configure Single Sign On