Setup External Identity Provider

Configure a SAML 2.0 external identity provider such as Active Directory Federation Services (AD FS) for federated SSO with the IAM Identity Domain.

Configuration steps include:

• Setup the SAML 2.0 Identity Provider.

• Verify Federated Single Sign-On.

• Establish user synchronization between the Identity Domain and the SAML Identity Provider. It is necessary to copy users into Identity Domain because the access to the service is granted by assigning users to the Application Roles in Oracle Cloud Services.

• Configurre Microsoft Active Directory Bridge or implement user data synchronization via REST SCIM API, flat file import, or using one of the pre-defined provisioning Applications from the IAM catalog. Refer to the IAM documentation for more details.

To access detailed configuration instructions provided by IAM:

• Return to the Oracle Cloud Infrastructure console, expand hamburger menu on the top left corner and select Identity. Click the Identity link and load the Overview page. Use one of the quick links to access documentation and tutorials on SAML SSO configuration.

Note on Identity Bridge setup only: Federated authentication is enabled by default. This configuration means the user credentials will be validated against a configured Identity Provider. When configuring Identity Bridge define the federated authentication as follows:

• To continue validate credentials and maintain passwords and password rules in the external identity management system leave the Federated Authentication checkbox checked

• To validate credentials and manage passwords in IAM uncheck the Federated Authentication checkbox. IAM will generate the password for the users and send the notification by email (the email attribute must be filled in Microsoft Active Directory and mapped to the Identity Domain).