Step 5: Configure Federation

You can enable federation after the migration of existing cloud users is completed.

Configuring Reporting and Analytics

Keep the following usage notes in mind:

The option changes the default "federation status" for new people.
Now all new people are created as “Federated” people by default. Only roles with appropriate permissions can create non-federated people.
The option also enables a new role privilege "Modify federation status" that lets you create non-federated people. Assign this privilege to all roles for which you want to create federated and non-federated people.
The option is only visible to Hierarchy Admins.

Configuring OCI IAM

Add a SAML IdP. See Managing a SAML Identity Provider for more information.

Note:
The name of the IdP becomes the label of the button that redirects users from the OCI IAM sign-in screen to your IdP.
Activate the IdP. See Activating or Deactivating an Identity Provider for more information.
Assign the IdP to the default policy. See Assigning Identity Providers to the Policy for more information. See About Identity Provider Policies for more information on policies.
1. Go to Identity Provider Policies.
2. Edit Default Identity Provider Policy.
3. Go to Identity provider rules.
4. Click the three dots to edit the existing Default IDP Rule.
5. In the Assign Identity Providers list, ensure both of the following are selected:
  - Username-Password
  - The newly created SAML IdP
6. Click Save changes.
Create a new IdP policy:
1. Go to Identity Provider Policies.
2. Create the policy. Name the policy (for example, SSO URL) and then click Create.
3. Go to Identity Provider Rules, Add IDP Rule.
  
  Assign Identity Providers. Select only the SAML IdP policy you created, and then click Add IDP Rule.
4. Go to Applications, Add app.
  
  Assign the PORTAL_SSO app to the new policy.

See OCI IAM with Okta Tutorials or Federating with Microsoft Azure Active Directory for additional and specific instruction to configure federation for Okta and Azure AD.