1. Administrator Guide for Configuring Identity Federation (When using Microsoft Azure AD Synchronization for User Provisioning)
  2. Steps to Configure Identity Federation in OCI IAM Identity Domain
  3. Step 7: Add Microsoft Azure AD as an Identity Provider in OCI IAM Identity Domains

Step 7: Add Microsoft Azure AD as an Identity Provider in OCI IAM Identity Domains

Enter the Azure AD identity provider details by following these steps:
  1. Navigate to the Oracle IAM domain console.
  2. On the navigation menu, click Security and then click Identity providers.
  3. Click Add IdP and then click Add SAML IdP.
  4. Enter the following information:
    • Name: Enter the name of the IdP.
    • (Optional) Description: Enter a description of the IdP.
    • (Optional) Identity provider icon: Drag and drop a supported image or click select one to browse for the image.
  5. Click Next.

    Ensure that Import identity provider metadata is selected, and browse and select, or drag and drop the Azure AD metadata XML file into Identity provider metadata. This is the metadata file you saved earlier from Azure AD.

  6. Click Next.
  7. In Map user identity, set the values as shown in the following screenshot.

    This image shows Identity Provider Metadata screen
  8. Click Next.
  9. Under Review and Create, verify the configurations, and then click Create IdP.
  10. Click Activate.
  11. Click Add to IdP Policy Rule.
  12. Click Default Identity Provider Policy to open it, and from the context (three dots) menu choose Edit IdP rule.
  13. Click Assign identity providers and then click Azure AD Identity provider to add it to the list.
  14. Click Save Changes.
  15. Go back to Security and click Sign-on policies.
  16. Click Default Identity Provider Policy to open it, and in the Sign-on rules from the context (three dots) menu on the right, select Edit IdP rule.
  17. Select Azure AD.

    This image shows Edit sign-on rule screen
  18. Save your changes.

JIT Attribute Mapping

  1. In the OCI console, open the navigation menu and click Identity & Security.

  2. Under Identity, click Domains.

  3. In the respective domain, navigate to Security and then navigate to Identity Provider.

  4. Under the respective Identity Provider, click Configure JIT.

  5. Turn on the Enable Just-In-Time (JIT) provisioning option and select the Update the existing identity domain user option.


    This image shows the Enable Just-In-Time (JIT) provisioning option.

  6. Save your changes.

Follow the below steps to create JIT Attribute mapping for custom attributes.
  1. Create a Confidential Application

    1. In the OCI identity domain, open the navigation menu and click Identity & Security.

    2. Under Identity, click Domains.

    3. Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want. Then, click Integrated applications.

    4. Click Add application.

    5. In the Add application screen, select Confidential Application, and then click Launch workflow.

    6. On the Add application details page, enter an application name and description, and then click Next.

    7. On the Configure OAuth page, under Client configuration, select Configure this application as a client now.

    8. Under Authorization, select only Client Credentials as the Allowed Grant Type.

    9. At the bottom of the page, select Add app roles and then click Add roles.

    10. In the Add app roles panel, select Identity Domain Administrator, and then click Add.

    11. Click Next and then click Finish.

    12. On the application detail page, scroll down to General Information. Copy the Client ID and the Client Secret and save it in a secure place for later.

    13. After the application is created, click Activate.

    The confidential application is now activated.

    Note:

    Once JIT Configuration is completed, this Client application can be deactivated.

Parent topic: Steps to Configure Identity Federation in OCI IAM Identity Domain