1. Administrator Guide for Configuring Identity Federation (When using Microsoft Azure AD Synchronization for User Provisioning)
  2. Steps to Configure Identity Federation in OCI IAM Identity Domain
  3. Step 4: Configure User Attributes and Claims

Step 4: Configure User Attributes and Claims

The Oracle Cloud Infrastructure Console enterprise application template is seeded with the required attributes, so there is no need to add any. However, you must make the following customizations:

  1. In the User Attributes & Claims section, click Edit in the upper-right corner. The Manage Claim panel appears.
  2. Next to the Name identifier value field, click Edit.
  3. Under Required claim, select Unique User Identifier (Name ID).
  4. Select Email address and change it to “Persistent.”
  5. For Source, select Attribute.
  6. For Source attribute, select user.userprincipalname.

    This image shows Microsoft Azure screen
  7. Configure additional claims by referring to the below table. Note: Only oc_primaryworklocation is mandatory and other additional claims are optional.

Table 1-1 SAML Attribute Mapping

Claim Name Type Value Mandatory Claim (Yes/No)

oc_primaryworklocation

Attribute

Mandatory Single Valued User Attribute.

Indicates the user’s primary work location.

Possible Values:

  1.  <ENTERPRISE_ID>:E where <ENTERPRISE_ID> is the OPERA Cloud enterprise ID for the customer. This can be the value if users are at enterprise level specially for users who need access to multiple chains. For example, ENTERPRISE1:E whereENTERPRISE1 is the enterprise code for the customer.

  2. <CHAIN_CODE>:C  where <CHAIN_CODE> is chain code in OPERA Cloud for that customer. This can be the value if users are at chain level specially for users who need access to multiple properties. For example, CHAIN1:C where CHAIN1 is the chain code for the customer in OPERA Cloud.

  3. <PROPERTY_CODE>:P where <PROPERTY_CODE> is the property code in OPERA Cloud. This can be the value for users at a specific property level. For example, PROPERTY1:P where PROPERTY1 is the property code for the customer in OPERA Cloud.

Note: Ensure this claim is created and if it is not created in Azure AD, it will significantly impact OPERA Cloud operations.

Yes

#upper($(assertion.oc_ownercode))

Attribute

This is the owner code for the user in OPERA Cloud Sales and Event Management.

No

oc_employeenumber

Attribute 

Employee number is the unique employee number in the customer's employee management system.

No

#upper($(oc_hubs))

OR 

oc_hubs

Attribute

oc_hubs is a String array in IAM Domain and IdP claim mapping should map a multi-valued attribute to oc_hubs. Single value attribute claims from Azure should not be mapped to oc_hubs.

No

oc_actas

Attribute

You can send values for a new user's Act As field from your identity provider, which eliminates overhead for an admin to manually assign Act As for a new user in OPERA Cloud Role Manager.

Possible Values:

  • Property

  • Central

No

oc_actat

Attribute

You can send values for a new user's Act At field from your identity provider, which eliminates overhead for an admin to manually assign Act At for a new user in OPERA Cloud Role Manager.

Possible Values:

  • Reservation Sales Person

  • Conference Sales Person

  • External System

No

Figure 1-1 Attributes & Claims


This image shows the Attributes & Claims screen.
The claim values in the above image are only examples.

Parent topic: Steps to Configure Identity Federation in OCI IAM Identity Domain