Step 4: Configure User Attributes and Claims

The Oracle Cloud Infrastructure Console enterprise application template is seeded with the required attributes, so there is no need to add any. However, you must make the following customizations:

  1. In the User Attributes & Claims section, click Edit. The Manage Claim panel appears.
  2. Click the Name identifier value field to edit.
  3. Select Email address next to the Name identifier format and change it to “Persistent.”
  4. For Source, select Attribute.
  5. For Source attribute, select user.userprincipalname and click Save.
  6. Configure additional claims by referring to the below table. Note: Only oc_primaryworklocation is mandatory and other additional claims are optional.
  7. Once all the SAML claims are configured, return to the Set up Single Sign-On with SAML page.

Table 1-1 SAML Attribute Mapping

Claim Name Type Value Mandatory Claim (Yes/No)

oc_primaryworklocation

Attribute

Mandatory Single Valued User Attribute.

Indicates the user’s primary work location.

Possible Values:

  1.  <ENTERPRISE_ID>:E where <ENTERPRISE_ID> is the OPERA Cloud enterprise ID for the customer. This can be the value if users are at enterprise level specially for users who need access to multiple chains. For example, ENTERPRISE1:E whereENTERPRISE1 is the enterprise code for the customer.

  2. <CHAIN_CODE>:C  where <CHAIN_CODE> is chain code in OPERA Cloud for that customer. This can be the value if users are at chain level specially for users who need access to multiple properties. For example, CHAIN1:C where CHAIN1 is the chain code for the customer in OPERA Cloud.

  3. <PROPERTY_CODE>:P where <PROPERTY_CODE> is the property code in OPERA Cloud. This can be the value for users at a specific property level. For example, PROPERTY1:P where PROPERTY1 is the property code for the customer in OPERA Cloud.

Note: Ensure this claim is created and if it is not created in Entra ID, it will significantly impact OPERA Cloud operations.

Yes

#upper($(assertion.oc_ownercode))

Attribute

This is the owner code for the user in OPERA Cloud Sales and Event Management.

No

oc_employeenumber

Attribute 

Employee number is the unique employee number in the customer's employee management system.

No

oc_actas

Attribute

You can send values for a new user's Act As field from your identity provider, which eliminates overhead for an admin to manually assign Act As for a new user in OPERA Cloud Role Manager.

Possible Values:

  • Reservation Sales Person

  • Conference Sales Person

  • External System

No

oc_actat

Attribute

You can send values for a new user's Act At field from your identity provider, which eliminates overhead for an admin to manually assign Act At for a new user in OPERA Cloud Role Manager.

Possible Values:

  • Property

  • Central

No

oc_hubs

Attribute

This SAML claim enables customer to map HUB(s) to a user in OPERA Cloud. This claim is mapped to string array attribute in OCI IAM Identity Domain and allows multiple values. If the identity provider system does not support string array data type then please use the claim oc_hubs_string as described below. If no value passed, the user is assigned to default hub in OPERA Cloud.

No

oc_hubs_string

Attribute

This SAML claim enables customer to map HUB(s) to a user in OPERA Cloud. This claim is mapped to a string attribute in OCI IAM Identity Domain. Please note, only either of oc_hubs or oc_hubs_string need to be used based on data type supported in the identity provider. If no value passed, the user is assigned to default hub in OPERA Cloud.

No

Parent topic: Steps to Configure Identity Federation in OCI IAM Identity Domain