Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Enable Excel-to-Component Interface Utility SSO with OCI IAM using Device Code Flow

Introduction

The Excel-to-Component Interface (Excel to CI) utility in PeopleSoft serves as an invaluable tool, enabling users to seamlessly import data from Microsoft Excel spreadsheets into the PeopleSoft database through standard username and password authentication. Each source workbook comprises both worksheets and Excel Visual Basic code modules that execute essential business logic for each transaction. For more information, see Understanding the Excel-to-Component Interface Utility.

With the rapid advancements in Oracle Cloud Infrastructure Identity and Access Management (OCI IAM), the demand for applications like PeopleSoft to support Single Sign-On (SSO) became increasingly vital. This evolution reflects the necessity for streamlined user experiences, enhanced security, and simplified access across multiple platforms, allowing users to navigate seamlessly while maintaining robust authentication protocols.

OCI IAM serves as a robust framework for managing users and roles, facilitating user federation and provisioning, and enabling secure application integration through Oracle SSO configuration and Security Assertion Markup Language (SAML)/OAuth-based Identity Provider (IdP) administration. Notably, it features Oracle Identity Domains App Gateway, which supports Single Sign-On (SSO) for applications utilizing Header-Based Authentication, such as PeopleSoft. For more information, see Configure seamless authentication for PeopleSoft applications using OCI IAM Identity Domains.

In this tutorial, we will explore the transformation of the traditional Excel to CI sheet, modernizing it to support standard authentication protocols. We will delve into how OCI IAM SSO can be utilized to authenticate users, enabling seamless data uploads through these enhanced spreadsheets.

PeopleSoft SSO integration with OCI IAM

PeopleSoft integrates with OCI IAM for SSO through the App Gateway, which functions as a reverse proxy. It intercepts HTTP requests to the PeopleSoft web interface, ensuring users are logged in and authorized. The OCI IAM Identity Domain manages authentication for the PeopleSoft application.

Introduction to OCI IAM Support for Device Code Flow

Device Code Flow enables user authentication on devices or operating systems lacking a web browser. This method allows users to sign in interactively using another device, such as a computer or mobile phone. The following image illustrates how the Device Code Flow operates.

For more information about Device Code Flow and its configuration within OCI IAM, see Using the IDCS OAuth Device Flow for Fun and Profit and Device Code Grant Type.

Additionally, we understand that the Device Code Flow is compatible with Microsoft Excel spreadsheets. For more information, see Excel, OAuth 2.0 and Device Code Flow. We will enhance the traditional Excel to CI spreadsheet to support Device Code Flow. Let us begin by creating a confidential application in OCI IAM to facilitate this integration.

Objectives

• Use OCI IAM SSO credentials to upload data to PeopleSoft database using Device Code Flow.

  • Download the Excel to CI file and save it to your local system.
  • Create a confidential application in OCI IAM to support Device Code Flow.
  • Update the existing Visual Basic (VB) Macro function and add OCI IAM connection details to upload data into PeopleSoft database.
  • Push the sample data from the updated Microsoft Excel spreadsheet to PeopleSoft database using OCI IAM SSO credentials and Device Code Flow.

Prerequisites

• Access to an OCI tenancy.

• Identity domain of type Oracle Apps Premium and an admin account on it.

• A PeopleSoft SSO enabled instance with a valid SSL certificate.

• A user with SSO access to PeopleSoft and the required privileges to upload data to the PeopleSoft database through Excel to CI.

• A copy of fully functional Excel to CI spreadsheet currently working with username and password to push data.

• Local copy of the dependent file RelLangMacro.xla for proper functioning of Excel to CI.

• Basic knowledge on the VB Macro coding.

Task 1: Create a Confidential Application for Device Code Flow

We will register a confidential application under the OCI IAM Identity Domain which is integrated with your PeopleSoft for SSO with the allowed grants type Device Code.

1. Log in to the OCI Console, under Identity Domain, click Domain Information and copy Identity Domain URL.

   

   Note: Exclude :443 from the end of the domain URL, we will need this information in Task 6.

2. Go to the navigation menu and click Applications.

   

3. Select Confidential Application and click Launch workflow.

   

4. Enter a Name for your application and click Next.

   

5. Select Skip for later, Device Code as the Allowed grant types and click Next.

   

6. Click Finish.

   

7. Click Activate to activate the application.

   

8. Note down the Client ID and Client Secret for using it in further configurations.

   

Task 2: Excel to CI and OCI IAM Architecture using Device Code Flow

Steps to submit data to the PeopleSoft database using Device Code Flow.

1. Initiation of Device Code Flow: When the user attempts to submit data to the PeopleSoft database, the Excel sheet initiates the Device Code Flow.

2. User Code Display: A 6-letter user code is presented to the user, which must be copied for future use in obtaining the access token.

3. Browser Authentication: Once the user code is noted, the Excel sheet automatically opens the default web browser and prompts the user to log in. If a session is already active, the user will be logged in automatically.

4. Entering the User Code: After successfully logging in and completing any multi-factor authentication (MFA) requirements, the browser will prompt the user to enter the previously copied user code.

5. Access Token Issuance: Upon successfully submitting the user code, an access token is issued to the Excel sheet, enabling it to submit data to the PeopleSoft database.

The following image illustrates the Device Code flow in more detials.

To facilitate this process, we will proceed to modify the VB code and enhance the authentication and data submission modules.

Task 3: Update the VB Code for Log in using Device Code Flow

Download a copy of the Excel to CI spreadsheet from here: ExcelToCI Sheets_ExcelToCI2007-AppG_SampleFile.zip and save to your local system where you have your original Excel to CI spreadsheet. The folder should also contain the dependent file RelLangMacro.xla for proper functioning of Excel to CI.

1. Open your Excel to CI spreadsheet and update the Connection Information sheet with the PeopleSoft App Gateway details. Enter the following information.

   • Web Server Machine Name.
   • Protocol.
   • HTTP Port.

   

2. Click Developer and Visual Basic to open MicroSoft Visual Basic for Applications. Click Modules.

   

3. Under Modules, expand the Login module and update the Client ID and Client secret of the confidential application created in Task 1 and OCI IAM Domain URL in the following mentioned functions and save the file.

   Note: The spreadsheet has comments to help you with where the details should be added.

   1. Public Function getLoginInformation.
   2. Public Function makeInstrospectRequest.
   3. Public Function makeIDCSRequest.

   Note:

   • Proof of Concept: This sheet serves as a proof of concept demonstrating that Excel to CI can support Device Code Flow for submitting data to the PeopleSoft database.

   • Code Quality: Note that the code may not adhere to best practices in VB coding. We strongly recommend thorough testing on your end before deploying it to a Production environment.

   • Data Submission Testing: The spreadsheet has been tested for data submission use case. If it defaults to username and password authentication for any another functionality, you can modify the VB module to incorporate the device code logic for improved functionality.

   • Reference Check: Additionally, review the Excel to CI reference under the Tools in the Microsoft Visual Basic for Applications page to ensure alignment with the following screenshot.

     

Task 4: Test the Data Upload using Device Code Flow

1. Add sample data in the Data Input and click Add-ins, Stage Data for Submission.

   

2. In the Staging and Submission sheet, you should be able to see the new data entries that you want to submit to the PeopleSoft database. Click Add-ins and Submit Data.

   

3. The Excel sheet will now initiate the Device Code Flow and will display the User Code, make a note of it. Click OK and you will be redirected to the OCI IAM log in page.

   

   

4. Log in to OCI IAM with your SSO credentials.

   

5. Enter the user code in Code and click Submit.

   

6. If the user code is correct, you will see a Congratulations screen confirming your access to the application.

   

7. The access token is sent back to the Excel sheet, which is used to submit the data to PeopleSoft database. You should see OK against your data entries confirming the data submission.

   

   The sheet will store the access token details for its next execution and unless the access token is Active, you will not be challenged to go through the Device Code Flow.

Opportunities for Enhancement in the Excel to CI Sheet

• Token Validation: Currently, the introspect endpoint is utilized to verify the validity of the access token, which has a default expiration time of 60 minutes.

• Session Persistence: To prevent users from being logged out after 60 minutes, consider implementing a refresh token mechanism.

• Code Modification: Update the VB code to incorporate the use of the refresh token for continuous access.

• Dynamic Capture for OCI IAM details: The functions in the sheet are currently hard-coded with identity information. You can enhance this by defining Excel cells to capture these details dynamically.

• Access Token Visibility: The access token value is presently displayed in the Connection Information sheet. You may choose to hide it from end users by adjusting the cell formatting.

• Compatibility with Journal Uploads: The demonstrated Device Code Flow logic for Excel to CI can also be applied to journal uploads. The following modules in Jrnlmacro.xla should be updated under mImportControl. Download Sample Zip for Journal Upload.

  • Private Sub Import_Sheet.
  • Private Function sendXML.
  • Public Function makeIDCSRequest.
  • Public Function makeInstrospectRequest.

Related Links

• Using the IDCS’ OAuth Device Flow for Fun and Profit

• Excel, OAuth 2.0 and Device Code Flow

• Device Code Grant Type

• Configure seamless authentication for PeopleSoft applications using OCI IAM Identity Domains

Acknowledgments

• Author - Chetan Soni (Senior Cloud Engineer)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Enable Excel to Component Interface Utility SSO with OCI IAM using Device Code Flow

G16734-01

October 2024

Copyright ©2024,

Oracle and/or its affiliates.