Learn About the Architecture for Federated Single Sign-On

Identity federation enables enterprises to link user identities that are maintained in two or more identity management systems. One of the identity management systems is designated as a trusted identity provider, the place where user accounts and passwords are maintained. When a user signs in to a service or an application in a federated setup, the service provider delegates the responsibility of authenticating the user to the designated identity provider. The identity provider authenticates the user and asserts the user’s identity to the service provider. Single sign-on (SSO) is a key part of identity federation. SSO enables users to sign in once and access multiple applications, without signing in separately to access each application.

Identity federation helps enterprises reduce cost, because user accounts don’t need to be created and managed separately in each identity management system. The user-synchronization process ensures that identities are propagated to all the federated systems. With SSO, end users don’t need to enter sign-in credentials separately for each service or application, and they don’t need to remember and manage multiple sign-in credentials.

Oracle Cloud offers a variety of architecture options for setting up federated SSO between Oracle Identity Cloud Service and any other identity management system that you may be using on-premises.

For example, you have an on-premises identity management system—Oracle or third-party, and you want your users to be able to sign in to applications running on-premises and in Oracle Cloud by using a single set of credentials. You can enable this by federating your on-premises identity provider with Oracle Identity Cloud Service.



In a federated SSO setup, user authentication for your Oracle Cloud workloads is delegated to the trusted, on-premises identity provider. For users, federation provides a simple, end-to-end sign-in experience, where they can sign in once using a single credential, and they can access the resources and applications that are protected by both the identity systems.

The architecture to set up federated SSO between two identity management systems depends on several factors, including the following:
  • The nature of the workloads, both on-premises and in Oracle Cloud

  • The specific Oracle SaaS, PaaS, and IaaS services that you use

  • The location where users and their identities are created and maintained