The image shows a user authentication and service integration for Oracle SaaS, PaaS, and OCI services in an OCI Region, including support for federating identity with a third-party cloud.

A region labeled "Internet" contains an icon representing Users. Two arrows flow from Users:

1. The upper arrow is labeled "Oracle Fusion Cloud Applications URL IDP initiated SSO" and points to Fusion Applications in the SaaS Services in the SaaS Tenancy within the OCI Region.
2. The lower arrow is labeled "Oracle Visual Builder/Oracle Integration URL initiated SSO" and points to Oracle Integration in the PaaS Services.

Within the OCI Region a SaaS Tenancy includes:

• SaaS Services with Oracle Fusion Cloud Applications. Oracle Fusion Cloud Applications points to Fusion Applications Identity Domain with an arrow labeled "IDP" and another arrow labeled "SP" going from Fusion Applications Identity Domain to Third-Party Cloud, labeled "Federation configured by customer".
• PaaS Services with Oracle Integration. A dashed arrow labeled "Provision" goes up from Oracle Integration to Oracle Fusion Cloud Applications.

The lower segment shows OCI Services with:

• OCI Services points to OCI IAM Domain with an arrow labeled "IDP."
• Another arrow labeled "SP" points from OCI IAM Domain to a Third-Party Cloud.

In the Third-Party Cloud, hosts an External Identity Provider. An arrow labeled "IDP" points left to OCI IAM Domain, and another labeled "Federation configured by customer" points up to Fusion Applications Identity Domain.