Add a SAML Identity Provider
There are two ways that you can add a SAML 2.0 identity provider (IDP) in Oracle Identity Cloud Service:
-
You can import metadata for the IDP. Identity provider metadata summarizes the basic information about data associated with the IDP. This metadata makes finding and working with this data easier. See Import Metadata for a SAML Identity Provider.
-
You can enter metadata for the IDP. See Enter Metadata Manually for a SAML Identity Provider.
-
Details: Provide a name, description, and icon for the SAML IDP.
Tip:
Make sure that the file you want to upload adheres to the recommended dimensions and file size before uploading it. See Customize the Interface. -
Configure: Configure SSO for the IDP by either importing metadata for it or entering metadata for it.
-
Map: Map a user's attribute value received from the IDP to a corresponding attribute value for the user in Oracle Identity Cloud Service.
After providing information in the Map pane of the wizard, Oracle Identity Cloud Service adds and deactivates the IDP. You may want to export metadata for the IDP, test it, or activate it. The wizard has the Export, Test, and Activate panes.
-
Export: Export metadata for Oracle Identity Cloud Service and import this metadata into the IDP. The IDP requires this information to communicate with Oracle Identity Cloud Service for authentication purposes.
Tip:
If the IDP doesn't support importing metadata, then the information for Oracle Identity Cloud Service appears in the Export pane. You can enter this metadata into the IDP manually.To learn about the other options that can be used to access SAML metadata, see Access SAML Metadata.
-
Test: Test the configuration settings for the IDP to confirm that the IDP is working properly. You can use the credentials of the IDP to log in to Oracle Identity Cloud Service through an external website.
-
Activate: Activate the IDP.
To add an IDP, you must be assigned to either the identity domain administrator role or the security administrator role. See Add or Remove a User Account from an Administrator Role.