By federating Azure AD with OCI Identity domains(more on OCI Identity Domains), businesses can centralize user authentication, simplifying access management and reducing administrative overhead. This robust integration enables a single sign-on (SSO) experience, allowing users to securely access resources across both platforms with a single set of credentials. With enhanced security measures and simplified user provisioning, organizations can ensure compliance with regulatory standards while fostering a seamless user experience. Now, with all new tenancies, Oracle has introduced identity domains as a single domain for storing all the users, groups credentials and so the navigations have also changed a bit. Also, the point to be noted that in the background, it is the same IDCS solution running.
Here, OCI act as a service provider (SP) and Microsoft Azure act as an Identity Provider (IdP). The Service Provider (OCI) creates a SAML request and forwards the user and the SAML request to the Identity Provider (Azure AD). Once the user is authenticated, the IdP sends back a SAML response with an assertion to the Service Provider's Assertion Consumer Service endpoint.
Note: Azure AD is now Microsoft Entra ID.
Go to the OCI Hamburger menu > Identity and Security
get the IDCS url
Copy the IDCS url and add /fed/v1/metadata. Open a browser and save the file as XML.
On the Azure Portal now:-
Create an Enterprise Application. Choose the option as Oracle
Choose the option Oracle Cloud Infrastructure Console
Give it a name and Click on Create
Click on Single Sign on and choose the option for SAML
Download the Federation Metadata XML which has to be uploaded to OCI side.
OCI Side:-
Click on Add SAML IdP
Choose the option Upload metadata xml file
Upload the xml file downloaded from Azure Portal
Review and Create
Test the login
Activate the IdP
Edit the IdP policies and add Azure AD
Test the setup.
Note: User has to be present on both OCI IAM and Azure AD
Login to the OCI console and we will get the IdP icon
Click on Azure AD
Here we are. We have successfully landed to the OCI home page.
This post explains about the integration of Oracle cloud Infrastructure Identity domains with Microsoft Azure AD for a seamless Single Sign on Solution.
I hope, this post will help someone. Till then, enjoy learning cloud.
References:-https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm#top
https://docs.oracle.com/en-us/iaas/Content/Identity/tutorials/azure_ad/lifecycle_azure/02-config-azure-iam-template.htm#config-azure-iam-template
Integrating Azure AD with OCI Identity Domains for SSO is a game-changer for cross-platform efficiency. HostGenics ensures seamless solutions for your identity management needs.
ReplyDelete