Collect IDCS Meta Data
- Enable "Access Signing Certificate" option to get the IDCS metadata. Default Domain Settings -> Select the Access Signing Certificate
- Use the following IDCS URL to get the metadata details.
- https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/fed/v1/metadata
- Save the the XML data as IDCS metadata file.
- Login to Azure and Select Active Directory.
- Select the Enterprise Application on the left menu.
- Select add new application.
- Select Oracle as a cloud provider.
- Select OCI Console Option and SSO logo.
- Provide a unique name and click create.
- This will create an Azure AD Application.
- SSO Setup
- Select SSO option under the above AD application.
- Select SAML IdP provide option.
- Use upload Metadata option to upload the IDCS metadata downloaded above.
- Provide the IDCS sign on URL - https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/ui/v1/myconsole
- Save the data.
- Download the Federation Metadata XML (Azure) from SAML Signing Certificate section.
- Under User and Groups menu in the left add user and groups.
- Select Add SAML IDP.
- Provide Name - Azure IDP
- Next and Upload the Azure Metadata downloaded above.
- Next and select the option as per the requirement . Example NameId as a UserName and of Type Email Address.
- Select Next and Test the configuration by selecting Testing Option.
- Click Finish and Complete the setup.
- Activate the IdP.
- Note:
- Go to IDCS user page and update the user as Federated.
- This will allow the user to use both IDCS as well as Azure credentials.
- Update the IDP policy to add the above created IdP for the authentication.
- Select the Default Provider Policy.
- Select the Identity Provider Rules tab.
- Edit the existing Rule and add the above created IDP. Azure IDP
- Save all changes and Logout and test the IDCS login.
- Use the Azure IDP option on the IDCS login page to login using Azure Credentials.
- Login to GCP console.
- Select the GCP project.
- Select the API's and Services under left menu.
- Select Credentials.
- Note: We will be creating OAuth 2.0 Client Id's
- Select the Create Credentials option on the Top
- Select OAuth Client Id option. For IDCS app.
- Select Type as Web Application.
- Add Authorized redirect URL - IDCS - https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/oauth2/v1/social/callback
- Select Create.
- This will generate the Client Id and Secret.
- Copy the Id and Secret.
- IDCS - Setup IdP - Add Social IDP
- Select Social IDP Option.
- Select Google as Type.
- Provide a name - GOOGLE_IDP
- Select Next
- Provide the above copied Client Id and Secret.
- Select Finish
- Activate the IdP.
- Update IDP Policies.
- Add the above created IdP to the default policy rule.