The setup involves Identity Cloud Service (IDCS) acting as the central identity provider, facilitating seamless authentication and authorization processes. Through Identity Federation, IDCS extends its capabilities to integrate with both Azure and Google, utilizing SAML Identity Provider (IDP) for Azure and Social IDP for Google.
With SAML IDP integration, users can securely access resources across platforms by leveraging their existing credentials. This interoperability streamlines authentication workflows, enhancing user experience and ensuring consistent access control.
Moreover, the inclusion of Social IDP, particularly with Google, broadens the authentication options, allowing users to authenticate using their Google accounts. This not only expands the user base but also simplifies login processes, as users can utilize familiar credentials.
Overall, this setup promotes interoperability, security, and user convenience, aligning with modern identity management practices and enabling efficient collaboration across disparate systems and platforms.
Collect IDCS Meta Data
- Enable "Access Signing Certificate" option to get the IDCS metadata. Default Domain Settings -> Select the Access Signing Certificate
- Use the following IDCS URL to get the metadata details.
- https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/fed/v1/metadata
- Save the the XML data as IDCS metadata file.
- Login to Azure and Select Active Directory.
- Select the Enterprise Application on the left menu.
- Select add new application.
- Select Oracle as a cloud provider.
- Select OCI Console Option and SSO logo.
- Provide a unique name and click create.
- This will create an Azure AD Application.
- SSO Setup
- Select SSO option under the above AD application.
- Select SAML IdP provide option.
- Use upload Metadata option to upload the IDCS metadata downloaded above.
- Provide the IDCS sign on URL - https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/ui/v1/myconsole
- Save the data.
- Download the Federation Metadata XML (Azure) from SAML Signing Certificate section.
- Under User and Groups menu in the left add user and groups.
- Select Add SAML IDP.
- Provide Name - Azure IDP
- Next and Upload the Azure Metadata downloaded above.
- Next and select the option as per the requirement . Example NameId as a UserName and of Type Email Address.
- Select Next and Test the configuration by selecting Testing Option.
- Click Finish and Complete the setup.
- Activate the IdP.
- Note:
- Go to IDCS user page and update the user as Federated.
- This will allow the user to use both IDCS as well as Azure credentials.
- Update the IDP policy to add the above created IdP for the authentication.
- Select the Default Provider Policy.
- Select the Identity Provider Rules tab.
- Edit the existing Rule and add the above created IDP. Azure IDP
- Save all changes and Logout and test the IDCS login.
- Use the Azure IDP option on the IDCS login page to login using Azure Credentials.
- Login to GCP console.
- Select the GCP project.
- Select the API's and Services under left menu.
- Select Credentials.
- Note: We will be creating OAuth 2.0 Client Id's
- Select the Create Credentials option on the Top
- Select OAuth Client Id option. For IDCS app.
- Select Type as Web Application.
- Add Authorized redirect URL - IDCS - https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/oauth2/v1/social/callback
- Select Create.
- This will generate the Client Id and Secret.
- Copy the Id and Secret.
- IDCS - Setup IdP - Add Social IDP
- Select Social IDP Option.
- Select Google as Type.
- Provide a name - GOOGLE_IDP
- Select Next
- Provide the above copied Client Id and Secret.
- Select Finish
- Activate the IdP.
- Update IDP Policies.
- Add the above created IdP to the default policy rule.
No comments:
Post a Comment