SSO – SSO Configuration and Integration with Fusion HCM
There is a common requirement to implement Single Sign On (SSO) with fusion HCM.
First, let’s try to understand some basic concepts of SSO:
- IDP – Identity provider : The identity provider verifies the user credentials and sends the authorization and authentication response back to the service provider. For example, Microsoft AD.
- SP – Service Provide : Oracle Application Cloud (Fusion HCM) which is setup as a service provider, sends a verification request to the user’s identity provider.
Users will be registered with identity providers i.e. Microsoft AD in this case who store and manage identity and credentials. In Security Console, we can add those identity providers so that we can verify those users .
- Oracle Applications Cloud, which is set up as a service provider, sends a verification request to the user’s identity provider who’s already added to the Security Console.
- The identity provider verifies the user credentials and sends the authorization and authentication response back to the service provider.
- After successful authentication, users are granted access to the required application or web page.
Configuration Steps with Microsoft AD:
To configure Oracle Applications Cloud as the service provider, you must do the following in Oracle Cloud and some steps in Microsoft AD:
1) Microsoft AD – In Azure AD, download the Azure AD SAML metadata document.
2) Oracle Applications – Add an identity provider , upload the metadata document provided by IDP is Step 1
3) Oracle Applications – Download the federation metadata document.
4) Microsoft AD – Upload the federation metadata document provided by oracle in Step 3 .
References:
Oracle Cloud Steps – https://docs.oracle.com/en/cloud/saas/human-resources/20d/ochus/single-sign-on.html#OCHUS3432974
Microsoft AD –
https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/federatingADFSazure.htm
Please check the below link for SSO related FAQ’s: