IDCS (Identity Cloud Service) is Oracle's next-gen Identity solution built in the cloud for the cloud. It is fully standards-compliant and implements various standards like SAML (Security Assertion Markup Language), OAuth, OIDC (OpenID Connect), etc. Those standards help customers integrate with other products implementing that same standard. One use case that I came across, a few times recently, is integrating Okta as Identity Provider to IDCS using SAML. I thought I should publish a blog so customers can use it to do the integration.
SAML, as most of you would already know, is a standard for logging users into applications based on their sessions in another context (Single Sign-On system). This single sign-on (SSO) login standard has significant advantages over logging in using a username/password or sharing/syncing username/password across other Single Sign-On systems.
Here are the detailed steps to do the integration, Again the use-case is, Okta as Identity Provider to IDCS as Service Provider
First, log in to the Okta Admin Dashboard and go to the Applications tab.
Click on Add Application and choose to create a new SAML application.
Give SAML Application a name and click Next.
On the next screen configure the following parameters and click Next. Replace $IDCS_INSTANCE_ID with your IDCS instance or tenant ID.
Next, click on Finish to complete the Okta configuration.
After you finish adding IDCS as SAML application, download Okta metadata by clicking on the "Identity Provider Metadata" link and save it as an XML file.
Login to IDCS Admin console and go to Security -> Identity Providers tab. Click on Add SAML IDP to add/configure Okta as Identity Provider.
Provide a name to the Identity Provider and click Next.
Upload metadata that you downloaded in the last step of Okta Configuration and click Next.
To match with what has been configured in Okta above, select email as IDCS user attribute and NameID Format as Email Address. Click Next.
Click Next on the next screen if you want to test Single Sign-On now or you can Finish and test Single Sign-On later.
Activate Okta IDP as shown in the screenshot below.
Make sure to create an appropriate IDP policy. You can choose to use Okta IDP only for a specific set of applications or for every application including login to IDCS console. For testing, you can enable Okta IDP for every application by adding Okta IDP in Default Identity Provider policy.
Now browse to IDCS protected application or IDCS console and choose to login with Okta IDP. Good luck!
Kiran Thakkar is an expert in Identity and Access Management with more than 10 years of experience in the space. He is also OCI certified Associate Architect and help customers on OCI use cases. He is believer in blockchain technology and follows that space as it grows.
Next Post