IDCS (IDentity Cloud Service) is Oracle's next-gen Identity solution built in the cloud for the cloud. It is fully standards compliant and implements various standards like SAML (Security Assertion Markup Language), OAuth, OIDC (OpenID Connect), etc. Those standards help customers integrate with other products implementing those same standard. One use case that I came across, a few times recently, is integrating Okta as Identity Provider to IDCS using SAML. I thought, I should publish a blog so customers can use it to do the integration.
SAML, as most of you would already know, is a standard for logging users into applications based on their sessions in another context (Single Sign-On system). This single sign-on (SSO) login standard has significant advantages over logging in using a username/password or sharing/syncing username/password across other Single Sign-On systems.
Here are the detailed steps to do the integration, Again the use-case is, Okta as Identity Provider to IDCS as Service Provider
First, login to Okta Admin dashboard and go to Applications tab.
Click on Add Application and choose to create new SAML application.
Give SAML Application a name and click Next.
On the next screen configure following parameters and click Next. Replace $IDCS_INSTANCE_ID with your IDCS instance or tenant ID.
Next, click on Finish to complete Okta configuration.
After you finish adding IDCS as SAML application, download Okta metadata by clicking on "Identity Provider Metadata" link and save it as xml file.
Login to IDCS Admin console and go to Security -> Identity Providers tab. Click on Add SAML IDP to add/configure Okta as Identity Provider.
Provide a name to the Identity Provider and click Next.
Upload metadata that you downloaded in the last step of Okta Configuration and click Next.
To match with what was configured in Okta above, select email as IDCS user attribute and NameID Format as Email Address. Click Next.
Click Next on the next screen if you want to test Single Sign-On now or you can Finish and test Single Sign-On later.
Activate Okta IDP as shown in the screen shot below.
Make sure to create appropriate IDP policy. You can choose to use Okta IDP only for a specific set of application or for every application including login to IDCS console. For testing, you can enable Okta IDP for every application by adding Okta IDP in Default Identity Provider policy.
Now browse to IDCS protected application or IDCS console and choose to login with Okta IDP. Good luck!