Last year at OOW, I conducted Hands On Lab on Fusion integration with IDCS. We had a full room of audience with loads of questions. That inspired me to write this blog.
One of the most common requirements as Fusion is deployed in OPC is, how to centrally manage users and implement Single Sign-On between Fusion and rest of the OPC services. IDCS (IDentity Cloud Service) is security backbone for all the OPC services. It is Oracle's Identity service in the cloud. It can implement Single Sign-On between OPC services and Fusion. User management can be done either in Fusion or in IDCS. If IDCS is source of truth then IDCS can provision and de-provision users to Fusion or if Fusion is source of truth then Fusion can provision and de-provision users to IDCS.
In this blog, we will focus on a scenario where IDCS is source of truth. We will implement Single Sign-On and user synchronization between the two.
As shown in the above diagram, Fusion federates with IDCS to provide Single Sign-On between Fusion and every other OPC service that is integrated with IDCS. For user provisioning to Fusion, IDCS uses Fusion SCIM APIs.
To integrate Fusion with IDCS, follow steps mentioned below.
Once Fusion application is added in IDCS, Assign a user to the application or revoke user's access from IDCS and that will provision or de-provision the user from Fusion respectively.
IDCS also supports group based provisioning to Fusion or any other application. If you assign a group to the application, all the users from the group can access the application and will also be provisioned to the application. Also if you add more users to the group, they will be provisioned to the application (Fusion in this case). However group based provisioning and de-provisioning is done through scheduled job and is not real time.