________  ________  ________  ________  ________  ________  ________ 
 ╱        ╲╱        ╲╱    ╱   ╲╱        ╲╱    ╱   ╲╱        ╲╱    ╱   ╲
╱        _╱    ╱    ╱         ╱         ╱         ╱    ╱    ╱         ╱
╱       ╱╱        _╱         ╱       --╱╲__      ╱         ╱         ╱ 
╲_____╱╱ ╲____╱___╱╲________╱╲________╱   ╲_____╱╲___╱____╱╲__╱_____╱  

OCI – Console Auth via Azure SAML SSO [Part 2]


OCI – Configure SSO


1. Return to the OCI Overview page and select Security from the menu


2. Select Identity Providers from the left and then Add SAML IdP from the drop-down menu


3. Enter the required information and click Next


4. Search and select the previously downloaded CUST.xml file from Azure for import and click Next


5. Choose Email Address for the Requested Name ID format and click Next


6. Review all the details and click Create IdP


7. Click Activate and then Add to IdP policy


8. Click Default Identity Provider Policy


9. Select Edit IdP rule


10. Remove Username-Password, add the new IdP “Azure Ad – Contoso”, then Save Changes


11. Select the domain from the top menu and then Security from the left


12. Select Sign-on policies and then Security Policy for OCI Console


13. Click Add sign-on rule


14. Populate the required fields and click Add sign-on rule

  • OCI should not force MFA as MFA should be required by Azure SAML SSO


15. Select Edit priority, move the new MFA policy to Priority 1, and save changes


16. Select Domains from the top menu, Policies from the left, and then Create Policy


17. Populate the required fields to grant domain admins tenancy admin and click Create

  • Name: Contoso-Tenant-Admin-Policy
  • Description: Contoso Tenant Admin
  • Policy Builder:

ALLOW GROUP 'Contoso'/'Domain)Administrators' to manage all-resources IN TENANCY

Pages: 1 2 3 4 5 6 7