OCI – Configure SSO
1. Return to the OCI Overview page and select Security from the menu
2. Select Identity Providers from the left and then Add SAML IdP from the drop-down menu
3. Enter the required information and click Next
4. Search and select the previously downloaded CUST.xml file from Azure for import and click Next
5. Choose Email Address for the Requested Name ID format and click Next
6. Review all the details and click Create IdP
7. Click Activate and then Add to IdP policy
8. Click Default Identity Provider Policy
9. Select Edit IdP rule
10. Remove Username-Password, add the new IdP “Azure Ad – Contoso”, then Save Changes
11. Select the domain from the top menu and then Security from the left
12. Select Sign-on policies and then Security Policy for OCI Console
13. Click Add sign-on rule
14. Populate the required fields and click Add sign-on rule
- OCI should not force MFA as MFA should be required by Azure SAML SSO
15. Select Edit priority, move the new MFA policy to Priority 1, and save changes
16. Select Domains from the top menu, Policies from the left, and then Create Policy
17. Populate the required fields to grant domain admins tenancy admin and click Create
- Name: Contoso-Tenant-Admin-Policy
- Description: Contoso Tenant Admin
- Policy Builder:
ALLOW GROUP 'Contoso'/'Domain)Administrators' to manage all-resources IN TENANCY