If you’ve followed part 1 of this series, user authentication for the OCI cloud portal is now handled by Azure via SAML SSO and the user identity objects within Oracle IDCS are being provisioned from Azure Entra ID.
The steps below walk through preparing and configuring your OCI tenant for Delegated Authentication. Delegated Authentication is required by the Oracle Linux PAM module on OCI Linux systems to utilize the user objects within IDCS for authentication. OCI IDCS will cache account passwords from Entra ID (There’s no way around this), however Entra ID will still remain as the one true source of Identity since the accounts are sync’d.
This solution is not officially supported by Azure or OCI as it involves passing custom attributes only defined in the OCI API documentation, proceed with caution – I am not responsible for any issues or errors that arise from this configuration.