Many companies rely on Active Directory for central identity management on prem, so it only makes sense to utilize Azure Entra ID when establishing a cloud presence. What happens when a secondary cloud provider (OCI) is added to the mix?
The below steps walk through an example scenario where users can authenticate into the OCI Cloud Console while still retaining Azure Entra ID as the primary authentication provider. (Federated Authentication)
- Azure Entra ID and OCI IDCS are both Cloud Identity Providers. As such, user objects need to exist in both directories. Entra ID User Provisioning will be covered in the following steps and will sync user and group objects from Entra to IDCS.
- OCI recently transitioned to a new Domain model for all tenants which incorporates IDCS directly into the cloud tenant. IDCS was previously handled as a separate service, much like how Azure (infra) is separate from Azure Entra ID (identity). It is advised to create separate Domains for separate identity sources. (Eg. Prod / Dev, Provider ABC, Application XYZ, etc.)