SSO Integration with Oracle Fusion
We will explain in this post how to integrate the SSO with Oracle Fusion Cloud ERP step by step.
You log a Cloud service request (SR) by completing the following steps.
1. Log on to My Oracle Support (MOS).
2. Select Create SR from the Services Requests section or tab.
3. Under the What is the Problem? section, enter your Problem Summary (e.g, Turn on Email Notifications, Environment Refresh).
4. Under the Where is the Problem? section, select the Cloud tab and enter the following:
a. Service Type: Select your Oracle Applications Cloud Service (e.g., Oracle Fusion Global Human Resources Cloud Service)
b. Environment: Select the environment that needs servicing
c. Problem Type: Hosting Services
d. Support Identifier: Defaults to your CSI number
b. Environment: Select the environment that needs servicing
c. Problem Type: Hosting Services
d. Support Identifier: Defaults to your CSI number
5. Click Next and provide information requested.
The application will prompt you to answer a series of questions.
1. Select an option that most closely reflects the issue you need to be addressed. Each option may be followed by a question mark (?) that allows you to view help text or a list of available services if you select that option.
2. Select the specific service request (SR) that you need to submit. Select the name of the service request needed (e.g., Environment Refresh, Single Sign-on, or Email Notifications)
3. Answer all subsequent questions to provide details needed to fulfill your request.
4. Click Next to provide your Contact details and select Severity 3. Please do not submit as a Severity 1 issue, since most service entitlements are not production system or system impacting issues.
5. Click Submit to complete your request.
After SR Oracle will share with you the list of questioner which are below or could be changed according to your license services. and you have to prepare the answer with your System Administrator for AD.
SSO Questionnaire
1. Specify which certified Identity Federation you use on-premise that you would like enabled.
a. Active Directory Federation Server 2.0 + (pre-approved)
b. OIF 11g+ (pre-approved)
c. Shibboleth 2.4.0+ (pre-approved)
d. Okta 6.0+ (pre-approved)
e. Ping One (pre-approved)
f. Ping Federate 6.0+ (pre-approved)
g. Microsoft Azure Active Directory (Azure AD) - Added to the Pre-Approved list on 5/5/2016
h. Oracle Access Management 11gR2 PS3+
i. IBM Tivoli Access Manager - Added to the Pre-Approved list on 5/12/2016
j. IBM Security Access Manager - Added to the Pre-Approved list on 8/05/2016
k. One Login - Added to the Pre-Approved list on 8/05/2016
l. Other-supported but not pre-approved (Google Apps for Work, BigIP F5 APM, CA Siteminder, Centrify, Entrust GetAccess, Keystone, NET IQ Access Manager, OpenAM, Open SAML, RSA FIM, Salesforce, SecureAuth, SSO Easy Connect, SURFContext, SimpleSAMLPhP, Symplified)
1. Specify which certified Identity Federation you use on-premise that you would like enabled.
a. Active Directory Federation Server 2.0 + (pre-approved)
b. OIF 11g+ (pre-approved)
c. Shibboleth 2.4.0+ (pre-approved)
d. Okta 6.0+ (pre-approved)
e. Ping One (pre-approved)
f. Ping Federate 6.0+ (pre-approved)
g. Microsoft Azure Active Directory (Azure AD) - Added to the Pre-Approved list on 5/5/2016
h. Oracle Access Management 11gR2 PS3+
i. IBM Tivoli Access Manager - Added to the Pre-Approved list on 5/12/2016
j. IBM Security Access Manager - Added to the Pre-Approved list on 8/05/2016
k. One Login - Added to the Pre-Approved list on 8/05/2016
l. Other-supported but not pre-approved (Google Apps for Work, BigIP F5 APM, CA Siteminder, Centrify, Entrust GetAccess, Keystone, NET IQ Access Manager, OpenAM, Open SAML, RSA FIM, Salesforce, SecureAuth, SSO Easy Connect, SURFContext, SimpleSAMLPhP, Symplified)
NOTE: SSO enablement for pre-approved servers takes approximately 2-6 weeks to implement. If any request is made to use a non pre-approved server, customers will need to reach out to their Oracle Account Manager first to discuss the request before requesting the server be used in an SR with Oracle Cloud Support for configuring SSO. Federation servers that are not pre-approved, will take 6 weeks to implement the first environment, and 3 weeks for additional environments.
2. For which of the Oracle Fusion Cloud Services would you like Federation enabled? (e.g. HCM Cloud, Sales Cloud, ERP Cloud, Other)
3. How many employees/users will be enabled upon go-live?
4. Specify if you wish to enable Federated SSO for 1) Sales Cloud Mobile, or 2) HCM Cloud Mobile.
5. Do you wish to enable STS Authentication (SSO) for the Oracle Sales Cloud for Microsoft outlook (CRM Desktop)? (Yes/No)
6. Provide the environment details 1) URL for Non-production and Approximate Target Date, or 2) URL for Production and Approximate Target Go-Live Date.
7. Provide Federation Enablement Technical Contact details. (Name, Email, Office phone number, Mobile phone number)
8. Provide any additional information you would like to share with Oracle Support.
9. Is your Federation Server enabled for SAML 'Logout'? (Yes/No)
10. You may choose either Email Address (with Nameid format set to 'Email Address'), or User Id (with Nameid format set to 'Unspecified') as the 'mapping attribute' used for federation. Which attribute will be asserted in the SAML assertion Name Id field?
11. Which http reverse proxy is used by user to access your Federation IdP?
12. Are SP initiated SSO calls restricted on the IdP? (Yes/No)
13. Please provide a valid test email account on the IdP.
6. The SR will be closed once the service is fulfilled. 2. For which of the Oracle Fusion Cloud Services would you like Federation enabled? (e.g. HCM Cloud, Sales Cloud, ERP Cloud, Other)
3. How many employees/users will be enabled upon go-live?
4. Specify if you wish to enable Federated SSO for 1) Sales Cloud Mobile, or 2) HCM Cloud Mobile.
5. Do you wish to enable STS Authentication (SSO) for the Oracle Sales Cloud for Microsoft outlook (CRM Desktop)? (Yes/No)
6. Provide the environment details 1) URL for Non-production and Approximate Target Date, or 2) URL for Production and Approximate Target Go-Live Date.
7. Provide Federation Enablement Technical Contact details. (Name, Email, Office phone number, Mobile phone number)
8. Provide any additional information you would like to share with Oracle Support.
9. Is your Federation Server enabled for SAML 'Logout'? (Yes/No)
10. You may choose either Email Address (with Nameid format set to 'Email Address'), or User Id (with Nameid format set to 'Unspecified') as the 'mapping attribute' used for federation. Which attribute will be asserted in the SAML assertion Name Id field?
11. Which http reverse proxy is used by user to access your Federation IdP?
12. Are SP initiated SSO calls restricted on the IdP? (Yes/No)
13. Please provide a valid test email account on the IdP.
No comments:
Post a Comment