Oracle Identity Cloud Service
With Identity Cloud Service Asserter for E-Business Suite (EBS Asserter) you can implement SSO for Oracle e-Business Suite and other applications
Multi-Factor Authentication
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to EBS system.
SAML 2.0
Implement SSO between Oracle Identity Service with any provider support SAML 2.0 such as: Azure Directory, OKTA, Google...You can login EBS more secure.
On-prem Approach
The traditional, EBS SSO certified approach for achieving this is through the deployment and integration with Oracle Access Manager and either Oracle Internet Directory (OID) or Oracle Unified Directory (OUD). A good summary of this approach is shown in the diagram below:
Whilst this approach is well understood and documented, it introduces a number of additional components and additional complexity to your EBS deployment. For SSO you need to deploy Access Manager, a Directory, an Oracle WebGate, an Oracle AccessGate, and configure each to integrate with EBS. All of these additional components need to be fed and watered, patched and updated.
New Approach
Oracle Identity Cloud Service is Oracle’s cloud-based Identity platform, which now enables SSO to a standard installation of EBS through its EBS Asserter. The figure below shows this simplified integration, with existing components shown in grey and the new components shown in red.
As a cloud-based Identity platform, IDCS requires no installation. In addition all of the key non-functional requirements such as HA, DR, scaling, backup and restore, patching, and upgrading are all taken care of by Oracle as part of the cloud service. The only component that requires deployment is the EBS Asserter. This acts as the interface between an identity token being issued by IDCS and a user’s session being created in EBS.
And more
Today many of those customers have implemented other Identity solution that support SAML 2.0 such as: OKTA, Azure Directory, Google Suite… We have Oracle IDCS integrate existing EBS system to provide SSO between Oracle cloud and EBS system. We can add another layer integrate with those identities provider that support end users can login to EBS system using your email, username from IDP like OKTA, Azure Directory, Google Suite to ensure a smooth user experience. In this case, the integrated diagram below:
When you run an application in Microsoft Azure connected to a database in Oracle Cloud, Azure AD can be the identity provider (IDP) to hold user credentials. The following diagram shows the user authentication flow.
A user accesses the E-Business Suite application directly by going to the E-Business Suite Apps Login page or the My Apps portal. The following steps explain the authentication flow between the different components:
- The user requests access to an Oracle E-Business Suite protected resource.
- Oracle E-Business Suite redirects the user browser to the E-Business Suite Asserter application.
- The E-Business Suite Asserter uses an Oracle Identity Cloud Service SDK to generate the authorization URL and then redirects the browser to Oracle Identity Cloud Service.
- Oracle Identity Cloud Service redirects the user to Azure AD.
- The user provides the credentials needed to sign in to the application.
- After Azure AD performs user authentication, it generates a SAML token and sends it to Oracle Identity Cloud Service via browser.
- Oracle Identity Cloud Service consumes the authentication token, generates an OpenID Connect (OIDC) token, and issues the token to E-Business Suite Asserter.
- The E-Business Suite Asserter creates an Oracle E-Business Suite cookie and redirects the user browser to Oracle E-Business Suite.
- Oracle E-Business Suite presents the user requested protected resource.
Demo
