- \n
- A 探花大神 Administrator account<\/li>\n\n\n\n
- 探花大神 SSO Package or higher or SSO \u00e0 la carte option<\/li>\n\n\n\n
- An Oracle Cloud user account with administrator permissions<\/li>\n\n\n\n
- An Oracle Cloud Infrastructure tenancy with at least one administrative user and at least one group set up<\/li>\n\n\n\n
- Your Oracle Cloud domain name, tenant id and region<\/li>\n<\/ul>\n\n\n\n
Important Considerations<\/strong><\/p>\n\n\n\n
- \n
- Oracle Cloud only supports SP-initiated SSO<\/li>\n\n\n\n
- If you need to update the SCIM token key, you must deactivate the IdM integration<\/a>, update the token key, and then reactivate the integration<\/li>\n<\/ul>\n\n\n\n
Attribute Considerations<\/strong><\/p>\n\n\n\n
- \n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details<\/li>\n\n\n\n
- The following attributes are not supported by 探花大神:\n
- \n
- manager <\/li>\n\n\n\n
- division<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Creating a new 探花大神 Application Integration<\/strong><\/h2>\n\n\n\n
- \n
- Log in to the 探花大神 Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Click + Add New Application<\/strong>.<\/li>\n\n\n\n
- Type the name of the application in the Search <\/strong>field and select it.<\/li>\n\n\n\n
- Click Next<\/strong>.<\/li>\n\n\n\n
- In the Display Label<\/strong>, type your name for the application. Optionally, you can enter a Description<\/strong>, adjust the User Portal Image and choose to hide or Show in User Portal<\/strong>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nIf this is a Bookmark Application, enter your sign-in URL in the Bookmark URL<\/strong> field.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Optionally, expand Advanced Settings<\/strong> to specify a value for the SSO IdP URL<\/strong>. If no value is entered, it will default to https:\/\/sso.jumpcloud.com\/saml2\/<applicationname><\/kbd>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\")
<\/p><\/div>Warning:<\/strong> \nThe SSO IdP URL<\/strong> is not editable after the application is created. You will have to delete and recreate the connector if you need to edit this field at a later time.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- If successful, click:\n
- \n
- Configure Application<\/strong> and go to the next section <\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Configuring the SSO Integration<\/strong><\/h2>\n\n\n\n
To configure 探花大神<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Replace any instances of YOURDOMAIN, YOUR_REGION, and YOUR_TENANT_ID with your Oracle Cloud values.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Note:<\/strong> \nThis provider only supports an SP-initiated<\/strong> SSO flow. Be sure to update the Login URL, so users are appropriately redirected to log in from the Oracle Cloud login page if they launch the application from their 探花大神 user portal. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Add or change any other desired attributes.<\/li>\n\n\n\n
- Click save.<\/strong><\/li>\n<\/ol>\n\n\n\n
Download the 探花大神 metadata<\/strong> file<\/strong><\/h4>\n\n\n\n
- \n
- Find your application in the Configured Applications<\/strong> list and click anywhere in the row to reopen its configuration window.<\/li>\n\n\n\n
- Select the SSO <\/strong>tab and click Export Metadata<\/strong>.<\/li>\n\n\n\n
- The 探花大神-<applicationname>-metadata.xml<\/strong> will be exported to your local Downloads <\/strong>folder.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> \nMetadata can also be downloaded from the Configured Applications<\/strong> list. Search for and select the application in the list and then click Export Metadata<\/strong> in the top right corner of the window.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To configure Oracle Cloud<\/strong><\/h3>\n\n\n\n
- \n
- Login to your Oracle Cloud Infrastructure account as administrator.<\/li>\n\n\n\n
- Navigate to MENU > Identity > Federation<\/strong>.<\/li>\n\n\n\n
- Click Add Identity Provider<\/strong> and enter the following information:\n
- \n
- NAME<\/strong> – enter 探花大神<\/kbd><\/li>\n\n\n\n
- DESCRIPTION<\/strong> – enter any description<\/li>\n\n\n\n
- Click the MICROSOFT ACTIVE DIRECTORY FEDERATION SERVICE (ADFS) OR SAML 2.0 COMPLIANT IDENTITY PROVIDER<\/strong> radio button<\/li>\n\n\n\n
- Click Browse<\/strong> and select the metadata file from the previous section<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click Continue<\/strong>.<\/li>\n\n\n\n
- Optionally, add any group(s) configurations.<\/li>\n\n\n\n
- Click Submit<\/strong>.<\/li>\n<\/ol>\n\n\n\n
Authorizing User SSO Access<\/strong><\/h2>\n\n\n\n
Users are implicitly denied access to applications. After you connect an application to 探花大神, you need to authorize user access to that application. You can authorize user access from the Application Configuration<\/strong> panel or from the Groups Configuration<\/strong> panel. <\/p>\n\n\n\n
To authorize user access from the Application Configuration panel<\/strong><\/h3>\n\n\n\n
- \n
- Log in to the <\/a>探花大神 Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n
- Select the User Groups<\/strong> tab. If you need to create a new group of users, see Get Started: User Groups<\/a>.<\/li>\n\n\n\n
- Select the check box next to the group of users you want to give access.<\/li>\n\n\n\n
- Click save<\/strong>. <\/li>\n<\/ol>\n\n\n\n
To learn how to authorize user access from the Groups Configuration<\/strong> panel, see Authorize Users to an SSO Application<\/a>.<\/p>\n\n\n\n
Validating SSO user authentication workflow(s)<\/strong><\/h2>\n\n\n\n
SP-initiated<\/strong> user workflow<\/strong><\/h3>\n\n\n\n
- \n
- Go to the SP application login – generally, there is either a special link or an adaptive username field that detects the user is authenticated through SSO<\/li>\n<\/ul>\n\n\n\n<\/p><\/div>Note:<\/strong> \n
This varies by SP.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Login redirects the user to 探花大神 where the user enters their 探花大神 credentials<\/li>\n\n\n\n
- After the user is logged in successfully, they are redirected back to the SP and automatically logged in<\/li>\n<\/ul>\n\n\n\n
Configuring the Identity Management Integration<\/strong><\/h2>\n\n\n\n
To configure Oracle Cloud<\/strong><\/h3>\n\n\n\n
- \n
- Login to your Oracle Cloud Infrastructure account as administrator.<\/li>\n\n\n\n
- Open the navigation menu and navigate to Governance and Administration<\/strong> > Identity > Federation<\/strong>. <\/li>\n\n\n\n
- Click the name you assigned to your 探花大神 federation to see the details page.<\/li>\n\n\n\n
- Click Reset Credentials<\/strong> to display the credentials. <\/li>\n\n\n\n
- Copy the Secret.<\/li>\n<\/ol>\n\n\n\n
To configure 探花大神<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Select the Enable management of User Groups and Group Membership in this application<\/strong> checkbox if you want to provision, manage, and sync groups in Oracle Cloud from 探花大神.<\/li>\n\n\n\n
- Click Configure<\/strong>.<\/li>\n\n\n\n
- You\u2019re presented with two fields:\n
- \n
- *Base URL<\/strong>: Enter https:\/\/{domain_id}.identity.oraclecloud.com\/admin\/v1<\/kbd>.<\/li>\n\n\n\n
- Token Key<\/strong>: Paste the secret you generated when configuring Oracle Cloud.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- \n
- Click save<\/strong>.<\/li>\n\n\n\n
- You will receive a confirmation that the Identity Management integration has been successfully verified.<\/li>\n\n\n\n
- You can now connect user groups to the application in 探花大神 to provision the members of that group in Oracle Cloud. Learn how to Authorize Users to an Application<\/a>.<\/li>\n<\/ol>\n\n\n\n
Attribute Mappings<\/strong><\/h2>\n\n\n\n
The following table lists attributes that 探花大神 sends to the application. See Attribute Considerations<\/a> for more information regarding attribute mapping considerations. <\/p>\n\n\n\n
- Token Key<\/strong>: Paste the secret you generated when configuring Oracle Cloud.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n
- DESCRIPTION<\/strong> – enter any description<\/li>\n\n\n\n
- Click Add Identity Provider<\/strong> and enter the following information:\n
- Select the SSO <\/strong>tab and click Export Metadata<\/strong>.<\/li>\n\n\n\n
- Find your application in the Configured Applications<\/strong> list and click anywhere in the row to reopen its configuration window.<\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If successful, click:\n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Log in to the 探花大神 Admin Portal<\/a>.<\/li>\n\n\n\n
- The following attributes are not supported by 探花大神:\n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details<\/li>\n\n\n\n