Managing a SAML Identity Provider
Use the Console to add a SAML 2.0 identity provider (IdP) to an identity domain so authenticated users from the IdP can access Oracle Cloud Infrastructure can access resources and cloud applications.
Common terms
- Identity Provider (IdP)
-
An IdP is a service that provides identifying credentials and authentication for users.
- Service Provider (SP)
-
A service (such as an application, website, and so on) that calls upon an IdP to authenticate users.
Use the following steps to create a SAML 2.0 IdP:
Configuring SAML JIT Provisioning
/admin/v1/IdentityProviders
REST API endpoint. See the
following references to configure SAML JIT Provisioning: Adding a SAML Identity Provider
Entering the SAML details for an identity provider.
Import the SAML metadata for an identity provider.
Exporting SAML Metadata
Exporting the SAML metadata for an identity domain in IAM.
- Open the navigation menu and click Identity & Security. Under Identity, click Domains.
- Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want. Then, click Security and then Identity providers.
- Open an identity provider.
- Click Export SAML metadata.
-
Select one of the following:
- Metadata File: Select download the SAML XML metadata file, or download the SAML XML metadata with self-signed certificates.
- Manual Export: Manually exporting the metadata allows you to choose from multiple SAML options, for example the Entity ID or Logout response URL. After you copy the export file, you can download the Service provider signing certificate or the Service provider encryption certificate.
- Metadata URL: If your IdP supports downloading SAML metadata directly. Click Access signing certificate to allow clients to access the signing certificate without having to log into an IdP.
Configuring IdP metadata
Enter IdP metadata details manually, or import a metadata file.
Mapping user attributes
Map the relationship between the IdP user attributes and identity domain user attributes.
Reviewing and creating the IdP
Verify the IdP options are accurate and then create the IdP.