Oracle Cloud Infrastructure Documentation

Tutorial 2: Azure AD as Authoritative Source to Manage Identities Using the OCI IAM Application Catalog

Configure Azure AD as the authoritative identity store to manage identities in OCI IAM and pull users, groups, and group membership from Azure AD into OCI IAM.

Note

This tutorial takes you through the steps to synchronize all users from Azure AD into OCI IAM. Before you begin, ensure that you understand the limits on users so that you avoid any additional licensing costs. See IAM Identity Domain Object Limits.
  1. Configure Azure AD to use OCI IAM as the identity store. Create an app in OCI IAM for Azure AD, and in this app you add OCI IAM as an IdP.
  2. Prove that it works by pulling users, groups, and group memberships from Azure AD into the Azure AD app OCI IAM, and enable synchronization.
  3. Validate that it works by pulling users, groups, and group memberships from Azure AD, and confirm that the same users and groups have been populated in OCI IAM.
1. Create an App in OCI IAM for Azure AD

Set up Azure AD so IAM is the identity store to manage identities in OCI IAM.

  1. In the identity domain you are working in, click Applications.
  2. Click Add Application, and choose Application Catalog and click Launch app catalog.
  3. Search for the Microsoft Azure application template by entering the string Microsoft.

    Microsoft Azure AD

  4. Click the Microsoft Azure tile.
  5. Enter a name for the application, or use the default Microsoft Azure.
  6. Click Next, and on the Configure provisioning page, enable provisioning, and confirm that you want to enable provisioning.
  7. Configure connectivity by clicking Authorize with Microsoft Azure.
  8. A browser instance opens showing the Microsoft Azure login page. Sign in using your Microsoft Azure credentials, in the Permissions requested dialog click Accept.
  9. The Console displays the message Authorization completed successfully.

    Authorization completed successfully

  10. Choose Enable synchronization so that users are synchronized between OCI IAM and Microsoft Azure.
  11. Click Finish.
  12. On the application overview page, click Activate and confirm that you want to activate the application.
2. Import Users from Azure AD to IAM

Import Azure AD users into the Azure AD app in OCI IAM.

  1. In the Microsoft Azure app in OCI IAM, click Import under Resources.

    Import users

  2. The Console displays Import job for importing accounts for Microsoft Azure is running in the background. Depending upon the number of accounts, it may take a while for the results to be displayed.
  3. Check the import status. When the status changes to Succeeded, a list of users is displayed.

    Import has succeeded

You have successfully created an Azure application in OCI IAM to use as an identity store, and imported users from Azure to OCI IAM.