Tutorial 3: OCI IAM as Authoritative Source to Manage Identities in Entra ID

Configure OCI IAM as the authoritative identity store to manage identities, along with entitlements in Entra ID

In this scenario, OCI IAM acts as the identity manager. OCI IAM pushes users, groups, and licenses to Entra ID.

  1. First, configure OCI IAM to enable IAM as the authoritative identity store to manage identities in Entra ID. Create an app in OCI IAM for MS Office 365 using IAM's App Catalog, which provides pre built integrations with major cloud services.
  2. Assign a user to the MS Office 365 application in OCI IAM, and assign the groups and roles you want the user to be provisioned to MS Office 365.
1. Add MS Office 365 as an App in OCI IAM

Use OCI IAM's App Catalog to create an app which uses MS Office 365.

  1. Open a supported browser and enter the Console URL

    https://cloud.oracle.com.

  2. Enter your Cloud Account Name, also referred to as your tenancy name, and click Next.
  3. Select the identity domain to sign in to. This is the identity domain that you will configure user lifecycle management in.
  4. Sign in with your username and password.
  5. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  6. Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want. Then, click Integrated applications.
  7. Click Add Application, and choose Application Catalog and click Launch app catalog which contains pre configured application templates.
  8. Search for the MS Office 365 application template by entering the string MS Office, then click the tile.
  9. Click the tile to create an MS Office 365 application.
  10. Enter a name for the application, or use the default MS Office 365.
  11. Click Next and then Next again, and on the Configure provisioning page enable provisioning, and confirm that you want to enable provisioning.
  12. Configure connectivity by clicking Authorize with MS Office 365.
  13. Microsoft opens a new browser window.
  14. Log in using your MS Office 365 credentials. On the Permissions requested dialog, Select Consent on behalf of your organization, and click Accept.

    Microsoft request permissions to access resources

  15. The new browser closes and you are returned to the Add MS Office 365 page.

  16. A message pops up to say that the connection has been successful.
  17. Click Finish.
  18. On the application overview page, click Activate and confirm that you want to activate the application.

    The MS Office application is now active.

You have successfully created an MS Office 365 application in OCI IAM, and configured it to connect to MS Office 365.

2. Assign Users to the MS Office 365 App

Assign a user to the MS Office 365 application, and assign it to the Office roles and groups the user will have when provisioned to MS Office 365.

  1. In the MS Office 365 application, click Users on the left under Resources.
  2. Click Assign users.
  3. Search for the user you want to assign, then click the Actions menu (Actions Menu) for that user and click Assign.

    Assign user to MS Office 365 application

  4. Click Next.
  5. On the Add Details page, scroll down, and under Licenses, click Add and assign the licences you want the user to be provisioned with on MS Office 365.
  6. On the Add Details page, scroll down, and under Roles, click Add and assign the roles you want the user to be provisioned with.
  7. Under Groups, click Add and assign the groups you want the user to be provisioned with.
  8. Click Assign User.

You can see the new user in the User List with Active status.

New users are listed