Steps to configure chooser login for Oracle Identity Cloud Service Sign in page.

When you configure an external SAML SSO provider such as the company’s corporate SSO, by default it will not be shown in Oracle Identity Cloud Service Sign in Page.

To show the Company’s Corporate SSO Option in the Oracle Identity Cloud Service Sign in page follow below steps.

1. Sign in to Oracle Identity Cloud Service Console for the secondary instance, with administrator privileges.
   For example, https://<idcs-guid> identity.oraclecloud.com/ui/v1/adminconsole
2. Expand the Navigation pane, and then expand Security and click on IDP Policies.
3. Select Default Identity Provider Policy and navigate to Identity Providers tab.
4. Click on Assign and select the company’s corporate SSO provider.

5. This will now show the company’s corporate SSO provider in the Oracle Identity Cloud Service Sign in page

6. In the Oracle Identity Cloud Service Sign in page, the end users can enter their IDCS credentials or click on company’s corporate SSO link, and then sign in through the company’s corporate SSO

Steps to bypass Oracle Identity Cloud Service Sign in page, and get redirected to company’s corporate SSO Sign in page for Oracle Analytics Cloud.

You can bypass Oracle Identity Cloud Service Sign in page using the following steps.

1. Sign in to Oracle Identity Cloud Service Console for the secondary instance, with administrator privileges.
   For example, https://<idcs-guid> identity.oraclecloud.com/ui/v1/adminconsole
2. Expand the Navigation pane, and then expand Security and click on IDP Policies.
3. Click on Add to create a new Identity Provider Policy.

4. In the Identity Providers tab click on Assign and select the company’s corporate SSO Identity Provider.

5. In the Apps tab click on Assign and select the required OAC instance application.

6. After creating the Identity Provider Policy, the end user can access Oracle Analytics Cloud through the company’s corporate SSO sign in page.
7. Add more Oracle Analytics Cloud instance applications to the same policy, as long as you need them to redirect to the company’s corporate SSO Sign in page.

Test the Oracle Analytics Cloud Login.

1. Open a Browser and enter the OAC URL                                                               Example: https://<oac-instance-region>.oraclecloud.com/dv/ui
2. Instead of going to the Oracle Identity Cloud Service Sign in page, it gets redirected to company’s corporate SSO Sign in page.

3. Upon successful login user login to Oracle Analytics Cloud

Steps for handling multiple company’s SSO Identity Providers.

If your company have a requirement that OAC Dev and OAC Test Instances use Test Identity Provider and OAC Production Instance to use company’s corporate production SSO IDP, follow below steps.

1. Sign in to Oracle Identity Cloud Service Console for the secondary instance, with administrator privileges.
   For example, https://<idcs-guid> identity.oraclecloud.com/ui/v1/adminconsole
2. Expand the Navigation pane, and then expand Security and click on IDP Policies.
3. Click on Add to create a new Identity Provider Policy for Test.
4. In the Identity Providers tab click on Assign and select the company’s Test SSO Identity Provider.
5. In the Apps tab click on Assign and select the required OAC Dev and OAC Test instances.
6. Create a new Identity Provider Policy for Production.
7. In the Identity Providers tab click on Assign and select the company’s corporate production SSO Identity Provider.
8. In the Apps tab click on Assign and select the required OAC Production instance.

End users using OAC Dev and OAC Test URL’s will use company’s Test SSO IDP and OAC Production URL will use company’s corporate production SSO IDP to Sign in to OAC.

Example of Chooser Login Screen for IDCS adminconsole Sign look as below:

Sign out behavior from Oracle Analytics Cloud changes when Oracle Identity Cloud Service Sign in page is bypassed.

When you bypass the Oracle Identity Cloud Service Sign in page, in some scenario’s when the SAML IDP Logout URL is not handled when uploading the IDP Metadata xml file in IDCS, the user might see the Oracle Identity Cloud Service Sign in page when Sign out from Oracle Analytics Cloud.

When you face above situation, follow below steps to resolve the issue.

1. Contact your SAML Idp Admin and make sure they have enabled Global Logout and get the Logout URL

For ADFS:

2. Sign in to Oracle Identity Cloud Service Console for the secondary instance, with administrator privileges.
   For example, https://<idcs-guid> identity.oraclecloud.com/ui/v1/adminconsole
3. Expand the Navigation pane, and then expand Security and click on IDP Policies.
4. Delete the SAML IDP from the IDP Policies.
5. Navigate back to Security and click on Identity Providers
6. Click on the required SAML IDP’s Hamburger sign and select Edit.
7. Further in the Dialog click on Delete.
8. After the IDP is deleted Add new SAML IDP by Entering IDP Metadata Manually

9. On the SAML IDP make sure that the logout for Oracle Identity Cloud Service is configured in the SAML IDP Partner Application that’s created for IDCS as SP.

Example IDCS Single Logout URL:                           

https://<idcs-guid>.identity.oraclecloud.com/fed/v1/sp/slo