Oracle E-Business Suite (EBS) is in use by thousands of customers worldwide today. Many of those customers have implemented single sign-on (SSO) to ensure a smooth user experience. From my experience with customers, the most common use case is to deliver a transparent sign-on experience from the user's desktop through to EBS.
The traditional, certified approach for achieving this is through the deployment and integration with Oracle Access Manager and either Oracle Internet Directory (OID) or Oracle Unified Directory (OUD), as described by my colleague Steven Chan in this blog post. A good summary of this approach is shown in the diagram below.
![]() |
Figure 1 - The traditional approach for E-Business Suite SSO
Whilst this approach is well understood and documented, it introduces a number of additional components and additional complexity to your EBS deployment. For SSO you need to deploy Access Manager, a Directory, a WebGate, an AccessGate, and configure each to integrate with EBS. All of these additional components need to be fed and watered, patched and updated. For some customers, this additional complexity has led to not implementing SSO, resulting in the user experience suffering.
However, fear not, there is now a simpler option available which will still enable that streamlined user experience you require, without the need to deploy and manage all of the above components, and without the need to make significant configuration changes within EBS, such as configuring the integration with OID or OUD.
Oracle Identity Cloud Service is Oracle's cloud-based Identity platform, which now enables SSO to a standard installation of EBS through its EBS Asserter. The figure below shows this simplified integration, with existing components shown in grey and the new components shown in red.
Figure 2 - A simplified architecture with IDCS
Is it possible to run two or more adpatch sessions simultaneously for one EBS instance?
My client wants to implement SSOgen for EBS..
1. https://www.ssogen.com/oracle-ebs-sso-integrations
2. https://www.ssogen.com/oracle-ebs-sso-ldap
Any recommendations please? Thanks Again.
Regards
We are reviewing options for Mutli Factor Authentication for EBS (12.1.3).
Can it be achieve using Oracle Identity Cloud Service without external user directory setup?
If external user directory setup is required, is it possible to integrate EBS (12.1.3) with IBM Tivoli Access Manager via Oracle Identity Cloud Service?
Where can we get more information on overall component and license requirement?
Will appreciate your reply. Thanks.
Yes you can implement MFA using IDCS without the need to deploy a directory behind EBS. This is done using the IDCS EBS Asserter as described above. You can follow step 3 of my steps above to find out more information on the Asserter, including how to deploy it.
I hope that helps
Interesting article. Please advise if this will work with EBS 12.1.3, we are not on the cloud, but we do have ADFS in our organization.
Thanks
Mahomed
Yes it will work with EBS 12.1.3 running on premise.
Regards,
Paul
We did the EBS integration with IDCS. while accessing the URL the "https:///ebs" it is returning 403 Forbidden error.
Did any one come across this. Any inputs what the reason could be would help.
followed the steps in doc: https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/ebs_asserter_obe/ebs-asserter.html
Thanks
I would check your re-write rules as I suspect the issue is within those rules. Failing that, I suggest you log an SR with Support so they can help you resolve the issue.
Regards,
Paul
Thanks for the article.
Apart from EBS we have SSO integration with WebCenter as well. We have same OAM and OID used for SSO with WebCenter Suite. Please let me know.
Thanks,
Fortunately, there are a multiple options, all of which can be addressed with IDCS. The following list isn't exhaustive but will give you some ideas:
1) You could replace OAM with IDCS and its App Gateway, leaving OID in place and using the IDCS provisioning gateway to provision/sync users between OID and IDCS.
2) Depending on your WebCenter components and versions, you could use virtual users in WebLogic and use the IDCS asserter and authenticator.
3) If your WebCenter component needs an LDAP (e.g. WC Content), then you could still use IDCS when the upcoming IDCS LDAP Proxy is available.
I hope that helps.
Regards,
Paul