Home
%3CLINGO-SUB%20id%3D%22lingo-sub-683915%22%20slang%3D%22en-US%22%3EUsing%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-683915%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20and%20Oracle%20recently%20%3CA%20href%3D%22https%3A%2F%2Fnews.microsoft.com%2F2019%2F06%2F05%2Fmicrosoft-and-oracle-to-interconnect-microsoft-azure-and-oracle-cloud%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eannounced%3C%2FA%3E%20a%20partnership%20that%20enables%20interoperability%20between%20Microsoft%20Azure%20and%20Oracle%20Cloud.%20We%20formed%20this%20partnership%20based%20on%20your%20feedback%20that%20you%20have%20business%20critical%20infrastructure%20running%20on%20each%20of%20our%20clouds%2C%20and%20that%20you%20need%20easy%20interoperability%20for%20apps%20that%20span%20both%20clouds.%20You%20also%20told%20us%20that%20you%20need%20to%20ensure%20that%20your%20users%20have%20secure%20and%20high-quality%20experiences%20to%20access%20these%20apps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOne%20of%20the%20coolest%20things%20about%20this%20partnership%20is%20how%20you%20can%20leverage%20your%20existing%20investments%20in%20Azure%20AD.%20For%20example%2C%20now%20your%20business%20users%20can%20get%20a%20single%20sign-on%20(SSO)%20experience%20for%20Oracle%20E-Business%20Suite%20and%20JD%20Edwards%20using%20the%20same%20accounts%20they%20already%20use%20to%20sign%20in%20to%20Microsoft%20Azure%20and%20Office%20365.%20They%20even%20get%20a%20SSO%20experience%20to%20apps%20that%20are%20hosted%20in%20Microsoft%20Azure%20and%20access%20data%20hosted%20on%20Oracle%20Cloud%20Infrastructure.%20So%20your%20business%20can%20run%20an%20app%20on%20either%20cloud%2C%20or%20an%20app%20that%20spans%20both%20clouds.%20Your%20users%20can%20have%20a%20single%20set%20of%20credentials%2C%20a%20consistent%20SSO%20experience%2C%20and%20common%20user%20provisioning%2C%20regardless%20of%20the%20infrastructure%20on%20which%20the%20application%20runs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20also%20improves%20your%20experience%20for%20identity%20administration.%20You%20can%20avoid%20the%20cost%20of%20managing%20password%20reset%20for%20a%20second%20set%20of%20user%20credentials.%20You%20can%20use%20the%20same%20dynamic%20groups%2C%20the%20same%20Multi-Factor%20Authentication%20(MFA)%20experiences%2C%20and%20the%20same%20risk-based%20conditional%20access%20policies%20to%20manage%20access%20to%20your%20apps%2C%20regardless%20of%20which%20cloud%20they%20run%20on.%20You%20get%20a%20single%20view%20of%20sign-in%20activity%20that%20spans%20apps%20in%20both%20clouds%2C%20along%20with%20a%20rich%20set%20of%20access%20analytics%20capabilities%20using%20Azure%20Log%20Analytics.%20Of%20course%2C%20you%20and%20your%20administrators%20also%20have%20a%20SSO%20experience%20to%20manage%20application%20infrastructure%20in%20both%20Microsoft%20Azure%20and%20Oracle%20Cloud.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20diagram%20below%20shows%20how%20federated%20identity%20with%20Azure%20AD%20provides%20a%20complete%20multi-cloud%20solution%20for%20identity%20and%20access%20across%20Oracle%20Cloud%20and%20Microsoft%20Azure.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20942px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F117811i8D2C6AB9D02B8E57%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%201.png%22%20title%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%201.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAzure%20AD%20federated%20identity%20securely%20integrates%20the%20Microsoft%20and%20Oracle%20multi-cloud%20solution.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EMulti-cloud%20solution%20integration%20is%20only%20the%20first%20part%20of%20the%20value.%20This%20integration%20sets%20a%20foundation%20that%20enables%20you%20to%20digitally%20transform%20your%20business%20by%20increasing%20end%20user%20productivity.%20It%20also%20helps%20you%20achieve%20a%20better%20security%20and%20compliance%20posture%2C%20with%20lower%20administration%20costs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1570070479%22%20id%3D%22toc-hId-1570070479%22%20id%3D%22toc-hId-1570070479%22%20id%3D%22toc-hId-1570070479%22%20id%3D%22toc-hId-1570070479%22%20id%3D%22toc-hId-1570070479%22%20id%3D%22toc-hId-1570070479%22%3EGet%20started%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20begin%20using%20Azure%20AD%20to%20access%20your%20Oracle%20applications%20and%20OCI%20today%2C%20using%20the%20same%20Azure%20AD%20administration%20center%20experience%20that%20you%20already%20use%20to%20manage%20access%20to%20other%20applications.%20To%20begin%2C%20go%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FAppGalleryApplicationsBlade%2Fcategory%2Ftopapps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAdd%20an%20application%20page%3C%2FA%3E%20and%20enter%20%3CSTRONG%3EOracle%3C%2FSTRONG%3E%20in%20the%20search%20box.%20Select%20an%20application%20from%20the%20Oracle%20applications%20list%20and%20add%20it%20to%20your%20Azure%20AD.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F117812i7D356F741905C88F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%202.png%22%20title%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%202.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EOracle%20applications%20in%20the%20Azure%20AD%20%E2%80%98Add%20an%20application%E2%80%99%20page.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThe%20next%20step%20is%20to%20configure%20federated%20SSO%20between%20Azure%20AD%20and%20the%20Oracle%20application%20and%20then%20assign%20access%20to%20the%20users%20and%20groups%20who%20need%20to%20use%20the%20application.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%E2%80%99ll%20want%20to%20ensure%20access%20is%20secure%20for%20a%20business-critical%20resource%20as%20an%20Oracle%20application.%20So%20the%20last%20step%20is%20to%20add%20the%20Oracle%20application%20to%20an%20existing%20conditional%20access%20policy%2C%20or%20create%20a%20new%20policy%20to%20configure%20the%20access%20controls%20for%20users%20to%20sign%20in%20to%20the%20Oracle%20application.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F117813i3D80E85D654F275F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%203.png%22%20title%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%203.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESetting%20up%20a%20conditional%20access%20policy%20for%20Oracle%20Cloud%20Infrastructure%20Console.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EOnce%20you%E2%80%99ve%20completed%20these%20steps%2C%20your%20users%20can%20sign%20in%20to%20the%20Oracle%20application%20with%20the%20same%20credentials%20and%20the%20same%20SSO%20experience%20they%20already%20use%20to%20access%20Office%20365%20and%20Microsoft%20Azure.%20You%20get%20the%20peace%20of%20mind%20knowing%20that%20you%20can%20rely%20on%20Azure%20AD%E2%80%99s%20risk-based%20authentication%2C%20conditional%20access%20policies%2C%20and%20sign-in%20analytics%20to%20help%20you%20meet%20your%20security%20and%20governance%20requirements%20for%20access%20to%20the%20Oracle%20application.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20always%2C%20we%E2%80%99d%20love%20to%20hear%20any%20feedback%20or%20suggestions%20you%20have.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E%E2%80%AF)%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECorporate%20VP%20of%20Program%20Management%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-683915%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20and%20Oracle%20recently%20announced%20a%20partnership%20enabling%20interoperability%20between%20Microsoft%20Azure%20and%20Oracle%20Cloud.%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20942px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F117810i1ADD700AF53546E0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%201.png%22%20title%3D%22Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%201.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-683915%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20and%20Access%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-782775%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-782775%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20way%20this%20can%20be%20implemented%20with%20on-premises%20Oracle%20apps%20like%20PeopleSoft%3F%20We%20are%20struggling%20to%20get%20Azure%20SSO%20on%20our%20onprem%20PeopleSoft%20apps%20without%20developing%20a%20custom%20weblogic%20(with%20CORS%20Java)%20server%20that%20will%20impersonate%20users%20on%20the%20endpoint%20or%26nbsp%3Bdeploying%20a%20Shibboleth%20SP%20internally%20just%20for%20that%20app%20because%20Oracle%20basically%20provides%20no%20simple%20solution%20except%20to%20use%20their%20OIM%20platform%20that%20costs%206%20figures%20to%20acquire!!%20Oracle%20is%20a%20relic%20of%20the%2090's%20and%20the%20way%20they%20do%20business%20(for%20example%2C%20making%20people%20wait%20months%20for%20responses%20and%20years%20for%20application%20mods)%20makes%20me%20wonder%20how%20they%20are%20still%20in%20demand%20with%20so%20many%20better%20companies%20around%20now.%20If%20I%20was%20calling%20shots%20for%20application%20acquisition%20at%20my%20company%20I%20would%20make%20the%20second%20requirement%20be%20that%20it%20NOT%20be%20an%20Oracle%20application%20(the%20first%20one%20being%20SAML%20SSO%20or%20app%20proxy%20compatibility%2C%20of%20course%20%3Asmiling_face_with_smiling_eyes%3A).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-853911%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-853911%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Alex%20%2F%20experts%2C%3C%2FP%3E%3CP%3EOn%20similar%20lines%2C%20requesting%20your%20help%20on%20below%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20configuring%20SSO%20with%20Oracle%20Fusion%20ERP%20(as%20SP)%20from%20Azure%20Applications%20Gallery%20(as%20IdP)%2C%20After%20updating%20Fusion%20details%20in%20Azure%20application%20gallery%20we%20downloaded%20the%20metadata%20file%20from%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhile%20uploading%20this%20metadata%20file%20into%20Oracle%20Fusion%20ERP%2C%20we%20are%20getting%20the%20following%20error%20-%3C%2FP%3E%3CP%3E%22You%20must%20enter%20valid%20identity%20provider%20metadata.%20Ensure%20the%20metadata%20conforms%20to%20the%20SAML%20version%202.0%20or%20higher%20standard.%3A%20schema_reference.4%3A%20Failed%20to%20read%20schema%20document%20'%3CA%20href%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fsecurity%2Fsaml%2Fv2.0%2Fsaml-schema-metadata-2.0.xsd%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fdocs.oasis-open.org%2Fsecurity%2Fsaml%2Fv2.0%2Fsaml-schema-metadata-2.0.xsd%3C%2FA%3E'%2C%20because%201)%20could%20not%20find%20the%20document%3B%26nbsp%3B%202)%20the%20document%20could%20not%20be%20read%3B%203)%20the%20root%20element%20of%20the%20document%20is%20not%20xsd%3Aschema.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20pointers%20on%20this%20error%2C%20and%20how%20can%20we%20resolve%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-856270%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856270%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Marc%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20many%20customers%20who%20are%20using%20Oracle%20Fusion%20ERP%20gallery%20app%20and%20successfully%20configured%20it.%20Can%20you%20please%20use%20the%20Federation%20Metadata%20URL%20instead%20and%20download%20that%20and%20try%3F%20Our%20Metadata%20file%20is%20compliant%20with%20SAML%20specifications.%20In%20case%20you%20still%20face%20the%20issue%20then%20please%20raise%20the%20support%20ticket%20with%20Oracle%20and%20also%20with%20Microsoft.%20Do%20let%20us%20know%20the%20ticket%20number%20and%20then%20we%20can%20add%20right%20people%20from%20Oracle%20side%20so%20that%20they%20can%20help%20you%20here%20and%20get%20this%20setup.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3EJeevan%20Desarda%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-869790%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869790%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EThank%20you%20for%20the%20response%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F102154%22%20target%3D%22_blank%22%3E%40Jeevan%20Desarda%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EThe%20SSO%20was%20configured%20successfully.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EWe%20rasied%20a%20support%20ticket%20with%20Oracle%2C%20and%20they%20manually%20uploaded%20the%20Metadata%20XML%20into%20the%20Oracle%20Fusion%20Cloud%20SaaS%20backend%2C%20and%20that%20resolved%20the%20issue%20!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870262%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Azure%20AD%20with%20your%20Oracle%20Cloud%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870262%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20confirmation%20and%20happy%20to%20help%20you%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

Microsoft and Oracle recently announced a partnership that enables interoperability between Microsoft Azure and Oracle Cloud. We formed this partnership based on your feedback that you have business critical infrastructure running on each of our clouds, and that you need easy interoperability for apps that span both clouds. You also told us that you need to ensure that your users have secure and high-quality experiences to access these apps.

 

One of the coolest things about this partnership is how you can leverage your existing investments in Azure AD. For example, now your business users can get a single sign-on (SSO) experience for Oracle E-Business Suite and JD Edwards using the same accounts they already use to sign in to Microsoft Azure and Office 365. They even get a SSO experience to apps that are hosted in Microsoft Azure and access data hosted on Oracle Cloud Infrastructure. So your business can run an app on either cloud, or an app that spans both clouds. Your users can have a single set of credentials, a consistent SSO experience, and common user provisioning, regardless of the infrastructure on which the application runs.

 

This also improves your experience for identity administration. You can avoid the cost of managing password reset for a second set of user credentials. You can use the same dynamic groups, the same Multi-Factor Authentication (MFA) experiences, and the same risk-based conditional access policies to manage access to your apps, regardless of which cloud they run on. You get a single view of sign-in activity that spans apps in both clouds, along with a rich set of access analytics capabilities using Azure Log Analytics. Of course, you and your administrators also have a SSO experience to manage application infrastructure in both Microsoft Azure and Oracle Cloud.

 

The diagram below shows how federated identity with Azure AD provides a complete multi-cloud solution for identity and access across Oracle Cloud and Microsoft Azure.

Using Azure AD with your Oracle Cloud apps 1.pngAzure AD federated identity securely integrates the Microsoft and Oracle multi-cloud solution.

Multi-cloud solution integration is only the first part of the value. This integration sets a foundation that enables you to digitally transform your business by increasing end user productivity. It also helps you achieve a better security and compliance posture, with lower administration costs.

 

Get started

 

You can begin using Azure AD to access your Oracle applications and OCI today, using the same Azure AD administration center experience that you already use to manage access to other applications. To begin, go to the Add an application page and enter Oracle in the search box. Select an application from the Oracle applications list and add it to your Azure AD.

Using Azure AD with your Oracle Cloud apps 2.pngOracle applications in the Azure AD ‘Add an application’ page.

The next step is to configure federated SSO between Azure AD and the Oracle application and then assign access to the users and groups who need to use the application.

 

You’ll want to ensure access is secure for a business-critical resource as an Oracle application. So the last step is to add the Oracle application to an existing conditional access policy, or create a new policy to configure the access controls for users to sign in to the Oracle application.

Using Azure AD with your Oracle Cloud apps 3.pngSetting up a conditional access policy for Oracle Cloud Infrastructure Console.

Once you’ve completed these steps, your users can sign in to the Oracle application with the same credentials and the same SSO experience they already use to access Office 365 and Microsoft Azure. You get the peace of mind knowing that you can rely on Azure AD’s risk-based authentication, conditional access policies, and sign-in analytics to help you meet your security and governance requirements for access to the Oracle application.

 

As always, we’d love to hear any feedback or suggestions you have.

 

Best regards,

 

Alex Simons (@Alex_A_Simons ) 

Corporate VP of Program Management 

Microsoft Identity Division 

5 Comments
Occasional Visitor

Is there any way this can be implemented with on-premises Oracle apps like PeopleSoft? We are struggling to get Azure SSO on our onprem PeopleSoft apps without developing a custom weblogic (with CORS Java) server that will impersonate users on the endpoint or deploying a Shibboleth SP internally just for that app because Oracle basically provides no simple solution except to use their OIM platform that costs 6 figures to acquire!! Oracle is a relic of the 90's and the way they do business (for example, making people wait months for responses and years for application mods) makes me wonder how they are still in demand with so many better companies around now. If I was calling shots for application acquisition at my company I would make the second requirement be that it NOT be an Oracle application (the first one being SAML SSO or app proxy compatibility, of course :smiling_face_with_smiling_eyes:).

Occasional Visitor

Hi Alex / experts,

On similar lines, requesting your help on below issue.

 

We are configuring SSO with Oracle Fusion ERP (as SP) from Azure Applications Gallery (as IdP), After updating Fusion details in Azure application gallery we downloaded the metadata file from here.

 

While uploading this metadata file into Oracle Fusion ERP, we are getting the following error -

"You must enter valid identity provider metadata. Ensure the metadata conforms to the SAML version 2.0 or higher standard.: schema_reference.4: Failed to read schema document 'http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd', because 1) could not find the document;  2) the document could not be read; 3) the root element of the document is not xsd:schema."

 

Any pointers on this error, and how can we resolve it.

Microsoft

Hello Marc,

 

We have many customers who are using Oracle Fusion ERP gallery app and successfully configured it. Can you please use the Federation Metadata URL instead and download that and try? Our Metadata file is compliant with SAML specifications. In case you still face the issue then please raise the support ticket with Oracle and also with Microsoft. Do let us know the ticket number and then we can add right people from Oracle side so that they can help you here and get this setup.

 

Thanks,

Jeevan Desarda

Occasional Visitor

Thank you for the response @Jeevan Desarda

The SSO was configured successfully.

We rasied a support ticket with Oracle, and they manually uploaded the Metadata XML into the Oracle Fusion Cloud SaaS backend, and that resolved the issue !

 

Microsoft

Thanks for the confirmation and happy to help you here.