Oracle Enterprise Performance Management Cloud

Setting Up Single Sign-On between Oracle Enterprise Performance Management Cloud and Oracle Fusion Applications

2

Table of Contents

CONFIGURING SINGLE SIGN-ON BETWEEN ORACLE ENTERPRISE PERFORMANCE MANAGEMENT CLOUD AND ORACLE FUSION APPLICATIONS ............................................................................................................................. 3

Creating Users in Oracle Identity Framework ...................................................................................................... 3 Configuring Oracle Fusion Applications for SSO ................................................................................................... 6 Configuring Oracle Enterprise Management Cloud for SSO ................................................................................. 6 Adding Users Who Need Access to Oracle Enterprise Performance Management Cloud .................................. 12 Verifying SSO Between Oracle Enterprise Performance Management Cloud and Oracle Fusion Applications and Vice Versa ........................................................................................................................................................... 14

3

Configuring Single Sign-On between Oracle Enterprise Performance Management Cloud and Oracle Fusion Applications

You can use any SAML2.0 Identity Provider(IdP), for example, Oracle Identity Framework (OIF), Microsoft’s ADFS 2.0+, Shibboleth, and Okta to establish Single Sign-on (SSO) between Oracle Enterprise Performance Management Cloud and Oracle Fusion Applications. This document lists the steps to establish SSO using the Oracle Fusion Application’s OIF as IdP.

Creating Users in Oracle Identity Framework

To create users in OIF:

1. Access the Oracle Identity Management (OIM) console by going to (for example): https://firstrel11crm.login.pp1.oraclecloud.com/oim.

2. Enter the credentials of an OIM administrator user and click Sign In.

4

3. Click Administration at the right top corner of the screen.

4. Click Create User. 5. In Create User, enter basic user information, then click Organization, and then select xellerate

Users under organization name.

5

6. Specify a user type, login name of the user, and a password. 7. Click Save.

6

Configuring Oracle Fusion Applications for SSO

Open a service request asking Oracle to configure Fusion Applications for SSO. Oracle imports the IdP’s metadata into Fusion application’s Service Provider.

Note: Be sure to provide the metadata of your IdP in the service request, especially if you are not using the OIF of Fusion applications as the IdP. In this scenario, Oracle provides the metadata of the service provider of Fusion Applications to your IdP administrator, who will then import it into your IdP.

Configuring Oracle Enterprise Management Cloud for SSO

To configure Oracle Enterprise Management Cloud for SSO:

1. Access My Services portal of Oracle Cloud by going to (for example): https://myservices.us2.oraclecloud.com/mycloud/internaldevcdcg1/faces/dashboard.jspx

2. Sign in using the credentials of an Identity Domain Administrator.

7

3. In the My Services portal, click Users.

4. Click on SSO Configuration. 5. Click Edit. 6. In Edit Single Sign-On Configuration, enter the required information to Import IdP metadata,

and then click Save. See the following image for an example.

8

7. Click Test to test the configuration.

9

8. Click Start SSO. The Sign In screen is displayed.

9. Enter the user name and password of a user available in the IdP, and then click Sign In. The Federation SSO Operation Result screen is displayed. This screen indicates whether the SSO

10

was successful. SUCCESS is displayed as the SSO Primary Status Code if Oracle Enterprise Management Cloud has successfully paired with the Oracle Fusion’s OIF IdP.

10. Click Enable SSO.

11

11. Click OK to finish the process.

12

12. Click Export Metadata to export the metadata of the service provider. The administrator of the Idp must import this metadata into the IdP.

Adding Users Who Need Access to Oracle Enterprise Performance Management Cloud

To create users in Oracle Enterprise Performance Management Cloud:

1. Access My Services portal of Oracle Cloud and sign in as an Identity Domain Administrator. 2. Click Users.

13

3. Click Add and enter user details. 4. Assign the necessary roles, and then click Add.

14

Verifying SSO Between Oracle Enterprise Performance Management Cloud and Oracle Fusion Applications and Vice Versa

To verify SSO access:

1. Sign in to an Oracle Enterprise Performance Cloud service, for example, Oracle Planning and Budgeting Cloud. Use a URL such as the following: https://<your servicename>-<your identity domain>.pbcs.<dc>.oraclecloud.com/workspace

2. Enter your identity domain, and then click Go. Oracle Fusion Applications Sign In screen is displayed.

15

3. Enter credentials of a user (for example, jdoe) that you created in OIM and click Sign In. The Oracle Enterprise Performance Cloud resource that you requested is displayed.

4. From a different browser window or tab, access the URL of an Oracle Fusion application. The requested Oracle Fusion Application resource is displayed without going through a sign in process.

16

5. Sign out from the Oracle Fusion Application. You are signed out from both the Fusion Application as well as from Oracle Enterprise Performance Cloud.

17

Oracle Fusin Application Sign In screen is displayed.

6. Close the browser and the clear browser cache. 7. Start a browser session and access Oracle Fusion Application (for example):

https://firstrel11crm.crm.pp1.oraclecloud.com/customer/faces/CrmFusionHome

18

8. Sign in using the credentials (for example, of jdoe) that you used previously to test SSO. See step_signin.

9. From another browser window or tab, access the URL of an Oracle Enterprise Performance Management Cloud resource, for example, Oracle Planning and Budgeting Cloud. The screen to specify an Identity Domain is displayed.

19

10. Enter the identity domain, and then click Go.

Note: If you work within this Oracle Enterprise Performance Management Cloud domain most of the time, select Remember my choice. You will not be prompted to enter an identity domain when you access the service.

The Oracle Enterprise Performance Management Cloud resource, for example, Oracle Planning and Budgeting Cloud that you requested is displayed. You are not required to go through a sign in process.

20

11. From another brower window or tab, access the ATK Home page of Oracle Fusion application (for example): https://firstrel11crm.fs.pp1.oraclecloud.com/homePage/faces/AtkHomePageWelcome

21

22

Copyright © 2017 Oracle and/or its affiliates. All rights reserved.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.