Step-by-step guide

1. Download IDCS Metadata to a local XML file

   

   Note: Step 2-10 need to be executed to enable federated SSO with Fusion Apps. If executed against a customer environment, these steps need to be carried out by Oracle Support.

2. Login to internal OAM Console (part of SIM) of the FA environment with OAM admin credential

3. Go to the Federation tab inside OAM Console. Click on Service Provider Management link

   

4. Click on Create Identity Provider Partner button

5. Select Load from provider metadata and choose the locally saved IDCS metadata file.

6. Provide a name of the IdP partner

   

7. Ensure User Mapping attribute is set to mail

   

8. Save the configuration

9. Obtain the Entity ID from the Federation SP metadata for SIM from Oracle Support. Typically it is of the form - https://{Tenant}-idm.{Domain}/fed

10. Obtain the SP metadata Signing Certificate for SIM from Oracle Support.

> If you have access to SIM, you can build the certificate from the metadata. The metadata is avialble from - [https://{Tenant}-idm.{Domain}/fed/sp/metadata](). Once you have the metadata, you can create the certificate file manually using the value of **<X509Certificate>** tag inside the metadata.

1. Go to IDCS Admin console -> Applications tab

2. Click on Add button and select App Catalog

    

3. Search for Oracle Fusion Applications Prov App and Add

   

4. On the first page of Configuration screen provide the Tenant Name and Domain Name values for your Fusion App environment.

   

5. Click on Next

6. Provide the noted Entity ID value. Upload the Signing Certificate previously saved.

   

7. Click on Next

8. Switch on the Enable Provisioning slider

   

9. Provide Administrator Username, Password, FA Env Hostname for REST API (Format - <tenant>-hcm.<domain>) and port number (443). Also select SSL Enabled checkbox.

10. Test the connectivity

    

11. Switch on the Enable Synchronization slider

    

12. Click on Finish button

13. Activate the application

    

14. Go to the Import tab of the application

15. Click on the Import link. It will start the Import job.

    

16. Refresh the page after a while

17. Verify that the job is completed and existing FA users have been imported and displayed on the page

    

18. Go to the Users tab of the application and click on Assign

19. Select a user

    

20. Verify that user is successfully assigned to the App

    

21. Go to an Incognito browser window and login to IDCS MyConsole using the assigned user’s credentials

    

22. Verify that the Fusion Applications are displayed there

    

23. Click on the Oracle Fusion Applications Prov HCM app

24. Verify SSO