SSO Implementation for Oracle E-Business Suite in Three Simple Steps Using Oracle Identity Cloud Service (IDCS)

As the backbone of your business functionality, the smooth operation of Oracle E-Business Suite is crucial to the efficiency and effectiveness of your mission-critical applications. Many Oracle EBS customers have implemented Single Sign-On (SSO) to ensure a smooth user experience.  A new approach using Oracle Identity Cloud Service (IDCS) is a simple way to enable SSO for Oracle EBS using the EBS Asserter.

Get started by implementing Oracle IDCS

Oracle Identity Cloud Service (IDCS) delivers core identity and access management capabilities through a multi-tenant Cloud platform which provides strong authentication requirements for end users. Authentication is based on user behavior within IDCS and across multiple on-premises applications and cloud services. Implementing IDCS provides an innovative, fully integrated service that delivers a more flexible, highly available, and supportable platform. IDCS includes:

  • Identity management
  • Single-sign-on (SSO)
  • Identity governance

Oracle IDCS integrates directly with existing directories and identity management systems, making it easier for end users to access applications. Providing a robust and secure platform, IDCS allows users to access, develop, and deploy their applications simply and securely.

Benefits of implementing Oracle IDCS include:

  • No need for traditional SSO components like Access Manager, a Directory (OID/OUD), a Web Gate, or an Access Gate for IDCS to integrate with EBS.
  • IDCS SSO integration with minimal configuration using the EBS Asserter interface between an identity token issued by IDCS and the user session in EBS.
  • IDCS requires no installation. High availability, disaster recovery, backup, patching, and upgrading are all managed by Oracle as part of the cloud service.

SSO implementation made simple with three steps!

Enabling SSO with IDCS integration is a considerably simpler process than previous approaches. And once the integration is in place, it is easy to extend the use of IDCS to other web-based and cloud-based applications. Or you can take advantage of some of the advanced capabilities of IDCS such as multi-factor authentication.

Step 1

Populate IDCS with users and groups by synchronizing your AD and IDCS.

  • Download the Bridge Agent and install on the Windows Server
  • Configure the Bridge Agent and perform the synchronization
  • Verify synchronization results in Oracle IDCS
  • Manage the Bridge Agent from Oracle IDCS (start, stop and restarting the Agent)
  • An Oracle Identity Cloud Service agent (Bridge Agent) installed on a local Windows desktop server will automatically and continuously synchronize users and groups from Microsoft Active Directory to Oracle Identity Cloud Service
  • This is the best way to automatically and continuously synchronize company users and groups from your Microsoft Active Directory to Oracle Identity Cloud Service
  • This process leverages a Windows installer for setup and configuration
  • This process only supports unidirectional integration (from Microsoft Active Directory to Oracle Identity Cloud Service)
Step 2

Configure SSO between your on-premises Identity Provider (typically ADFS) and IDCS.

  • Oracle Identity Cloud Service provides integration with SAML 2.0 identity providers (IdPs)
  • Works with federated Single Sign-On (SSO) solutions that are compatible with SAML 2.0 as an IdP. This includes Microsoft Active Directory Federation Services (AD FS), Shibboleth Identity Provider, and Oracle Access Management (OAM)
  • Allows users to log into Oracle Identity Cloud Service using the credentials from their own Identity Provider
  • Can force the IdPauthentication for all users or offer the IdPauthentication as an option (Login Chooser option)
  • Oracle Identity Cloud Service provides Single Sign-On for cloud applications while the IdPprovides Single Sign-On for on-premises applications. Users log in only once, using their IdPcredentials
Step 3

Deploy the EBS Asserter and configure the integration of EBS and IDCS.

  • EBS Asserter is a lightweight Java application provided by Oracle IDCS
  • Using EBS Asserter, you can configure SSO for Oracle e-Business Suite and other applications
  • EBS Asserter is a non-intrusive solution that does not require configuration changes in your Oracle e-Business Suite environment
  • EBS Asserter can be deployed in WebLogic Server 11g or 12c using secure communications (SSL/TLS)
  • There are multiple access modes for SSO with Oracle e-Business Suite:
  • Access Oracle EBS via the EBS Asserter’s direct URL link (bookmark)
  • Access Oracle EBS via Oracle Identity Cloud Service’s My Apps page
  • Access Oracle EBS via the EBS Asserter’s login using a redirect parameter
  • Access Oracle EBS via previously bookmarked Oracle EBS URLs
  • EBS Asserter supports Single Logout (SLO) for Oracle e-Business Suite, EBS Asserter, and Oracle Identity Cloud Service

Conclusion

Whether you have an existing Oracle EBS deployment already integrated with Access Manager and are looking to simplify your footprint or whether you don’t yet have SSO enabled, using IDCS to deliver SSO to Oracle EBS can greatly enhance the user experience while simplifying your overall topology and administration.

Ready to implement IDCS to Oracle EBS Release 12.2?
Syntax can help.

Syntax has 40+ years of Oracle ERP experience and over 25 years providing cloud and managed services for Oracle E-Business Suite applications. We provide automation-driven, best-of-breed private and public cloud offerings on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI), as well as our own purpose-built enterprise data centers. Contact us today to discover how we can improve the efficiency and effectiveness of your Oracle EBS environment.